diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2000-03-19 11:13:50 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2000-03-19 11:13:50 +0000 |
commit | 93b7b796de511cb25f87ddebb2285e54bef8a5cb (patch) | |
tree | 49beb0cc317de4e25b3e8649b4ef19d9db90c345 /lib | |
parent | 0b5fe3d0a31a6addf3bafe0f4b549475f8b6a021 (diff) |
import openssl-0.9.7-beta1
Diffstat (limited to 'lib')
184 files changed, 34558 insertions, 0 deletions
diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ new file mode 100644 index 00000000000..ab84a3f9e84 --- /dev/null +++ b/lib/libssl/src/FAQ @@ -0,0 +1,130 @@ +OpenSSL - Frequently Asked Questions +-------------------------------------- + +* Which is the current version of OpenSSL? +* Where is the documentation? +* How can I contact the OpenSSL developers? +* Do I need patent licenses to use OpenSSL? +* Is OpenSSL thread-safe? +* Why do I get a "PRNG not seeded" error message? +* Why does the linker complain about undefined symbols? +* Where can I get a compiled version of OpenSSL? + + +* Which is the current version of OpenSSL? + +The current version is available from <URL: http://www.openssl.org>. +OpenSSL 0.9.5 was released on February 28th, 2000. + +In addition to the current stable release, you can also access daily +snapshots of the OpenSSL development version at <URL: +ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. + + +* Where is the documentation? + +OpenSSL is a library that provides cryptographic functionality to +applications such as secure web servers. Be sure to read the +documentation of the application you want to use. The INSTALL file +explains how to install this library. + +OpenSSL includes a command line utility that can be used to perform a +variety of cryptographic functions. It is described in the openssl(1) +manpage. Documentation for developers is currently being written. A +few manual pages already are available; overviews over libcrypto and +libssl are given in the crypto(3) and ssl(3) manpages. + +The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a +different directory if you specified one as described in INSTALL). +In addition, you can read the most current versions at +<URL: http://www.openssl.org/docs/>. + +For information on parts of libcrypto that are not yet documented, you +might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's +predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much +of this still applies to OpenSSL. + +There is some documentation about certificate extensions and PKCS#12 +in doc/openssl.txt + +The original SSLeay documentation is included in OpenSSL as +doc/ssleay.txt. It may be useful when none of the other resources +help, but please note that it reflects the obsolete version SSLeay +0.6.6. + + +* How can I contact the OpenSSL developers? + +The README file describes how to submit bug reports and patches to +OpenSSL. Information on the OpenSSL mailing lists is available from +<URL: http://www.openssl.org>. + + +* Do I need patent licenses to use OpenSSL? + +The patents section of the README file lists patents that may apply to +you if you want to use OpenSSL. For information on intellectual +property rights, please consult a lawyer. The OpenSSL team does not +offer legal advice. + +You can configure OpenSSL so as not to use RC5 and IDEA by using + ./config no-rc5 no-idea + +Until the RSA patent expires, U.S. users may want to use + ./config no-rc5 no-idea no-rsa + +Please note that you will *not* be able to communicate with most of +the popular web browsers without RSA support. + + +* Is OpenSSL thread-safe? + +Yes. On Windows and many Unix systems, OpenSSL automatically uses the +multi-threaded versions of the standard libraries. If your platform +is not one of these, consult the INSTALL file. + +Multi-threaded applications must provide two callback functions to +OpenSSL. This is described in the threads(3) manpage. + + +* Why do I get a "PRNG not seeded" error message? + +Cryptographic software needs a source of unpredictable data to work +correctly. Many open source operating systems provide a "randomness +device" that serves this purpose. On other systems, applications have +to call the RAND_add() or RAND_seed() function with appropriate data +before generating keys or performing public key encryption. + +Some broken applications do not do this. As of version 0.9.5, the +OpenSSL functions that need randomness report an error if the random +number generator has not been seeded with at least 128 bits of +randomness. If this error occurs, please contact the author of the +application you are using. It is likely that it never worked +correctly. OpenSSL 0.9.5 makes the error visible by refusing to +perform potentially insecure encryption. + + +* Why does the linker complain about undefined symbols? + +Maybe the compilation was interrupted, and make doesn't notice that +something is missing. Run "make clean; make". + +If you used ./Configure instead of ./config, make sure that you +selected the right target. File formats may differ slightly between +OS versions (for example sparcv8/sparcv9, or a.out/elf). + +If that doesn't help, you may want to try using the current snapshot. +If the problem persists, please submit a bug report. + + +* Where can I get a compiled version of OpenSSL? + +Some applications that use OpenSSL are distributed in binary form. +When using such an application, you don't need to install OpenSSL +yourself; the application will include the required parts (e.g. DLLs). + +If you want to install OpenSSL on a Windows system and you don't have +a C compiler, read the "Mingw32" section of INSTALL.W32 for information +on how to obtain and install the free GNU C compiler. + +A number of Linux and *BSD distributions include OpenSSL. diff --git a/lib/libssl/src/INSTALL.MacOS b/lib/libssl/src/INSTALL.MacOS new file mode 100644 index 00000000000..a8c4f7f1dac --- /dev/null +++ b/lib/libssl/src/INSTALL.MacOS @@ -0,0 +1,72 @@ +OpenSSL - Port To The Macintosh +=============================== + +Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre +X) is now provided. "Initial" means that unlike other platforms where you +get an SDK and a "swiss army" openssl application, on Macintosh you only +get one sample application which fetches a page over HTTPS(*) and dumps it +in a window. We don't even build the test applications so that we can't +guarantee that all algorithms are operational. + +Required software: + +- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar; +- Scriptable Finder; +- CodeWarrior Pro 5; + +Installation procedure: + +- fetch the source at ftp://ftp.openssl.org/ (well, you probably already + did, huh?) +- unpack the .tar.gz file: + - if you have StuffIt Expander then just drag it over it; + - otherwise uncompress it with MacGzip and then unpack with SUNtar; +- locate MacOS folder in OpenSSL source tree and open it; +- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it + "in-place", i.e. unpacked files should end-up in the very same folder; +- execute mklinks.as; +- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****); +- that's it for now; + +(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40 + to 42, change appropriately. +(**) If you use SUNtar, then it might have already unbinhexed the files + in question. +(***) The project file was saved with CW Pro 5.3. If you have earlier + version and it refuses to open it, then download + http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it + overwriting the original OpenSSL.mcp. +(****) Other targets are work in progress. If you feel like giving 'em a + shot, then you should know that OpenSSL* and Lib* targets are + supposed to be built with the GUSI, MacOS library which mimics + BSD sockets and some other POSIX APIs. The GUSI distribution is + expected to be found in the same directory as openssl source tree, + i.e. in the parent directory to the one where this very file, + namely INSTALL.MacOS. For more informations about GUSI, see + http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html + +Finally some essential comments from our generous contributor:-) + +"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a +hack, but it works for what I'm doing. If you don't like the way I've done +it, then feel free to change what I've done. I freely admit that I've done +some less-than-ideal things in my port, and if you don't like the way I've +done something, then feel free to change it-- I won't be offended! + +... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket" +library I wrote. My MacSocket library is a wrapper around OpenTransport, +handling stuff like endpoint creation, reading, writing, etc. It is not +designed as a high-performance package such as you'd use in a webserver, +but is fine for lots of other applications. MacSocket also uses some other +code libraries I've written to deal with string manipulations and error +handling. Feel free to use these things in your own code, but give me +credit and/or send me free stuff in appreciation! :-) + +... + +If you have any questions, feel free to email me as the following: + +roy@centricsystems.ca + +-Roy Wood" + diff --git a/lib/libssl/src/MacOS/GUSI_Init.cpp b/lib/libssl/src/MacOS/GUSI_Init.cpp new file mode 100644 index 00000000000..d8223dba2cd --- /dev/null +++ b/lib/libssl/src/MacOS/GUSI_Init.cpp @@ -0,0 +1,62 @@ +/**************** BEGIN GUSI CONFIGURATION **************************** + * + * GUSI Configuration section generated by GUSI Configurator + * last modified: Wed Jan 5 20:33:51 2000 + * + * This section will be overwritten by the next run of Configurator. + */ + +#define GUSI_SOURCE +#include <GUSIConfig.h> +#include <sys/cdefs.h> + +/* Declarations of Socket Factories */ + +__BEGIN_DECLS +void GUSIwithInetSockets(); +void GUSIwithLocalSockets(); +void GUSIwithMTInetSockets(); +void GUSIwithMTTcpSockets(); +void GUSIwithMTUdpSockets(); +void GUSIwithOTInetSockets(); +void GUSIwithOTTcpSockets(); +void GUSIwithOTUdpSockets(); +void GUSIwithPPCSockets(); +void GUSISetupFactories(); +__END_DECLS + +/* Configure Socket Factories */ + +void GUSISetupFactories() +{ +#ifdef GUSISetupFactories_BeginHook + GUSISetupFactories_BeginHook +#endif + GUSIwithInetSockets(); +#ifdef GUSISetupFactories_EndHook + GUSISetupFactories_EndHook +#endif +} + +/* Declarations of File Devices */ + +__BEGIN_DECLS +void GUSIwithDConSockets(); +void GUSIwithNullSockets(); +void GUSISetupDevices(); +__END_DECLS + +/* Configure File Devices */ + +void GUSISetupDevices() +{ +#ifdef GUSISetupDevices_BeginHook + GUSISetupDevices_BeginHook +#endif + GUSIwithNullSockets(); +#ifdef GUSISetupDevices_EndHook + GUSISetupDevices_EndHook +#endif +} + +/**************** END GUSI CONFIGURATION *************************/ diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp new file mode 100644 index 00000000000..617aae2c706 --- /dev/null +++ b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp @@ -0,0 +1,2753 @@ +/* ==================================================================== + * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + + + #include "CPStringUtils.hpp" +#include "ErrorHandling.hpp" + + + +#define kNumberFormatString "\p########0.00#######;-########0.00#######" + + + +// Useful utility functions which could be optimized a whole lot + + +void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength) +{ +int i,numPChars; + + + if (thePStr != nil && theCStr != nil && maxCStrLength > 0) + { + numPChars = thePStr[0]; + + for (i = 0;;i++) + { + if (i >= numPChars || i >= maxCStrLength - 1) + { + theCStr[i] = 0; + + break; + } + + else + { + theCStr[i] = thePStr[i + 1]; + } + } + } +} + + +void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength) +{ +int theMaxDstStrLength; + + + theMaxDstStrLength = maxDstStrLength; + + + if (theDstPStr != nil && theSrcPStr != nil && theMaxDstStrLength > 0) + { + if (theMaxDstStrLength > 255) + { + theMaxDstStrLength = 255; + } + + + if (theMaxDstStrLength - 1 < theSrcPStr[0]) + { + BlockMove(theSrcPStr + 1,theDstPStr + 1,theMaxDstStrLength - 1); + + theDstPStr[0] = theMaxDstStrLength - 1; + } + + else + { + BlockMove(theSrcPStr,theDstPStr,theSrcPStr[0] + 1); + } + } +} + + +void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength) +{ +int i; + + + if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0) + { + for (i = 0;;i++) + { + if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1) + { + theDstCStr[i] = 0; + + break; + } + + else + { + theDstCStr[i] = theSrcCStr[i]; + } + } + } +} + + + +void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength) +{ +int i; + + + if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0) + { + for (i = 0;;i++) + { + if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1 || i >= maxCharsToCopy) + { + theDstCStr[i] = 0; + + break; + } + + else + { + theDstCStr[i] = theSrcCStr[i]; + } + } + } +} + + + +void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength) +{ +int i; +int theMaxDstStrLength; + + + theMaxDstStrLength = maxDstStrLength; + + if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0) + { + if (theMaxDstStrLength > 255) + { + theMaxDstStrLength = 255; + } + + + for (i = 0;;i++) + { + if (theSrcCStr[i] == 0 || i >= theMaxDstStrLength - 1 || i >= maxCharsToCopy) + { + theDstPStr[0] = i; + + break; + } + + else + { + theDstPStr[i + 1] = theSrcCStr[i]; + } + } + } +} + + + +void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength) +{ +int i; +int theMaxDstStrLength; + + + theMaxDstStrLength = maxDstStrLength; + + if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0) + { + if (theMaxDstStrLength > 255) + { + theMaxDstStrLength = 255; + } + + + for (i = 0;;i++) + { + if (i >= theMaxDstStrLength - 1 || theSrcCStr[i] == 0) + { + theDstPStr[0] = i; + + break; + } + + else + { + theDstPStr[i + 1] = theSrcCStr[i]; + } + } + } +} + + +void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength) +{ +int i,numPChars,cStrLength; + + + if (thePStr != nil && theCStr != nil && maxCStrLength > 0) + { + for (cStrLength = 0;theCStr[cStrLength] != 0;cStrLength++) + { + + } + + + numPChars = thePStr[0]; + + + for (i = 0;;i++) + { + if (i >= numPChars || cStrLength >= maxCStrLength - 1) + { + theCStr[cStrLength++] = 0; + + break; + } + + else + { + theCStr[cStrLength++] = thePStr[i + 1]; + } + } + } +} + + + +void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength) +{ +int theMaxDstStrLength; + + + theMaxDstStrLength = maxDstStrLength; + + if (theSrcPStr != nil && theDstPStr != nil && theMaxDstStrLength > 0) + { + if (theMaxDstStrLength > 255) + { + theMaxDstStrLength = 255; + } + + + if (theMaxDstStrLength - theDstPStr[0] - 1 < theSrcPStr[0]) + { + BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theMaxDstStrLength - 1 - theDstPStr[0]); + + theDstPStr[0] = theMaxDstStrLength - 1; + } + + else + { + BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theSrcPStr[0]); + + theDstPStr[0] += theSrcPStr[0]; + } + } +} + + + +void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength) +{ +int i,thePStrLength; +int theMaxDstStrLength; + + + theMaxDstStrLength = maxDstStrLength; + + if (theSrcCStr != nil && theDstPStr != nil && theMaxDstStrLength > 0) + { + if (theMaxDstStrLength > 255) + { + theMaxDstStrLength = 255; + } + + + thePStrLength = theDstPStr[0]; + + for (i = 0;;i++) + { + if (theSrcCStr[i] == 0 || thePStrLength >= theMaxDstStrLength - 1) + { + theDstPStr[0] = thePStrLength; + + break; + } + + else + { + theDstPStr[thePStrLength + 1] = theSrcCStr[i]; + + thePStrLength++; + } + } + } +} + + + +void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength) +{ +int cStrLength; + + + if (theSrcCStr != nil && theDstCStr != nil && maxCStrLength > 0) + { + for (cStrLength = 0;theDstCStr[cStrLength] != 0;cStrLength++) + { + + } + + + for (;;) + { + if (*theSrcCStr == 0 || cStrLength >= maxCStrLength - 1) + { + theDstCStr[cStrLength++] = 0; + + break; + } + + else + { + theDstCStr[cStrLength++] = *theSrcCStr++; + } + } + } +} + + + +void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength) +{ +int cStrLength; + + + if (theDstCStr != nil && maxCStrLength > 0) + { + cStrLength = CStrLength(theDstCStr); + + if (cStrLength < maxCStrLength - 1) + { + theDstCStr[cStrLength++] = theChar; + theDstCStr[cStrLength++] = '\0'; + } + } +} + + + +void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength) +{ +int pStrLength; + + + if (theDstPStr != nil && maxPStrLength > 0) + { + pStrLength = PStrLength(theDstPStr); + + if (pStrLength < maxPStrLength - 1 && pStrLength < 255) + { + theDstPStr[pStrLength + 1] = theChar; + theDstPStr[0] += 1; + } + } +} + + + + +int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase) +{ +int returnValue; +char firstChar,secondChar; + + + returnValue = 0; + + + if (theFirstCStr != nil && theSecondCStr != nil) + { + for (;;) + { + firstChar = *theFirstCStr; + secondChar = *theSecondCStr; + + if (ignoreCase == true) + { + if (firstChar >= 'A' && firstChar <= 'Z') + { + firstChar = 'a' + (firstChar - 'A'); + } + + if (secondChar >= 'A' && secondChar <= 'Z') + { + secondChar = 'a' + (secondChar - 'A'); + } + } + + + if (firstChar == 0 && secondChar != 0) + { + returnValue = -1; + + break; + } + + else if (firstChar != 0 && secondChar == 0) + { + returnValue = 1; + + break; + } + + else if (firstChar == 0 && secondChar == 0) + { + returnValue = 0; + + break; + } + + else if (firstChar < secondChar) + { + returnValue = -1; + + break; + } + + else if (firstChar > secondChar) + { + returnValue = 1; + + break; + } + + theFirstCStr++; + theSecondCStr++; + } + } + + + return(returnValue); +} + + + +Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase) +{ + if (CompareCStrs(theFirstCStr,theSecondCStr,ignoreCase) == 0) + { + return true; + } + + else + { + return false; + } +} + + +Boolean PStrsAreEqual(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase) +{ + if (ComparePStrs(theFirstPStr,theSecondPStr,ignoreCase) == 0) + { + return true; + } + + else + { + return false; + } +} + + + +int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase) +{ +int i,returnValue; +char firstChar,secondChar; + + + returnValue = 0; + + + if (theFirstPStr != nil && theSecondPStr != nil) + { + for (i = 1;;i++) + { + firstChar = theFirstPStr[i]; + secondChar = theSecondPStr[i]; + + if (ignoreCase == true) + { + if (firstChar >= 'A' && firstChar <= 'Z') + { + firstChar = 'a' + (firstChar - 'A'); + } + + if (secondChar >= 'A' && secondChar <= 'Z') + { + secondChar = 'a' + (secondChar - 'A'); + } + } + + + if (theFirstPStr[0] < i && theSecondPStr[0] >= i) + { + returnValue = -1; + + break; + } + + else if (theFirstPStr[0] >= i && theSecondPStr[0] < i) + { + returnValue = 1; + + break; + } + + else if (theFirstPStr[0] < i && theSecondPStr[0] < i) + { + returnValue = 0; + + break; + } + + else if (firstChar < secondChar) + { + returnValue = -1; + + break; + } + + else if (firstChar > secondChar) + { + returnValue = 1; + + break; + } + } + } + + + return(returnValue); +} + + + +int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase) +{ +int returnValue; +char tempString[256]; + + + returnValue = 0; + + if (theCStr != nil && thePStr != nil) + { + CopyPStrToCStr(thePStr,tempString,sizeof(tempString)); + + returnValue = CompareCStrs(theCStr,tempString,ignoreCase); + } + + + return(returnValue); +} + + + +void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits) +{ +Str255 theStr255; + + + NumToString(theNum,theStr255); + + + if (numDigits > 0) + { + int charsToInsert; + + + charsToInsert = numDigits - PStrLength(theStr255); + + if (charsToInsert > 0) + { + char tempString[256]; + + CopyCStrToCStr("",tempString,sizeof(tempString)); + + for (;charsToInsert > 0;charsToInsert--) + { + ConcatCStrToCStr("0",tempString,sizeof(tempString)); + } + + ConcatPStrToCStr(theStr255,tempString,sizeof(tempString)); + + CopyCStrToPStr(tempString,theStr255,sizeof(theStr255)); + } + } + + + ConcatPStrToCStr(theStr255,theCStr,maxCStrLength); +} + + + + +void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits) +{ +Str255 theStr255; + + + NumToString(theNum,theStr255); + + + if (numDigits > 0) + { + int charsToInsert; + + + charsToInsert = numDigits - PStrLength(theStr255); + + if (charsToInsert > 0) + { + char tempString[256]; + + CopyCStrToCStr("",tempString,sizeof(tempString)); + + for (;charsToInsert > 0;charsToInsert--) + { + ConcatCStrToCStr("0",tempString,sizeof(tempString)); + } + + ConcatPStrToCStr(theStr255,tempString,sizeof(tempString)); + + CopyCStrToPStr(tempString,theStr255,sizeof(theStr255)); + } + } + + + ConcatPStrToPStr(theStr255,thePStr,maxPStrLength); +} + + + +void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength) +{ + CopyCStrToCStr(theSrcCStr,theDstCStr,maxDstStrLength); + + ConcatLongIntToCStr(theNum,theDstCStr,maxDstStrLength); +} + + + +void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits) +{ +Str255 theStr255; + + + NumToString(theNum,theStr255); + + + if (numDigits > 0) + { + int charsToInsert; + + + charsToInsert = numDigits - PStrLength(theStr255); + + if (charsToInsert > 0) + { + char tempString[256]; + + CopyCStrToCStr("",tempString,sizeof(tempString)); + + for (;charsToInsert > 0;charsToInsert--) + { + ConcatCStrToCStr("0",tempString,sizeof(tempString)); + } + + ConcatPStrToCStr(theStr255,tempString,sizeof(tempString)); + + CopyCStrToPStr(tempString,theStr255,sizeof(theStr255)); + } + } + + + CopyPStrToCStr(theStr255,theCStr,maxCStrLength); +} + + + + + +void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength) +{ +char tempString[256]; +int srcCharIndex,dstCharIndex; +unsigned long tempNum,quotient,remainder; + + + if (theNum == 0) + { + CopyCStrToCStr("0",theCStr,maxCStrLength); + } + + else + { + srcCharIndex = 0; + + tempNum = theNum; + + for (;;) + { + if (srcCharIndex >= sizeof(tempString) - 1 || tempNum == 0) + { + for (dstCharIndex = 0;;) + { + if (dstCharIndex >= maxCStrLength - 1 || srcCharIndex <= 0) + { + theCStr[dstCharIndex] = 0; + + break; + } + + theCStr[dstCharIndex++] = tempString[--srcCharIndex]; + } + + break; + } + + + quotient = tempNum / 10; + + remainder = tempNum - (quotient * 10); + + tempString[srcCharIndex] = '0' + remainder; + + srcCharIndex++; + + tempNum = quotient; + } + } +} + + + + +void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits) +{ +char tempString[256]; + + + CopyLongIntToCStr(theNum,tempString,sizeof(tempString),numDigits); + + CopyCStrToPStr(tempString,thePStr,maxPStrLength); +} + + + +OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle) +{ +OSErr errCode = noErr; +char tempString[32]; + + + CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString)); + + errCode = CopyCStrToNewHandle(tempString,theHandle); + + return(errCode); +} + + +OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle) +{ +OSErr errCode = noErr; +char tempString[32]; + + + CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString)); + + errCode = CopyCStrToExistingHandle(tempString,theHandle); + + return(errCode); +} + + + + +OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle) +{ +OSErr errCode = noErr; +long stringLength; + + + if (theCString == nil) + { + SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theCString == nil")); + } + + if (theHandle == nil) + { + SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theHandle == nil")); + } + + if (*theHandle == nil) + { + SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, *theHandle == nil")); + } + + + + stringLength = CStrLength(theCString) + 1; + + SetHandleSize(theHandle,stringLength); + + if (GetHandleSize(theHandle) < stringLength) + { + SetErrorMessageAndLongIntAndBail("CopyCStrToExistingHandle: Can't set Handle size, MemError() = ",MemError()); + } + + + ::BlockMove(theCString,*theHandle,stringLength); + + +EXITPOINT: + + return(errCode); +} + + + + + +OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle) +{ +OSErr errCode = noErr; +long stringLength; + + + if (theCString == nil) + { + SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theCString == nil")); + } + + if (theHandle == nil) + { + SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theHandle == nil")); + } + + + + stringLength = CStrLength(theCString) + 1; + + *theHandle = NewHandle(stringLength); + + if (*theHandle == nil) + { + SetErrorMessageAndLongIntAndBail("CopyCStrToNewHandle: Can't allocate Handle, MemError() = ",MemError()); + } + + + ::BlockMove(theCString,**theHandle,stringLength); + + +EXITPOINT: + + return(errCode); +} + + + +OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle) +{ +OSErr errCode = noErr; +long stringLength; + + + if (thePString == nil) + { + SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, thePString == nil")); + } + + if (theHandle == nil) + { + SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, theHandle == nil")); + } + + + + stringLength = PStrLength(thePString) + 1; + + *theHandle = NewHandle(stringLength); + + if (*theHandle == nil) + { + SetErrorMessageAndLongIntAndBail("CopyPStrToNewHandle: Can't allocate Handle, MemError() = ",MemError()); + } + + + if (stringLength > 1) + { + BlockMove(thePString + 1,**theHandle,stringLength - 1); + } + + (**theHandle)[stringLength - 1] = 0; + + +EXITPOINT: + + return(errCode); +} + + +OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength) +{ +OSErr errCode = noErr; +char tempString[256]; + + + CopyPStrToCStr(thePString,tempString,sizeof(tempString)); + + errCode = AppendCStrToHandle(tempString,theHandle,currentLength); + + +EXITPOINT: + + return(errCode); +} + + + +OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength,long *maxLength) +{ +OSErr errCode = noErr; +long handleMaxLength,handleCurrentLength,stringLength,byteCount; + + + if (theCString == nil) + { + SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theCString == nil")); + } + + if (theHandle == nil) + { + SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theHandle == nil")); + } + + + if (maxLength != nil) + { + handleMaxLength = *maxLength; + } + + else + { + handleMaxLength = GetHandleSize(theHandle); + } + + + if (currentLength != nil && *currentLength >= 0) + { + handleCurrentLength = *currentLength; + } + + else + { + handleCurrentLength = CStrLength(*theHandle); + } + + + stringLength = CStrLength(theCString); + + byteCount = handleCurrentLength + stringLength + 1; + + if (byteCount > handleMaxLength) + { + SetHandleSize(theHandle,handleCurrentLength + stringLength + 1); + + if (maxLength != nil) + { + *maxLength = GetHandleSize(theHandle); + + handleMaxLength = *maxLength; + } + + else + { + handleMaxLength = GetHandleSize(theHandle); + } + + if (byteCount > handleMaxLength) + { + SetErrorMessageAndLongIntAndBail("AppendCStrToHandle: Can't increase Handle allocation, MemError() = ",MemError()); + } + } + + + BlockMove(theCString,*theHandle + handleCurrentLength,stringLength + 1); + + + if (currentLength != nil) + { + *currentLength += stringLength; + } + + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + +OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength,long *maxLength) +{ +OSErr errCode = noErr; +long handleMaxLength,handleCurrentLength,byteCount; + + + if (theChars == nil) + { + SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theChars == nil")); + } + + if (theHandle == nil) + { + SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theHandle == nil")); + } + + + if (maxLength != nil) + { + handleMaxLength = *maxLength; + } + + else + { + handleMaxLength = GetHandleSize(theHandle); + } + + + if (currentLength != nil && *currentLength >= 0) + { + handleCurrentLength = *currentLength; + } + + else + { + handleCurrentLength = CStrLength(*theHandle); + } + + + byteCount = handleCurrentLength + numChars + 1; + + if (byteCount > handleMaxLength) + { + SetHandleSize(theHandle,handleCurrentLength + numChars + 1); + + if (maxLength != nil) + { + *maxLength = GetHandleSize(theHandle); + + handleMaxLength = *maxLength; + } + + else + { + handleMaxLength = GetHandleSize(theHandle); + } + + if (byteCount > handleMaxLength) + { + SetErrorMessageAndLongIntAndBail("AppendCharsToHandle: Can't increase Handle allocation, MemError() = ",MemError()); + } + } + + + BlockMove(theChars,*theHandle + handleCurrentLength,numChars); + + (*theHandle)[handleCurrentLength + numChars] = '\0'; + + if (currentLength != nil) + { + *currentLength += numChars; + } + + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + +OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength) +{ +OSErr errCode = noErr; +char tempString[32]; + + + CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString)); + + errCode = AppendCStrToHandle(tempString,theHandle,currentLength); + + return(errCode); +} + + + + +long CStrLength(const char *theCString) +{ +long cStrLength = 0; + + + if (theCString != nil) + { + for (cStrLength = 0;theCString[cStrLength] != 0;cStrLength++) + { + + } + } + + + return(cStrLength); +} + + + +long PStrLength(const unsigned char *thePString) +{ +long pStrLength = 0; + + + if (thePString != nil) + { + pStrLength = thePString[0]; + } + + + return(pStrLength); +} + + + + + +void ZeroMem(void *theMemPtr,const unsigned long numBytes) +{ +unsigned char *theBytePtr; +unsigned long *theLongPtr; +unsigned long numSingleBytes; +unsigned long theNumBytes; + + + theNumBytes = numBytes; + + if (theMemPtr != nil && theNumBytes > 0) + { + theBytePtr = (unsigned char *) theMemPtr; + + numSingleBytes = (unsigned long) theBytePtr & 0x0003; + + while (numSingleBytes > 0) + { + *theBytePtr++ = 0; + + theNumBytes--; + numSingleBytes--; + } + + + theLongPtr = (unsigned long *) theBytePtr; + + while (theNumBytes >= 4) + { + *theLongPtr++ = 0; + + theNumBytes -= 4; + } + + + theBytePtr = (unsigned char *) theLongPtr; + + while (theNumBytes > 0) + { + *theBytePtr++ = 0; + + theNumBytes--; + } + } +} + + + + +char *FindCharInCStr(const char theChar,const char *theCString) +{ +char *theStringSearchPtr; + + + theStringSearchPtr = (char *) theCString; + + if (theStringSearchPtr != nil) + { + while (*theStringSearchPtr != '\0' && *theStringSearchPtr != theChar) + { + theStringSearchPtr++; + } + + if (*theStringSearchPtr == '\0') + { + theStringSearchPtr = nil; + } + } + + return(theStringSearchPtr); +} + + + +long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase) +{ +long theOffset = -1; + + + if (theCString != nil) + { + theOffset = 0; + + + if (inIgnoreCase) + { + char searchChar = theChar; + + if (searchChar >= 'a' && searchChar <= 'z') + { + searchChar = searchChar - 'a' + 'A'; + } + + + while (*theCString != 0) + { + char currentChar = *theCString; + + if (currentChar >= 'a' && currentChar <= 'z') + { + currentChar = currentChar - 'a' + 'A'; + } + + if (currentChar == searchChar) + { + break; + } + + theCString++; + theOffset++; + } + } + + else + { + while (*theCString != 0 && *theCString != theChar) + { + theCString++; + theOffset++; + } + } + + if (*theCString == 0) + { + theOffset = -1; + } + } + + return(theOffset); +} + + +long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase) +{ +long theOffset = -1; + + + if (theCSubstring != nil && theCString != nil) + { + for (theOffset = 0;;theOffset++) + { + if (theCString[theOffset] == 0) + { + theOffset = -1; + + goto EXITPOINT; + } + + + for (const char *tempSubstringPtr = theCSubstring,*tempCStringPtr = theCString + theOffset;;tempSubstringPtr++,tempCStringPtr++) + { + if (*tempSubstringPtr == 0) + { + goto EXITPOINT; + } + + else if (*tempCStringPtr == 0) + { + break; + } + + char searchChar = *tempSubstringPtr; + char currentChar = *tempCStringPtr; + + if (inIgnoreCase && searchChar >= 'a' && searchChar <= 'z') + { + searchChar = searchChar - 'a' + 'A'; + } + + if (inIgnoreCase && currentChar >= 'a' && currentChar <= 'z') + { + currentChar = currentChar - 'a' + 'A'; + } + + if (currentChar != searchChar) + { + break; + } + } + } + + theOffset = -1; + } + + +EXITPOINT: + + return(theOffset); +} + + + +void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength) +{ +int currentLength; +int insertLength; +int numCharsToInsert; +int numCharsToShift; + + + if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1) + { + currentLength = CStrLength(theDstCStr); + + insertLength = CStrLength(theSrcCStr); + + + if (theInsertionOffset + insertLength < maxDstStrLength - 1) + { + numCharsToInsert = insertLength; + } + + else + { + numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset; + } + + + if (numCharsToInsert + currentLength < maxDstStrLength - 1) + { + numCharsToShift = currentLength - theInsertionOffset; + } + + else + { + numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert; + } + + + if (numCharsToShift > 0) + { + BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift); + } + + if (numCharsToInsert > 0) + { + BlockMove(theSrcCStr,theDstCStr + theInsertionOffset,numCharsToInsert); + } + + theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0; + } +} + + + +void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength) +{ +int currentLength; +int insertLength; +int numCharsToInsert; +int numCharsToShift; + + + if (theDstCStr != nil && theSrcPStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1) + { + currentLength = CStrLength(theDstCStr); + + insertLength = PStrLength(theSrcPStr); + + + if (theInsertionOffset + insertLength < maxDstStrLength - 1) + { + numCharsToInsert = insertLength; + } + + else + { + numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset; + } + + + if (numCharsToInsert + currentLength < maxDstStrLength - 1) + { + numCharsToShift = currentLength - theInsertionOffset; + } + + else + { + numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert; + } + + + if (numCharsToShift > 0) + { + BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift); + } + + if (numCharsToInsert > 0) + { + BlockMove(theSrcPStr + 1,theDstCStr + theInsertionOffset,numCharsToInsert); + } + + theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0; + } +} + + + +OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset) +{ +OSErr errCode; +int currentLength; +int insertLength; + + + SetErrorMessageAndBailIfNil(theCString,"InsertCStrIntoHandle: Bad parameter, theCString == nil"); + + SetErrorMessageAndBailIfNil(theHandle,"InsertCStrIntoHandle: Bad parameter, theHandle == nil"); + + currentLength = CStrLength(*theHandle); + + if (currentLength + 1 > ::GetHandleSize(theHandle)) + { + SetErrorMessageAndBail("InsertCStrIntoHandle: Handle has been overflowed"); + } + + if (inInsertOffset > currentLength) + { + SetErrorMessageAndBail("InsertCStrIntoHandle: Insertion offset is greater than string length"); + } + + insertLength = CStrLength(theCString); + + ::SetHandleSize(theHandle,currentLength + 1 + insertLength); + + if (::GetHandleSize(theHandle) < currentLength + 1 + insertLength) + { + SetErrorMessageAndLongIntAndBail("InsertCStrIntoHandle: Can't expand storage for Handle, MemError() = ",MemError()); + } + + ::BlockMove(*theHandle + inInsertOffset,*theHandle + inInsertOffset + insertLength,currentLength - inInsertOffset + 1); + + ::BlockMove(theCString,*theHandle + inInsertOffset,insertLength); + + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + + +void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength) +{ + CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,nil,theNum,theDstCStr,maxDstStrLength); +} + + +void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength) +{ +const long theLongInts[] = { long1,long2 }; + + CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength); +} + + +void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength) +{ +const long theLongInts[] = { long1,long2,long3 }; + + CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength); +} + + +void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength) +{ +const char *theCStrs[2] = { theInsertCStr,nil }; + + CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,nil,theDstCStr,maxDstStrLength); +} + + + +void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength) +{ +const char *theCStrs[2] = { theInsertCStr,nil }; +const long theLongInts[1] = { theNum }; + + CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,theLongInts,theDstCStr,maxDstStrLength); +} + + + +void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength) +{ +int dstCharIndex,srcCharIndex,theMaxDstStrLength; +int theCStrIndex = 0; +int theLongIntIndex = 0; + + + theMaxDstStrLength = maxDstStrLength; + + if (theDstCStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0) + { + dstCharIndex = 0; + + srcCharIndex = 0; + + + // Allow room for NULL at end of string + + theMaxDstStrLength--; + + + for (;;) + { + // Hit end of buffer? + + if (dstCharIndex >= theMaxDstStrLength) + { + theDstCStr[dstCharIndex++] = 0; + + goto EXITPOINT; + } + + // End of source string? + + else if (theSrcCStr[srcCharIndex] == 0) + { + theDstCStr[dstCharIndex++] = 0; + + goto EXITPOINT; + } + + // Did we find a '%s'? + + else if (theInsertCStrs != nil && theInsertCStrs[theCStrIndex] != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 's') + { + // Skip over the '%s' + + srcCharIndex += 2; + + + // Terminate the dest string and then concat the string + + theDstCStr[dstCharIndex] = 0; + + ConcatCStrToCStr(theInsertCStrs[theCStrIndex],theDstCStr,theMaxDstStrLength); + + dstCharIndex = CStrLength(theDstCStr); + + theCStrIndex++; + } + + // Did we find a '%ld'? + + else if (theLongInts != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 'l' && theSrcCStr[srcCharIndex + 2] == 'd') + { + // Skip over the '%ld' + + srcCharIndex += 3; + + + // Terminate the dest string and then concat the number + + theDstCStr[dstCharIndex] = 0; + + ConcatLongIntToCStr(theLongInts[theLongIntIndex],theDstCStr,theMaxDstStrLength); + + theLongIntIndex++; + + dstCharIndex = CStrLength(theDstCStr); + } + + else + { + theDstCStr[dstCharIndex++] = theSrcCStr[srcCharIndex++]; + } + } + } + + + +EXITPOINT: + + return; +} + + + + + +OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle) +{ +OSErr errCode; +long byteCount; + + + if (theHandle != nil) + { + byteCount = CStrLength(theSrcCStr) + CStrLength(theInsertCStr) + 32; + + *theHandle = NewHandle(byteCount); + + if (*theHandle == nil) + { + SetErrorMessageAndLongIntAndBail("CopyCStrAndInsertCStrLongIntIntoHandle: Can't allocate Handle, MemError() = ",MemError()); + } + + + HLock(*theHandle); + + CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,theInsertCStr,theNum,**theHandle,byteCount); + + HUnlock(*theHandle); + } + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + + + +OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength) +{ +OSErr errCode; +char *srcCharPtr,*dstCharPtr; +int wordCount; +int byteCount; + + + if (theSrcCStr == nil) + { + SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theSrcCStr == nil")); + } + + if (theDstCStr == nil) + { + SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theDstCStr == nil")); + } + + if (whichWord < 0) + { + SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, whichWord < 0")); + } + + if (maxDstCStrLength <= 0) + { + SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, maxDstCStrLength <= 0")); + } + + + *theDstCStr = '\0'; + + srcCharPtr = theSrcCStr; + + while (*srcCharPtr == ' ' || *srcCharPtr == '\t') + { + srcCharPtr++; + } + + + for (wordCount = 0;wordCount < whichWord;wordCount++) + { + while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0') + { + srcCharPtr++; + } + + if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0') + { + errCode = noErr; + + goto EXITPOINT; + } + + while (*srcCharPtr == ' ' || *srcCharPtr == '\t') + { + srcCharPtr++; + } + + if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0') + { + errCode = noErr; + + goto EXITPOINT; + } + } + + + dstCharPtr = theDstCStr; + byteCount = 0; + + + for(;;) + { + if (byteCount >= maxDstCStrLength - 1 || *srcCharPtr == '\0' || *srcCharPtr == ' ' || *srcCharPtr == '\t' || *srcCharPtr == '\r' || *srcCharPtr == '\n') + { + *dstCharPtr = '\0'; + break; + } + + *dstCharPtr++ = *srcCharPtr++; + + byteCount++; + } + + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + + + +OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle) +{ +OSErr errCode; +char *srcCharPtr; +int wordCount; +int byteCount; + + + if (theSrcCStr == nil) + { + SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, theSrcCStr == nil")); + } + + if (outTheHandle == nil) + { + SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, outTheHandle == nil")); + } + + if (whichWord < 0) + { + SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, whichWord < 0")); + } + + + *outTheHandle = nil; + + + srcCharPtr = theSrcCStr; + + while (*srcCharPtr == ' ' || *srcCharPtr == '\t') + { + srcCharPtr++; + } + + + for (wordCount = 0;wordCount < whichWord;wordCount++) + { + while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0') + { + srcCharPtr++; + } + + if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0') + { + break; + } + + while (*srcCharPtr == ' ' || *srcCharPtr == '\t') + { + srcCharPtr++; + } + + if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0') + { + break; + } + } + + + for (byteCount = 0;;byteCount++) + { + if (srcCharPtr[byteCount] == ' ' || srcCharPtr[byteCount] == '\t' || srcCharPtr[byteCount] == '\r' || srcCharPtr[byteCount] == '\n' || srcCharPtr[byteCount] == '\0') + { + break; + } + } + + + *outTheHandle = NewHandle(byteCount + 1); + + if (*outTheHandle == nil) + { + SetErrorMessageAndLongIntAndBail("CopyIndexedWordToNewHandle: Can't allocate Handle, MemError() = ",MemError()); + } + + + ::BlockMove(srcCharPtr,**outTheHandle,byteCount); + + (**outTheHandle)[byteCount] = '\0'; + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + +OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength) +{ +OSErr errCode; +int theCurrentLine; +int theCurrentLineOffset; +int theEOSOffset; + + + if (theSrcCStr == nil) + { + SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theSrcCStr == nil")); + } + + if (theDstCStr == nil) + { + SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theDstCStr == nil")); + } + + if (inWhichLine < 0) + { + SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, inWhichLine < 0")); + } + + if (maxDstCStrLength <= 0) + { + SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, maxDstCStrLength <= 0")); + } + + + if (gotLastLine != nil) + { + *gotLastLine = false; + } + + + *theDstCStr = 0; + + theCurrentLineOffset = 0; + + theCurrentLine = 0; + + + while (theCurrentLine < inWhichLine) + { + while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != 0) + { + theCurrentLineOffset++; + } + + if (theSrcCStr[theCurrentLineOffset] == 0) + { + break; + } + + theCurrentLineOffset++; + theCurrentLine++; + } + + if (theSrcCStr[theCurrentLineOffset] == 0) + { + SetErrorMessageAndLongIntAndBail("CopyIndexedLineToCStr: Too few lines in source text, can't get line ",inWhichLine); + } + + + theEOSOffset = FindCharOffsetInCStr('\r',theSrcCStr + theCurrentLineOffset); + + if (theEOSOffset >= 0) + { + CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength); + + if (gotLastLine != nil) + { + *gotLastLine = false; + } + + if (lineEndIndex != nil) + { + *lineEndIndex = theEOSOffset; + } + } + + else + { + theEOSOffset = CStrLength(theSrcCStr + theCurrentLineOffset); + + CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength); + + if (gotLastLine != nil) + { + *gotLastLine = true; + } + + if (lineEndIndex != nil) + { + *lineEndIndex = theEOSOffset; + } + } + + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + +OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle) +{ +OSErr errCode; +int theCurrentLine; +int theCurrentLineOffset; +int byteCount; + + + SetErrorMessageAndBailIfNil(theSrcCStr,"CopyIndexedLineToNewHandle: Bad parameter, theSrcCStr == nil"); + SetErrorMessageAndBailIfNil(outNewHandle,"CopyIndexedLineToNewHandle: Bad parameter, outNewHandle == nil"); + + if (inWhichLine < 0) + { + SetErrorMessageAndBail(("CopyIndexedLineToNewHandle: Bad parameter, inWhichLine < 0")); + } + + + theCurrentLineOffset = 0; + + theCurrentLine = 0; + + + while (theCurrentLine < inWhichLine) + { + while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != '\0') + { + theCurrentLineOffset++; + } + + if (theSrcCStr[theCurrentLineOffset] == '\0') + { + break; + } + + theCurrentLineOffset++; + theCurrentLine++; + } + + if (theSrcCStr[theCurrentLineOffset] == '\0') + { + SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Too few lines in source text, can't get line #",inWhichLine); + } + + + byteCount = 0; + + while (theSrcCStr[theCurrentLineOffset + byteCount] != '\r' && theSrcCStr[theCurrentLineOffset + byteCount] != '\0') + { + byteCount++; + } + + + *outNewHandle = NewHandle(byteCount + 1); + + if (*outNewHandle == nil) + { + SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Can't allocate Handle, MemError() = ",MemError()); + } + + ::BlockMove(theSrcCStr + theCurrentLineOffset,**outNewHandle,byteCount); + + (**outNewHandle)[byteCount] = '\0'; + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + + +OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits) +{ +OSErr errCode = noErr; +int numIntDigits = 0; +int numFractDigits = 0; +int digitIndex = 0; + + + SetErrorMessageAndBailIfNil(inCStr,"CountDigits: Bad parameter, theSrcCStr == nil"); + SetErrorMessageAndBailIfNil(outNumIntegerDigits,"CountDigits: Bad parameter, outNumIntegerDigits == nil"); + SetErrorMessageAndBailIfNil(outNumFractDigits,"CountDigits: Bad parameter, outNumFractDigits == nil"); + + digitIndex = 0; + + while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9') + { + digitIndex++; + numIntDigits++; + } + + if (inCStr[digitIndex] == '.') + { + digitIndex++; + + while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9') + { + digitIndex++; + numFractDigits++; + } + } + + *outNumIntegerDigits = numIntDigits; + + *outNumFractDigits = numFractDigits; + + errCode = noErr; + +EXITPOINT: + + return(errCode); +} + + + +OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces) +{ +OSErr errCode; +int theCharIndex; + + + if (theSrcCStr == nil) + { + SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr == nil")); + } + + if (outInt == nil) + { + SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, outInt == nil")); + } + + + *outInt = 0; + + theCharIndex = 0; + + if (skipLeadingSpaces == true) + { + while (theSrcCStr[theCharIndex] == ' ') + { + theCharIndex++; + } + } + + if (theSrcCStr[theCharIndex] < '0' || theSrcCStr[theCharIndex] > '9') + { + SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr contains a bogus numeric representation")); + } + + + while (theSrcCStr[theCharIndex] >= '0' && theSrcCStr[theCharIndex] <= '9') + { + *outInt = (*outInt * 10) + (theSrcCStr[theCharIndex] - '0'); + + theCharIndex++; + } + + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + +OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces) +{ +OSErr errCode; +char theCStr[256]; + + + if (theSrcPStr == nil) + { + SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, theSrcPStr == nil")); + } + + if (outInt == nil) + { + SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, outInt == nil")); + } + + + CopyPStrToCStr(theSrcPStr,theCStr,sizeof(theCStr)); + + + errCode = ExtractIntFromCStr(theCStr,outInt,skipLeadingSpaces); + + +EXITPOINT: + + return(errCode); +} + + + +int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr) +{ +int theSrcCharIndex; +int numOccurrences = -1; + + + if (inSrcCStr != nil && inChar != '\0') + { + numOccurrences = 0; + + for (theSrcCharIndex = 0;inSrcCStr[theSrcCharIndex] != '\0';theSrcCharIndex++) + { + if (inSrcCStr[theSrcCharIndex] == inChar) + { + numOccurrences++; + } + } + } + + return(numOccurrences); +} + + +int CountWordsInCStr(const char *inSrcCStr) +{ +int numWords = -1; + + + if (inSrcCStr != nil) + { + numWords = 0; + + // Skip lead spaces + + while (*inSrcCStr == ' ') + { + inSrcCStr++; + } + + while (*inSrcCStr != '\0') + { + numWords++; + + while (*inSrcCStr != ' ' && *inSrcCStr != '\0') + { + inSrcCStr++; + } + + while (*inSrcCStr == ' ') + { + inSrcCStr++; + } + } + } + + return(numWords); +} + + + + +void ConvertCStrToUpperCase(char *theSrcCStr) +{ +char *theCharPtr; + + + if (theSrcCStr != nil) + { + theCharPtr = theSrcCStr; + + while (*theCharPtr != 0) + { + if (*theCharPtr >= 'a' && *theCharPtr <= 'z') + { + *theCharPtr = *theCharPtr - 'a' + 'A'; + } + + theCharPtr++; + } + } +} + + + + + + + +void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim) +{ +int theItem; +int theSrcCharIndex; +int theDstCharIndex; + + + if (foundItem != nil) + { + *foundItem = false; + } + + + if (outDstCharPtr != nil && inDstCharPtrMaxLength > 0 && inItemNumber >= 0 && inItemDelimiter != 0) + { + *outDstCharPtr = 0; + + + theSrcCharIndex = 0; + + for (theItem = 0;theItem < inItemNumber;theItem++) + { + while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0') + { + theSrcCharIndex++; + } + + if (inSrcCStr[theSrcCharIndex] == inItemDelimiter) + { + theSrcCharIndex++; + + if (inTreatMultipleDelimsAsSingleDelim) + { + while (inSrcCStr[theSrcCharIndex] == inItemDelimiter) + { + theSrcCharIndex++; + } + } + } + + + if (inSrcCStr[theSrcCharIndex] == '\0') + { + goto EXITPOINT; + } + } + + + if (foundItem != nil) + { + *foundItem = true; + } + + + theDstCharIndex = 0; + + for (;;) + { + if (inSrcCStr[theSrcCharIndex] == 0 || inSrcCStr[theSrcCharIndex] == inItemDelimiter || theDstCharIndex >= inDstCharPtrMaxLength - 1) + { + outDstCharPtr[theDstCharIndex] = 0; + + break; + } + + outDstCharPtr[theDstCharIndex++] = inSrcCStr[theSrcCharIndex++]; + } + } + + +EXITPOINT: + + return; +} + + + +OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim) +{ +OSErr errCode; +int theItem; +int theSrcCharIndex; +int theItemLength; + + + if (inSrcCStr == nil) + { + SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inSrcCStr == nil"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (outNewHandle == nil) + { + SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, outNewHandle == nil"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (foundItem == nil) + { + SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, foundItem == nil"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (inItemNumber < 0) + { + SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemNumber < 0"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (inItemDelimiter == 0) + { + SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemDelimiter == 0"); + errCode = kGenericError; + goto EXITPOINT; + } + + + *foundItem = false; + + theSrcCharIndex = 0; + + for (theItem = 0;theItem < inItemNumber;theItem++) + { + while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0') + { + theSrcCharIndex++; + } + + if (inSrcCStr[theSrcCharIndex] == inItemDelimiter) + { + theSrcCharIndex++; + + if (inTreatMultipleDelimsAsSingleDelim) + { + while (inSrcCStr[theSrcCharIndex] == inItemDelimiter) + { + theSrcCharIndex++; + } + } + } + + + if (inSrcCStr[theSrcCharIndex] == '\0') + { + errCode = noErr; + + goto EXITPOINT; + } + } + + + *foundItem = true; + + + for (theItemLength = 0;;theItemLength++) + { + if (inSrcCStr[theSrcCharIndex + theItemLength] == 0 || inSrcCStr[theSrcCharIndex + theItemLength] == inItemDelimiter) + { + break; + } + } + + + *outNewHandle = NewHandle(theItemLength + 1); + + if (*outNewHandle == nil) + { + SetErrorMessageAndLongIntAndBail("ExtractCStrItemFromCStrIntoNewHandle: Can't allocate Handle, MemError() = ",MemError()); + } + + + BlockMove(inSrcCStr + theSrcCharIndex,**outNewHandle,theItemLength); + + (**outNewHandle)[theItemLength] = 0; + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + + + + +OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat) +{ +OSErr errCode; +Str255 theStr255; +Handle theNumberPartsTableHandle = nil; +long theNumberPartsOffset,theNumberPartsLength; +FormatResultType theFormatResultType; +NumberParts theNumberPartsTable; +NumFormatStringRec theNumFormatStringRec; + + + if (inCString == nil) + { + SetErrorMessage("ExtractFloatFromCStr: Bad parameter, inCString == nil"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (outFloat == nil) + { + SetErrorMessage("ExtractFloatFromCStr: Bad parameter, outFloat == nil"); + errCode = kGenericError; + goto EXITPOINT; + } + + +// GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength); + + GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength); + + if (theNumberPartsTableHandle == nil) + { + SetErrorMessage("ExtractFloatFromCStr: Can't get number parts table for converting string representations to/from numeric representations"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (theNumberPartsLength > sizeof(theNumberPartsTable)) + { + SetErrorMessage("ExtractFloatFromCStr: Number parts table has bad length"); + errCode = kGenericError; + goto EXITPOINT; + } + + + BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength); + + + theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec); + + if (theFormatResultType != fFormatOK) + { + SetErrorMessage("ExtractFloatFromCStr: StringToFormatRec() != fFormatOK"); + errCode = kGenericError; + goto EXITPOINT; + } + + + CopyCStrToPStr(inCString,theStr255,sizeof(theStr255)); + + + theFormatResultType = (FormatResultType) StringToExtended(theStr255,&theNumFormatStringRec,&theNumberPartsTable,outFloat); + + if (theFormatResultType != fFormatOK && theFormatResultType != fBestGuess) + { + SetErrorMessageAndLongIntAndBail("ExtractFloatFromCStr: StringToExtended() = ",theFormatResultType); + } + + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + +OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits,const int inMaxNumFractDigits) +{ +OSErr errCode; +Str255 theStr255; +Handle theNumberPartsTableHandle = nil; +long theNumberPartsOffset,theNumberPartsLength; +FormatResultType theFormatResultType; +NumberParts theNumberPartsTable; +NumFormatStringRec theNumFormatStringRec; + + + if (theCStr == nil) + { + SetErrorMessage("CopyFloatToCStr: Bad parameter, theCStr == nil"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (theFloat == nil) + { + SetErrorMessage("CopyFloatToCStr: Bad parameter, theFloat == nil"); + errCode = kGenericError; + goto EXITPOINT; + } + + +// GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength); + + GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength); + + if (theNumberPartsTableHandle == nil) + { + SetErrorMessage("CopyFloatToCStr: Can't get number parts table for converting string representations to/from numeric representations"); + errCode = kGenericError; + goto EXITPOINT; + } + + if (theNumberPartsLength > sizeof(theNumberPartsTable)) + { + SetErrorMessage("CopyFloatToCStr: Number parts table has bad length"); + errCode = kGenericError; + goto EXITPOINT; + } + + + BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength); + + + if (inMaxNumIntDigits >= 0 || inMaxNumFractDigits >= 0) + { + char numberFormat[64]; + int numberFormatLength = 0; + + for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++) + { + numberFormat[numberFormatLength++] = '0'; + } + + if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1) + { + numberFormat[numberFormatLength++] = '.'; + + for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++) + { + numberFormat[numberFormatLength++] = '0'; + } + } + + + if (numberFormatLength < sizeof(numberFormat) - 1) + { + numberFormat[numberFormatLength++] = ';'; + } + + if (numberFormatLength < sizeof(numberFormat) - 1) + { + numberFormat[numberFormatLength++] = '-'; + } + + + for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++) + { + numberFormat[numberFormatLength++] = '0'; + } + + if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1) + { + numberFormat[numberFormatLength++] = '.'; + + for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++) + { + numberFormat[numberFormatLength++] = '0'; + } + } + + numberFormat[numberFormatLength] = '\0'; + + + Str255 tempStr255; + + CopyCStrToPStr(numberFormat,tempStr255,sizeof(tempStr255)); + + theFormatResultType = (FormatResultType) StringToFormatRec(tempStr255,&theNumberPartsTable,&theNumFormatStringRec); + } + + else + { + theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec); + } + + if (theFormatResultType != fFormatOK) + { + SetErrorMessage("CopyFloatToCStr: StringToFormatRec() != fFormatOK"); + errCode = kGenericError; + goto EXITPOINT; + } + + + theFormatResultType = (FormatResultType) ExtendedToString(theFloat,&theNumFormatStringRec,&theNumberPartsTable,theStr255); + + if (theFormatResultType != fFormatOK) + { + SetErrorMessage("CopyFloatToCStr: ExtendedToString() != fFormatOK"); + errCode = kGenericError; + goto EXITPOINT; + } + + + CopyPStrToCStr(theStr255,theCStr,maxCStrLength); + + errCode = noErr; + + +EXITPOINT: + + return(errCode); +} + + + + + +void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL) +{ + if (ioSrcCharPtr != nil && *ioSrcCharPtr != nil) + { + if (inStopAtEOL) + { + while ((**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t') && **ioSrcCharPtr != '\r' && **ioSrcCharPtr != '\n') + { + *ioSrcCharPtr++; + } + } + + else + { + while (**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t') + { + *ioSrcCharPtr++; + } + } + } +} diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp new file mode 100644 index 00000000000..5045c41019c --- /dev/null +++ b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp @@ -0,0 +1,104 @@ +#pragma once + +#ifdef __cplusplus +extern "C" { +#endif + +void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength); +void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength); +void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength); +void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength); +void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength); +void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength); +void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength); +void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength); + +void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength); +void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength); + +int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true); +int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true); +int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true); + +Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true); +Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true); + +void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1); +void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength); +void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1); +void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength); + +void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1); +void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1); + +long CStrLength(const char *theCString); +long PStrLength(const unsigned char *thePString); + +OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle); +OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle); + +OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle); +OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle); +OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle); + +OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil); +OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil); +OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil); +OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil); + +void ZeroMem(void *theMemPtr,const unsigned long numBytes); + +char *FindCharInCStr(const char theChar,const char *theCString); +long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false); +long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false); + +void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength); +void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength); + +void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength); +void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength); +OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset); + +void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength); + +void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength); + +void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength); +void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength); +void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength); + +void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength); +OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle); + + +OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength); +OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle); + +OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength); +OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle); + +OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true); +OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true); + + +void ConvertCStrToUpperCase(char *theSrcCStr); + + +int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr); +int CountWordsInCStr(const char *inSrcCStr); + +OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits); + +void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false); +OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false); + + +OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat); +OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1); + +void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false); + + +#ifdef __cplusplus +} +#endif diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp new file mode 100644 index 00000000000..80b6a675f44 --- /dev/null +++ b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp @@ -0,0 +1,170 @@ +/* ==================================================================== + * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + + + #include "ErrorHandling.hpp" +#include "CPStringUtils.hpp" + +#ifdef __EXCEPTIONS_ENABLED__ + #include "CMyException.hpp" +#endif + + +static char gErrorMessageBuffer[512]; + +char *gErrorMessage = gErrorMessageBuffer; +int gErrorMessageMaxLength = sizeof(gErrorMessageBuffer); + + + +void SetErrorMessage(const char *theErrorMessage) +{ + if (theErrorMessage != nil) + { + CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength); + } +} + + +void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt) +{ + if (theErrorMessage != nil) + { + CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength); + } +} + +void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt) +{ + if (theErrorMessage != nil) + { + CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength); + } + +} + +void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr) +{ + if (theErrorMessage != nil) + { + CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength); + } +} + + +void AppendCStrToErrorMessage(const char *theErrorMessage) +{ + if (theErrorMessage != nil) + { + ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength); + } +} + + +void AppendLongIntToErrorMessage(const long theLongInt) +{ + ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength); +} + + + +char *GetErrorMessage(void) +{ + return gErrorMessage; +} + + +OSErr GetErrorMessageInNewHandle(Handle *inoutHandle) +{ +OSErr errCode; + + + errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle); + + return(errCode); +} + + +OSErr GetErrorMessageInExistingHandle(Handle inoutHandle) +{ +OSErr errCode; + + + errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle); + + return(errCode); +} + + + +OSErr AppendErrorMessageToHandle(Handle inoutHandle) +{ +OSErr errCode; + + + errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil); + + return(errCode); +} + + +#ifdef __EXCEPTIONS_ENABLED__ + +void ThrowErrorMessageException(void) +{ + ThrowDescriptiveException(gErrorMessage); +} + +#endif diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp new file mode 100644 index 00000000000..3036df7ee0b --- /dev/null +++ b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp @@ -0,0 +1,147 @@ +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef kGenericError + #define kGenericError -1 +#endif + +extern char *gErrorMessage; + + +void SetErrorMessage(const char *theErrorMessage); +void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt); +void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt); +void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr); +void AppendCStrToErrorMessage(const char *theErrorMessage); +void AppendLongIntToErrorMessage(const long theLongInt); + + +char *GetErrorMessage(void); +OSErr GetErrorMessageInNewHandle(Handle *inoutHandle); +OSErr GetErrorMessageInExistingHandle(Handle inoutHandle); +OSErr AppendErrorMessageToHandle(Handle inoutHandle); + + +#ifdef __EXCEPTIONS_ENABLED__ + void ThrowErrorMessageException(void); +#endif + + + +// A bunch of evil macros that would be uneccessary if I were always using C++ ! + +#define SetErrorMessageAndBailIfNil(theArg,theMessage) \ +{ \ + if (theArg == nil) \ + { \ + SetErrorMessage(theMessage); \ + errCode = kGenericError; \ + goto EXITPOINT; \ + } \ +} + + +#define SetErrorMessageAndBail(theMessage) \ +{ \ + SetErrorMessage(theMessage); \ + errCode = kGenericError; \ + goto EXITPOINT; \ +} + + +#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt) \ +{ \ + SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \ + errCode = kGenericError; \ + goto EXITPOINT; \ +} + + +#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt) \ +{ \ + if (theErrCode != noErr) \ + { \ + SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \ + errCode = theErrCode; \ + goto EXITPOINT; \ + } \ +} + + +#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt) \ +{ \ + if (theErrCode != noErr) \ + { \ + SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt); \ + errCode = theErrCode; \ + goto EXITPOINT; \ + } \ +} + + +#define SetErrorMessageAndCStrAndBail(theMessage,theCStr) \ +{ \ + SetErrorMessageAndCStr(theMessage,theCStr); \ + errCode = kGenericError; \ + goto EXITPOINT; \ +} + + +#define SetErrorMessageAndBailIfError(theErrCode,theMessage) \ +{ \ + if (theErrCode != noErr) \ + { \ + SetErrorMessage(theMessage); \ + errCode = theErrCode; \ + goto EXITPOINT; \ + } \ +} + + +#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt) \ +{ \ + if (theArg == nil) \ + { \ + SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \ + errCode = kGenericError; \ + goto EXITPOINT; \ + } \ +} + + +#define BailIfError(theErrCode) \ +{ \ + if ((theErrCode) != noErr) \ + { \ + goto EXITPOINT; \ + } \ +} + + +#define SetErrCodeAndBail(theErrCode) \ +{ \ + errCode = theErrCode; \ + \ + goto EXITPOINT; \ +} + + +#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage) \ +{ \ + SetErrorMessage(theMessage); \ + errCode = theErrCode; \ + goto EXITPOINT; \ +} + + +#define BailNow() \ +{ \ + errCode = kGenericError; \ + goto EXITPOINT; \ +} + + +#ifdef __cplusplus +} +#endif diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp new file mode 100644 index 00000000000..ed8e1cc962f --- /dev/null +++ b/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp @@ -0,0 +1,215 @@ +/* + * An demo illustrating how to retrieve a URI from a secure HTTP server. + * + * Author: Roy Wood + * Date: September 7, 1999 + * Comments: This relies heavily on my MacSockets library. + * This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this) + * to live in a folder called "OpenSSL-0.9.4" in this project's parent folder. For example: + * + * Macintosh HD: + * Development: + * OpenSSL-0.9.4: + * (OpenSSL sources here) + * OpenSSL Example: + * (OpenSSL example junk here) + * + * + * Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl" + * are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this! + */ +/* modified to seed the PRNG */ + + +// Include some funky libs I've developed over time + +#include "CPStringUtils.hpp" +#include "ErrorHandling.hpp" +#include "MacSocket.h" + + +// We use the OpenSSL implementation of SSL.... +// This was a lot of work to finally get going, though you wouldn't know it by the results! + +#include <openssl/ssl.h> +#include <openssl/err.h> +#include <openssl/rand.h> + +#include <timer.h> + +// Let's try grabbing some data from here: + +#define kHTTPS_DNS "www.apache-ssl.org" +#define kHTTPS_Port 443 +#define kHTTPS_URI "/" + + +// Forward-declare this + +OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr); + + + + + +// My idle-wait callback. Doesn't do much, does it? Silly cooperative multitasking. + +OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr) +{ +#pragma unused(inUserRefPtr) + +EventRecord theEvent; + + ::EventAvail(everyEvent,&theEvent); + + return(noErr); +} + + + +// Finally! + +void main(void) +{ +OSErr errCode; +int theSocket = -1; +int theTimeout = 30; + +SSL_CTX *ssl_ctx = nil; +SSL *ssl = nil; + +char tempString[256]; +UnsignedWide microTickCount; + +#warning -- USE A TRUE RANDOM SEED, AND ADD ENTROPY WHENEVER POSSIBLE. -- +const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*"; // Just gobbledygook + + printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n"); + + BailIfError(errCode = MacSocket_Startup()); + + + + // Create a socket-like object + + BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,nil)); + + + // Set up the connect string and try to connect + + CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString)); + + printf("Connecting to %s....\n",tempString); + + BailIfError(errCode = MacSocket_connect(theSocket,tempString)); + + + // Init SSL stuff + + SSL_load_error_strings(); + + SSLeay_add_ssl_algorithms(); + + + // Pick the SSL method + +// ssl_ctx = SSL_CTX_new(SSLv2_client_method()); + ssl_ctx = SSL_CTX_new(SSLv23_client_method()); +// ssl_ctx = SSL_CTX_new(SSLv3_client_method()); + + + RAND_seed (seed, sizeof (seed)); + Microseconds (µTickCount); + RAND_add (µTickCount, sizeof (microTickCount), 0); // Entropy is actually > 0, needs an estimate + + // Create an SSL thingey and try to negotiate the connection + + ssl = SSL_new(ssl_ctx); + + SSL_set_fd(ssl,theSocket); + + errCode = SSL_connect(ssl); + + if (errCode < 0) + { + SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode); + } + + // Request the URI from the host + + CopyCStrToCStr("GET ",tempString,sizeof(tempString)); + ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString)); + ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString)); + + + errCode = SSL_write(ssl,tempString,CStrLength(tempString)); + + if (errCode < 0) + { + SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode); + } + + + for (;;) + { + char tempString[256]; + int bytesRead; + + + // Read some bytes and dump them to the console + + bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1); + + if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket)) + { + break; + } + + else if (bytesRead < 0) + { + SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead); + } + + + tempString[bytesRead] = '\0'; + + printf(tempString); + } + + printf("\n\n\n"); + + // All done! + + errCode = noErr; + + +EXITPOINT: + + // Clean up and go home + + if (theSocket >= 0) + { + MacSocket_close(theSocket); + } + + if (ssl != nil) + { + SSL_free(ssl); + } + + if (ssl_ctx != nil) + { + SSL_CTX_free(ssl_ctx); + } + + + if (errCode != noErr) + { + printf("An error occurred:\n"); + + printf(GetErrorMessage()); + } + + + MacSocket_Shutdown(); +} diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp new file mode 100644 index 00000000000..aaf2a68ca9e --- /dev/null +++ b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp @@ -0,0 +1,1607 @@ +/* + * A simple socket-like package. + * This could undoubtedly be improved, since it does polling and busy-waiting. + * At least it uses asynch I/O and implements timeouts! + * + * Other funkiness includes the use of my own (possibly brain-damaged) error-handling infrastructure. + * + * -Roy Wood (roy@centricsystems.ca) + * + */ + + +/* ==================================================================== + * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + + + + +#include "MacSocket.h" + +#include <Threads.h> + +#include <OpenTransport.h> +#include <OpenTpTInternet.h> +#include <OpenTptClient.h> + + + +#include "CPStringUtils.hpp" +#include "ErrorHandling.hpp" + + +// #define MACSOCKET_DEBUG 1 + +#ifdef MACSOCKET_DEBUG + #include <stdio.h> +#endif + + + +extern int errno; + + +#define kMaxNumSockets 4 + + +struct SocketStruct +{ + Boolean mIsInUse; + + Boolean mEndpointIsBound; + + Boolean mLocalEndIsConnected; + Boolean mRemoteEndIsConnected; + + Boolean mReceivedTOpenComplete; + Boolean mReceivedTBindComplete; + Boolean mReceivedTConnect; + Boolean mReceivedTListen; + Boolean mReceivedTPassCon; + Boolean mReceivedTDisconnect; + Boolean mReceivedTOrdRel; + Boolean mReceivedTDisconnectComplete; + + long mTimeoutTicks; + long mOperationStartTicks; + + MacSocket_IdleWaitCallback mIdleWaitCallback; + void *mUserRefPtr; + + OTEventCode mExpectedCode; + OTResult mAsyncOperationResult; + + EndpointRef mEndPointRef; + TBind *mBindRequestedAddrInfo; + TBind *mAssignedAddrInfo; + TCall *mRemoteAddrInfo; + + Boolean mReadyToReadData; + Boolean mReadyToWriteData; + + Ptr mReadBuffer; + Ptr mWriteBuffer; + + int mLastError; + char mErrMessage[256]; +}; + +typedef struct SocketStruct SocketStruct; + + +static SocketStruct sSockets[kMaxNumSockets]; +static Boolean sSocketsSetup = false; + + + + +static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag); + +static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie); + +static Boolean SocketIndexIsValid(const int inSocketNum); + +static void InitSocket(SocketStruct *ioSocket); + +static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode); + +static Boolean TimeoutElapsed(const SocketStruct *inSocket); + +static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP); + + + +void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength) +{ + if (outSocketErrCode != nil) + { + *outSocketErrCode = -1; + } + + if (outSocketErrString != nil) + { + CopyCStrToCStr("",outSocketErrString,inSocketErrStringMaxLength); + } + + + if (SocketIndexIsValid(inSocketNum)) + { + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + + if (outSocketErrCode != nil) + { + *outSocketErrCode = theSocketStruct->mLastError; + } + + if (outSocketErrString != nil) + { + CopyCStrToCStr(theSocketStruct->mErrMessage,outSocketErrString,inSocketErrStringMaxLength); + } + } +} + + +void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr) +{ + if (SocketIndexIsValid(inSocketNum)) + { + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + theSocketStruct->mUserRefPtr = inNewRefPtr; + } +} + + + +void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength) +{ + if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum)) + { + char tempString[256]; + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + + CopyCStrToCStr("",tempString,sizeof(tempString)); + + if (theSocketStruct->mAssignedAddrInfo != nil) + { + InetAddress *theInetAddress = (InetAddress *) theSocketStruct->mAssignedAddrInfo->addr.buf; + InetHost theInetHost = theInetAddress->fHost; + + if (theInetHost == 0) + { + InetInterfaceInfo theInetInterfaceInfo; + + if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr) + { + theInetHost = theInetInterfaceInfo.fAddress; + } + } + + ::OTInetHostToString(theInetHost,tempString); + + ConcatCStrToCStr(":",tempString,sizeof(tempString)); + ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString)); + } + + CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength); + } +} + + + +void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength) +{ + if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum)) + { + char tempString[256]; + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + + CopyCStrToCStr("",tempString,sizeof(tempString)); + + if (theSocketStruct->mRemoteAddrInfo != nil) + { + InetAddress *theInetAddress = (InetAddress *) theSocketStruct->mRemoteAddrInfo->addr.buf; + InetHost theInetHost = theInetAddress->fHost; + + if (theInetHost == 0) + { + InetInterfaceInfo theInetInterfaceInfo; + + if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr) + { + theInetHost = theInetInterfaceInfo.fAddress; + } + } + + ::OTInetHostToString(theInetHost,tempString); + + ConcatCStrToCStr(":",tempString,sizeof(tempString)); + ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString)); + } + + CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength); + } +} + + + +Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum) +{ +Boolean theResult = false; + + if (SocketIndexIsValid(inSocketNum)) + { + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + theResult = theSocketStruct->mReceivedTOrdRel; + } + + return(theResult); +} + + + +Boolean MacSocket_ListenCompleted(const int inSocketNum) +{ +Boolean theResult = false; + + if (SocketIndexIsValid(inSocketNum)) + { + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + theResult = theSocketStruct->mReceivedTPassCon; + } + + return(theResult); +} + + + +Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum) +{ + if (SocketIndexIsValid(inSocketNum)) + { + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + return(theSocketStruct->mRemoteEndIsConnected); + } + + else + { + return(false); + } +} + + + +Boolean MacSocket_LocalEndIsOpen(const int inSocketNum) +{ + if (SocketIndexIsValid(inSocketNum)) + { + SocketStruct *theSocketStruct = &(sSockets[inSocketNum]); + + return(theSocketStruct->mLocalEndIsConnected); + } + + else + { + return(false); + } +} + + + +static Boolean TimeoutElapsed(const SocketStruct *inSocket) +{ +Boolean timeIsUp = false; + + if (inSocket != nil && inSocket->mTimeoutTicks > 0 && ::TickCount() > inSocket->mOperationStartTicks + inSocket->mTimeoutTicks) + { + timeIsUp = true; + } + + + return(timeIsUp); +} + + + +static Boolean SocketIndexIsValid(const int inSocketNum) +{ + if (inSocketNum >= 0 && inSocketNum < kMaxNumSockets && sSockets[inSocketNum].mEndPointRef != kOTInvalidEndpointRef) + { + return(true); + } + + else + { + return(false); + } +} + + + +static void InitSocket(SocketStruct *ioSocket) +{ + ioSocket->mIsInUse = false; + + ioSocket->mEndpointIsBound = false; + + ioSocket->mLocalEndIsConnected = false; + ioSocket->mRemoteEndIsConnected = false; + + ioSocket->mReceivedTOpenComplete = false; + ioSocket->mReceivedTBindComplete = false; + ioSocket->mReceivedTConnect = false; + ioSocket->mReceivedTListen = false; + ioSocket->mReceivedTPassCon = false; + ioSocket->mReceivedTDisconnect = false; + ioSocket->mReceivedTOrdRel = false; + ioSocket->mReceivedTDisconnectComplete = false; + + ioSocket->mTimeoutTicks = 30 * 60; + ioSocket->mOperationStartTicks = -1; + + ioSocket->mIdleWaitCallback = nil; + ioSocket->mUserRefPtr = nil; + + ioSocket->mExpectedCode = 0; + ioSocket->mAsyncOperationResult = noErr; + + ioSocket->mEndPointRef = kOTInvalidEndpointRef; + + ioSocket->mBindRequestedAddrInfo = nil; + ioSocket->mAssignedAddrInfo = nil; + ioSocket->mRemoteAddrInfo = nil; + + ioSocket->mReadyToReadData = false; + ioSocket->mReadyToWriteData = true; + + ioSocket->mReadBuffer = nil; + ioSocket->mWriteBuffer = nil; + + ioSocket->mLastError = noErr; + CopyCStrToCStr("",ioSocket->mErrMessage,sizeof(ioSocket->mErrMessage)); +} + + + +static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode) +{ + ioSocket->mOperationStartTicks = ::TickCount(); + + ioSocket->mAsyncOperationResult = noErr; + + ioSocket->mExpectedCode = inExpectedCode; +} + + +// The wait function.... + +static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag) +{ +OSErr errCode = noErr; +OTResult theOTResult = noErr; + + + SetErrorMessageAndBailIfNil(ioSocket,"MyBusyWait: Bad parameter, ioSocket = nil"); + SetErrorMessageAndBailIfNil(inAsyncOperationCompleteFlag,"MyBusyWait: Bad parameter, inAsyncOperationCompleteFlag = nil"); + + for (;;) + { + if (*inAsyncOperationCompleteFlag) + { + theOTResult = ioSocket->mAsyncOperationResult; + + break; + } + + if (ioSocket->mIdleWaitCallback != nil) + { + theOTResult = (*(ioSocket->mIdleWaitCallback))(ioSocket->mUserRefPtr); + + if (theOTResult != noErr && returnImmediatelyOnError) + { + break; + } + } + + if (TimeoutElapsed(ioSocket)) + { + theOTResult = kMacSocket_TimeoutErr; + + break; + } + } + + +EXITPOINT: + + if (outOTResult != nil) + { + *outOTResult = theOTResult; + } + + return(errCode); +} + + + +// I used to do thread switching, but stopped. It could easily be rolled back in though.... + +static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie) +{ +SocketStruct *theSocketStruct = (SocketStruct *) contextPtr; + + if (theSocketStruct != nil) + { + if (theSocketStruct->mExpectedCode != 0 && code == theSocketStruct->mExpectedCode) + { + theSocketStruct->mAsyncOperationResult = result; + + theSocketStruct->mExpectedCode = 0; + } + + + switch (code) + { + case T_OPENCOMPLETE: + { + theSocketStruct->mReceivedTOpenComplete = true; + + theSocketStruct->mEndPointRef = (EndpointRef) cookie; + + break; + } + + + case T_BINDCOMPLETE: + { + theSocketStruct->mReceivedTBindComplete = true; + + break; + } + + + case T_CONNECT: + { + theSocketStruct->mReceivedTConnect = true; + + theSocketStruct->mLocalEndIsConnected = true; + + theSocketStruct->mRemoteEndIsConnected = true; + + break; + } + + + case T_LISTEN: + { + theSocketStruct->mReceivedTListen = true; + + break; + } + + + case T_PASSCON: + { + theSocketStruct->mReceivedTPassCon = true; + + theSocketStruct->mLocalEndIsConnected = true; + + theSocketStruct->mRemoteEndIsConnected = true; + + break; + } + + + case T_DATA: + { + theSocketStruct->mReadyToReadData = true; + + break; + } + + case T_GODATA: + { + theSocketStruct->mReadyToWriteData = true; + + break; + } + + case T_DISCONNECT: + { + theSocketStruct->mReceivedTDisconnect = true; + + theSocketStruct->mRemoteEndIsConnected = false; + + theSocketStruct->mLocalEndIsConnected = false; + + ::OTRcvDisconnect(theSocketStruct->mEndPointRef,nil); + + break; + } + + case T_ORDREL: + { + theSocketStruct->mReceivedTOrdRel = true; + + // We can still write data, so don't clear mRemoteEndIsConnected + + ::OTRcvOrderlyDisconnect(theSocketStruct->mEndPointRef); + + break; + } + + case T_DISCONNECTCOMPLETE: + { + theSocketStruct->mReceivedTDisconnectComplete = true; + + theSocketStruct->mRemoteEndIsConnected = false; + + theSocketStruct->mLocalEndIsConnected = false; + + break; + } + } + } +/* +T_LISTEN OTListen +T_CONNECT OTRcvConnect +T_DATA OTRcv, OTRcvUData +T_DISCONNECT OTRcvDisconnect +T_ORDREL OTRcvOrderlyDisconnect +T_GODATA OTSnd, OTSndUData, OTLook +T_PASSCON none + +T_EXDATA OTRcv +T_GOEXDATA OTSnd, OTLook +T_UDERR OTRcvUDErr +*/ +} + + + +// Initialize the main socket data structure + +OSErr MacSocket_Startup(void) +{ + if (!sSocketsSetup) + { + for (int i = 0;i < kMaxNumSockets;i++) + { + InitSocket(&(sSockets[i])); + } + + ::InitOpenTransport(); + + sSocketsSetup = true; + } + + + return(noErr); +} + + + +// Cleanup before exiting + +OSErr MacSocket_Shutdown(void) +{ + if (sSocketsSetup) + { + for (int i = 0;i < kMaxNumSockets;i++) + { + SocketStruct *theSocketStruct = &(sSockets[i]); + + if (theSocketStruct->mIsInUse) + { + if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef) + { + OTResult theOTResult; + + + // Since we're killing the endpoint, I don't bother to send the disconnect (sorry!) + +/* + if (theSocketStruct->mLocalEndIsConnected) + { + // This is an abortive action, so we do a hard disconnect instead of an OTSndOrderlyDisconnect + + theOTResult = ::OTSndDisconnect(theSocketStruct->mEndPointRef, nil); + + // Now we have to watch for T_DISCONNECTCOMPLETE event + + theSocketStruct->mLocalEndIsConnected = false; + } +*/ + + theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef); + + + theSocketStruct->mEndPointRef = kOTInvalidEndpointRef; + } + + if (theSocketStruct->mBindRequestedAddrInfo != nil) + { + ::OTFree((void *) theSocketStruct->mBindRequestedAddrInfo,T_BIND); + + theSocketStruct->mBindRequestedAddrInfo = nil; + } + + if (theSocketStruct->mAssignedAddrInfo != nil) + { + ::OTFree((void *) theSocketStruct->mAssignedAddrInfo,T_BIND); + + theSocketStruct->mAssignedAddrInfo = nil; + } + + if (theSocketStruct->mRemoteAddrInfo != nil) + { + ::OTFree((void *) theSocketStruct->mRemoteAddrInfo,T_CALL); + + theSocketStruct->mRemoteAddrInfo = nil; + } + + + } + } + + ::CloseOpenTransport(); + + sSocketsSetup = false; + } + + return(noErr); +} + + + + + + +// Allocate a socket + +OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr) +{ +// Gotta roll support back in for threads eventually..... + +#pragma unused(inDoThreadSwitching) + + +OSErr errCode = noErr; + + + SetErrorMessageAndBailIfNil(outSocketNum,"MacSocket_socket: Bad parameter, outSocketNum == nil"); + + *outSocketNum = -1; + + + // Find an unused socket + + for (int i = 0;i < kMaxNumSockets;i++) + { + if (sSockets[i].mIsInUse == false) + { + OTResult theOTResult; + SocketStruct *theSocketStruct = &(sSockets[i]); + + + InitSocket(theSocketStruct); + + theSocketStruct->mIdleWaitCallback = inIdleWaitCallback; + theSocketStruct->mUserRefPtr = inUserRefPtr; + + theSocketStruct->mTimeoutTicks = inTimeoutTicks; + + + // Set up OT endpoint + + PrepareForAsyncOperation(theSocketStruct,T_OPENCOMPLETE); + + theOTResult = ::OTAsyncOpenEndpoint(OTCreateConfiguration(kTCPName),0,nil,OTNonYieldingNotifier,(void *) theSocketStruct); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult); + + BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOpenComplete))); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult); + + + *outSocketNum = i; + + errCode = noErr; + + theSocketStruct->mIsInUse = true; + + break; + } + + else if (i == kMaxNumSockets - 1) + { + SetErrorMessageAndBail("MacSocket_socket: No sockets available"); + } + } + + +EXITPOINT: + + errno = errCode; + + return(errCode); +} + + + + +OSErr MacSocket_listen(const int inSocketNum,const int inPortNum) +{ +OSErr errCode = noErr; +SocketStruct *theSocketStruct = nil; + + + if (!SocketIndexIsValid(inSocketNum)) + { + SetErrorMessageAndBail("MacSocket_listen: Invalid socket number specified"); + } + + + theSocketStruct = &(sSockets[inSocketNum]); + + +OTResult theOTResult; + + + if (theSocketStruct->mBindRequestedAddrInfo == nil) + { + theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult); + SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil"); + } + + if (theSocketStruct->mAssignedAddrInfo == nil) + { + theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult); + SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil"); + } + + if (theSocketStruct->mRemoteAddrInfo == nil) + { + theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult); + SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() returned nil"); + } + + + if (!theSocketStruct->mEndpointIsBound) + { + InetInterfaceInfo theInetInterfaceInfo; + + theOTResult = ::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't determine OT interface info, OTInetGetInterfaceInfo() = ",theOTResult); + + + InetAddress *theInetAddress = (InetAddress *) theSocketStruct->mBindRequestedAddrInfo->addr.buf; + +// theInetAddress->fAddressType = AF_INET; +// theInetAddress->fPort = inPortNum; +// theInetAddress->fHost = theInetInterfaceInfo.fAddress; + + ::OTInitInetAddress(theInetAddress,inPortNum,theInetInterfaceInfo.fAddress); + + theSocketStruct->mBindRequestedAddrInfo->addr.len = sizeof(InetAddress); + + theSocketStruct->mBindRequestedAddrInfo->qlen = 1; + + + theOTResult = ::OTSetSynchronous(theSocketStruct->mEndPointRef); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetSynchronous() = ",theOTResult); + + theOTResult = NegotiateIPReuseAddrOption(theSocketStruct->mEndPointRef,true); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT IP address reuse flag, NegotiateIPReuseAddrOption() = ",theOTResult); + + theOTResult = ::OTSetAsynchronous(theSocketStruct->mEndPointRef); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetAsynchronous() = ",theOTResult); + + + PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE); + + theOTResult = ::OTBind(theSocketStruct->mEndPointRef,theSocketStruct->mBindRequestedAddrInfo,theSocketStruct->mAssignedAddrInfo); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult); + + BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete))); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult); + + + theSocketStruct->mEndpointIsBound = true; + } + + + PrepareForAsyncOperation(theSocketStruct,T_LISTEN); + + theOTResult = ::OTListen(theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo); + + if (theOTResult == noErr) + { + PrepareForAsyncOperation(theSocketStruct,T_PASSCON); + + theOTResult = ::OTAccept(theSocketStruct->mEndPointRef,theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't begin OT accept, OTAccept() = ",theOTResult); + + BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTPassCon))); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't accept OT connection, OTAccept() = ",theOTResult); + } + + else if (theOTResult == kOTNoDataErr) + { + theOTResult = noErr; + } + + else + { + SetErrorMessageAndLongIntAndBail("MacSocket_listen: Can't begin OT listen, OTListen() = ",theOTResult); + } + + + errCode = noErr; + + +EXITPOINT: + + if (theSocketStruct != nil) + { + theSocketStruct->mLastError = noErr; + + CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + + if (errCode != noErr) + { + theSocketStruct->mLastError = errCode; + + CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + } + } + + errno = errCode; + + return(errCode); +} + + + + +OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort) +{ +OSErr errCode = noErr; +SocketStruct *theSocketStruct = nil; + + + if (!SocketIndexIsValid(inSocketNum)) + { + SetErrorMessageAndBail("MacSocket_connect: Invalid socket number specified"); + } + + theSocketStruct = &(sSockets[inSocketNum]); + + if (theSocketStruct->mEndpointIsBound) + { + SetErrorMessageAndBail("MacSocket_connect: Socket previously bound"); + } + + +OTResult theOTResult; + + theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult); + SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil"); + + + theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult); + SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil"); + + + theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult); + SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() returned nil"); + + + PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE); + + theOTResult = ::OTBind(theSocketStruct->mEndPointRef,nil,theSocketStruct->mAssignedAddrInfo); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult); + + BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete))); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult); + + theSocketStruct->mEndpointIsBound = true; + + +TCall sndCall; +DNSAddress hostDNSAddress; + + // Set up target address + + sndCall.addr.buf = (UInt8 *) &hostDNSAddress; + sndCall.addr.len = ::OTInitDNSAddress(&hostDNSAddress,inTargetAddressAndPort); + sndCall.opt.buf = nil; + sndCall.opt.len = 0; + sndCall.udata.buf = nil; + sndCall.udata.len = 0; + sndCall.sequence = 0; + + // Connect! + + PrepareForAsyncOperation(theSocketStruct,T_CONNECT); + + theOTResult = ::OTConnect(theSocketStruct->mEndPointRef,&sndCall,nil); + + if (theOTResult == kOTNoDataErr) + { + theOTResult = noErr; + } + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult); + + BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTConnect))); + + if (theOTResult == kMacSocket_TimeoutErr) + { + SetErrorMessageAndBail("MacSocket_connect: Can't connect OT endpoint, OTConnect() = kMacSocket_TimeoutErr"); + } + + else + { + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult); + } + + theOTResult = ::OTRcvConnect(theSocketStruct->mEndPointRef,nil); + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't complete connect on OT endpoint, OTRcvConnect() = ",theOTResult); + + + errCode = noErr; + + +#ifdef MACSOCKET_DEBUG + printf("MacSocket_connect: connect completed\n"); +#endif + +EXITPOINT: + + if (theSocketStruct != nil) + { + theSocketStruct->mLastError = noErr; + + CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + + if (errCode != noErr) + { + theSocketStruct->mLastError = errCode; + + CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + } + } + + errno = errCode; + + return(errCode); +} + + + + +// Close a connection + +OSErr MacSocket_close(const int inSocketNum) +{ +OSErr errCode = noErr; +SocketStruct *theSocketStruct = nil; + + + if (!SocketIndexIsValid(inSocketNum)) + { + SetErrorMessageAndBail("MacSocket_close: Invalid socket number specified"); + } + + + theSocketStruct = &(sSockets[inSocketNum]); + + if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef) + { + OTResult theOTResult = noErr; + + // Try to play nice + + if (theSocketStruct->mReceivedTOrdRel) + { + // Already did an OTRcvOrderlyDisconnect() in the notifier + + if (theSocketStruct->mLocalEndIsConnected) + { + theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef); + + theSocketStruct->mLocalEndIsConnected = false; + } + } + + else if (theSocketStruct->mLocalEndIsConnected) + { + theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef); + + theSocketStruct->mLocalEndIsConnected = false; + + // Wait for other end to hang up too! + +// PrepareForAsyncOperation(theSocketStruct,T_ORDREL); +// +// errCode = MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOrdRel)); + } + + + if (theOTResult != noErr) + { + ::OTCloseProvider(theSocketStruct->mEndPointRef); + } + + else + { + theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef); + } + + theSocketStruct->mEndPointRef = kOTInvalidEndpointRef; + + errCode = theOTResult; + } + + + theSocketStruct->mIsInUse = false; + + +EXITPOINT: + + if (theSocketStruct != nil) + { + theSocketStruct->mLastError = noErr; + + CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + + if (errCode != noErr) + { + theSocketStruct->mLastError = errCode; + + CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + } + } + + errno = errCode; + + return(errCode); +} + + + + +// Receive some bytes + +int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock) +{ +OSErr errCode = noErr; +int totalBytesRead = 0; +SocketStruct *theSocketStruct = nil; + + + SetErrorMessageAndBailIfNil(outBuff,"MacSocket_recv: Bad parameter, outBuff = nil"); + + if (outBuffLength <= 0) + { + SetErrorMessageAndBail("MacSocket_recv: Bad parameter, outBuffLength <= 0"); + } + + if (!SocketIndexIsValid(inSocketNum)) + { + SetErrorMessageAndBail("MacSocket_recv: Invalid socket number specified"); + } + + theSocketStruct = &(sSockets[inSocketNum]); + + if (!theSocketStruct->mLocalEndIsConnected) + { + SetErrorMessageAndBail("MacSocket_recv: Socket not connected"); + } + + if (theSocketStruct->mReceivedTOrdRel) + { + totalBytesRead = 0; + + goto EXITPOINT; + } + + + PrepareForAsyncOperation(theSocketStruct,0); + + for (;;) + { + int bytesRead; + OTResult theOTResult; + + + theOTResult = ::OTRcv(theSocketStruct->mEndPointRef,(void *) ((unsigned long) outBuff + (unsigned long) totalBytesRead),outBuffLength - totalBytesRead,nil); + + if (theOTResult >= 0) + { + bytesRead = theOTResult; + +#ifdef MACSOCKET_DEBUG + printf("MacSocket_recv: read %d bytes in part\n",bytesRead); +#endif + } + + else if (theOTResult == kOTNoDataErr) + { + bytesRead = 0; + } + + else + { + SetErrorMessageAndLongIntAndBail("MacSocket_recv: Can't receive OT data, OTRcv() = ",theOTResult); + } + + + totalBytesRead += bytesRead; + + + if (totalBytesRead <= 0) + { + if (theSocketStruct->mReceivedTOrdRel) + { + break; + } + + // This seems pretty stupid to me now. Maybe I'll delete this blocking garbage. + + if (inBlock) + { + if (TimeoutElapsed(theSocketStruct)) + { + SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_recv: Receive operation timed-out"); + } + + if (theSocketStruct->mIdleWaitCallback != nil) + { + theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr); + + SetErrorMessageAndBailIfError(theOTResult,"MacSocket_recv: User cancelled operation"); + } + + continue; + } + } + + + break; + } + + errCode = noErr; + + +#ifdef MACSOCKET_DEBUG + printf("MacSocket_recv: read %d bytes in total\n",totalBytesRead); +#endif + + +EXITPOINT: + + if (theSocketStruct != nil) + { + theSocketStruct->mLastError = noErr; + + CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + + if (errCode != noErr) + { + theSocketStruct->mLastError = errCode; + + CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + } + } + + errno = errCode; + + return(totalBytesRead); +} + + + +// Send some bytes + +int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength) +{ +OSErr errCode = noErr; +int bytesSent = 0; +SocketStruct *theSocketStruct = nil; + + + SetErrorMessageAndBailIfNil(inBuff,"MacSocket_send: Bad parameter, inBuff = nil"); + + if (inBuffLength <= 0) + { + SetErrorMessageAndBail("MacSocket_send: Bad parameter, inBuffLength <= 0"); + } + + if (!SocketIndexIsValid(inSocketNum)) + { + SetErrorMessageAndBail("MacSocket_send: Invalid socket number specified"); + } + + + theSocketStruct = &(sSockets[inSocketNum]); + + if (!theSocketStruct->mLocalEndIsConnected) + { + SetErrorMessageAndBail("MacSocket_send: Socket not connected"); + } + + +OTResult theOTResult; + + + PrepareForAsyncOperation(theSocketStruct,0); + + while (bytesSent < inBuffLength) + { + if (theSocketStruct->mIdleWaitCallback != nil) + { + theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr); + + SetErrorMessageAndBailIfError(theOTResult,"MacSocket_send: User cancelled"); + } + + + theOTResult = ::OTSnd(theSocketStruct->mEndPointRef,(void *) ((unsigned long) inBuff + bytesSent),inBuffLength - bytesSent,0); + + if (theOTResult >= 0) + { + bytesSent += theOTResult; + + theOTResult = noErr; + + // Reset timer.... + + PrepareForAsyncOperation(theSocketStruct,0); + } + + if (theOTResult == kOTFlowErr) + { + if (TimeoutElapsed(theSocketStruct)) + { + SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_send: Send timed-out") + } + + theOTResult = noErr; + } + + SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_send: Can't send OT data, OTSnd() = ",theOTResult); + } + + + errCode = noErr; + +#ifdef MACSOCKET_DEBUG + printf("MacSocket_send: sent %d bytes\n",bytesSent); +#endif + + +EXITPOINT: + + if (theSocketStruct != nil) + { + theSocketStruct->mLastError = noErr; + + CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + + if (errCode != noErr) + { + theSocketStruct->mLastError = errCode; + + CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage)); + } + } + + if (errCode != noErr) + { + ::SysBeep(1); + } + + errno = errCode; + + return(bytesSent); +} + + + + + +static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP) +{ +OSStatus errCode; +UInt8 buf[kOTFourByteOptionSize]; +TOption* theOTOption; +TOptMgmt theOTRequest; +TOptMgmt theOTResult; + + + if (!OTIsSynchronous(inEndpoint)) + { + SetErrorMessageAndBail("NegotiateIPReuseAddrOption: Open Transport endpoint is not synchronous"); + } + + theOTRequest.opt.buf = buf; + theOTRequest.opt.len = sizeof(buf); + theOTRequest.flags = T_NEGOTIATE; + + theOTResult.opt.buf = buf; + theOTResult.opt.maxlen = kOTFourByteOptionSize; + + + theOTOption = (TOption *) buf; + + theOTOption->level = INET_IP; + theOTOption->name = IP_REUSEADDR; + theOTOption->len = kOTFourByteOptionSize; + theOTOption->status = 0; + *((UInt32 *) (theOTOption->value)) = inEnableReuseIP; + + errCode = ::OTOptionManagement(inEndpoint,&theOTRequest,&theOTResult); + + if (errCode == kOTNoError) + { + if (theOTOption->status != T_SUCCESS) + { + errCode = theOTOption->status; + } + + else + { + errCode = kOTNoError; + } + } + + +EXITPOINT: + + errno = errCode; + + return(errCode); +} + + + + + +// Some rough notes.... + + + +// OTAckSends(ep); +// OTAckSends(ep) // enable AckSend option +// ...... +// buf = OTAllocMem( nbytes); // Allocate nbytes of memory from OT +// OTSnd(ep, buf, nbytes, 0); // send a packet +// ...... +// NotifyProc( .... void* theParam) // Notifier Proc +// case T_MEMORYRELEASED: // process event +// OTFreeMem( theParam); // free up memory +// break; + + + +/* +struct InetInterfaceInfo +{ + InetHost fAddress; + InetHost fNetmask; + InetHost fBroadcastAddr; + InetHost fDefaultGatewayAddr; + InetHost fDNSAddr; + UInt16 fVersion; + UInt16 fHWAddrLen; + UInt8* fHWAddr; + UInt32 fIfMTU; + UInt8* fReservedPtrs[2]; + InetDomainName fDomainName; + UInt32 fIPSecondaryCount; + UInt8 fReserved[252]; +}; +typedef struct InetInterfaceInfo InetInterfaceInfo; + + + +((InetAddress *) addr.buf)->fHost + +struct TBind +{ + TNetbuf addr; + OTQLen qlen; +}; + +typedef struct TBind TBind; + +struct TNetbuf +{ + size_t maxlen; + size_t len; + UInt8* buf; +}; + +typedef struct TNetbuf TNetbuf; + + + struct InetAddress +{ + OTAddressType fAddressType; // always AF_INET + InetPort fPort; // Port number + InetHost fHost; // Host address in net byte order + UInt8 fUnused[8]; // Traditional unused bytes +}; +typedef struct InetAddress InetAddress; +*/ + + + +/* +static pascal void Notifier(void* context, OTEventCode event, OTResult result, void* cookie) +{ +EPInfo* epi = (EPInfo*) context; + + switch (event) + { + case T_LISTEN: + { + DoListenAccept(); + return; + } + + case T_ACCEPTCOMPLETE: + { + if (result != kOTNoError) + DBAlert1("Notifier: T_ACCEPTCOMPLETE - result %d",result); + return; + } + + case T_PASSCON: + { + if (result != kOTNoError) + { + DBAlert1("Notifier: T_PASSCON result %d", result); + return; + } + + OTAtomicAdd32(1, &gCntrConnections); + OTAtomicAdd32(1, &gCntrTotalConnections); + OTAtomicAdd32(1, &gCntrIntervalConnects); + + if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 ) + { + ReadData(epi); + } + + return; + } + + case T_DATA: + { + if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 ) + { + ReadData(epi); + } + + return; + } + + case T_GODATA: + { + SendData(epi); + return; + } + + case T_DISCONNECT: + { + DoRcvDisconnect(epi); + return; + } + + case T_DISCONNECTCOMPLETE: + { + if (result != kOTNoError) + DBAlert1("Notifier: T_DISCONNECT_COMPLETE result %d",result); + + return; + } + + case T_MEMORYRELEASED: + { + OTAtomicAdd32(-1, &epi->outstandingSends); + return; + } + + default: + { + DBAlert1("Notifier: unknown event <%x>", event); + return; + } + } +} +*/ diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h new file mode 100644 index 00000000000..6e90a5bb447 --- /dev/null +++ b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h @@ -0,0 +1,103 @@ +#pragma once + + +#ifdef __cplusplus +extern "C" { +#endif + + + +enum +{ + kMacSocket_TimeoutErr = -2 +}; + + +// Since MacSocket does busy waiting, I do a callback while waiting + +typedef OSErr (*MacSocket_IdleWaitCallback)(void *); + + +// Call this before anything else! + +OSErr MacSocket_Startup(void); + + +// Call this to cleanup before quitting + +OSErr MacSocket_Shutdown(void); + + +// Call this to allocate a "socket" (reference number is returned in outSocketNum) +// Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it +// The inTimeoutTicks parameter is applied during reads/writes of data +// The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods +// The inUserRefPtr parameter is passed back to the idle-wait callback + +OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr); + + +// Call this to connect to an IP/DNS address +// Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123 + +OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort); + + +// Call this to listen on a port +// Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen + +OSErr MacSocket_listen(const int inSocketNum,const int inPortNum); + + +// Call this to close a socket + +OSErr MacSocket_close(const int inSocketNum); + + +// Call this to receive data on a socket +// Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately + +int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock); + + +// Call this to send data on a socket + +int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength); + + +// If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close +// This function will let you check whether that's true or not + +Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum); + + +// Call this to see if the listen has completed after a call to MacSocket_listen() + +Boolean MacSocket_ListenCompleted(const int inSocketNum); + + +// These really aren't very useful anymore + +Boolean MacSocket_LocalEndIsOpen(const int inSocketNum); +Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum); + + +// You may wish to change the userRefPtr for a socket callback-- use this to do it + +void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr); + + +// Call these to get the socket's IP:port descriptor + +void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength); +void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength); + + +// Call this to get error info from a socket + +void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength); + + +#ifdef __cplusplus +} +#endif diff --git a/lib/libssl/src/MacOS/OpenSSL.mcp.hqx b/lib/libssl/src/MacOS/OpenSSL.mcp.hqx new file mode 100644 index 00000000000..2efa49ac014 --- /dev/null +++ b/lib/libssl/src/MacOS/OpenSSL.mcp.hqx @@ -0,0 +1,4880 @@ +(This file must be converted with BinHex 4.0) + +:#dp`C@j68d`ZE@0`!%e08(*$9dP&!!!!!j)H!!!!!)X-Bfp[E!!!!!-!!!%S!!0 +ipJ!$HKi!!"J!!!!"!!%#!3!!!!!!!!!!!%0[C'9ABA*bD@pb)&"bEfTPBh3!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(CA4)9&4 +38b"38%-k4'9LG@GRCA)J8R9ZG'PYC3"(CA4)9&438b"38%-k8fpeFQ0P)&4bC@9 +c!%GPG%K89&"6)&"33cT$GA0dEfdJ5f9jGfpbC(-!4f9d5&488&-J8&"$1N&MBf9 +cFb"3BA4SF`"(CA4)9&438b"38%-k9'&bCf9d)&0PG(4TEQGc!%GPG%K89&"6)&" +33cT'D@aP)%eKF("TEQGc!%GPG%K89&"6)&"33cT#G@PXC#"&H(4bBA-!4f9d5&4 +88&-J8&"$1N4PBR9RCf9b)&4KFQGPG!"(CA4)9&438b"38%-k0MK,)%0[C'9(C@i +!4f9d5&488&-J8&"$1MBi5b"%DA0KFh0PE@*XCA)!4f9d5&488&-J8&"$1MBi5b" +(E'pLB@`J6h"dD@eTHQ9b!%GPG%K89&"6)&"33cSf1%XJ6'PZDf9b!%GPG%K89&" +6)&"33cSf1%XJ8(*[DQ9MG!"(CA4)9&438b"38%-k3bp$+bXJ3fpYF'PXCA)!4f9 +d5&488&-J8&"$1N-[3bXV)&GKFQjTEQGc!%GPG%K89&"6)&"33cT$4Ndf1%X!4f9 +d5&488&-J8&"$1NeKBdp6)%ePFQGP)&"KEQ9X!%GPG%K89&"6)&"33cT38%-J3fp +NC8GPEJ"(CA4)9&438b"38%-k8&"$)%4TFf&cFf9YBQaPFJ"(CA4)9&438b"38%- +k8&"$)%GXEf*KE#"2F(4TE@PkCA)!4f9d5&488&-J8&"$1P"33b"-D@jVCA)!4f9 +d5&488&-J8&"$1P"33b"348B!4f9d5&488&-J8&"$1P"33b"3FQpUC@0d!%GPG%K +89&"6)&"33cT38%0"FfdJ8'&ZC@`!4f9d5&488&-J8&"$1P*PHL"$Efe`D@aPFJ" +2F'9Z8e0-)&"33cT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J8&"$1P0[GA*MC5" +8FQ9PF`"2F'9Z8e0-)&"33cT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#"38%-k3@0 +MCA0c)&"KG'Kc!%p`C@j68d`J8&"$1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)&" +33cT'D@aP)%eKF("TEQGc!%p`C@j68d`J8&"$1N*eD@aN)%9iG(*KF`"2F'9Z8e0 +-)&"33cT%C@*eCfGPFL"8BA*RCA3!6h"PEP066#"38%-k0MK,)%0[C'9(C@i!6h" +PEP066#"38%-k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)&"33cSf1%XJ4fa[BQ& +X)%p`G'PYDATPFJ"2F'9Z8e0-)&"33cSf1%XJ6'PZDf9b!%p`C@j68d`J8&"$1MB +i5b"3FQpUC@0d!%p`C@j68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J8&" +$1N-[3bXV)&GKFQjTEQGc!%p`C@j68d`J8&"$1N0'66Bi5`"2F'9Z8e0-)&"33cT +0B@028b"0CA*RC5"3B@jPE!"2F'9Z8e0-)&"33cT38%-J3fpNC8GPEJ"2F'9Z8e0 +-)&"33cT38%-J4'PcBA0cC@eLE'9b!%p`C@j68d`J8&"$1P"33b"(E'pLB@`J6h" +dD@eTHQ9b!%p`C@j68d`J8&"$1P"33b"-D@jVCA)!6h"PEP066#"38%-k8&"$)&" +&4J"2F'9Z8e0-)&"33cT38%-J8(*[DQ9MG!"2F'9Z8e0-)&"33cT38%0"FfdJ8'& +ZC@`!6h"PEP066#"38%-k8Q9k)%0[EA"TE'9b!%GPG%K89&"6)$Bi5cT%C@*eCfG +PFL"5G@jdD@eP!%GPG%K89&"6)$Bi5cT6Eh9bBf8J9(*PCA-!4f9d5&488&-J0MK +,1N0eFh4[E5",CAPhEh*NF`"(CA4)9&438b!f1%Xk3@0MCA0c)&"KG'Kc!%GPG%K +89&"6)$Bi5cT8BA*RCA3J8f9dG'PZCh-!4f9d5&488&-J0MK,1NCTE'8J6@&`F'P +ZCh-!4f9d5&488&-J0MK,1N*eD@aN)%9iG(*KF`"(CA4)9&438b!f1%Xk4'9LG@G +RCA)J9'&bCf9d!%GPG%K89&"6)$Bi5cSf1%XJ3fpNC8GPEJ"(CA4)9&438b!f1%X +k0MK,)%4TFf&cFf9YBQaPFJ"(CA4)9&438b!f1%Xk0MK,)%GXEf*KE#"2F(4TE@P +kCA)!4f9d5&488&-J0MK,1MBi5b"-D@jVCA)!4f9d5&488&-J0MK,1MBi5b"3FQp +UC@0d!%GPG%K89&"6)$Bi5cT$,d-V+b"$Efe`D@aPFJ"(CA4)9&438b!f1%Xk3bp +$+bXJ9f&bEQPZCh-!4f9d5&488&-J0MK,1N0'66Bi5`"(CA4)9&438b!f1%Xk6@& +M6e-J6@9bCf8J8'&ZC@`!4f9d5&488&-J0MK,1P"33b"$Ef4P4f9Z!%GPG%K89&" +6)$Bi5cT38%-J4'PcBA0cC@eLE'9b!%GPG%K89&"6)$Bi5cT38%-J4fa[BQ&X)%p +`G'PYDATPFJ"(CA4)9&438b!f1%Xk8&"$)%aTEQYPFJ"(CA4)9&438b!f1%Xk8&" +$)&"&4J"(CA4)9&438b!f1%Xk8&"$)&"bEfTPBh3!4f9d5&488&-J0MK,1P"33d& +cE5"3B@jPE!"(CA4)9&438b!f1%Xk8Q9k)%0[EA"TE'9b!%aTBP066#!f1%Xk4'9 +LG@GRCA)J8R9ZG'PYC3"-D@*68d`J0MK,1P0[GA*MC5"8FQ9PF`"-D@*68d`J0MK +,1N0eFh4[E5",CAPhEh*NF`"-D@*68d`J0MK,1N&MBf9cFb"3BA4SF`"-D@*68d` +J0MK,1P4KFQGPG#"6CA4dD@jRF`"-D@*68d`J0MK,1NCTE'8J6@&`F'PZCh-!6'P +L8e0-)$Bi5cT#G@PXC#"&H(4bBA-!6'PL8e0-)$Bi5cT%C@*eCfGPFL"8BA*RCA3 +!6'PL8e0-)$Bi5cSf1%XJ3fpNC8GPEJ"-D@*68d`J0MK,1MBi5b"%DA0KFh0PE@* +XCA)!6'PL8e0-)$Bi5cSf1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J0MK,1MB +i5b"-D@jVCA)!6'PL8e0-)$Bi5cSf1%XJ8(*[DQ9MG!"-D@*68d`J0MK,1N-[3bX +V)%0[EA"TE'9b!%aTBP066#!f1%Xk3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)$Bi5cT +$4Ndf1%X!6'PL8e0-)$Bi5cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J0MK,1P" +33b"$Ef4P4f9Z!%aTBP066#!f1%Xk8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J0MK +,1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%aTBP066#!f1%Xk8&"$)%aTEQYPFJ"-D@* +68d`J0MK,1P"33b"348B!6'PL8e0-)$Bi5cT38%-J8(*[DQ9MG!"-D@*68d`J0MK +,1P"33d&cE5"3B@jPE!"-D@*68d`J0MK,1P*PHL"$Efe`D@aPFJ"2F'9Z8e0-)$B +iDcT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J0MKV1P0[GA*MC5"8FQ9PF`"2F'9 +Z8e0-)$BiDcT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#!f1'Xk3@0MCA0c)&"KG'K +c!%p`C@j68d`J0MKV1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)$BiDcT'D@aP)%e +KF("TEQGc!%p`C@j68d`J0MKV1N*eD@aN)%9iG(*KF`"2F'9Z8e0-)$BiDcT%C@* +eCfGPFL"8BA*RCA3!6h"PEP066#!f1'Xk0MK,)%0[C'9(C@i!6h"PEP066#!f1'X +k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)$BiDcSf1%XJ4fa[BQ&X)%p`G'PYDAT +PFJ"2F'9Z8e0-)$BiDcSf1%XJ6'PZDf9b!%p`C@j68d`J0MKV1MBi5b"3FQpUC@0 +d!%p`C@j68d`J0MKV1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J0MKV1N-[3bXV)&G +KFQjTEQGc!%p`C@j68d`J0MKV1N0'66Bi5`"2F'9Z8e0-)$BiDcT0B@028b"0CA* +RC5"3B@jPE!"2F'9Z8e0-)$BiDcT38%-J3fpNC8GPEJ"2F'9Z8e0-)$BiDcT38%- +J4'PcBA0cC@eLE'9b!%p`C@j68d`J0MKV1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%p +`C@j68d`J0MKV1P"33b"-D@jVCA)!6h"PEP066#!f1'Xk8&"$)&"&4J"2F'9Z8e0 +-)$BiDcT38%-J8(*[DQ9MG!"2F'9Z8e0-)$BiDcT38%0"FfdJ8'&ZC@`!6h"PEP0 +66#!f1'Xk8Q9k)%0[EA"TE'9b!%aTBP066#"38%-k4'9LG@GRCA)J8R9ZG'PYC3" +-D@*68d`J8&"$1P0[GA*MC5"8FQ9PF`"-D@*68d`J8&"$1N0eFh4[E5",CAPhEh* +NF`"-D@*68d`J8&"$1N&MBf9cFb"3BA4SF`"-D@*68d`J8&"$1P4KFQGPG#"6CA4 +dD@jRF`"-D@*68d`J8&"$1NCTE'8J6@&`F'PZCh-!6'PL8e0-)&"33cT#G@PXC#" +&H(4bBA-!6'PL8e0-)&"33cT%C@*eCfGPFL"8BA*RCA3!6'PL8e0-)&"33cSf1%X +J3fpNC8GPEJ"-D@*68d`J8&"$1MBi5b"%DA0KFh0PE@*XCA)!6'PL8e0-)&"33cS +f1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J8&"$1MBi5b"-D@jVCA)!6'PL8e0 +-)&"33cSf1%XJ8(*[DQ9MG!"-D@*68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%aTBP0 +66#"38%-k3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)&"33cT$4Ndf1%X!6'PL8e0-)&" +33cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J8&"$1P"33b"$Ef4P4f9Z!%aTBP0 +66#"38%-k8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J8&"$1P"33b"(E'pLB@`J6h" +dD@eTHQ9b!%aTBP066#"38%-k8&"$)%aTEQYPFJ"-D@*68d`J8&"$1P"33b"348B +!6'PL8e0-)&"33cT38%-J8(*[DQ9MG!"-D@*68d`J8&"$1P"33d&cE5"3B@jPE!" +-D@*68d`J8&"$1P*PHL"$Efe`D@aPFJ"-D@*$FRP`G'mJ8&"$1N4PBR9RCf9b)&* +eER4TE@8!6'PL3h*jF(4[)&"33cT6Eh9bBf8J9(*PCA-!6'PL3h*jF(4[)&"33cT +$GA0dEfdJ5f9jGfpbC(-!6'PL3h*jF(4[)&"33cT"Bf0PFh-J8'&dD(-!6'PL3h* +jF(4[)&"33cT8BA*RCA3J8f9dG'PZCh-!6'PL3h*jF(4[)&"33cT'D@aP)%eKF(" +TEQGc!%aTBN0bHA"dEb"38%-k3R9TE'3J4AKdFQ&c!%aTBN0bHA"dEb"38%-k4'9 +LG@GRCA)J9'&bCf9d!%aTBN0bHA"dEb"38%-k0MK,)%0[C'9(C@i!6'PL3h*jF(4 +[)&"33cSf1%XJ4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb"38%-k0MK,)%GXEf*KE#" +2F(4TE@PkCA)!6'PL3h*jF(4[)&"33cSf1%XJ6'PZDf9b!%aTBN0bHA"dEb"38%- +k0MK,)&"bEfTPBh3!6'PL3h*jF(4[)&"33cT$,d-V+b"$Efe`D@aPFJ"-D@*$FRP +`G'mJ8&"$1N-[3bXV)&GKFQjTEQGc!%aTBN0bHA"dEb"38%-k3dC00MK,!%aTBN0 +bHA"dEb"38%-k6@&M6e-J6@9bCf8J8'&ZC@`!6'PL3h*jF(4[)&"33cT38%-J3fp +NC8GPEJ"-D@*$FRP`G'mJ8&"$1P"33b"%DA0KFh0PE@*XCA)!6'PL3h*jF(4[)&" +33cT38%-J4fa[BQ&X)%p`G'PYDATPFJ"-D@*$FRP`G'mJ8&"$1P"33b"-D@jVCA) +!6'PL3h*jF(4[)&"33cT38%-J8%9'!%aTBN0bHA"dEb"38%-k8&"$)&"bEfTPBh3 +!6'PL3h*jF(4[)&"33cT38%0"FfdJ8'&ZC@`!6'PL3h*jF(4[)&"33cT5CASJ3fp +YF'PXCA)!6'PL3h*jF(4[)$Bi5cT%C@*eCfGPFL"5G@jdD@eP!%aTBN0bHA"dEb! +f1%Xk8fpeFQ0P)&4bC@9c!%aTBN0bHA"dEb!f1%Xk3h9cG'pY)%YPHAG[FQ4c!%a +TBN0bHA"dEb!f1%Xk3@0MCA0c)&"KG'Kc!%aTBN0bHA"dEb!f1%Xk9'&bCf9d)&0 +PG(4TEQGc!%aTBN0bHA"dEb!f1%Xk4QPXC5"0BA"`D@jRF`"-D@*$FRP`G'mJ0MK +,1N*eD@aN)%9iG(*KF`"-D@*$FRP`G'mJ0MK,1N4PBR9RCf9b)&4KFQGPG!"-D@* +$FRP`G'mJ0MK,1MBi5b"$Ef4P4f9Z!%aTBN0bHA"dEb!f1%Xk0MK,)%4TFf&cFf9 +YBQaPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"(E'pLB@`J6h"dD@eTHQ9b!%aTBN0bHA" +dEb!f1%Xk0MK,)%aTEQYPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"3FQpUC@0d!%aTBN0 +bHA"dEb!f1%Xk3bp$+bXJ3fpYF'PXCA)!6'PL3h*jF(4[)$Bi5cT$,d-V+b"ABA* +ZD@jRF`"-D@*$FRP`G'mJ0MK,1N0'66Bi5`"-D@*$FRP`G'mJ0MK,1NeKBdp6)%e +PFQGP)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8&"$)%0[C'9(C@i!6'PL3h*jF(4[)$B +i5cT38%-J4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb!f1%Xk8&"$)%GXEf*KE#"2F(4 +TE@PkCA)!6'PL3h*jF(4[)$Bi5cT38%-J6'PZDf9b!%aTBN0bHA"dEb!f1%Xk8&" +$)&"&4J"-D@*$FRP`G'mJ0MK,1P"33b"3FQpUC@0d!%aTBN0bHA"dEb!f1%Xk8&" +$3A0Y)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8Q9k)%0[EA"TE'9b!&"bEfTPBh3J4QP +XC5"-DA0d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!3!!!!!!!!!H!!!!!J!!!!!!!!!i!!!!!`!!!!!!!!"9!!!!"!!!!!!!!!"[!!! +!"3!!!!!!!!#-!!!!"J!!!!!!!!#R!!!!"`!!!!!!!!$"!!!!#!!!!!!!!!$H!!! +!#3!!!!!!!!$h!!!!#J!!!!!!!!%9!!!!#`!!!!!!!!%h!!!!$!!!!!!!!!&2!!! +!$3!!!!!!!!&S!!!!$J!!!!!!!!'%!!!!$`!!!!!!!!'J!!!!%!!!!!!!!!'d!!! +!%3!!!!!!!!(6!!!!%J!!!!!!!!(X!!!!%`!!!!!!!!)+!!!!&!!!!!!!!!)X!!! +!&3!!!!!!!!*%!!!!&J!!!!!!!!*C!!!!&`!!!!!!!!*b!!!!'!!!!!!!!!+-!!! +!'3!!!!!!!!+Q!!!!'J!!!!!!!!,$!!!!'`!!!!!!!!,F!!!!(!!!!!!!!!,i!!! +!(3!!!!!!!!-4!!!!(J!!!!!!!!-Y!!!!(`!!!!!!!!0(!!!!)!!!!!!!!!0J!!! +!)3!!!!!!!!0m!!!!)J!!!!!!!!18!!!!)`!!!!!!!!1a!!!!*!!!!!!!!!25!!! +!*3!!!!!!!!2T!!!!*J!!!!!!!!3"!!!!*`!!!!!!!!3F!!!!+!!!!!!!!!3h!!! +!+3!!!!!!!!4+!!!!+J!!!!!!!!4S!!!!+`!!!!!!!!5!!!!!,!!!!!!!!!5G!!! +!,3!!!!!!!!5q!!!!,J!!!!!!!!69!!!!,`!!!!!!!!6T!!!!-!!!!!!!!!8"!!! +!-3!!!!!!!!8D!!!!-J!!!!!!!!8c!!!!-`!!!!!!!!94!!!!0!!!!!!!!!9V!!! +!03!!!!!!!!@)!!!!0J!!!!!!!!@L!!!!0`!!!!!!!!@r!!!!1!!!!!!!!!AD!!! +!13!!!!!!!!Ad!!!!1J!!!!!!!!B4!!!!1`!!!!!!!!BU!!!!2!!!!!!!!!C)!!! +!23!!!!!!!!CU!!!!2J!!!!!!!!D#!!!!2`!!!!!!!!DE!!!!3!!!!!!!!!Dh!!! +!33!!!!!!!!E6!!!!3J!!!!!!!!ER!!!!3`!!!!!!!!F'!!!!4!!!!!!!!!FI!!! +!43!!!!!!!!Fp!!!!4J!!!!!!!!GI!!!!4`!!!!!!!!Gh!!!!5!!!!!!!!!H-!!! +!53!!!!!!!!HP!!!!5J!!!!!!!!Hr!!!!5`!!!!!!!!IC!!!!6!!!!!!!!!Ie!!! +!63!!!!!!!!J0!!!!6J!!!!!!!!JS!!!!6`!!!!!!!!K!!!!!8!!!!!!!!!KE!!! +!83!!!!!!!!Kd!!!!8J!!!!!!!!L-!!!!8`!!!!!!!!LR!!!!9!!!!!!!!!Lq!!! +!93!!!!!!!!MD!!!!9J!!!!!!!!Mk!!!!9`!!!!!!!!N3!!!!@!!!!!!!!!NR!!! +!@3!!!!!!!!P"!!!!@J!!!!!!!!PE!!!!@`!!!!!!!!PY!!!!A!!!!!!!!!Q+!!! +!A3!!!!!!!!QK!!!!AJ!!!!!!!!Qp!!!!A`!!!!!!!!RG!!!!B!!!!!!!!!Rc!!! +!B3!!!!!!!!S'!!!!BJ!!!!!!!!SG!!!!B`!!!!!!!!Se!!!!C!!!!!!!!!T0!!! +!C3!!!!!!!!TU!!!!CJ!!!!!!!!U$!!!!C`!!!!!!!!UI!!!!D!!!!!!!!!Ui!!! +!D3!!!!!!!!V8!!!!DJ!!!!!!!!VZ!!!!D`!!!!!!!!X(!!!!E!!!!!!!!!XM!!! +!E3!!!!!!!!Xl!!!!EJ!!!!!!!!YB!!!!E`!!!!!!!!Yj!!!!F!!!!!!!!!Z3!!! +!!(%!!!!!!!!,U!!!!()!!!!!!!!,``!!!(-!!!!!!!!,hJ!!!(3!!!!!!!!,m3! +!!(8!!!!!!!!-$`!!!(B!!!!!!!!-*`!!!(F!!!!!!!!-4!!!!(J!!!!!!!!-C3! +!!(N!!!!!!!!-I!!!!(S!!!!!!!!-N!!!!!"l!!!!!!!!$+J!!!"m!!!!!!!!$-% +!!!"p!!!!!!!!$0S!!!"q!!!!!!!!$2B!!!"r!!!!!!!!$3i!!!#!!!!!!!!!$5N +!!!#"!!!!!!!!$8%!!!##!!!!!!!!$9`!!!#$!!!!!!!!$A8!!!#%!!!!!!!!$Bd +!!!#&!!!!!!!!$DJ!!!#'!!!!!!!!$Em!!!#(!!!!!!!!$GX!!!#)!!!!!!!!$IX +!!!#*!!!!!!!!$K%!!!#+!!!!!!!!$LJ!!!#,!!!!!!!!$N)!!!#-!!!!!!!!$P` +!!!#0!!!!!!!!$Qi!!!#1!!!!!!!!$SX!!!#2!!!!!!!!$U)!!!#3!!!!!!!!!!k +q!!!!N3!!!!!!!!lH!!!!NJ!!!!!!!!ld!!!!N`!!!!!!!!m(!!!!P!!!!!!!!!m +H!!!!P3!!!!!!!!mf!!!!PJ!!!!!!!!p1!!!!P`!!!!!!!!pY!!!!Q!!!!!!!!!q +)!!!!Q3!!!!!!!!qQ!!!!QJ!!!!!!!!r"!!!!Q`!!!!!!!!rI!!!!R!!!!!!!!!r +l!!!!R3!!!!!!!"!@!!!!RJ!!!!!!!"!d!!!!R`!!!!!!!""1!!!!S!!!!!!!!"" +Y!!!!S3!!!!!!!"#3!!!!!+)!!!!!!!!3U3!!!+-!!!!!!!!3``!!!+3!!!!!!!! +3i!!!!+8!!!!!!!!3r3!!!+B!!!!!!!!4%J!!!+F!!!!!!!!4-J!!!+J!!!!!!!! +46!!!!+N!!!!!!!!4D`!!!+S!!!!!!!!4MJ!!!+X!!!!!!!!4T`!!!+`!!!!!!!! +4[3!!!+d!!!!!!!!4e`!!!+i!!!!!!!!4mJ!!!+m!!!!!!!!5$3!!!,!!!!!!!!! +5,!!!!,%!!!!!!!!54`!!!,)!!!!!!!!5C3!!!,-!!!!!!!!5J!!!!,3!!!!!!!! +5RJ!!!,8!!!!!!!!5ZJ!!!,B!!!!!!!!5e3!!!,F!!!!!!!!5m`!!!,J!!!!!!!! +6$3!!!,N!!!!!!!!6,!!!!,S!!!!!!!!66`!!!,X!!!!!!!!6D!!!!,`!!!!!!!! +6JJ!!!,d!!!!!!!!6R`!!!,i!!!!!!!!6[!!!!,m!!!!!!!!6d3!!!-!!!!!!!!! +6m3!!!-%!!!!!!!!8#`!!!-)!!!!!!!!8+J!!!--!!!!!!!!863!!!-3!!!!!!!! +8CJ!!!-8!!!!!!!!8I!!!!-B!!!!!!!!8PJ!!!-F!!!!!!!!8X3!!!-J!!!!!!!! +8c!!!!-N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!1J!!!$X!!!!m!!!!23!!!$i!!!!e!!!!1!!!!$m!!!"!!!!!33!!!$3!!!!b!!! +!13!!!$F!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!!c!!! +!0J!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!!`!!!!B!!!!0!!!!$J!!!!m!!!!#!!! +!!!!!!!F!!!!&!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!! +!!3!!!!3!!!#h!!!!Z!!!!,N!!!#k!!!!Z`!!!,)!!!#e!!!![!!!!,d!!!#q!!! +!X3!!!+m!!!#f!!!!Y!!!!,m!!!$!!!!!`3!!!-)!!!$$!!!!a!!!!-8!!!$'!!! +!a`!!!,!!!!#c!!!!RJ!!!*m!!!#J!!!!S3!!!+)!!!#C!!!!R!!!!+-!!!#N!!! +!T3!!!*J!!!#@!!!!R3!!!*X!!!#Q!!!!T`!!!+J!!!#T!!!!UJ!!!+X!!!#X!!! +!V3!!!+i!!!#A!!!!QJ!!!&-!!!"8!!!!93!!!&B!!!"A!!!!6J!!!&%!!!"B!!! +!@3!!!&S!!!"0!!!!5`!!!&)!!!"3!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!! +!B3!!!')!!!"M!!!!6!!!!%m!!!#&!!!!KJ!!!)F!!!#)!!!!L3!!!)!!!!#$!!! +!LJ!!!)X!!!#-!!!!I`!!!(d!!!#%!!!!JJ!!!)d!!!#1!!!!M`!!!*!!!!!!N3! +!!*)!!!#6!!!!P!!!!*8!!!"q!!!!J3!!!'`!!!"Y!!!!EJ!!!'m!!!"`!!!!C`! +!!'S!!!"a!!!!FJ!!!(-!!!"Q!!!!C!!!!'X!!!"T!!!!G!!!!(8!!!"f!!!!G`! +!!(J!!!"j!!!!HJ!!!(X!!!"m!!!!C3!!!'J!!!!K!!!!)J!!!#-!!!!N!!!!*3! +!!"`!!!!I!!!!*J!!!#F!!!!S!!!!'`!!!"N!!!!J!!!!(J!!!#N!!!!U!!!!+`! +!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!"S!!!!G!!!!b!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!690-)%-Z8&"$,NaTBJ"*ER4 +PFQCKBf9-D@)!6@&dD%aTBJ"08d`J8R9ZG'PYC9"33bj-D@)!6h"PEP4`G%PZCA4 +38%-ZE`"2F'9Z9("d5@jdCA*ZCA4-D@)!6h"PEP4bB@jcF'pbG%9iG'j38%-ZE`" +2F'9Z9(*KER0`Eh*d6'PL!&4SFQ9KC(0-D@)!BQP[Ah0cE#jM!(-b-epME'jd,Q- +!Fc)cAfaTBLjM!(-b-epYCA4S,Q-!Fc)cAh"VG#jM!(-b-epcFRCb,Q-!Fc*IBfa +ZG#jM!(-bAf9ZBbjM!(-bAfaTBLjM!(-bAfePG'JZB`"c-Pp`Dh3ZB`"c-PpcFRC +b,Q-!Fc0IBQpdD#jM!(-cAf0XER3ZB`"c-epPEQ-ZB`"c-epXD@)ZB`"c-epYCA4 +S,Q-!Fc0IF'Yd,Q-!Fc0IFh*fFLjM!(0cE&pKE'Gc,Q-!Fh0XAf&cEM%ZB`"cFfa +IBf9bG#jM!(0cE&pMDA"S,Q-!Fh0XAf9bFLjM!(0cE&pPFR)b,Q-!Fh0XAfaTBLj +M!(0cE&pbFf%ZB`"cFfaIFf9cFbjM!(0cE&pcG'&d,Q-!Fh0XAh4iG#jM!(3aAf0 +XER3ZB`"d-9pPEQ-ZB`"d-9pXD@)ZB`"d-9pYCA4S,Q-!G$&IFh*fFLjM!'&cEM& +ICA*b,Q-!BA0Z-9pXD@)ZB`"KFfiaAh"KFLjM!'&cEPp`B@0V,Q-!B9pLDA4cG() +ZB`"KAf*YF#jM!'&IBQp[E#jM!'&IBRPdCA-ZB`"KAf3bD9pQF#jM!'&IC'PRCA0 +d,Q-!B9pNGA!ZB`"KAf9ZG@dZB`"KAfGPER4Y,Q-!B9pSC()ZB`"KAfNbC&pQF#j +M!'&ID@jd,Q-!B9pYCA4S,Q-!B9p[BQTPBh3ZB`"KAfpMG'9d,Q-!B9p`FQPZG#j +M!'&IFf9d,Q-!B9pcD@GZ,Q-!B9pdD@eP,Q-!B9pdHA"P,Q-!B9peG'0dE5jM!'& +IGA4Q1#jM!'&IGQ9bD@Cj,Q-!B9pfDA-ZB`"N-QPIC'K`,Q-!C$*TAf4cBA!ZB`" +N-QPIF()ZB`"N-QPIF(8ZB`"N-QPIFPp`FLjM!'3bD9pbAh"e,Q-!C$*TAh0IF() +ZB`"N-QPIFep`G5jM!'9fF&pKFfia,Q-!CPpPER9Y,Q-!CPpTER3ZB`"QAh0dFQP +ZCbjM!'NbC&pND(!ZB`"T-Q4IC(0KF#jM!'NbC&p`FLjM!'NbC&p`G5jM!'NbC&p +bAh"b,Q-!D6*NAh*IF(8ZB`"T-Q4IFep`FLjM!'NbC&pcAh"e,Q-!ER0cCA%ZB`" +ZAh"VCANZB`"`09p`BQ8ZB`"`09p`BQ9f-LjM!(!hAf4RFh3ZB`"`0epPEQ-ZB`" +`0epPEQ0IBbjM!(!hAf9fF#jM!(!hAfPIFbjM!(!hAfaTBLjM!(!hAh*PBfP`,Q- +!F$GIFfPREQ3ZB`"`0epcD@GZD5jM!(!hAh0IC5jM!(!iAh"VCANZB`"dAf0bE#j +M!(4IF'YPH5jM!(4IFQ9a,Q-!G&pi06!j,Q-!H&pKE'G[FLjM!(KIBA4dFQPL,Q- +!H&pMD@jQ,Q-!H&pMFQ`ZB`"iAf9iG'9Z,Q-!H&pTEQC[,Q-!H&pZB@eP,Q-!H&p +`Df9j,Q-!H&p`G@*VCANZB`"iAh*PF5jM!(KIFfPR,Q-!H&pcF'YT,Q-!H&pfB@` +ZB`"iAhJe-$NZB`"LCPpMCQ)f0#jM!'*QAf9MBLjM!'*QAf9ZBbjM!'*QAfpQBMB +d,Q-!BQCIFfYPH5jM!'*TEepPFR)ZB`"LD@pIE'PL,Q-!BR0cAh0[BfXZB`"LEPp +KC'3ZB`"LEPpKFfdZB`"LEPpLE'PZC#jM!'*ZAf4TGLjM!'*ZAf9bFLjM!'*ZAf9 +iF#jM!'*ZAf9iF$)ZB`"LEPpRBf3ZB`"LEPpXD@)ZB`"LEPpYEfjd,Q-!BQjIEA" +T,Q-!BQjIEA9X,Q-!BQjIF(*TE@8ZB`"LEPp`FQPZG#jM!'*ZAh*KEQ3ZB`"LEPp +bC@0`,Q-!BQjIFfKTCR3ZB`"LEPpcFA)ZB`"LEPphEh*N,Q-!BR9QCQ9b,Q-!BR9 +QAf9bFLjM!'0IBfCL0M3ZB`"MAf9MBLjM!'0IC@jM,Q-!Bep[CQ)f0#jM!'0IFfY +PH5jM!'0[EA"IE'PL,Q-!BepbE'8ZB`"MAhTXD@)ZB`"MEfjQ,Q-!BfpZCPpPFR) +ZB`"MBQ0IBfYcE5jM!'0LBepPEQ-ZB`"MCQ)f0'9NC5jM!'0QBMBdC@jM,Q-!BfC +LAf9ZBbjM!'4PFepPEQ-ZB`"PBf)cAf9ZBbjM!'9MBPpPEQ-ZB`"PC'9IBf*ME9p +PEQ-ZB`"PEQ0IFQ9KC#jM!'CMFRP`G#jM!'CMFRP`G&pL,Q-!EfCL0M4PC'8ZB`" +[CQ)f0'9ZBbjM!'pQBPpPEQ-ZB`"`Bf*MAf9ZBbjM!(&eC&pMDh0Y,Q-!FQ&ZC&p +VCANZB`"bC@&N-R"hC#jM!(*PB@4IF(GN,Q-!FR"MAf9ZBbjM!(0PG&pVCANZB`" +cG()bDf9j,Q-!Fh9`F#jM!(KMBQ0IC@jM,Q-!C'KIBfKPBfXZB`"ND&pPFR)ZB`" +ND&pRC@iZB`"ND&pVCANZB`"ND&pXD@)ZB`"NFf&IBA0Z-5jM!'4cB9pPFR)ZB`" +NFf&ICf9Z,Q-!C(0KAfYPH5jM!'4cB9pXD@)ZB`"NFf&IFfPRELjM!'4cB9pfFQB +ZB`"PFR)ZB`"PFR*IB@aX,Q-!CA*bAh"bELjM!'*TEepL0M3ZB`"LD@pIC@jM,Q- +!BQP[AfeN,Q-!BQP[AfpV,Q-!BepKE'`ZB`"ND@GPFh3ZB`"PEQ0[C'8ZB`"PGR" +IC@jM,Q-!CAC`Af9bFLjM!'9fF&pVCANZB`"PGR"IE'PL,Q-!CAC`Ah"LC5jM!'9 +fF&p`Df9j,Q-!C9pMBQ0I-f3ZB`"PAf0LBepLCLjM!'9IBf*MAf-ZB`"PAf0LBep +N,Q-!C9pMBQ0ID5jM!'9IBf*MAh)b,Q-!C9pMBQ0IFM8ZB`"PAf0QBPmcC#jM!'9 +IBfCLAf*Q,Q-!C9pMCQ*IBbjM!'9IBfCLAf3ZB`"PAf0QBPpT,Q-!C9pMCQ*IFM) +ZB`"PAf0QBPpb05jM!'9IC@0LAc0N,Q-!C9pPBf*IBQBZB`"PAf9MBPpM,Q-!C9p +PBf*IC#jM!'9IC@0LAfNZB`"PAf9MBPpb-LjM!'9IC@0LAh)e,Q-!C9pZG@aX,Q- +!C9p[CQ*I-f3ZB`"PAfpQBPpLCLjM!'9IEfCLAf-ZB`"PAfpQBPpN,Q-!C9p[CQ* +ID5jM!'9IEfCLAh)b,Q-!C9p[CQ*IFM8ZB`"PAh*M0#jM!'9IH'0LBepN,Q-!E9p +NFh-ZB`"YAf4cFc%ZB`"YAfeN-LjM!'eIE@3e,Q-!E9pYC'-b,Q-!E9pZG@aX,Q- +!E9pbDA"PE@3ZB`"YAh0SB5jM!'eIFfKK-5jM!'jKE@9c,Q-!F&pNC@-ZB`"`Af9 +ZBbjM!("IE'PL,Q-!F&p[F'9Z,Q-!F&pcC@&X,Q-!F&pcD@GZ,Q-!F&pfCA*TCRN +ZB`"SE@&M,Q-!D9pMBQ-ZB`"TAf0QBMBd,Q-!D9pPBf)ZB`"TAfpQBMBd,Q-!D9p +cDf9j,Q-!E'KKFfJZB`"XD&pcG'&dFbjM!'eN-PpNCh0d,Q-!E@3bAfpZC5jM!'e +N09pNCh0d,Q-!E@3eAfpZC5jM!'eNBc*NCh0d,Q-!E@4M-Pp[EQ8ZB`"[BQTIC'& +d,Q-!Ef*UAf9bFLjM!'pLDPpXD@)ZB`"[AfjKE@9c,Q-!F'9YAf&XE#jM!("PE9p +PFR)ZB`"`C@eID@jQEbjM!("PE9pXD@)ZB`"`C@eIFf9KE#jM!("PE9pcD@GZ,Q- +!F$%bAf&NC#jM!(!a-PpKG(4b,Q-!F$%bAf*KCh-ZB`"`-6*IBh*`G#jM!(!a-Pp +MFR3ZB`"`-6*IC'9MFLjM!(!a-PpTEQPd,Q-!F$%bAfYPH5jM!(!a-PpVDA0c,Q- +!F$%bAfaTBLjM!(!a-PpYB@-ZB`"`-6*IEA9dE#jM!(!a-PpcBQ&R,Q-!F$%bAh9 +dE#jM!("V-6*PFR)ZB`"`DcGIC'pTG#jM!("V0epXD@)ZB`"`Df0c0f9bFLjM!'e +NAh*KEQ3ZB`"bB@jNCQPXC5jM!(*KEQ4IE'PL,Q-!FQ-bBfCL0M3ZB`"bBc*[CQ) +f0#jM!(*M-PpMBQ-ZB`"bBc*IC@0L,Q-!FQ-bAh0VCANZB`"bBc4IC@jM,Q-!FQ- +dAh0VCANZB`"bBc9MCQ)f0#jM!(*M0@pQBMBd,Q-!FQ-eAf9MBLjM!(*M09pPEQ- +ZB`"bBc9IFfYPH5jM!(*YC&pNCh0d,Q-!FQeNAfpZC5jM!(*cB9pPBANZB`"bFf& +ICA*b,Q-!FR0KAfGPELjM!(*cB9pXD@)ZB`"bFf&IEQpZC5jM!(*cB9p[B@9`,Q- +!FR0KAh"V-5jM!(*cB9pcB@pc,Q-!FR0KAh0TCfiZB`"bFf&IFh0X,Q-!FfKK-@4 +RFh3ZB`"cD'%aAfpZC5jM!(0SB9pNCh0d,Q-!FfKKAfpZC5jM!(0dB@0V,Q-!G(K +dAf4L,Q-!BRPIC'Pb,Q-!BRPICQPXC5jM!(Je-$PZB@eP,Q-!H$8`1A*cCA3ZB`" +i06!jG(P`C5jM!(Je-$PIBfe`,Q-!H$8`19pN-LjM!(Je-$PIC'9Q,Q-!H$8`19p +PFR)ZB`"i06!jAf9iG#jM!(Je-$PIE(8ZB`"i06!jAfpLDLjM!(Je-$PIFM*i,Q- +!H$8`19pbCA%ZB`"i06!jAh0PG#jM!(Je-$PIG(Kd,Q-!H$8`19pf-bjM!(Je-$P +IGQCj,Q-!H&pKE'`ZB`"f-f9bFLjM!(BcAf&VCANZB`"f-epKE(3ZB`"f-epLBfp +ZFbjM!(BcAf*TG(0d,Q-!GM0IBfpZCLjM!(BcAf0`Efac,Q-!GM0IBh*XC#jM!(B +cAf9ZG@dZB`"f-epPH(4VG5jM!(BcAfGPEQiZB`"f-epTB68ZB`"f-epTER3ZB`" +f-epXD@)ZB`"f-ep`Dh8ZB`"f-ep`FQiZB`"f-epcDf9j,Q-!GM0IFhKZCA3ZB`" +f-epeG'`ZB`"MF(4ICA*b,Q-!Bh*jF(4XD@)ZB`"PH&pNBA4K,Q-!E@9Y,Q-!690 +-)&0*6e9B,P"33bj-D@)!BQCIBR9QCLjM!(KIH$8`1@%ZB`"NFf&IEh0cE#jM!(J +e-$PcF'YT,Q-!H$8`19pdFR-ZB`"f-ep`GA*`,Q-!GM0ID@jQEbjM!'*IF(*TER3 +ZB`"KAfeLFh4b,Q-!G&pcF'YT,Q-!G&pi06!jB5jM!(4IBQPdFh3ZB`"KAh0dFQj +TC#jM!'*TEepMBLjM!'*cFepYC@dZB`"LFh0ICQ3ZB`"LFh0ICQPXC5jM!'*cFep +ZG@aX,Q-!BQCIER9XE#jM!'*QAfjLD@mZB`"LFh0IBQP[,Q-!BPpNG@e`,Q-!C@j +MAhGbDA3ZB`"`09pMFR"d,Q-!F$9IBh*`G$)ZB`"`-6*IER"KFbjM!("V0epKG(4 +b,Q-!F'XhAfeTE@8ZB`"`DcGIFfeTE@8ZB`"bFf&IBfKV,Q-!FR0KAfjeE'`ZB`" +MGQ9bFfP[ELjM!%038h4bD@jR9A4TE(-ZBh"`!%9bFQpb5'&ZC'aTEQFZBh"`!%G +PG%K89&"6,Q0`F!"0B@06Ef0VCA3ZBh"`!'ePE9pNBQFZB`"36&0dFQPZCdCeEQ0 +c8&"$,QaTBJ"LEPpMG(JZB`"bB@jNAf9bFLjM!(J!BA"`FbjM!'&`F&pbB@jN,Q- +!BA0Z-A"KFR-ZB`"MB5jM!'0TF'KPFR-ZB`"MFQ`ZB`"MFQ`bF$FZB`"NCh0d,Q- +!C'JZB`"NFf%ZB`"NFf&`BA*KE5jM!'9ZBbjM!'9bFR0dFLjM!'GPEQ4S,Q-!Cf9 +ZC(0K,Q-!Cf9ZFR0K,Q-!ER0PF5jM!'p`C@jcFf`ZB`"`Df0c-6)ZB`"`Df0c0bj +M!("VBh-i,Q-!FQ9a,Q-!FR0K,Q-!Ff9cFepTC#jM!(0YD@eP,Q-!Fh"PC@3ZB`" +cF'YKBbjM!(0IBf)ZB`"cAf0XD@9ZG#jM!(0IFf9bGQ9b,Q-!FepcEf0VCA3ZB`" +fCA*TCRNZB`"fCA*cD@pZ,Q-!H$8`15jM!(0IG'PYC5jM!%G98dPI5@jTG#jMF(! +!4e9659p$Eh*P,P"33bj-D@)!4e9659p08d`Z8&"$,NaTBJ"(990*Ae0*6e9B,P" +33bj-D@)!6'PL8e0-,P"33bj-D@)!6'PL3h*jF(4[,P"33bj-D@)!6@&M6e-ZE'P +L!%e66#"5G@jdD@eP0MK,,NaTBJ"2F'9Z9("d5@jPG#j[!%p`C@j8FQ&ZFh"[FR3 +ZE`"2F'9Z9(*KER0`Eh*d3A"`,Qm!690-)&0*6e9B,MBi5bj-D@)!690-)%-Z0MK +,)%CK+$4TAcKN+5j-D@)!6@&dD%aTBMBi5b"'B5JdD9miC#NZ6'PL!%CTFR0d)&0 +PCfePER3!4e9659p$Eh*P,MBi5bj-D@)!4e9659p08d`Z0MK,,NaTBJ"(990*Ae0 +*6e9B,MBi5bj-D@)!6'PL3h*jF(4[,MBiDb"'B5JdD9miC#NZ6'PL!%aTBP066#i +f1%XJ4Q%S0'PI1'3T,NaTBJ"(CA4)9&438b"38%-!6h"PEP066#"38%-!4f9d5&4 +88&-J0MK,!%aTBP066#!f1%X!6h"PEP066#!f1'X!6'PL8e0-)&"33`"-D@*$FRP +`G'mJ8&"$!%aTBN0bHA"dEb!f1%X!1NGPG%K89&"6+&"33bN!6'PL)%PYF'pbG#" +38%-!3Q&XE'p[EL")C@a`!%eA)%-[3bXV)&"33`"(B@eP3fpNC5"$EfjfCA*dCA) +!4QaPH#"3FQ9`FQpMCA0cEh)!69FJ8'&cBf&X)&"33`"5CAS!8&"$3A0Y!%*TFfp +Z)&"bCA"bEf0PFh0[FJ"B3dp'4L"*EA"[FR3J8&"$!&"&4L"*EA"[FR3J8&"$!$T +2F'9Z8e0-!$T(CA4)9&438bJf1%XT!%aTBL"*EA"[FR3J0MK,!%e39b"*EA"[FR3 +J0MK,!%eA)%-[3bXV)$Bi5`"09b"3BA0MB@`J0MK,!&"&4L"*EA"[FR3J0MK,!$T +-D@*68d`Z0MK,)%CK+$4TAcKN+5j-D@)!1Np`C@j68d`S0MKV+3!k6'PL8e0-,P" +33bj-D@)!1NaTBN0bHA"dEbj38%-Z6'PL!$T-D@*$FRP`G'mZ0MKV)%CK+$4TAcK +N+5j-D@)!6@&M6e-J8&"$)%aTEQYPFJ"0B@028b!f1%XJ6'PZDf9b!&0[GA*MC5" +8FQ9PF`"$GA0dEfdJ5f9jGfpbC(-!3@0MCA0c)&"KG'Kc!&4KFQGPG#"6CA4dD@j +RF`"'D@aP)%eKF("TEQGc!%*eD@aN)%9iG(*KF`"%C@*eCfGPFL"5G@jdD@eP!%4 +PBR9RCf9b)&4KFQGPG!"$,d-V+b"$Efe`D@aPFJ"$,d-V+b"ABA*ZD@jRF`"38%- +J3fpNC8GPEJ"38%-J4'PcBA0cC@eLE'9b!&"33b"(E'pLB@`J6h"dD@eTHQ9b!&" +33b"-D@jVCA)!8&"$)&"&4J"38%-J8(*[DQ9MG!"38%0"FfdJ8'&ZC@`!8Q9k)%0 +[EA"TE'9b!$Bi5b"$Ef4P4f9Z!$Bi5b"%DA0KFh0PE@*XCA)!0MK,)%GXEf*KE#" +2F(4TE@PkCA)!0MK,)%aTEQYPFJ!f1%XJ8(*[DQ9MG!"$4Ndf1%X!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!!!$J! +!!!)!!!!!!!!!'`!!!!-!!!!!!!!!)`!!!!3!!!!!!!!!0J!!!!8!!!!!!!!!4`! +!!!B!!!!!!!!!@J!!!!F!!!!!!!!!F3!!!!J!!!!!!!!!JJ!!!!N!!!!!!!!!M3! +!!!S!!!!!!!!!P`!!!!X!!!!!!!!!SJ!!!!`!!!!!!!!!V!!!!!d!!!!!!!!!Y`! +!!!i!!!!!!!!!`3!!!!m!!!!!!!!!c!!!!"!!!!!!!!!!eJ!!!"%!!!!!!!!!h`! +!!")!!!!!!!!!k!!!!"-!!!!!!!!!mJ!!!"3!!!!!!!!!q`!!!"8!!!!!!!!""3! +!!"B!!!!!!!!"$`!!!"F!!!!!!!!"'3!!!"J!!!!!!!!")J!!!"N!!!!!!!!"+`! +!!"S!!!!!!!!"03!!!"X!!!!!!!!"2J!!!"`!!!!!!!!"5!!!!"d!!!!!!!!"8`! +!!"i!!!!!!!!"AJ!!!"m!!!!!!!!"D3!!!#!!!!!!!!!"G!!!!#%!!!!!!!!"IJ! +!!#)!!!!!!!!"L3!!!#-!!!!!!!!"N`!!!#3!!!!!!!!"R3!!!#8!!!!!!!!"U!! +!!#B!!!!!!!!"X`!!!#F!!!!!!!!"[3!!!#J!!!!!!!!"a`!!!#N!!!!!!!!"d!! +!!#S!!!!!!!!"f3!!!#X!!!!!!!!"i`!!!#`!!!!!!!!"l3!!!#d!!!!!!!!"q!! +!!#i!!!!!!!!#!`!!!#m!!!!!!!!#$J!!!$!!!!!!!!!#'3!!!$%!!!!!!!!#*!! +!!$)!!!!!!!!#,!!!!$-!!!!!!!!#03!!!$3!!!!!!!!#2`!!!$8!!!!!!!!#5J! +!!$B!!!!!!!!#93!!!$F!!!!!!!!#A3!!!$J!!!!!!!!#CJ!!!$N!!!!!!!!#F!! +!!$S!!!!!!!!#H!!!!$X!!!!!!!!#J`!!!$`!!!!!!!!#L`!!!$d!!!!!!!!#P!! +!!$i!!!!!!!!#R`!!!$m!!!!!!!!#U3!!!%!!!!!!!!!#X`!!!%%!!!!!!!!#Z`! +!!%)!!!!!!!!#a!!!!%-!!!!!!!!#c3!!!%3!!!!!!!!#eJ!!!%8!!!!!!!!#i!! +!!%B!!!!!!!!#k3!!!%F!!!!!!!!#p!!!!%J!!!!!!!!#r!!!!%N!!!!!!!!$"J! +!!%S!!!!!!!!$%3!!!%X!!!!!!!!$'J!!!%`!!!!!!!!$)`!!!%d!!!!!!!!$,J! +!!%i!!!!!!!!$13!!!%m!!!!!!!!$4!!!!&!!!!!!!!!$6`!!!&%!!!!!!!!$@J! +!!&)!!!!!!!!$B`!!!&-!!!!!!!!$D`!!!&3!!!!!!!!$GJ!!!&8!!!!!!!!$J!! +!!&B!!!!!!!!$L`!!!&F!!!!!!!!$P!!!!&J!!!!!!!!$R3!!!&N!!!!!!!!$U!! +!!&S!!!!!!!!$X`!!!&X!!!!!!!!$[J!!!&`!!!!!!!!$b3!!!&d!!!!!!!!$d3! +!!&i!!!!!!!!$fJ!!!&m!!!!!!!!$i`!!!'!!!!!!!!!$lJ!!!'%!!!!!!!!$q!! +!!')!!!!!!!!%!3!!!'-!!!!!!!!%$!!!!'3!!!!!!!!%&3!!!'8!!!!!!!!%(J! +!!'B!!!!!!!!%*`!!!'F!!!!!!!!%-J!!!'J!!!!!!!!%23!!!'N!!!!!!!!%5!! +!!'S!!!!!!!!%83!!!'X!!!!!!!!%@`!!!'`!!!!!!!!%B`!!!'d!!!!!!!!%E!! +!!'i!!!!!!!!%G!!!!'m!!!!!!!!%I3!!!(!!!!!!!!!%K`!!!(%!!!!!!!!%NJ! +!!()!!!!!!!!%Q`!!!(-!!!!!!!!%S`!!!(3!!!!!!!!%V3!!!(8!!!!!!!!%YJ! +!!(B!!!!!!!!%[`!!!(F!!!!!!!!%b!!!!(J!!!!!!!!%d`!!!(N!!!!!!!!%f`! +!!(S!!!!!!!!%i`!!!(X!!!!!!!!%l!!!!(`!!!!!!!!%p!!!!(d!!!!!!!!%r3! +!!(i!!!!!!!!&#!!!!(m!!!!!!!!&%3!!!)!!!!!!!!!&'J!!!)%!!!!!!!!&*3! +!!))!!!!!!!!&,`!!!)-!!!!!!!!&13!!!)3!!!!!!!!&3`!!!)8!!!!!!!!&6J! +!!)B!!!!!!!!&9`!!!)F!!!!!!!!&B!!!!)J!!!!!!!!&D`!!!)N!!!!!!!!&G!! +!!)S!!!!!!!!&I3!!!)X!!!!!!!!&KJ!!!)`!!!!!!!!&N!!!!!#0!!!!!!!!"CN +!!!#1!!!!!!!!"D)!!!#2!!!!!!!!"D`!!!#3!!!!!!!!!!@e!!!!N3!!!!!!!!@ +q!!!!NJ!!!!!!!!A*!!!!N`!!!!!!!!A8!!!!P!!!!!!!!!AH!!!!P3!!!!!!!!A +S!!!!PJ!!!!!!!!Ac!!!!P`!!!!!!!!Am!!!!Q!!!!!!!!!B'!!!!Q3!!!!!!!!B +2!!!!QJ!!!!!!!!BC!!!!Q`!!!!!!!!BM!!!!R!!!!!!!!!BV!!!!R3!!!!!!!!B +c!!!!RJ!!!!!!!!Bp!!!!R`!!!!!!!!C'!!!!S!!!!!!!!!C4!!!!S3!!!!!!!!C +C!!!!SJ!!!!!!!!CL!!!!S`!!!!!!!!CT!!!!T!!!!!!!!!Cd!!!!T3!!!!!!!!C +r!!!!TJ!!!!!!!!D*!!!!T`!!!!!!!!D8!!!!U!!!!!!!!!DI!!!!U3!!!!!!!!D +T!!!!UJ!!!!!!!!Dc!!!!U`!!!!!!!!Dq!!!!V!!!!!!!!!E)!!!!V3!!!!!!!!E +A!!!!VJ!!!!!!!!EL!!!!V`!!!!!!!!EV!!!!X!!!!!!!!!Ef!!!!X3!!!!!!!!F +"!!!!XJ!!!!!!!!F-!!!!X`!!!!!!!!F@!!!!Y!!!!!!!!!FK!!!!Y3!!!!!!!!F +X!!!!YJ!!!!!!!!Fh!!!!Y`!!!!!!!!G#!!!!Z!!!!!!!!!G0!!!!Z3!!!!!!!!G +A!!!!ZJ!!!!!!!!GK!!!!Z`!!!!!!!!GV!!!![!!!!!!!!!Gb!!!![3!!!!!!!!G +p!!!![J!!!!!!!!H)!!!![`!!!!!!!!H4!!!!`!!!!!!!!!HD!!!!`3!!!!!!!!H +M!!!!`J!!!!!!!!HX!!!!``!!!!!!!!Hh!!!!a!!!!!!!!!I"!!!!a3!!!!!!!!I +,!!!!aJ!!!!!!!!I9!!!!a`!!!!!!!!II!!!!b!!!!!!!!!IU!!!!b3!!!!!!!!I +d!!!!bJ!!!!!!!!Ik!!!!b`!!!!!!!!J%!!!!c!!!!!!!!!J1!!!!c3!!!!!!!!J +B!!!!cJ!!!!!!!!JL!!!!c`!!!!!!!!JV!!!!d!!!!!!!!!Jd!!!!d3!!!!!!!!J +m!!!!dJ!!!!!!!!K&!!!!d`!!!!!!!!K1!!!!e!!!!!!!!!KB!!!!e3!!!!!!!!K +L!!!!eJ!!!!!!!!KX!!!!e`!!!!!!!!Kf!!!!f!!!!!!!!!L!!!!!f3!!!!!!!!L +,!!!!fJ!!!!!!!!L@!!!!f`!!!!!!!!LK!!!!h!!!!!!!!!LV!!!!h3!!!!!!!!L +e!!!!hJ!!!!!!!!Lr!!!!h`!!!!!!!!M+!!!!i!!!!!!!!!M9!!!!i3!!!!!!!!M +J!!!!iJ!!!!!!!!MV!!!!i`!!!!!!!!Me!!!!j!!!!!!!!!Mr!!!!j3!!!!!!!!N +*!!!!jJ!!!!!!!!N8!!!!j`!!!!!!!!NI!!!!k!!!!!!!!!NU!!!!k3!!!!!!!!N +e!!!!kJ!!!!!!!!Nr!!!!k`!!!!!!!!P*!!!!l!!!!!!!!!P6!!!!l3!!!!!!!!P +H!!!!lJ!!!!!!!!PT!!!!l`!!!!!!!!Pb!!!!m!!!!!!!!!Pp!!!!m3!!!!!!!!Q +)!!!!mJ!!!!!!!!Q5!!!!m`!!!!!!!!QF!!!!p!!!!!!!!!QQ!!!!p3!!!!!!!!Q +a!!!!pJ!!!!!!!!Qm!!!!p`!!!!!!!!R%!!!!q!!!!!!!!!R2!!!!q3!!!!!!!!R +A!!!!qJ!!!!!!!!RJ!!!!q`!!!!!!!!RS!!!!r!!!!!!!!!R`!!!!r3!!!!!!!!R +j!!!!rJ!!!!!!!!S#!!!!r`!!!!!!!!S0!!!"!!!!!!!!!!S9!!!"!3!!!!!!!!S +H!!!"!J!!!!!!!!SQ!!!"!`!!!!!!!!SZ!!!""!!!!!!!!!Sf!!!""3!!!!!!!!S +q!!!""J!!!!!!!!T(!!!""`!!!!!!!!T3!!!"#!!!!!!!!!TC!!!"#3!!!!!!!!T +N!!!"#J!!!!!!!!TV!!!"#`!!!!!!!!Tc!!!"$!!!!!!!!!Tp!!!"$3!!!!!!!!U +&!!!"$J!!!!!!!!U2!!!"$`!!!!!!!!UB!!!"%!!!!!!!!!UJ!!!"%3!!!!!!!!U +V!!!"%J!!!!!!!!Uf!!!"%`!!!!!!!!V!!!!"&!!!!!!!!!V,!!!"&3!!!!!!!!V +9!!!"&J!!!!!!!!VJ!!!"&`!!!!!!!!VV!!!"'!!!!!!!!!Ve!!!"'3!!!!!!!!V +r!!!"'J!!!!!!!!X*!!!"'`!!!!!!!!X6!!!"(!!!!!!!!!XG!!!"(3!!!!!!!!X +R!!!"(J!!!!!!!!Xb!!!"(`!!!!!!!!Xm!!!")!!!!!!!!!Y(!!!")3!!!!!!!!Y +5!!!")J!!!!!!!!YF!!!")`!!!!!!!!YR!!!"*!!!!!!!!!Yb!!!"*3!!!!!!!!Y +p!!!"*J!!!!!!!!Z(!!!"*`!!!!!!!!Z5!!!"+!!!!!!!!!ZG!!!"+3!!!!!!!!Z +R!!!"+J!!!!!!!!Zb!!!"+`!!!!!!!!Zm!!!",!!!!!!!!!['!!!",3!!!!!!!![ +4!!!",J!!!!!!!![F!!!",`!!!!!!!![Q!!!"-!!!!!!!!![`!!!"-3!!!!!!!![ +l!!!"-J!!!!!!!!`&!!!"-`!!!!!!!!`3!!!"0!!!!!!!!!`D!!!"03!!!!!!!!` +P!!!"0J!!!!!!!!``!!!"0`!!!!!!!!`l!!!"1!!!!!!!!!a'!!!"13!!!!!!!!a +3!!!"1J!!!!!!!!aD!!!"1`!!!!!!!!aP!!!"2!!!!!!!!!a[!!!"23!!!!!!!!a +k!!!"2J!!!!!!!!b&!!!"2`!!!!!!!!b3!!!!!8!!!!!!!!!-QJ!!!8%!!!!!!!! +-T!!!!8)!!!!!!!!-V`!!!8-!!!!!!!!-ZJ!!!83!!!!!!!!-a!!!!88!!!!!!!! +-cJ!!!8B!!!!!!!!-f!!!!8F!!!!!!!!-iJ!!!8J!!!!!!!!-l!!!!8N!!!!!!!! +-p`!!!8S!!!!!!!!0!J!!!8X!!!!!!!!0$!!!!8`!!!!!!!!0&`!!!8d!!!!!!!! +0)J!!!8i!!!!!!!!0,!!!!8m!!!!!!!!00`!!!9!!!!!!!!!03J!!!9%!!!!!!!! +063!!!9)!!!!!!!!09`!!!9-!!!!!!!!0A`!!!93!!!!!!!!0D!!!!98!!!!!!!! +0F3!!!9B!!!!!!!!0H`!!!9F!!!!!!!!0KJ!!!9J!!!!!!!!0N3!!!9N!!!!!!!! +0R!!!!9S!!!!!!!!0T`!!!9X!!!!!!!!0X3!!!9`!!!!!!!!0[!!!!9d!!!!!!!! +0a`!!!9i!!!!!!!!0dJ!!!9m!!!!!!!!0h!!!!@!!!!!!!!!0j`!!!@%!!!!!!!! +0mJ!!!@)!!!!!!!!0r3!!!@-!!!!!!!!1#!!!!@3!!!!!!!!1%`!!!@8!!!!!!!! +1(3!!!@B!!!!!!!!1+!!!!@F!!!!!!!!1-!!!!@J!!!!!!!!11!!!!@N!!!!!!!! +13J!!!@S!!!!!!!!15`!!!@X!!!!!!!!19J!!!@`!!!!!!!!1B3!!!@d!!!!!!!! +1D`!!!@i!!!!!!!!1GJ!!!@m!!!!!!!!1J!!!!A!!!!!!!!!1LJ!!!A%!!!!!!!! +1P3!!!A)!!!!!!!!1R`!!!A-!!!!!!!!1U!!!!A3!!!!!!!!1X3!!!A8!!!!!!!! +1ZJ!!!AB!!!!!!!!1``!!!AF!!!!!!!!1c!!!!AJ!!!!!!!!1eJ!!!AN!!!!!!!! +1i3!!!AS!!!!!!!!1kJ!!!AX!!!!!!!!1p!!!!A`!!!!!!!!1r`!!!Ad!!!!!!!! +2#3!!!Ai!!!!!!!!2$`!!!Am!!!!!!!!2)3!!!B!!!!!!!!!2+`!!!B%!!!!!!!! +203!!!B)!!!!!!!!23!!!!B-!!!!!!!!25`!!!B3!!!!!!!!29J!!!B8!!!!!!!! +2B!!!!BB!!!!!!!!2DJ!!!BF!!!!!!!!2G!!!!BJ!!!!!!!!2IJ!!!BN!!!!!!!! +2K`!!!BS!!!!!!!!2N3!!!BX!!!!!!!!2Q`!!!B`!!!!!!!!2TJ!!!Bd!!!!!!!! +2V`!!!Bi!!!!!!!!2Z3!!!Bm!!!!!!!!2`J!!!C!!!!!!!!!!$md!!!'4!!!!!!! +!$pJ!!!'5!!!!!!!!$q)!!!'6!!!!!!!!$q`!!!'8!!!!!!!!$rB!!!'9!!!!!!! +!$rm!!!'@!!!!!!!!%!S!!!'A!!!!!!!!%"3!!!'B!!!!!!!!%"m!!!'C!!!!!!! +!%#S!!!'D!!!!!!!!%$8!!!'E!!!!!!!!%%!!!!'F!!!!!!!!%%`!!!'G!!!!!!! +!%&B!!!'H!!!!!!!!%'%!!!'I!!!!!!!!%'`!!!'J!!!!!!!!%(i!!!'K!!!!!!! +!%*!!!!!"SJ!!!!!!!"#G!!!"S`!!!!!!!"#V!!!"T!!!!!!!!"#e!!!"T3!!!!! +!!"$+!!!"TJ!!!!!!!"$6!!!"T`!!!!!!!"$H!!!"U!!!!!!!!"$J!!!"U3!!!!! +!!"$R!!!"UJ!!!!!!!"$b!!!"U`!!!!!!!"$p!!!"V!!!!!!!!"%#!!!"V3!!!!! +!!"%-!!!"VJ!!!!!!!"%5!!!"V`!!!!!!!"%E!!!"X!!!!!!!!"%L!!!"X3!!!!! +!!"%R!!!"XJ!!!!!!!"%Y!!!"X`!!!!!!!"%i!!!"Y!!!!!!!!"%q!!!"Y3!!!!! +!!"&(!!!"YJ!!!!!!!"&2!!!"Y`!!!!!!!"&B!!!"Z!!!!!!!!"&K!!!"Z3!!!!! +!!"&S!!!"ZJ!!!!!!!"&b!!!"Z`!!!!!!!"&l!!!"[!!!!!!!!"'$!!!"[3!!!!! +!!"',!!!"[J!!!!!!!"'4!!!"[`!!!!!!!"'A!!!"`!!!!!!!!"'K!!!"`3!!!!! +!!"'T!!!"`J!!!!!!!"'a!!!"``!!!!!!!"'j!!!"a!!!!!!!!"(!!!!"a3!!!!! +!!"(,!!!"aJ!!!!!!!"(@!!!"a`!!!!!!!"(K!!!"b!!!!!!!!"(U!!!"b3!!!!! +!!"(d!!!"bJ!!!!!!!"(l!!!"b`!!!!!!!")%!!!"c!!!!!!!!")5!!!"c3!!!!! +!!")N!!!"cJ!!!!!!!")e!!!"c`!!!!!!!"*)!!!"d!!!!!!!!"*A!!!"d3!!!!! +!!"*T!!!"dJ!!!!!!!"*c!!!"d`!!!!!!!"+'!!!"e!!!!!!!!"+8!!!"e3!!!!! +!!"+N!!!"eJ!!!!!!!"+h!!!"e`!!!!!!!",*!!!"f!!!!!!!!",K!!!"f3!!!!! +!!",k!!!"fJ!!!!!!!"-)!!!"f`!!!!!!!"-D!!!"h!!!!!!!!"-V!!!"h3!!!!! +!!"-q!!!"hJ!!!!!!!"0D!!!"h`!!!!!!!"0c!!!"i!!!!!!!!"1!!!!"i3!!!!! +!!"1-!!!"iJ!!!!!!!"1C!!!"i`!!!!!!!"1N!!!"j!!!!!!!!"1`!!!"j3!!!!! +!!"1l!!!"jJ!!!!!!!"2*!!!"j`!!!!!!!"2A!!!"k!!!!!!!!"2Q!!!"k3!!!!! +!!"2e!!!"kJ!!!!!!!"3#!!!"k`!!!!!!!"32!!!"l!!!!!!!!"3L!!!"l3!!!!! +!!"3d!!!"lJ!!!!!!!"4#!!!"l`!!!!!!!"4'!!!"m!!!!!!!!"40!!!"m3!!!!! +!!"4J!!!"mJ!!!!!!!"4a!!!"m`!!!!!!!"5!!!!"p!!!!!!!!"5*!!!"p3!!!!! +!!"5B!!!"pJ!!!!!!!"5R!!!"p`!!!!!!!"5f!!!"q!!!!!!!!"6$!!!"q3!!!!! +!!"64!!!"qJ!!!!!!!"6J!!!"q`!!!!!!!"6k!!!"r!!!!!!!!"8)!!!"r3!!!!! +!!"8B!!!"rJ!!!!!!!"8V!!!"r`!!!!!!!"9)!!!#!!!!!!!!!"9C!!!#!3!!!!! +!!"9U!!!#!J!!!!!!!"9h!!!#!`!!!!!!!"@(!!!#"!!!!!!!!"@8!!!#"3!!!!! +!!"@N!!!#"J!!!!!!!"@b!!!#"`!!!!!!!"@r!!!##!!!!!!!!"A3!!!##3!!!!! +!!"AJ!!!##J!!!!!!!"A[!!!##`!!!!!!!"Aq!!!#$!!!!!!!!"B+!!!#$3!!!!! +!!"BE!!!#$J!!!!!!!"B`!!!#$`!!!!!!!"Bl!!!#%!!!!!!!!"C$!!!#%3!!!!! +!!"C2!!!#%J!!!!!!!"CF!!!#%`!!!!!!!"CT!!!#&!!!!!!!!"Ce!!!#&3!!!!! +!!"D'!!!#&J!!!!!!!"DE!!!#&`!!!!!!!"DQ!!!#'!!!!!!!!"Db!!!#'3!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!) +!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!!!,3!!!!S!!!!,!!!!$!!!!!d +!!!!1!!!!$`!!!"!!!!!4!!!!%J!!!"-!!!!8!!!!&3!!!"B!!!!A!!!!'!!!!"N +!!!!D!!!!'`!!!"`!!!!G!!!!(J!!!"m!!!!J!!!!)3!!!#)!!!!M!!!!*!!!!#8 +!!!!Q!!!!*`!!!#J!!!!T!!!!+J!!!#X!!!!X!!!!,J!!!#m!!!!`!!!!-3!!!$) +!!!!c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!0!!!!%!#!!!!!J!!0!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!!!!B +!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!!!") +!!!!@!!!!'`!!!"J!!!!C!!!!'J!!!"`!!!!G!!!!&`!!!"-!!!!8!!!!&3!!!"m +!!!!H!!!!)!!!!#!&!!!!"3!!)!!!!KN!!!)J!!!@Z3!!'!!!!!)C!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!#!!!#!!!!!J%!!!&P!!!![!!!!'m!!!&Q!!!!F!!!!(% +!!!"b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!B! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3! +#`NI`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!%!!! +!"8!!!!B!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!%!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!#!!%k6@&M6e- +J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!%!!) +!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr +rrd!!!!8!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!4f9d5&488&-J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b"38%-J6'PZDf9b!!! +!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMB`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF(! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jRB`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9b!!! +!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#jX!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)!!!! +!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BA- +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`BfJ +V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!! +!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#jb!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jj!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfpb!!! +!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!C'pMG3!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf- +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!"!!! +!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!3%!!3%!!!!!!!%"!!! +"!3!"!!!"!!%!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!"G0B@028b"8EfpXBQp +i)%4&3P9()$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!r2cmr39"36!!!!B"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!0!!%!!!!!!""I69G&8NY6Ah"bC@CTH#jS!!!!!!!!!!!!!!!!!!!!!!! +"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!!!!! +!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$m +r2cp"8&"-!!%"!!!%)#!J)!15Jf!$G0pi!`1Yi!!&!J%!!3%!!3%"!!!"!!!!!!! +!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!e(CA4)9&438bK38%-T!!!!!!! +!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!!!!! +!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P$9#F +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!3! +!!!%#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!)!!!!#!J%!!!! +!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!"!!!$!!!!!`)"!!!!!!!"!!%$!!! +!!!!!!!!!!!!!"!!!!!!!!!!!!3!!"!!!!!3#!3!!!!!!!3!"!`!!!!!!!!!!!!! +!!!!!!!!!!!!!!!%!!!8!!!!&!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!'!!!!"J)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"3!!!!!!!!!!!3!!"`! +!!!F#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!J!!!!)!J%!!!! +!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!"!!!*!!!!#3)"!!!!!!!"!!%$!!! +!!!!!!!!!!!!!"3!!!!!!!!!!!3!!#J!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!!X!!!!,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!-!!!!$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!$3! +!!!d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!i!!!!1!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!2!!!!$`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%!!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!"%!!!!4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!5!!!!%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%`! +!!"-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"3!!!!8!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!9!!!!&3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!&J!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!"F!!!!A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!B!!!!'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!'3! +!!"N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"S!!!!D!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!E!!!!'`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(!!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!"d!!!!G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!H!!!!(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(`! +!!"m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#!!!!!J!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!K!!!!)3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!)J!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!#-!!!!M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!N!!!!*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!*3! +!!#8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#B!!!!Q!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!R!!!!*`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+!!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!#N!!!!T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!U!!!!+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+`! +!!#X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#`!!!!X!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!Y!!!!,3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!,J!!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!#m!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!`!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!-3! +!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$)!!!!b!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!c!!!!-`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0!!!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!$8!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!f!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0`! +!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$J!!!!i!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!j!!!!13)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!1J!!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!$X!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!m!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!23! +!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$i!!!!q!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!r!!!!2`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3!!!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!%%!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"#!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3`! +!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%3!!!"%!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"&!!!!43)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!4J!!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!%F!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!")!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!53! +!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%S!!!"+!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!",!!!!5`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6!!!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!%d!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"1!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6`! +!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&!!!!"3!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"4!!!!83)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!8J!!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!&-!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"8!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!93! +!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&B!!!"@!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"A!!!!9`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@!!!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!&N!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"D!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@`! +!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&`!!!"F!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"G!!!!A3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!AJ!!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!&m!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"J!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!B3! +!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!')!!!"L!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"M!!!!B`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C!!!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!'8!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"Q!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C`! +!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'J!!!"S!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"T!!!!D3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!DJ!!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!'X!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"X!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!E3! +!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'i!!!"Z!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"[!!!!E`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F!!!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!(%!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"b!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F`! +!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(3!!!"d!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"e!!!!G3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!GJ!!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!(F!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"i!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!H3! +!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(S!!!"k!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"l!!!!H`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I!!!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!(d!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!"q!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I`! +!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)!!!!#!!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#"!!!!J3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!JJ!!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!)-!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!#%!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!K3! +!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)B!!!#'!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#(!!!!K`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L!!!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!)N!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!#+!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L`! +!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)`!!!#-!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#0!!!!M3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!3!!MJ!!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!%!!)m!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!#3!!!!!*!!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +4!!!!N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!NJ!!!*)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*-!!!#6!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#8!!!!P!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!P3!!!*8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!*B!!!#@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +A!!!!P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!Q!!!!*J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*N!!!#C!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#D!!!!QJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!Q`!!!*X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!*`!!!#F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +G!!!!R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!RJ!!!*i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*m!!!#I!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#J!!!!S!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!S3!!!+%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!+)!!!#L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +M!!!!S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!T!!!!+3#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+8!!!#P!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#Q!!!!TJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!T`!!!+F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!+J!!!#S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +T!!!!U3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!UJ!!!+S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+X!!!#V!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#X!!!!V!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!V3!!!+d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!+i!!!#Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +[!!!!V`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!X!!!!,!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,%!!!#a!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#b!!!!XJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!X`!!!,-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!,3!!!#d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +e!!!!Y3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!YJ!!!,B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,F!!!#h!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#i!!!!Z!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!Z3!!!,N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!,S!!!#k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!# +l!!!!Z`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!![!!!!,`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,d!!!#p!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#q!!!![J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!![`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!-!!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +"!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!`J!!!-)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!--!!!$$!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$%!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!a3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!-B!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +(!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!b!!!!-J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-N!!!$*!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$+!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!b`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!-`!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +0!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!cJ!!!-i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-m!!!$2!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$3!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!d3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!0)!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +6!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!e!!!!03#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!08!!!$9!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$@!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!e`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!0J!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +C!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!fJ!!!0S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!0X!!!$E!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$F!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!h3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!0i!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +I!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!i!!!!1!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1%!!!$K!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$L!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!i`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!13!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +P!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!jJ!!!1B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1F!!!$R!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$S!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!k3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!1S!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +V!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!l!!!!1`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1d!!!$Y!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$Z!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!l`!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!2!!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +a!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!mJ!!!2)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2-!!!$c!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$d!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!p3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!2B!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +h!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!q!!!!2J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2N!!!$j!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$k!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!!q`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!2`!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$ +p!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!rJ!!!2i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2m!!!$r!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%!!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"!3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!3)!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +$!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!""!!!!33#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!38!!!%&!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%'!!!""J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!""`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!3J!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +*!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"#J!!!3S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!3X!!!%,!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%-!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"$3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!3i!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +2!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"%!!!!4!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4%!!!%4!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%5!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"%`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!43!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +9!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"&J!!!4B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4F!!!%A!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%B!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"'3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!4S!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +E!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"(!!!!4`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4d!!!%G!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%H!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"(`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!5!!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +K!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!")J!!!5)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5-!!!%M!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%N!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"*3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!5B!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +R!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"+!!!!5J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5N!!!%T!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%U!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"+`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!5`!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +Y!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!",J!!!5i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5m!!!%[!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%`!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"-3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!6)!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +c!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"0!!!!63#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!68!!!%e!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%f!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"0`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!6J!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +j!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"1J!!!6S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!6X!!!%l!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%m!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"23!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!6i!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!% +r!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"3!!!!8!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8%!!!&"!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&#!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"3`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!83!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +&!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"4J!!!8B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8F!!!&(!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&)!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"53!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!8S!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +,!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"6!!!!8`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8d!!!&0!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&1!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"6`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!9!!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +4!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"8J!!!9)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9-!!!&6!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&8!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"93!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!9B!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +A!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"@!!!!9J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9N!!!&C!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&D!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"@`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!9`!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +G!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"AJ!!!9i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9m!!!&I!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&J!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"B3!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!@)!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +M!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"C!!!!@3#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@8!!!&P!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&Q!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"C`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!@J!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +T!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"DJ!!!@S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@X!!!&V!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&X!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"E3!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!@i!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +[!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"F!!!!A!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!A%!!!&a!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&b!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"F`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!A3!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +e!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"GJ!!!AB#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!AF!!!&h!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&i!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"H3!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!AS!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!& +l!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"I!!!!A`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Ad!!!&p!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&q!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"I`!!!Am#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!B!!!!'!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!' +"!!!"J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"JJ!!!B)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!B-!!!'$!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'%!!!"K!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"K3!!!B8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!BB!!!''!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!' +(!!!"K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"L!!!!BJ#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!BN!!!'*!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'+!!!"LJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!3!"L`!!!BX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!%!!B`!!!'-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!' +0!!!"M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"MJ!!!Bi#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Bm!!!'2!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'3!!!!!C!!!J%!!!!!!!%!!3%!!!!!!!! +!!!!!!!!"!!!!!!!!!!!"!!'4!!!"N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!3!"NJ!!!C)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!% +!!C-!!!'6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'8!!!"P!) +"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"P3!!!C8#!3!!!!!!!3! +"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!CB!!!'@!J%!!!!!!!%!!3%!!!!!!!! +!!!!!!!!"!!!!!!!!!!!"!!'A!!!"P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!3!"Q!!!!CJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!% +!!CN!!!'C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'D!!!"QJ) +"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"Q`!!!CX#!3!!!!!!!3! +"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!C`!!!'F!J%!!!!!!!%!!3%!!!!!!!! +!!!!!!!!"!!!!!!!!!!!"!!'G!!!"R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!3!"RJ!!!Ci#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!% +!!Cm!!!'I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'J!!!"S!) +"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"S3!!!D%#!3!!!!!!!3! +"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!D)!!!'L!J%!!!!!!!%!!3%!!!!!!!! +!!!!!!!!"!!!!!!!!!!!"!!'M!!!"S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!3!"T!!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!% +!!D8!!!'P!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'Q!!!"TJ) +"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"T`!!!DF#!3!!!!!!!3! +"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`! +!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`! +!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`! +!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!U!!!!+`! +!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!f!!!!0`! +!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"#!!!!3`! +!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"1!!!!6`! +!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"D!!!!@`! +!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"Q!!!!C`! +!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"b!!!!F`! +!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"q!!!!I`! +!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#+!!!!L`! +!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!!PJ!!!*F +!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!!SJ!!!+- +!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m +!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X +!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!!aJ!!!-F +!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!!dJ!!!0- +!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m +!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X +!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F +!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"!J!!!3- +!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!"$J!!!3m +!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!"'J!!!4X +!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!"*J!!!5F +!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!"-J!!!6- +!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!"2J!!!6m +!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!"5J!!!8X +!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!"9J!!!9F +!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!"BJ!!!@- +!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m +!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!A8!!!&f!!!"G`!!!AJ!!!&j!!!"HJ!!!AX +!!!&m!!!"I3!!!Ai!!!&r!!!"J!!!!B%!!!'#!!!"J`!!!B3!!!'&!!!"KJ!!!BF +!!!')!!!"L3!!!BS!!!',!!!"M!!!!Bd!!!'1!!!"M`!!!C!!!!!"N3!!!C)!!!' +6!!!"P!!!!C8!!!'@!!!"P`!!!CJ!!!'C!!!"QJ!!!CX!!!'F!!!"R3!!!Ci!!!' +I!!!"S!!!!D%!!!'L!!!"S`!!!D3!!!'P!!!"TJ!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'R!!!"`!%!!!!"!!' +R!3!"SJ%!!D-"!!'K!3!"S!%!!!X"!!!-!3!!#J%!!!d"!!!1!3!!$`%!!"!"!!! +4!3!!%J%!!"-"!!!8!3!!&3%!!"B"!!!A!3!!'!%!!"N"!!!D!3!!'`%!!"`"!!! +G!3!!(J%!!"m"!!!J!3!!)3%!!#)"!!!M!3!!*!%!!#8"!!!Q!3!!*`%!!#J"!!! +T!3!!+J%!!#X"!!!X!3!!,3%!!#i"!!![!3!!-!%!!$%"!!!b!3!!-`%!!$3"!!! +e!3!!0J%!!$F"!!!i!3!!13%!!$S"!!!l!3!!2!%!!$d"!!!q!3!!2`%!!%!"!!" +"!3!!3J%!!%-"!!"%!3!!43%!!%B"!!"(!3!!5!%!!%N"!!"+!3!!5`%!!%`"!!" +0!3!!6J%!!%m"!!"3!3!!83%!!&)"!!"6!3!!9!%!!&8"!!"@!3!!9`%!!&J"!!" +C!3!!@J%!!&X"!!"F!3!!A3%!!&i"!!"I!3!!B!%!!'%"!!"L!3!!B`%!!'3"!!" +P!3!!CJ%!!'F"!!"S!3!!D3%!!'S"!!"V!3!!E!%!!'d"!!"Z!3!!E`%!!(!"!!" +a!3!!FJ%!!(-"!!"d!3!!G3%!!(B"!!"h!3!!H!%!!(N"!!"k!3!!H`%!!(`"!!" +p!3!!IJ%!!(m"!!#!!3!!J3%!!))"!!#$!3!!K!%!!)8"!!#'!3!!K`%!!)J"!!' +Q!3!!L3%!!)S"!!#,!3!!M!%!!)d"!!#1!3!!M`%!!*!!!3!!N3%!!*)"!!#6!3! +!P!%!!*8"!!#@!3!!P`%!!*J"!!#C!3!!QJ%!!*X"!!#F!3!!R3%!!*i"!!#I!3! +!S!%!!+%"!!#L!3!!S`%!!+3"!!#P!3!!TJ%!!+F"!!#S!3!!U3%!!+S"!!#V!3! +!V!%!!+d"!!#Z!3!!V`%!!,!"!!#a!3!!XJ%!!,-"!!#d!3!!Y3%!!,B"!!#h!3! +!Z!%!!,N"!!#k!3!!Z`%!!,`"!!#p!3!![J%!!,m"!!$!!3!!`3%!!-)"!!$$!3! +!a!%!!-8"!!$'!3!!a`%!!-J"!!$*!3!!bJ%!!-X"!!$-!3!!c3%!!-i"!!$2!3! +!d!%!!0%"!!$5!3!!d`%!!03"!!$9!3!!eJ%!!0F"!!$B!3!!f3%!!0S"!!$E!3! +!h!%!!0d"!!$H!3!!h`%!!1!"!!$K!3!!iJ%!!1-"!!$N!3!!j3%!!1B"!!$R!3! +!k!%!!1N"!!$U!3!!k`%!!1`"!!$Y!3!!lJ%!!1m"!!$`!3!!m3%!!2)"!!$c!3! +!p!%!!28"!!$f!3!!p`%!!2J"!!$j!3!!qJ%!!2X"!!$m!3!!r3%!!2i"!!$r!3! +"!!%!!3%"!!%#!3!"!`%!!33"!!%&!3!""J%!!3F"!!%)!3!"#3%!!3S"!!%,!3! +"$!%!!3d"!!%1!3!"$`%!!4!"!!%4!3!"%J%!!4-"!!%8!3!"&3%!!4B"!!%A!3! +"'!%!!4N"!!%D!3!"'`%!!4`"!!%G!3!"(J%!!4m"!!%J!3!")3%!!5)"!!%M!3! +"*!%!!58"!!%Q!3!"*`%!!5J"!!%T!3!"+J%!!5X"!!%X!3!",3%!!5i"!!%[!3! +"-!%!!6%"!!%b!3!"-`%!!63"!!%e!3!"T`%!!6B"!!%h!3!"1!%!!6N"!!%k!3! +"1`%!!6`"!!%p!3!"2J%!!6m"!!&!!3!"33%!!8)"!!&$!3!"4!%!!88"!!&'!3! +"4`%!!8J"!!&*!3!"5J%!!8X"!!&-!3!"63%!!8i"!!&2!3!"8!%!!9%"!!&5!3! +"8`%!!93"!!&9!3!"9J%!!9F"!!&B!3!"@3%!!9S"!!&E!3!"A!%!!9d"!!&H!3! +"A`%!!@!"!!&K!3!"BJ%!!@-"!!&N!3!"C3%!!@B"!!&R!3!"D!%!!@N"!!&U!3! +"D`%!!@`"!!&Y!3!"EJ%!!@m"!!&`!3!"F3%!!A)"!!&c!3!"G!%!!A8"!!&f!3! +"G`%!!AJ"!!&j!3!"HJ%!!AX"!!&m!3!"I3%!!Ai"!!'!!3!"J3%!!B)"!!'$!3! +"K!%!!B8"!!''!3!"K`%!!BJ"!!'*!3!"LJ%!!BX"!!'-!3!"M3%!!Bi"!!'2!3! +"N!!"!!'4!3!"NJ%!!C-"!!'8!3!"P3%!!CB"!!'A!3!"Q!%!!CN"!!'D!3!"Q`% +!!C`"!!'G!3!"RJ%!!Cm"!!'N!3!"I`%!!!%"!!!%!3!!!`%!!!)"!!!*!3!!"3% +!!!B"!!!(!3!!#!%!!D8!!!'S!!%!+!!!!#!$NFQ3!$mr!!!!!!!!!!!!!!14bC! +!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6T)HA"PFN0 +KFQ3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!#`NI +`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!'!!!!"8! +!!!J!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!% +!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!"!!%k1MT(990*1QP +ZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!%!!%!!6S +k1NG98dNkE'PL1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd! +!!!8!!J!"1NeKBdp6)&0eF("[FR3k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!% +!!!$rrrrr3!!!"J!#!!%k690-1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!3!!!2rrrrp!!!!(!!S!!%eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%p`C@j68d`J8&"$!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1J!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!"6@&M6e- +J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!(N&38%`!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!B!!!!%&`F'`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%e06%)!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%e36%B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA" +[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA3d3!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!B!!!!&*68N-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&4&@&3ZBQJ!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%*KE'a[EfiJ5'9XF!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&4&@&3ZB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX +V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBbXV!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&4&@&3ZBf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX +V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&4&@&3ZBh"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX +V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCAK`!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&4&@&3ZCf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%GKE@9$Ef4 +P)%0[ERCPFR4PFJ!!!!!!!!!!!!!!!!!!3!!!!&4&@&3ZD!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!! +!%!!!!&4&@&3ZE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%CXCAJJ8(* +PF(*[Bf9cFfpb!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&4&@&3ZF'&c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0 +KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'0S!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!! +!J!!!!&4&@&3ZF'0S+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX +V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF("e!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!! +!J!!!!&4&@&3ZFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&*PHJ!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF`!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&"33d&cE3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&4&@&3ZH3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%*TFfpZ)&" +bCA"bEf0PFh0[FJ!!!!!!!!!!!!!!!!!!J!!!!&K$6dB!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&K$6dC')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!! +!!!!!!'4[Bh8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(*cFQ-!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!B!!!!(0SE')!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA" +[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(0dG@)!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!ZC'pM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!!!!&!3%!!3!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!B!!!!!!3!!!!!&!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!3%!!'eKD@i!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!%!!3!!!!%"!3% +"!!%"!!!!!!!"!3!!!3%!!3!!!3!"!!!!!!!!!!!!#!%!!3%!!3%!!!!"!!!*!!! +A6@&M6e-J9'p[E'*[H#"%48*94b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!'!@-!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +r2cmr!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!$3!"!!!!!!!9AdeA49*,8ep(990*Ah"bC@CTH#j +S!!!!!!!!!!!!!!!!!3!!!3!!!!!!!3!!!!!!!!!!!!!&!3%"!!!"!3!"!!!!!!3 +!!!!!!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%!!!P0CA* +RC5"2GA3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!r2cmr39"36!!"!3!!"#!J)#!$NS0J!h6IH!-$VH!!"3)"!!% +"!!%"!3!!!3!!!!!!!!!"!3%"!!%"!!%!!33!!!!!!!!!!!!!"`%"!!%!!!%!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!(6h"PEP0 +66!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"-!!!%!!!!"!!!!!"!!!" +B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!"2cmr2`!!!!!!!!!#!!!!!J!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!J"3!!%!!3!"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&#G$6d4&*b! +R4%&835FJ*e"*3e3R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!K-!!!)8!!!#&3!!!KB!!!)A!!!"p!!!!HF!!!(q!!!"r3!!!IS +!!!(m!!!"m`!!!IX!!!)$!!!"U!!!!DN!!!'U!!!!,!!!!#d!!!!Z!!!!,`!!!$! +!!!!a!!!!-J!!!$-!!!!d!!!!03!!!$B!!!!h!!!!1!!!!$N!!!!k!!!!1`!!!BF +!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!',!!!!3J!!!%-!!!"%!!!!43!!!%B +!!!"(!!!"k3!!!Am!!!"p!!!!IJ!!!(m!!!'5!!!"N3!!!)!!!!#"!!!!c!!!!B` +!!!$0!!!!JJ!!!)-!!!$1!!!!c`!!!!N!!!(`!!!!K3!!!)B!!!#(!!!"T3!!!)J +!!!#*!!!!LJ!!!)X!!!#-!!!!M3!!!)i!!!#2!!!!N!!!!!#4!!!!NJ!!!*-!!!# +8!!!!P3!!!*B!!!#A!!!"N`!!!Bi!!!'2!!!"M3!!!C!!!!!!K!!!!*J!!!#C!!! +#"J!!!93!!!&9!!!"P!!!!BB!!!)*!!!##J!!!DX!!!#N!!!!T3!!!+B!!!#R!!! +!U!!!!KJ!!!'X!!!!R`!!!+)!!!#M!!!"R`!!!AS!!!'Y!!!"VJ!!!AX!!!)#!!! +"RJ!!!0!!!!#D!!!!Q`!!!*`!!!#G!!!!S!!!!*i!!!#K!!!!5!!!!%N!!!"+!!! +!5`!!!%`!!!"0!!!!6J!!!%m!!!)(!!!##!!!!+N!!!'[!!!"X!!!!,d!!!#q!!! +![`!!!-!!!!$"!!!!d3!!!E%!!!'b!!!!`J!!!--!!!$%!!!!a3!!!-B!!!'"!!! +!a`!!!-J!!!#U!!!!U`!!!+`!!!'c!!!!dJ!!!+d!!!'9!!!!b3!!!D!!!!'d!!! +!bJ!!!-X!!!"3!!!!d`!!!03!!!$9!!!!eJ!!!0F!!!$B!!!"I!!!!0N!!!$D!!! +!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!! +!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!! +!m`!!!23!!!$e!!!!pJ!!!2F!!!#Z!!!!V`!!!J8!!!(C!!!"l!!!!&%!!!"5!!! +!8`!!!HX!!!'e!!!"YJ!!!EF!!!(K!!!"h`!!!D%!!!(D!!!"c!!!!FX!!!(E!!! +"c3!!!G`!!!(1!!!"#3!!!&3!!!"9!!!!9J!!!&F!!!"B!!!!@3!!!&S!!!"E!!! +!!3!!!3S!!!%,!!!"$!!!!3d!!!%1!!!"$`!!!4!!!!(e!!!"k!!!!HB!!!(P!!! +"h3!!!G!!!!(L!!!"j!!!!Gi!!!(2!!!#!!!!!Im!!!(4!!!"SJ!!!!)!!!(B!!! +"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"-`!!!Ad!!!'M!!!"pJ!!!GF!!!!!!!! +"dJ!!!!-!!!(@!!!"IJ!!!IF!!!(U!!!"q!!!!Hd!!!$i!!!!q3!!!2S!!!$l!!! +!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"Z!!!!&`!!!"G!!!"&`!!!4J!!!%C!!! +!X!!!!,%!!!#b!!!"i`!!!H!!!!'j!!!"d`!!!!3!!!!&!!!"e!!!!G8!!!!'!!! +!"`!!!4S!!!%K!!!")J!!!5-!!!%N!!!"*3!!!5B!!!%R!!!"+!!!!5N!!!%U!!! +"+`!!!5`!!!'B!!!",3!!!5i!!!'@!!!"P`!!!&i!!!"I!!!!B!!!!'%!!!"L!!! +!B`!!!'3!!!"P!!!!CJ!!!'F!!!"S!!!!D3!!!'S!!!#c!!!"q3!!!I)!!!%E!!! +"(!!!!4d!!!%H!!!"(`!!!5!!!!%[!!!"Q3!!!6!!!!%a!!!"QJ!!!CX!!!'k!!! +"Z`!!!6)!!!'m!!!"T!!!!JX!!!)-!!!#$3!!!Ji!!!)2!!!#%!!!!Hm!!!)4!!! +"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!,3!!!%d!!!"TJ!!!,8!!!%e!!! +"0J!!!6F!!!%i!!!"13!!!6S!!!%l!!!"2!!!!6d!!!%q!!!"2`!!!8!!!!&"!!! +!YJ!!!,F!!!'p!!!"lJ!!!K)!!!&#!!!"3`!!!,J!!!'q!!!"R!!!!83!!!&&!!! +"4J!!!8F!!!&)!!!"R3!!!8N!!!&+!!!"5`!!!8`!!!&0!!!!#J!!!!X!!!!-!!! +!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!! +!'3!!!"S!!!!E!!!"[`!!!,N!!!&1!!!"6`!!!9!!!!&4!!!"`!!!!J%!!!("!!! +"`J!!!"`!!!!G!!!!(J!!!"m!!!!J!!!!)3!!!#)!!!!M!!!!*!!!!#8!!!!Q!!! +"8J!!!,S!!!#l!!!"``!!!F3!!!(&!!!"aJ!!!FS!!!!R!!!!+!!!!#N!!!!U!!! +!+`!!!J3!!!!)!!!"8`!!!BS!!!"V!!!!E!!!!'d!!!')!!!!EJ!!!BN!!!&R!!! +"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3!!!A)!!!'&!!! +"F`!!!A3!!!&e!!!"GJ!!!B3!!!&h!!!"H!!!!AN!!!((!!!"b!!!!DF!!!(*!!! +"9J!!!9F!!!'#!!!"@!!!!9N!!!&D!!!"@`!!!9`!!!&G!!!"AJ!!!9m!!!&J!!! +"B3!!!@)!!!'$!!!"B`!!!@3!!!&P!!!![!!!!I%!!!"[!!!"CJ!!!(!!!!"a!!! +!FJ!!!(-!!!"d!!!!G3!!!(B!!!"h!!!!H!!!!(N!!!"k!!!!H`!!!(`!!!'!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-!!!!-!!!!!`!!!!bdhb6,!!! +qh3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!U!!!!+`!!!#`!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!! +!3!)!!!!#!!!d!J!!(!)!!"d#!!!H!J!!(`)!!#!#!!!K!J!!)J)!!#-#!!!N!J! +!*3)!!#B#!!!R!J!!+!)!!#N#!!!U!J!!+`)!!#`#!!!Y!J!!#`)!!!`#!!!0!J! +!$J)!!!m#!!!3!J!!%3)!!")#!!!6!J!!&!)!!"8#!!!@!J!!&`)!!"J#!!!C!J! +!'J)!!"X#!!!c!J!!0!)!!#m#!!!`!J!!-J)!!$%#!!!+!J!!!3)!!!3#!!!$!J! +!!J)!!!N#!!!&!J!!"J)!!!F#!!!)!J!!,J!!!DJ!!3!S!!!!)!14bC!!2cm!!!! +!!!!!!!!!!j(*N!!!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z! +!!!!!!!!"!!,#4r!!!J!!!!!!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!J!!!3!!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!` +!!3!#!!3!!!!&3!!!"J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!3!!!2rrrrm!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!) +!!6T0B@028b"6GA"`Eh*d1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr +rrd!!!!3!!J!"1Ne66$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!%!!!$rrrrr3!!!"3!+!!"0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"(CA4)9&438b!f1%X!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)$Bi5b" +-D@jVCA)!!!!!!!!!!!!!!!!!!!!!!#""8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +"F("X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +08%a'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$B +i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +23NSJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08&FJ5@e`Eh*d)$B +i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"36'pL!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +58e*$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"#B@aXEfpZ)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,Q-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,Q0M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,Q0`F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,QGM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$Efj +fCA*dCA)!!!!!!!!!!!!!!!!!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!" +849K8,Q`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0 +PFh0[FJ!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,R"KF`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK +,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!" +849K8,R"MD#XV!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!" +849K8,R)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R0PC`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,RN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQp +MCA0cEh)!!!!!!!!!!!!!!!!!!)!!!!"NEf0e!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$B +i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!!! +!!!!!,R*cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +'!!!!!!%!!!!!"3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!%"!!"YB@PZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J"!3%!!!!"!3%!!!%"!3! +!!!!!!3%!!!%"!!%!!!%%!!!!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!$8GPG%K +89&"6+$Bi5bN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!$mr2cp"8&"-!!!#!&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!d!!3!!!!!!%&p09d955e0IF(*PCQPi,QJ!!!!!!!!!!!! +!!!!!!!!!!!%!!!!!!!!!!!%!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!! +!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&p +IFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9 +d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!2cmr2d&38%`!!3%!!!3J)#!J!j+$B!0dhhJ$!khJ!!8#!3!"!3!"!3% +!!!%!!!!!!!!!!3%"!3!"!3!"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!#%GPG%K89&"6!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr39"36!!!"!!!!!3!!!!!3!!!@-!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6m +r2cm!!!!!!!!!!J!!!!)!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!)!8!!"!!%!!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%% +R)#G35808*`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!$!!!"!!!!#J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!!J! +!!!X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!-!!!!-!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!%!!!!$3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!"3!!!!i#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!!B!!!!2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!(!!!!%!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!#!! +!!"%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!N!!!!5!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!+!!!!%`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!#`!!!"3#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!!`!!!!9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!0!!!!&J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!$J! +!!"F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!m!!!!B!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!3!!!!'3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!%3!!!"S#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!")!!!!E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!6!!!!(!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!&!! +!!"d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"8!!!!H!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!@!!!!(`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!&`!!!#!#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!"J!!!!K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!C!!!!)J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!'J! +!!#-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"X!!!!N!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!F!!!!*3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!(3!!!#B#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!"i!!!!R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!I!!!!+!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!)!! +!!#N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#%!!!!U!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!L!!!!+`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!)`!!!#`#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!#3!!!!Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!P!!!!,J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!*J! +!!#m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#F!!!!`!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!S!!!!-3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!+3!!!$)#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!#S!!!!c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!V!!!!0!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!,!! +!!$8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#d!!!!f!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!Z!!!!0`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!,`!!!$J#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!$!!!!!j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!a!!!!1J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!-J! +!!$X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$-!!!!m!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!d!!!!23)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!03!!!$i#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!$B!!!!r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!h!!!!3!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!1!! +!!%%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$N!!!"#!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!k!!!!3`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!1`!!!%3#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!$`!!!"&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!!p!!!!4J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!2J! +!!%F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$m!!!")!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"!!!!!53)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!33!!!%S#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!%)!!!",!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"$!!!!6!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!4!! +!!%d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%8!!!"1!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"'!!!!6`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!4`!!!&!#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!%J!!!"4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"*!!!!8J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!5J! +!!&-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%X!!!"8!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"-!!!!93)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!63!!!&B#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!%i!!!"A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"2!!!!@!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!8!! +!!&N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&%!!!"D!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"5!!!!@`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!8`!!!&`#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!&3!!!"G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"9!!!!AJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!9J! +!!&m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&F!!!"J!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"B!!!!B3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!@3!!!')#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!&S!!!"M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"E!!!!C!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!A!! +!!'8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&d!!!"Q!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"H!!!!C`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!A`!!!'J#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!'!!!!"T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"K!!!!DJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!BJ! +!!'X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'-!!!"X!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"N!!!!E3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!C3!!!'i#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!'B!!!"[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"R!!!!F!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!D!! +!!(%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'N!!!"b!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"U!!!!F`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!D`!!!(3#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!'`!!!"e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"Y!!!!GJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!EJ! +!!(F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'m!!!"i!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"`!!!!H3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!F3!!!(S#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!()!!!"l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"c!!!!I!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!G!! +!!(d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(8!!!"q!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"f!!!!I`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!G`!!!)!#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!(J!!!#"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"j!!!!JJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!HJ! +!!)-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(X!!!#%!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"m!!!!K3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!I3!!!)B#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!(i!!!#(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!"r!!!!L!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!J!! +!!)N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)%!!!#+!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!##!!!!L`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!`!!J`!!!)`#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!-!!)3!!!#0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!$!!#&!!!!MJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!KJ! +!!)m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)F!!!#3!!)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!L!!!!*%#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)N!!!#5!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!$!!#+!!!!N`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!`!!L`!!!*3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)` +!!!#9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#0!!!!PJ)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!MJ!!!*F#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)m!!!#B!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!$!!#3!!!!!*N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!*%!!!#D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +5!!!!Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!N`!!!*`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*3!!!#G!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#9!!!!RJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!PJ!!!*m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!*F!!!#J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +B!!!!S3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Q3!!!+)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*S!!!#M!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#E!!!!T!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!R!!!!+8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!*d!!!#Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +H!!!!T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!R`!!!+J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+!!!!#T!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#K!!!!UJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!SJ!!!+X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!+-!!!#X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +N!!!!V3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!T3!!!+i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+B!!!#[!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#R!!!!X!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!U!!!!,%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!+N!!!#b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +U!!!!X`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!U`!!!,3#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+`!!!#e!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#Y!!!!YJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!VJ!!!,F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!+m!!!#i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +`!!!!Z3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!X3!!!,S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,)!!!#l!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#c!!!![!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!Y!!!!,d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!,8!!!#q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +f!!!![`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Y`!!!-!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,J!!!$"!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#j!!!!`J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!ZJ!!!--#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!,X!!!$%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!# +m!!!!a3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!![3!!!-B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,i!!!$(!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#r!!!!b!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!`!!!!-N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!-%!!!$+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +#!!!!b`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!``!!!-`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-3!!!$0!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$&!!!!cJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!aJ!!!-m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!-F!!!$3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +)!!!!d3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!b3!!!0)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-S!!!$6!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$,!!!!e!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!c!!!!08#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!-d!!!$@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +1!!!!e`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!c`!!!0J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0!!!!$C!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$4!!!!fJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!dJ!!!0X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!0-!!!$F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +8!!!!h3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!e3!!!0i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0B!!!$I!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$A!!!!i!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!f!!!!1%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!0N!!!$L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +D!!!!i`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!f`!!!13#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0`!!!$P!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$G!!!!jJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!hJ!!!1F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!0m!!!$S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +J!!!!k3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!i3!!!1S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1)!!!$V!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$M!!!!l!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!j!!!!1d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!18!!!$Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +Q!!!!l`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!j`!!!2!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1J!!!$a!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$T!!!!mJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!kJ!!!2-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!1X!!!$d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +X!!!!p3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!l3!!!2B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1i!!!$h!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$[!!!!q!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!m!!!!2N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!2%!!!$k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +b!!!!q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!m`!!!2`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!23!!!$p!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$e!!!!rJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!pJ!!!2m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!2F!!!%!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +i!!!"!3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!q3!!!3)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2S!!!%$!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$l!!!""!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!!r!!!!38#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!2d!!!%'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$ +q!!!""`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!r`!!!3J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3!!!!%*!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%"!!!"#J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"!J!!!3X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!3-!!!%-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +%!!!"$3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!""3!!!3i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3B!!!%2!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%(!!!"%!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"#!!!!4%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!3N!!!%5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% ++!!!"%`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"#`!!!43#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3`!!!%9!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%0!!!"&J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"$J!!!4F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!3m!!!%B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +3!!!"'3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"%3!!!4S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4)!!!%E!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%6!!!"(!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"&!!!!4d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!48!!!%H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +@!!!"(`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"&`!!!5!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4J!!!%K!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%C!!!")J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"'J!!!5-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!4X!!!%N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +F!!!"*3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"(3!!!5B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4i!!!%R!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%I!!!"+!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!")!!!!5N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!5%!!!%U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +L!!!"+`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!")`!!!5`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!53!!!%Y!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%P!!!",J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"*J!!!5m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!5F!!!%`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +S!!!"-3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"+3!!!6)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5S!!!%c!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%V!!!"0!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!",!!!!68#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!5d!!!%f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +Z!!!"0`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!",`!!!6J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6!!!!%j!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%a!!!"1J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"-J!!!6X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!6-!!!%m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +d!!!"23)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"03!!!6i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6B!!!%r!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%h!!!"3!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"1!!!!8%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!6N!!!&#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!% +k!!!"3`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"1`!!!83#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6`!!!&&!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%p!!!"4J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"2J!!!8F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!6m!!!&)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +!!!!"53)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"33!!!8S#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8)!!!&,!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&$!!!"6!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"4!!!!8d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!88!!!&1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +'!!!"6`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"4`!!!9!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8J!!!&4!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&*!!!"8J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"5J!!!9-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!8X!!!&8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +-!!!"93)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"63!!!9B#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8i!!!&A!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&2!!!"@!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"8!!!!9N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!9%!!!&D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +5!!!"@`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"8`!!!9`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!93!!!&G!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&9!!!"AJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"9J!!!9m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!9F!!!&J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +B!!!"B3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"@3!!!@)#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9S!!!&M!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&E!!!"C!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"A!!!!@8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!9d!!!&Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +H!!!"C`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"A`!!!@J#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@!!!!&T!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&K!!!"DJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"BJ!!!@X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!@-!!!&X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +N!!!"E3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"C3!!!@i#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@B!!!&[!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&R!!!"F!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"D!!!!A%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!@N!!!&b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +U!!!"F`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"D`!!!A3#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@`!!!&e!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&Y!!!"GJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"EJ!!!AF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!@m!!!&i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +`!!!"H3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"F3!!!AS#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!A)!!!&l!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&c!!!"I!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"G!!!!Ad#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!A8!!!&q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +f!!!"J!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"G`!!!B%#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!AJ!!!'#!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&j!!!"J`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"HJ!!!B3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!AX!!!'&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!& +m!!!"KJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"I3!!!BF#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Ai!!!')!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&r!!!"L3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"J!!!!BS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!-!!B%!!!',!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!' +#!!!"M!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"J`!!!Bd#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!B3!!!'1!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'&!!!"M`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!`!"KJ!!!C!!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!! +!!!!!!!!$!!'(!!!"N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`! +"L!!!!C)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!BN!!!'6!J% +!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'+!!!"P!)"!!!!!!!"!!% +"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"L`!!!C8#!3!!!!!!!3!"!3!!!!!!!!! +!!!!!!!%!!!!!!!!!!!-!!B`!!!'@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!! +!!!!!!!!$!!'0!!!"P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`! +"MJ!!!CJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Bm!!!'C!J% +!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'3!!!!!CS#!3!!!!!!!3! +"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!C%!!!'E!J%!!!!!!!%!!3%!!!!!!!! +!!!!!!!!"!!!!!!!!!!!$!!'5!!!"R!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!`!"N`!!!Cd#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!- +!!C3!!!'H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'9!!!"R`) +"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"PJ!!!D!#!3!!!!!!!3! +"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!CF!!!'K!J%!!!!!!!%!!3%!!!!!!!! +!!!!!!!!"!!!!!!!!!!!$!!'B!!!"SJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!`!"Q3!!!D-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!- +!!CS!!!(5!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'E!!!"d`) +"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"R!!!!G3#!3!!!!!!!3! +"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Cd!!!(9!J%!!!!!!!%!!3-!!!!!!!! +!!!!!!!!"!!!!!!!!!!!$!!'H!!!"T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!`!"R`!!!GB#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!- +!!D!!!!(A!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'K!!!"f!) +"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"SJ!!!GN#!3!!!!!!!3! +"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!D-!!!'Q!J%!!!!!!!%!!3%!!!!!!!! +!!!!!!!!"!!!!!!!!!!!$!!'N!!!"T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3! +!!!B!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3! +!!")!!!!6!!!!&!!!!"8!!!!@!!!!&`!!!"J!!!!C!!!!'J!!!"X!!!!F!!!!(3! +!!"i!!!!I!!!!)!!!!#%!!!!L!!!!)`!!!#3!!!!P!!!!*J!!!#F!!!!S!!!!+3! +!!#S!!!!V!!!!,!!!!#d!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!d!!!!03! +!!$B!!!!h!!!!1!!!!$N!!!!k!!!!1`!!!$`!!!!p!!!!2J!!!$m!!!"!!!!!33! +!!%)!!!"$!!!!4!!!!%8!!!"'!!!!4`!!!%J!!!"*!!!!5J!!!%X!!!"-!!!!63! +!!%i!!!"2!!!!8!!!!&%!!!"5!!!!8`!!!&3!!!"9!!!!9J!!!&F!!!"B!!!!@3! +!!&S!!!"E!!!!A!!!!&d!!!"H!!!!A`!!!'!!!!"K!!!!BJ!!!'-!!!"N!!!!C3! +!!'B!!!"R!!!!D!!!!'N!!!"U!!!!D`!!!'`!!!"Y!!!!EJ!!!'m!!!"`!!!!F3! +!!()!!!"c!!!!G!!!!(8!!!"f!!!!G`!!!(J!!!"j!!!!HJ!!!(X!!!"m!!!!I3! +!!(i!!!"r!!!!J!!!!)%!!!##!!!!J`!!!)3!!!#&!!!!KJ!!!)F!!!#)!!!!L3! +!!)S!!!#,!!!!M!!!!)d!!!#1!!!!M`!!!*!!!!!!N3!!!*)!!!#6!!!!P!!!!*8 +!!!#@!!!!P`!!!*J!!!#C!!!!QJ!!!*X!!!#F!!!!R3!!!*i!!!#I!!!!S!!!!+% +!!!#L!!!!S`!!!+3!!!#P!!!!TJ!!!+F!!!#S!!!!U3!!!+S!!!#V!!!!V!!!!+d +!!!#Z!!!!V`!!!,!!!!#a!!!!XJ!!!,-!!!#d!!!!Y3!!!,B!!!#h!!!!Z!!!!,N +!!!#k!!!!Z`!!!,`!!!#p!!!![J!!!,m!!!$!!!!!`3!!!-)!!!$$!!!!a!!!!-8 +!!!$'!!!!a`!!!-J!!!$*!!!!bJ!!!-X!!!$-!!!!c3!!!-i!!!$2!!!!d!!!!0% +!!!$5!!!!d`!!!03!!!$9!!!!eJ!!!0F!!!$B!!!!f3!!!0S!!!$E!!!!h!!!!0d +!!!$H!!!!h`!!!1!!!!$K!!!!iJ!!!1-!!!$N!!!!j3!!!1B!!!$R!!!!k!!!!1N +!!!$U!!!!k`!!!1`!!!$Y!!!!lJ!!!1m!!!$`!!!!m3!!!2)!!!$c!!!!p!!!!28 +!!!$f!!!!p`!!!2J!!!$j!!!!qJ!!!2X!!!$m!!!!r3!!!2i!!!$r!!!"!!!!!3% +!!!%#!!!"!`!!!33!!!%&!!!""J!!!3F!!!%)!!!"#3!!!3S!!!%,!!!"$!!!!3d +!!!%1!!!"$`!!!4!!!!%4!!!"%J!!!4-!!!%8!!!"&3!!!4B!!!%A!!!"'!!!!4N +!!!%D!!!"'`!!!4`!!!%G!!!"(J!!!4m!!!%J!!!")3!!!5)!!!%M!!!"*!!!!58 +!!!%Q!!!"*`!!!5J!!!%T!!!"+J!!!5X!!!%X!!!",3!!!5i!!!%[!!!"-!!!!6% +!!!%b!!!"-`!!!63!!!%e!!!"0J!!!6F!!!%i!!!"13!!!6S!!!%l!!!"2!!!!6d +!!!%q!!!"2`!!!8!!!!&"!!!"3J!!!8-!!!&%!!!"43!!!8B!!!&(!!!"5!!!!8N +!!!&+!!!"5`!!!8`!!!&0!!!"6J!!!8m!!!&3!!!"83!!!9)!!!&6!!!"9!!!!98 +!!!&@!!!"9`!!!9J!!!&C!!!"@J!!!9X!!!&F!!!"A3!!!9i!!!&I!!!"B!!!!@% +!!!&L!!!"B`!!!@3!!!&P!!!"CJ!!!@F!!!&S!!!"D3!!!@S!!!&V!!!"E!!!!@d +!!!&Z!!!"E`!!!A!!!!&a!!!"FJ!!!A-!!!&d!!!"G3!!!AB!!!&h!!!"H!!!!AN +!!!&k!!!"H`!!!A`!!!&p!!!"IJ!!!Am!!!'!!!!"J3!!!B)!!!'$!!!"K!!!!B8 +!!!''!!!"K`!!!BJ!!!'*!!!"LJ!!!BX!!!'-!!!"M3!!!Bi!!!'2!!!"N!!!!!' +4!!!"NJ!!!C-!!!'8!!!"P3!!!CB!!!'A!!!"Q!!!!Cd!!!'L!!!"S`!!!CN!!!' +D!!!"Q`!!!C`!!!'H!!!"R`!!!D!!!!'K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!D3!!!( +!!`!!!!-!!D3!!!(D!!%!(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-!!CJ$!!' +C!`!"P`-!!CB$!!!#!`!!!`-!!!%$!!!%!`!!"3-!!!B$!!!(!`!!#!-!!!N$!!! ++!`!!#`-!!!`$!!!0!`!!$J-!!!m$!!!3!`!!%3-!!")$!!!6!`!!&!-!!"8$!!! +@!`!!&`-!!"J$!!!C!`!!'J-!!"X$!!!F!`!!(3-!!"i$!!!I!`!!)!-!!#%$!!! +L!`!!)`-!!#3$!!!P!`!!*J-!!#F$!!!S!`!!+3-!!#S$!!!V!`!!,!-!!#d$!!! +Z!`!!,`-!!$!$!!!a!`!!-J-!!$-$!!!d!`!!03-!!$B$!!!h!`!!1!-!!$N$!!! +k!`!!1`-!!$`$!!!p!`!!2J-!!$m$!!"!!`!!33-!!%)$!!"$!`!!4!-!!%8$!!" +'!`!!4`-!!%J$!!"*!`!!5J-!!%X$!!"-!`!!63-!!%i$!!"2!`!!8!-!!&%$!!" +5!`!!8`-!!&3$!!"9!`!!9J-!!&F$!!"B!`!!@3-!!&S$!!"E!`!!A!-!!&d$!!" +H!`!!A`-!!'!$!!"K!`!!BJ-!!'-$!!"N!`!!C3-!!'B$!!"R!`!!D!-!!'N$!!" +U!`!!D`-!!'`$!!"Y!`!!EJ-!!'m$!!"`!`!!F3-!!()$!!"c!`!!G!-!!(8$!!" +f!`!!G`-!!(J$!!"j!`!!HJ-!!(X$!!"m!`!!I3-!!(i$!!"r!`!"S`-!!)!$!!# +"!`!!JJ-!!)-$!!#%!`!!K3-!!)B$!!#(!`!!L!-!!)N$!!#+!`!!L`-!!)`$!!# +0!`!!MJ-!!)m$!!#3!!-!!*%$!!#5!`!!N`-!!*3$!!#9!`!!PJ-!!*F$!!#B!`! +!Q3-!!*S$!!#E!`!!R!-!!*d$!!#H!`!!R`-!!+!$!!#K!`!!SJ-!!+-$!!#N!`! +!T3-!!+B$!!#R!`!!U!-!!+N$!!#U!`!!U`-!!+`$!!#Y!`!!VJ-!!+m$!!#`!`! +!X3-!!,)$!!#c!`!!Y!-!!,8$!!#f!`!!Y`-!!,J$!!#j!`!!ZJ-!!,X$!!#m!`! +![3-!!,i$!!#r!`!!`!-!!-%$!!$#!`!!``-!!-3$!!$&!`!!aJ-!!-F$!!$)!`! +!b3-!!-S$!!$,!`!!c!-!!-d$!!$1!`!!c`-!!0!$!!$4!`!!dJ-!!0-$!!$8!`! +!e3-!!0B$!!$A!`!!f!-!!0N$!!$D!`!!f`-!!0`$!!$G!`!!hJ-!!0m$!!$J!`! +!i3-!!1)$!!$M!`!!j!-!!18$!!$Q!`!!j`-!!1J$!!$T!`!!kJ-!!1X$!!$X!`! +!l3-!!1i$!!$[!`!!m!-!!2%$!!$b!`!!m`-!!23$!!$e!`!!pJ-!!2F$!!$i!`! +!q3-!!2S$!!$l!`!!r!-!!2d$!!$q!`!!r`-!!3!$!!%"!`!"!J-!!3-$!!%%!`! +""3-!!3B$!!%(!`!"#!-!!3N$!!%+!`!"#`-!!3`$!!%0!`!"$J-!!3m$!!%3!`! +"%3-!!4)$!!%6!`!"&!-!!48$!!%@!`!"&`-!!4J$!!%C!`!"'J-!!4X$!!%F!`! +"(3-!!4i$!!%I!`!")!-!!5%$!!%L!`!")`-!!53$!!%P!`!"*J-!!5F$!!%S!`! +"+3-!!5S$!!%V!`!",!-!!D3$!!%Y!`!",J-!!5m$!!%`!`!"-3-!!6)$!!%c!`! +"0!-!!68$!!%f!`!"0`-!!6J$!!%j!`!"1J-!!6X$!!%m!`!"23-!!6i$!!%r!`! +"3!-!!8%$!!&#!`!"3`-!!83$!!&&!`!"4J-!!8F$!!&)!`!"53-!!8S$!!&,!`! +"6!-!!8d$!!&1!`!"6`-!!9!$!!&4!`!"8J-!!9-$!!&8!`!"93-!!9B$!!&A!`! +"@!-!!9N$!!&D!`!"@`-!!9`$!!&G!`!"AJ-!!9m$!!&J!`!"B3-!!@)$!!&M!`! +"C!-!!@8$!!&Q!`!"C`-!!@J$!!&T!`!"DJ-!!@X$!!&X!`!"E3-!!@i$!!&[!`! +"F!-!!A%$!!&b!`!"F`-!!A3$!!&e!`!"GJ-!!AF$!!&i!`!"H3-!!AS$!!&l!`! +"I!-!!Ad$!!&q!`!"I`-!!B!$!!'"!`!"JJ-!!B-$!!'%!`!"K3-!!BB$!!'(!`! +"L!-!!BN$!!'+!`!"L`-!!B`$!!'0!`!"MJ-!!Bm$!!'3!!-!!C%$!!'5!`!"N`- +!!C3$!!'9!`!"RJ-!!D!$!!'K!`!"Q`-!!D)$!!'D!`!"R!-!!Cd$!!'I!!)!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!#`NI`!!)!!!! +!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!% +!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!'!!!!"8!!!!J!!3! +"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrr +r!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!"!!%k1MT(990*1QPZBfaeC'8 +k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!%!!%!!6Sk1NG98dN +kE'PL1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!8!!J! +"1NeKBdp6)&0eF("[FR3k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrr +r3!!!"J!#!!%k690-1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!3!!!2rrrrp!!!!(!!S!!%eKBdp6)$Bi5b"-D@jVCA)!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%aTBP066#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1J!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!"6@&M6e-J0MK,)%a +TEQYPFJ!!!!!!!!!!!!!!!!!!!!!!)%&38%`!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%& +`F'`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%e06%)!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%aTBL"*EA"[FR3J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%e +36%B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA"[FR3J0MK +,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA3d3!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%p +#5L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%e39b"*EA"[FR3J0MK +,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"-Ef)!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&* +68N-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&4&@&3ZBQJ!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%*KE'a[EfiJ5'9XF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4 +&@&3ZB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBbXV!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4 +&@&3ZBf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4 +&@&3ZBh"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCAK`!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4 +&@&3ZCf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%GKE@9$Ef4P)%0[ERC +PFR4PFJ!!!!!!!!!!!!!!!!!!3!!!!&4&@&3ZD!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!&4 +&@&3ZE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%CXCAJJ8(*PF(*[Bf9 +cFfpb!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%eA)&"KFf0KE#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4 +&@&3ZF'&c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'0S!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4 +&@&3ZF'0S+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`! +!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF("e!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%eA)&"KFf0KE#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4 +&@&3ZFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&*PHJ!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZFf9R!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4 +&@&3ZH3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%*TFfpZ)&"bCA"bEf0 +PFh0[FJ!!!!!!!!!!!!!!!!!!J!!!!'4[Bh8!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(* +cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(0SE')!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!&"&4L"*EA"[FR3J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(0 +dG@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA"[FR3J0MK +,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ZC'pM!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!!!! +!!!!ZFR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!!!&!3%!!3!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B +!!!!!!3!!!!!&!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!3%!!'eKD@i!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!%"!3!!!!%"!3!!!3%"!!! +!!!!"!3!!!3%!!3!!!33!!!!!!!!!!!!!#!%!!3%!!3%!!!!"!!!*!!-B6'PL8e0 +-,MBi5b"'B5JdD9miC#NZ6'PL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!2cmr2cmr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!$3!"!!!!!!!9AdeA49*,8ep(990*Ah"bC@CTH#jS!!!!!!! +!!!!!!!!!!3!!!!!!!!!!!3!!!!!!!!!!!!!&!3%"!!!"!3!"!!!!!!3!!!!!!!! +!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Aep +cG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%!!!P0CA*RC5"2GA3 +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!r2cmr39"36!!"!3!!"#!J)#!$NS0J!h6IH!-$VH!!"3)"!!%"!!%"!3! +!!3!!!!!!!!!"!3%"!!%"!!%!!33!!!!!!!!!!!!!"`%"!!%!!!%!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!)4f9d5&488&-!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"-!!!%!!!!"!!!!!"!!!"B`!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"2cm +r2`!!!!!!!!!#!!!!!J!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!J"3!!%!!3!"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&#G$6d4&*b!R4%&835F +J*e"*3e3R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!3!!!%!!!!+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!#!!! +!#`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!!`!!!!`#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!3!!!!0!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!%!!!&!!!!$J)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"!!!"J!!!!m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!3!!!F!!!!3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!)!!! +!%3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!#3!!!")#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!S!!!!6!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!%!!!,!!!!&!)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"!!!$!!!!"8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!3!!!d!!!!@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!1!!! +!&`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!$`!!!"J#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"!!!!!C!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!%!!!4!!!!'J)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"!!!%J!!!"X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!3!!"-!!!!F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!8!!! +!(3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!&3!!!"i#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"B!!!!I!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!%!!!A!!!!)!)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"!!!'!!!!#%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!3!!"N!!!!L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!D!!! +!)`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!'`!!!#3#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"`!!!!P!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!%!!!G!!!!*J)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"!!!(J!!!#F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!3!!"m!!!!S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!J!!! +!+3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!)3!!!#S#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!#)!!!!V!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!%!!!M!!!!,!)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!! +!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!! +!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!! +!(`!!!#!!!!!K!!!!)J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)`!!!%!%!!!!"!! +!)`!!!GS!!3!F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!"33!!!3%!!!$"!! +!!J3!!!B%!!!,"!!!#J3!!!N%!!!)"!!!"`3!!!`%!!!5"!!!%33!!"!%!!!2"!! +!$33!!!i%!!!6"!!!)J3!!#%%!!!J"!!!(`3!!#-%!!!""!!!&!3!!"8%!!!@"!! +!&`3!!"J%!!!C"!!!'J3!!"X%!!!F"!!!(33!!"i!!J!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!!!!!!!!!!!!!#`MD!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!3!!!!!&!!"rr`!!!!" +rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!"!!%k!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm!!!!$!!%!!6Sk!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!3 +!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$ +rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9NC6S!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9656TXD@)k!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!#!!%k6@&M6e-J8h9`F'p +bG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!'!!)!!6T08d` +k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!F +!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!6h"PEP066#!f1'X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!! +!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'P +L)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!6d*+)!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3Q& +XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F +J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMB`!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F +J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF(!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jRB`!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9b!!!!!!!!!!! +!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F +J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#jX!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)!!!!!!!!!!!! +!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F +J8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BA-!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F +J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`BfJV+`!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!! +!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F +J8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#jb!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jj!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfpb!!!!!!!!!!! +!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9 +')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!!!!#jbFh*M!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!"!!!!!!8!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!3! +!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!!!"!3%!!!!!!!%"!!!"!3!"!!! +""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!!a2F'9Z8e0-+$BiDbN!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cm +r39"36!!!!J"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!!!!!!!!!!!!!"!!!!!!! +!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!!!!!!!!!"!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&" +-!!%"!!!%)#!J)!15Jf!$G0pi!`1Yi!!&!J%!!3%!!3%"!!!"!!!!!!!!!!%"!3% +!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA* +d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!G2F'9Z8e0-!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!!!!!!!!)!!!! +#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!&!!!3! +"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P$9#F!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!3!!!ES#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!)!!!'l!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!$!!!"[!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!"3!!"!!!!Ed#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!8!!!8!!!'q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!! +'!!!"[`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!"`!!!F!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!J!!!("!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!*!!!"`J)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!"3!!#J!!!F-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!8!!!X!!!(%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!! +-!!!"a3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!$3!!!FB#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!i!!!((!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!2!!!"b!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!"3!!%!!!!FN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!8!!"%!!!(+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!! +5!!!"b`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!%`!!!F`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"3!!!(E!J%!!!!!!!%!!3- +!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!9!!!"h!)"!!!!!!!"!!%$!!!!!!!!!!! +!!!!!!3!!!!!!!!!!"3!!&J!!!Gd#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!! +!!!!!!!8!!"F!!!(5!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!! +B!!!"f3)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!'3!!!G3#!3! +!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"S!!!(9!J%!!!!!!!%!!3- +!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!E!!!"eJ)"!!!!!!!"!!%$!!!!!!!!!!! +!!!!!!3!!!!!!!!!!"3!!(!!!!G-#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!! +!!!!!!!8!!"d!!!(A!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!! +H!!!"f!)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!(`!!!Im%!3! +!!!!!!!!"!`!!!!!!!!!!!!!!!)%!!!!!!!!!!!8!!#!!!!(I!J%!!!!!!!%!!3- +!!!!!!!!!!!!!!!#"!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!! +'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!! +5!!!!&J!!!"X!!!!B!!!!'3!!!"S!!!!F!!!!(3!!!"F!!!!6!!!!&!!!!"8!!!! +H!!!!(`!!!#!!!!!J"3!!!!8!!#!!!!(D!!%!(!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!8!!!%&!!!#"3!!!`8!!!3&!!!&"3!!"J8!!!F&!!!)"3!!#38!!!S&!!! +,"3!!$!8!!!d&!!!1"3!!$`8!!"!&!!!4"3!!%J8!!#!&!!!I"3!!%`8!!"3&!!! +9"3!!&J8!!"d&!!!H"3!!(!8!!"J&!!!A"3!!'38!!"S&!!!E!!)!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!#`NI`!!)!!!!!!!!!!!! +!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!%!!!!!"3! +!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!'!!!!"8!!!!J!!3!"1J!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!!!`! +"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r +rrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!"!!%k1MT(990*1QPZBfaeC'8k!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!%!!%!!6Sk1NG98dNkE'PL1J! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!8!!J!"1NeKBdp +6)&0eF("[FR3k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!!"J! +#!!%k690-1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r +rrrp!!!!(!!S!!%eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!%aTBP066#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1J!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!"6@&M6e-J8&"$)%aTEQYPFJ! +!!!!!!!!!!!!!!!!!!!!!(N&38%`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%&`F'`!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!B!!!!%e06%)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%aTBL"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%e36%B!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA"[FR3J8&"$!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!%eA3d3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&*68N-!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!B!!!!&4&@&3ZBQJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%*KE'a[EfiJ5'9XF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZB`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBbXV!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBf- +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh" +`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCAK`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCf- +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%GKE@9$Ef4P)%0[ERCPFR4PFJ! +!!!!!!!!!!!!!!!!!3!!!!&4&@&3ZD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!&4&@&3ZE!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%CXCAJJ8(*PF(*[Bf9cFfpb!!! +!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'& +c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'0S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF'0 +S+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!! +!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF("e!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZFJ! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&*PHJ!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&"33d&cE3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZH3! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%*TFfpZ)&"bCA"bEf0PFh0[FJ! +!!!!!!!!!!!!!!!!!J!!!!&K$6dB!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&K$6dC')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!'4[Bh8!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!B!!!!(*cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(0SE')!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA"[FR3J8&"$!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!(0dG@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!&"&4L"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ZC'p +M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!8!!!!!!&!3%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!!!3! +!!!!&!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!3%!!'eKD@i!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!%"!3!!!!%"!3!!!3%"!!!!!!!"!3! +!!3%!!3!!!33!!!!!!!!!!!!!#!%!!3%!!3%!!!!"!!!*!!-B6'PL8e0-,MBi5b" +'B5JiD9mdC#NZ6'PL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!2cmr2cmr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!$3!"!!!!!!!9AdeA49*,8ep(990*Ah"bC@CTH#jS!!!!!!!!!!!!!!! +!!3!!!3!!!!!!!3!!!!!!!!!!!!!&!3%"!!!"!3!"!!!!!!3!!!!!!!!!!!!!!!! +!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!AepcG'&bG!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%!!!P0CA*RC5"2GA3!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +r2cmr39"36!!"!3!!"#!J)#!$NS0J!h6IH!-$VH!!"3)"!!%"!!%"!3!!!3!!!!! +!!!!"!3%"!!%"!!%!!33!!!!!!!!!!!!!"`%"!!%!!!%!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!-16'PL8e0-,P"33bj-D@)!!!! +!!!!!!!!!!!!!!!!!!$mr2cmr2cmr!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"2cmr2`!!!!! +!!!!#!!!!!J!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!J"3!!%!!3!"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&#G$6d4&*b!R4%&835FJ*e"*3e3 +R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!% +!!!!+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!#!!!!#`)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!!`!!!!`#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!3!!!!0!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!'!!!&!!!!$J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"J!!"J!!!!m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!F +!!!!3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!)!!!!%3)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!#3!!!")#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!S!!!!6!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!'!!!,!!!!&!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"J!!$!!!!"8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!d +!!!!@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!1!!!!&`)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!$`!!!"J#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"!!!!!C!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!'!!!4!!!!'J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"J!!%J!!!"X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"- +!!!!F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!8!!!!(3)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!&3!!!"i#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"B!!!!I!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!'!!!A!!!!)!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"J!!'!!!!#%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"N +!!!!L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!D!!!!)`)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!'`!!!#3#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"`!!!!P!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!'!!!G!!!!*J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"J!!(J!!!#F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"m +!!!!S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!J!!!!+3)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!)3!!!#S#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!#)!!!!V!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!'!!!M!!!!,!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J +!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3 +!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#! +!!!!K!!!!)J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)`!!!%!'!!!!"J!!)`B!!!8 +'!!!%"J!!!`B!!!)'!!!'"J!!#`B!!!S'!!!*"J!!#!B!!!F'!!!-"J!!%JB!!"% +'!!!3"J!!$`B!!!d'!!!1"J!!%`B!!#)'!!!K"J!!)!B!!"m'!!!M"J!!!3B!!"3 +'!!!9"J!!&JB!!"F'!!!B"J!!'3B!!"S'!!!E"J!!(!B!!"d'!!!H!!!"U!!"!#J +!!!!J!j(*N!!r2`!!!!!!!!!!!!!$NFQ3!!!#!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!!!!!!!!!!!!!,#0S!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!"!!!!!!8!!(rr!!!!!(rr!!! +!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!%!!6S!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!-!!3!"1MS!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!!"!!"!!% +k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp +!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990*1QaTBMS!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!)!!6T0B@028b"6GA"`Eh*d1J! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!B!!J!"1Ne66$S!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!!"`!+!!" +0B@028b"38%-J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +-D@*$FRP`G'mJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!!!!!! +!!!!!!"j"8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!""F("X!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e +`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08%a'!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"58e*$!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#B@aXEfp +Z)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d- +V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0M!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d- +V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`F!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,QGM!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$EfjfCA*dCA)!!!!!!!!!!!!!!!! +!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d- +V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"849K8,Q`!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0PFh0[FJ!!!!!!!!!!!!!!!!! +!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0 +MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"KF`!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d- +V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"MD#XV!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!! +!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0 +MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R)!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"849K8,R-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"38%0"Ffd +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,RN!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQpMCA0cEh)!!!!!!!!!!!!!!!! +!!)!!!!"B3dp'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"B3dp'4L" +*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!"NEf0e!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!'!!!!"bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!"cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e +`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!&!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!%!!!!!"3!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%"!!"YB@P +Z!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%"!3!"!3!!!!!!!3%!!!%"!!%!!!%!!3! +!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!&deKBdp6)&4[EfaLEhJJ4%9#98FJ0MK +,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&" +-!!!"J&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!3! +!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!!!!!!!!!!!!!%!!!%!!!!!!!% +!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9d!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!3% +!!!3J)#!J!j+$B!0dhhJ$!khJ!!8#!3!"!3!"!3%!!!%!!!!!!!!!!3%"!3!"!3! +"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!"3!$%8aTBN0bHA"dEbj38%-Z6'PL!!!!!!!!!!!!!!! +!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6mr2cm!!!!!!!!!!J!!!!)!!J! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!8!!"!!%!!3! +"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%R)#G35808*`!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(!!!"!!!!,3)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!!J!!!#i#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!!-!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!%!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!"3!!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!B!!!! +b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!(!!!!-`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!#!!!!$3#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!!N!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!+!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!#`!!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!`!!!! +i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!0!!!!13)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!$J!!!$S#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!!m!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!3!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!%3!!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!")!!!! +q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!6!!!!2`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!&!!!!%!#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!"8!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!@!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!&`!!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"J!!!" +%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!C!!!!43)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!'J!!!%B#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!"X!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!F!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!(3!!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"i!!!" ++!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!I!!!!5`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!)!!!!%`#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!#%!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!L!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!)`!!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#3!!!" +3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!P!!!!83)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!*J!!!&)#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!#F!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!S!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!+3!!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#S!!!" +@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!V!!!!9`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!,!!!!&J#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!#d!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!Z!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!,`!!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$!!!!" +F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!a!!!!A3)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!-J!!!&i#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!$-!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!d!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!03!!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$B!!!" +L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!h!!!!B`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!1!!!!'3#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!$N!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!!k!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!1`!!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$`!!!" +S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!p!!!!D3)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!2J!!!'S#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!$m!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!"!!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!33!!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%)!!!" +Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"$!!!!E`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!4!!!!(!#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!%8!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!"'!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!4`!!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%J!!!" +d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"*!!!!G3)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!5J!!!(B#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!%X!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!"-!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!63!!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%i!!!" +k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"2!!!!H`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!8!!!!(`#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!&%!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!"5!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!8`!!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&3!!!# +!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"9!!!!J3)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!9J!!!))#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!&F!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!"B!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!@3!!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&S!!!# +'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"E!!!!K`)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!A!!!!)J#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!&d!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!"H!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!! +!"`!!A`!!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'!!!!# +-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"K!!!!M3)"!!!!!!! +"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!BJ!!!)i#!3!!!!!!!3!"!3!!!!! +!!!!!!!!!!!%!!!!!!!!!!!F!!'-!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!! +"!!!!!!!!!!!(!!"N!!!!N!!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!'8!!!#4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"Q!!! +!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!C`!!!*-#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'J!!!#8!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!(!!"T!!!!P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"`!!DJ!!!*B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!'X!!!#A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"X!!! +!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!E3!!!*N#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'i!!!#D!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!(!!"[!!!!Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"`!!F!!!!*`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!(%!!!#G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"b!!! +!RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!F`!!!*m#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(3!!!#J!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!(!!"e!!!!S3)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"`!!GJ!!!+)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!(F!!!#M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"i!!! +!T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!H3!!!+8#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(S!!!#Q!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!(!!"l!!!!T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"`!!I!!!!+J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!(d!!!#T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"q!!! +!UJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!I`!!!+X#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)!!!!#X!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!(!!#"!!!!V3)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"`!!JJ!!!+i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!)-!!!#[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#%!!! +!X!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!K3!!!,%#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)B!!!#b!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!(!!#(!!!!X`)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"`!!L!!!!,3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!)N!!!#e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#+!!! +!YJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!L`!!!,F#!3!!!!! +!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)`!!!#i!J%!!!!!!!%!!3%!!!! +!!!!!!!!!!!!"!!!!!!!!!!!(!!#0!!!!Z3)"!!!!!!!"!!%"!!!!!!!!!!!!!!! +!!3!!!!!!!!!!"`!!MJ!!!,S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!! +!!!F!!)m!!!#l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#3!!! +!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*%!!!#p!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#5!!!![J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!N`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!*3!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#9!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!PJ! +!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*F!!!$$!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#B!!!!a!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Q3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!*S!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#E!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R!! +!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*d!!!$*!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#H!!!!bJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!+!!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#K!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!SJ! +!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+-!!!$2!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#N!!!!d!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!T3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!+B!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#R!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U!! +!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+N!!!$9!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#U!!!!eJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!+`!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#Y!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!VJ! +!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+m!!!$E!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#`!!!!h!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!X3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!,)!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#c!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y!! +!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,8!!!$K!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#f!!!!iJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!,J!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#j!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!ZJ! +!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,X!!!$R!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#m!!!!k!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!![3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!,i!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!#r!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!`!! +!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-%!!!$Y!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$#!!!!lJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!``!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!-3!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$&!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!aJ! +!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-F!!!$c!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$)!!!!p!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!b3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!-S!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$,!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c!! +!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-d!!!$j!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$1!!!!qJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!0!!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$4!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!dJ! +!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0-!!!$r!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$8!!!"!!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!e3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!0B!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$A!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f!! +!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0N!!!%&!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$D!!!""J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!0`!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$G!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!hJ! +!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0m!!!%,!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$J!!!"$!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!i3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!1)!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$M!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j!! +!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!18!!!%4!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$Q!!!"%J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!1J!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$T!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!kJ! +!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!1X!!!%A!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$X!!!"'!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!l3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!1i!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$[!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m!! +!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2%!!!%G!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$b!!!"(J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!23!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$e!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!pJ! +!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2F!!!%M!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$i!!!"*!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!q3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!2S!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!$l!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r!! +!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2d!!!%T!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$q!!!"+J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!3!!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%"!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"!J! +!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3-!!!%[!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%%!!!"-!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!""3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!3B!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%(!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#!! +!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3N!!!%e!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%+!!!"0J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!3`!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%0!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"$J! +!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3m!!!%l!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%3!!!"2!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"%3!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!4)!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%6!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&!! +!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!48!!!&"!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%@!!!"3J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!4J!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%C!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"'J! +!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!4X!!!&(!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%F!!!"5!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"(3!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!4i!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%I!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!")!! +!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5%!!!&0!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%L!!!"6J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!")`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!53!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%P!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"*J! +!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5F!!!&6!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%S!!!"9!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"+3!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!5S!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%V!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!",!! +!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5d!!!&C!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%Z!!!"@J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!",`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!6!!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%a!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"-J! +!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6-!!!&I!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%d!!!"B!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"03!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!6B!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%h!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1!! +!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6N!!!&P!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%k!!!"CJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!6`!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!%p!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"2J! +!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6m!!!&V!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&!!!!"E!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"33!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!8)!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!&$!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4!! +!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!88!!!&a!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&'!!!"FJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!8J!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!&*!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"5J! +!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!8X!!!&h!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&-!!!"H!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"63!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!8i!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!&2!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8!! +!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9%!!!&p!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&5!!!"IJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8`!!!B!#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!93!!!'"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!&9!!!"JJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"9J! +!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9F!!!'%!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&B!!!"K3)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"@3!!!BB#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!9S!!!'(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!&E!!!"L!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A!! +!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9d!!!'+!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&H!!!"L`)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A`!!!B`#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!F!!@!!!!'0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!(!!&K!!!"MJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"BJ! +!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@-!!!'3!!)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"C!!!!C%#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@8!!!'5!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!(!!&Q!!!"N`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"`!"C`!!!C3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@J +!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&T!!!"PJ)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"DJ!!!CF#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@X!!!'B!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!(!!&X!!!"Q3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"`!"E3!!!CS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@i +!!!'E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&[!!!"R!)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"F!!!!Cd#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A%!!!'H!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!(!!&b!!!"R`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!"`!"F`!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A3 +!!!'Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&e!!!"T`)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!) +!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i +!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S +!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B +!!!!R!!!!+!!!!#N!!!!U!!!!+`!!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$) +!!!!c!!!!0!!!!$8!!!!f!!!!0`!!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i +!!!!r!!!!3!!!!%%!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S +!!!",!!!!6!!!!%d!!!"1!!!!6`!!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B +!!!"A!!!!@!!!!&N!!!"D!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!') +!!!"M!!!!C!!!!'8!!!"Q!!!!C`!!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i +!!!"[!!!!F!!!!(%!!!"b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S +!!!"l!!!!I!!!!(d!!!"q!!!!I`!!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B +!!!#(!!!!L!!!!)N!!!#+!!!!L`!!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!# +5!!!!N`!!!*3!!!#9!!!!PJ!!!*F!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!# +H!!!!R`!!!+!!!!#K!!!!SJ!!!+-!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!# +U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!# +f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$ +#!!!!``!!!-3!!!$&!!!!aJ!!!-F!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$ +1!!!!c`!!!0!!!!$4!!!!dJ!!!0-!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$ +D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$ +Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$ +b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$ +q!!!!r`!!!3!!!!%"!!!"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!% ++!!!"#`!!!3`!!!%0!!!"$J!!!3m!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!% +@!!!"&`!!!4J!!!%C!!!"'J!!!4X!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!% +L!!!")`!!!53!!!%P!!!"*J!!!5F!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!% +Z!!!",`!!!6!!!!%a!!!"-J!!!6-!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!% +k!!!"1`!!!6`!!!%p!!!"2J!!!6m!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!& +'!!!"4`!!!8J!!!&*!!!"5J!!!8X!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!& +5!!!"8`!!!93!!!&9!!!"9J!!!9F!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!& +H!!!"A`!!!@!!!!&K!!!"BJ!!!@-!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!& +U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"G3!!!B!(!!! +!"`!"G3F!!!%(!!!#"`!!!`F!!!3(!!!&"`!!"JF!!!F(!!!)"`!!#3F!!!S(!!! +,"`!!$!F!!!d(!!!1"`!!$`F!!"!(!!!4"`!!%JF!!"-(!!!8"`!!&3F!!"B(!!! +A"`!!'!F!!"N(!!!D"`!!'`F!!"`(!!!G"`!!(JF!!"m(!!!J"`!!)3F!!#)(!!! +M"`!!*!F!!#8(!!!Q"`!!*`F!!#J(!!!T"`!!+JF!!#X(!!!X"`!!,3F!!#i(!!! +["`!!-!F!!$%(!!!b"`!!-`F!!$3(!!!e"`!!0JF!!$F(!!!i"`!!13F!!$S(!!! +l"`!!2!F!!$d(!!!q"`!!2`F!!%!(!!"""`!!3JF!!%-(!!"%"`!!43F!!%B(!!" +("`!!5!F!!%N(!!"+"`!!5`F!!%`(!!"0"`!!6JF!!%m(!!"3"`!!83F!!&)(!!" +6"`!!9!F!!&8(!!"@"`!!9`F!!&J(!!"C"`!!@JF!!&X(!!"F"`!"G!F!!&d(!!" +H"`!!A`F!!'!(!!"K"`!!BJF!!'-(!!"N"`!!C3F!!'B(!!"R"`!!D!F!!'N(!!" +U"`!!D`F!!'`(!!"Y"`!!EJF!!'m(!!"`"`!!F3F!!()(!!"c"`!!G!F!!(8(!!" +f"`!!G`F!!(J(!!"j"`!!HJF!!(X(!!"m"`!!I3F!!(i(!!"r"`!!J!F!!)%(!!# +#"`!!J`F!!)3(!!#&"`!!KJF!!)F(!!#)"`!!L3F!!)S(!!#,"`!!M!F!!)d(!!# +1"`!!M`F!!*!!"`!!N3F!!*)(!!#6"`!!P!F!!*8(!!#@"`!!P`F!!*J(!!#C"`! +!QJF!!*X(!!#F"`!!R3F!!*i(!!#I"`!!S!F!!+%(!!#L"`!!S`F!!+3(!!#P"`! +!TJF!!+F(!!#S"`!!U3F!!+S(!!#V"`!!V!F!!+d(!!#Z"`!!V`F!!,!(!!#a"`! +!XJF!!,-(!!#d"`!!Y3F!!,B(!!#h"`!!Z!F!!,N(!!#k"`!!Z`F!!,`(!!#p"`! +![JF!!,m(!!$!"`!!`3F!!-)(!!$$"`!!a!F!!-8(!!$'"`!!a`F!!-J(!!$*"`! +!bJF!!-X(!!$-"`!!c3F!!-i(!!$2"`!!d!F!!0%(!!$5"`!!d`F!!03(!!$9"`! +!eJF!!0F(!!$B"`!!f3F!!0S(!!$E"`!!h!F!!0d(!!$H"`!!h`F!!1!(!!$K"`! +!iJF!!1-(!!$N"`!!j3F!!1B(!!$R"`!!k!F!!1N(!!$U"`!!k`F!!1`(!!$Y"`! +!lJF!!1m(!!$`"`!!m3F!!2)(!!$c"`!!p!F!!28(!!$f"`!!p`F!!2J(!!$j"`! +!qJF!!2X(!!$m"`!!r3F!!2i(!!$r"`!"!!F!!3%(!!%#"`!"!`F!!33(!!%&"`! +""JF!!3F(!!%)"`!"#3F!!A8(!!%+"`!"#`F!!3`(!!%0"`!"$JF!!3m(!!%3"`! +"%3F!!4)(!!%6"`!"&!F!!48(!!%@"`!"&`F!!4J(!!%C"`!"'JF!!4X(!!%F"`! +"(3F!!4i(!!%I"`!")!F!!5%(!!%L"`!")`F!!53(!!%P"`!"*JF!!5F(!!%S"`! +"+3F!!5S(!!%V"`!",!F!!5d(!!%Z"`!",`F!!6!(!!%a"`!"-JF!!6-(!!%d"`! +"03F!!6B(!!%h"`!"1!F!!6N(!!%k"`!"1`F!!6`(!!%p"`!"2JF!!6m(!!&!"`! +"33F!!8)(!!&$"`!"4!F!!88(!!&'"`!"4`F!!8J(!!&*"`!"5JF!!8X(!!&-"`! +"63F!!8i(!!&2"`!"8!F!!9%(!!&5"`!"8`F!!93(!!&9"`!"9JF!!9F(!!&B"`! +"@3F!!9S(!!&E"`!"A!F!!9d(!!&H"`!"A`F!!@!(!!&K"`!"BJF!!@-(!!&N"`! +"C3F!!@B(!!&R"`!"D!F!!@N(!!&U"`!"D`F!!@`(!!&Y"`!"EJF!!@m(!!&`"`! +"F3F!!A)(!!&c!!!"U!!"!#J!!!!J!j(*N!!r2`!!!!!!!!!!!!!$NFQ3!!!#!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!! +!!!!!!!!!!!,#0S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!! +"!!!!!!8!!(rr!!!!!(rr!!!!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!% +!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr +rr`!!!!-!!3!"1MS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!%!!!$rrrrr!!!!"!!"!!%k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!2rrrrp!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4 +P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990 +*1QaTBMS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!) +!!6T0B@028b"6GA"`Eh*d1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr +rrd!!!!B!!J!"1Ne66$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!%!!!$rrrrr3!!!"`!+!!"0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!"-D@*$FRP`G'mJ0MK,!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)$Bi5b" +-D@jVCA)!!!!!!!!!!!!!!!!!!!!!!#""8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +"F("X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +08%a'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$B +i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +23NSJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08&FJ5@e`Eh*d)$B +i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"36'pL!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +58e*$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"#B@aXEfpZ)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,Q-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,Q0M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,Q0`F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,QGM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$Efj +fCA*dCA)!!!!!!!!!!!!!!!!!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!" +849K8,Q`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0 +PFh0[FJ!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,R"KF`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK +,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!" +849K8,R"MD#XV!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X +!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!" +849K8,R)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R0PC`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +849K8,RN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQp +MCA0cEh)!!!!!!!!!!!!!!!!!!)!!!!"NEf0e!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!" +bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!" +cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$B +i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!!! +!!!!!,R*cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +'!!!!!!%!!!!!"3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!%"!!"YB@PZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%!!!%"!3! +!!!!!!3%!!!%"!!%!!!%%!!!!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!$'daTBN0 +bHA"dEbif1'XJ4Q%S0'PI1'3T,NaTBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!$mr2cmr2cmr!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!d!!3!!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!! +!!!!!!!!!!!%!!!!!!!!!!!%!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!! +!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&p +IFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9 +d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!2cmr2d&38%`!!3%!!!3J)#!J!j+$B!0dhhJ$!khJ!!8#!3!"!3!"!3% +!!!%!!!!!!!!!!3%"!3!"!3!"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!"dp`C@j68d`!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr39"36!!!"!!!!!3!!!!!3!!!@-!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6m +r2cm!!!!!!!!!!J!!!!)!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!)!8!!"!!%!!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%% +R)#G35808*`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!)!!!"!!!!,3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!!J! +!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!-!!!![!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!%!!!!-!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!"3!!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!!B!!!!b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!(!!!!-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!#!! +!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!N!!!!e!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!+!!!!0J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!#`!!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!!`!!!!i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!0!!!!13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!$J! +!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!m!!!!l!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!3!!!!2!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!%3!!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!")!!!!q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!6!!!!2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!&!! +!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"8!!!""!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!@!!!!3J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!&`!!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!"J!!!"%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!C!!!!43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!'J! +!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"X!!!"(!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!F!!!!5!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!(3!!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!"i!!!"+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!I!!!!5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!)!! +!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#%!!!"0!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!L!!!!6J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!)`!!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!#3!!!"3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!P!!!!83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!*J! +!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#F!!!"6!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!S!!!!9!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!+3!!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!#S!!!"@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!V!!!!9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!,!! +!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#d!!!"C!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!Z!!!!@J)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!,`!!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!$!!!!"F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!a!!!!A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!-J! +!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$-!!!"I!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!d!!!!B!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!03!!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!$B!!!"L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!h!!!!B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!1!! +!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$N!!!"P!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!k!!!!CJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!1`!!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!$`!!!"S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!!p!!!!D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!2J! +!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$m!!!"V!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"!!!!!E!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!33!!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!%)!!!"Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!"$!!!!E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!4!! +!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%8!!!"a!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"'!!!!FJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!4`!!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!%J!!!"d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!"*!!!!G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!5J! +!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%X!!!"h!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"-!!!!H!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!63!!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!%i!!!"k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!"2!!!!H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!8!! +!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&%!!!"p!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"5!!!!IJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!8`!!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!&3!!!#!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!"9!!!!J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!9J! +!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&F!!!#$!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"B!!!!K!)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!@3!!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!&S!!!#'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!"E!!!!K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!A!! +!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&d!!!#*!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"H!!!!LJ)"!!!!!!!"!!%"!!! +!!!!!!!!!!!!!!3!!!!!!!!!!#!!!A`!!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!! +!!!%!!!!!!!!!!!J!!'!!!!#-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!! +!!!!)!!"K!!!!M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!BJ! +!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'-!!!#2!J%!!!! +!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"N!!!!N!!#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'8!!!#4!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!"Q!!!!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!#!!!C`!!!*-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'J +!!!#8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"T!!!!P3)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!DJ!!!*B#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'X!!!#A!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!"X!!!!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!#!!!E3!!!*N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'i +!!!#D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"[!!!!Q`)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!F!!!!*`#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(%!!!#G!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!"b!!!!RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!#!!!F`!!!*m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(3 +!!!#J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"e!!!!S3)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!GJ!!!+)#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(F!!!#M!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!"i!!!!T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!#!!!H3!!!+8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(S +!!!#Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"l!!!!T`)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!I!!!!+J#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(d!!!#T!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!"q!!!!UJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!#!!!I`!!!+X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)! +!!!#X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#"!!!!V3)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!JJ!!!+i#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)-!!!#[!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!#%!!!!X!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!#!!!K3!!!,%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)B +!!!#b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#(!!!!X`)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!L!!!!,3#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)N!!!#e!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!#+!!!!YJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!#!!!L`!!!,F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)` +!!!#i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#0!!!!Z3)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!MJ!!!,S#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)m!!!#l!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!)!!#3!!!!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!*%!!!#p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +5!!!![J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!N`!!!,m#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*3!!!$!!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#9!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!PJ!!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!*F!!!$$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +B!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Q3!!!-8#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*S!!!$'!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#E!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!R!!!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!*d!!!$*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +H!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!R`!!!-X#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+!!!!$-!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#K!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!SJ!!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!+-!!!$2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +N!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!T3!!!0%#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+B!!!$5!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#R!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!U!!!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!+N!!!$9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +U!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!U`!!!0F#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+`!!!$B!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#Y!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!VJ!!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!+m!!!$E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +`!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!X3!!!0d#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,)!!!$H!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#c!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!Y!!!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!,8!!!$K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +f!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Y`!!!1-#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,J!!!$N!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#j!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!ZJ!!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!,X!!!$R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!# +m!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!![3!!!1N#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,i!!!$U!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#r!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!`!!!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!-%!!!$Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +#!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!``!!!1m#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-3!!!$`!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$&!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!aJ!!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!-F!!!$c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +)!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!b3!!!28#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-S!!!$f!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$,!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!c!!!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!-d!!!$j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +1!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!c`!!!2X#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0!!!!$m!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$4!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!dJ!!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!0-!!!$r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +8!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!e3!!!3%#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0B!!!%#!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$A!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!f!!!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!0N!!!%&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +D!!!""J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!f`!!!3F#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0`!!!%)!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$G!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!hJ!!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!0m!!!%,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +J!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!i3!!!3d#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1)!!!%1!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$M!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!j!!!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!18!!!%4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +Q!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!j`!!!4-#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1J!!!%8!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$T!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!kJ!!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!1X!!!%A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +X!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!l3!!!4N#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1i!!!%D!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$[!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!m!!!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!2%!!!%G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +b!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!m`!!!4m#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!23!!!%J!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$e!!!")3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!pJ!!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!2F!!!%M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +i!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!q3!!!58#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2S!!!%Q!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$l!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!!r!!!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!2d!!!%T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$ +q!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!r`!!!5X#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3!!!!%X!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%"!!!",3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"!J!!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!3-!!!%[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +%!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!""3!!!6%#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3B!!!%b!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%(!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"#!!!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!3N!!!%e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% ++!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"#`!!!6F#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3`!!!%i!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%0!!!"13)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"$J!!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!3m!!!%l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +3!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"%3!!!6d#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4)!!!%q!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%6!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"&!!!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!48!!!&"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +@!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"&`!!!8-#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4J!!!&%!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%C!!!"43)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"'J!!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!4X!!!&(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +F!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"(3!!!8N#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4i!!!&+!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%I!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!")!!!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!5%!!!&0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +L!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!")`!!!8m#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!53!!!&3!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%P!!!"83)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"*J!!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!5F!!!&6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +S!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"+3!!!98#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5S!!!&@!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%V!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!",!!!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!5d!!!&C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +Z!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!",`!!!9X#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6!!!!&F!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%a!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"-J!!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!6-!!!&I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +d!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"03!!!@%#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6B!!!&L!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%h!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"1!!!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!6N!!!&P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!% +k!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"1`!!!@F#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6`!!!&S!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%p!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"2J!!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!6m!!!&V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!& +!!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"33!!!@d#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8)!!!&Z!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&$!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"4!!!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!88!!!&a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!& +'!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"4`!!!A-#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8J!!!&d!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&*!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"5J!!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!8X!!!&h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!& +-!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"63!!!AN#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8i!!!&k!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&2!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"8!!!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!9%!!!&p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!& +5!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"8`!!!B!#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!93!!!'"!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&9!!!"JJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"9J!!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!9F!!!'%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!& +B!!!"K3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"@3!!!BB#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9S!!!'(!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&E!!!"L!)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"A!!!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!9d!!!'+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!& +H!!!"L`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"A`!!!B`#!3! +!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@!!!!'0!J%!!!!!!!%!!3% +!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&K!!!"MJ)"!!!!!!!"!!%"!!!!!!!!!!! +!!!!!!3!!!!!!!!!!#!!"BJ!!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!! +!!!!!!!J!!@-!!!'3!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!! +"C!!!!C%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@8!!!'5!J% +!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&Q!!!"N`)"!!!!!!!"!!% +"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"C`!!!C3#!3!!!!!!!3!"!3!!!!!!!!! +!!!!!!!%!!!!!!!!!!!J!!@J!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!! +!!!!!!!!)!!&T!!!"PJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!! +"DJ!!!CF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@X!!!'B!J% +!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&X!!!"Q3)"!!!!!!!"!!% +"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"E3!!!CS#!3!!!!!!!3!"!3!!!!!!!!! +!!!!!!!%!!!!!!!!!!!J!!@i!!!'E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!! +!!!!!!!!)!!&[!!!"R!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!! +"F!!!!Cd#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!A%!!!'H!J% +!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&b!!!"R`)"!!!!!!!"!!% +"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"F`!!!D3#!3!!!!!!!3!"!3!!!!!!!!! +!!!!!!!%!!!!!!!!!!!J!!A3!!!'Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!! +!!!!!!!!)!!&e!!!"T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!! +!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!! +!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!! +!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!U!!!!+`!!!#`!!!!Y!!! +!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!f!!!!0`!!!$J!!!!j!!! +!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"#!!!!3`!!!%3!!!"&!!! +!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"1!!!!6`!!!&!!!!"4!!! +!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"D!!!!@`!!!&`!!!"G!!! +!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"Q!!!!C`!!!'J!!!"T!!! +!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"b!!!!F`!!!(3!!!"e!!! +!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"q!!!!I`!!!)!!!!#"!!! +!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#+!!!!L`!!!)`!!!#0!!! +!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!!PJ!!!*F!!!#B!!!!Q3! +!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!!SJ!!!+-!!!#N!!!!T3! +!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m!!!#`!!!!X3! +!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X!!!#m!!!![3! +!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!!aJ!!!-F!!!$)!!!!b3! +!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!!dJ!!!0-!!!$8!!!!e3! +!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3! +!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3! +!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!$i!!!!q3! +!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"!J!!!3-!!!%%!!!""3! +!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!"$J!!!3m!!!%3!!!"%3! +!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!"'J!!!4X!!!%F!!!"(3! +!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!"*J!!!5F!!!%S!!!"+3! +!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!"-J!!!6-!!!%d!!!"03! +!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!"2J!!!6m!!!&!!!!"33! +!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!"5J!!!8X!!!&-!!!"63! +!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!"9J!!!9F!!!&B!!!"@3! +!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!"BJ!!!@-!!!&N!!!"C3! +!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3! +!!A)!!!&c!!!"G!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!"G3!!!B!)!!!!#!!"G3!!!GS!!3!F!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!#!!!!3J!!!))!!!$#!!!"!J!!!8)!!!'#!!!"`J!!!J)!!!*#!!!#JJ +!!!X)!!!-#!!!$3J!!!i)!!!2#!!!%!J!!"%)!!!5#!!!%`J!!"3)!!!9#!!!&JJ +!!"F)!!!B#!!!'3J!!"S)!!!E#!!!(!J!!"d)!!!H#!!!(`J!!#!)!!!K#!!!)JJ +!!#-)!!!N#!!!*3J!!#B)!!!R#!!!+!J!!#N)!!!U#!!!+`J!!#`)!!!Y#!!!,JJ +!!#m)!!!`#!!!-3J!!$))!!!c#!!!0!J!!$8)!!!f#!!!0`J!!$J)!!!j#!!!1JJ +!!$X)!!!m#!!!23J!!$i)!!!r#!!!3!J!!%%)!!"##!!!3`J!!%3)!!"&#!!!4JJ +!!%F)!!")#!!!53J!!%S)!!",#!!!6!J!!%d)!!"1#!!!6`J!!&!)!!"4#!!!8JJ +!!&-)!!"8#!!!93J!!&B)!!"A#!!!@!J!!&N)!!"D#!!!@`J!!&`)!!&d#!!!A3J +!!&i)!!"I#!!!B!J!!'%)!!"L#!!!B`J!!'3)!!"P#!!!CJJ!!'F)!!"S#!!!D3J +!!'S)!!"V#!!!E!J!!'d)!!"Z#!!!E`J!!(!)!!"a#!!!FJJ!!(-)!!"d#!!!G3J +!!(B)!!"h#!!!H!J!!(N)!!"k#!!!H`J!!(`)!!"p#!!!IJJ!!(m)!!#!#!!!J3J +!!)))!!#$#!!!K!J!!)8)!!#'#!!!K`J!!)J)!!#*#!!!LJJ!!)X)!!#-#!!!M3J +!!)i)!!#2#!!!N!!)!!#4#!!!NJJ!!*-)!!#8#!!!P3J!!*B)!!#A#!!!Q!J!!*N +)!!#D#!!!Q`J!!*`)!!#G#!!!RJJ!!*m)!!#J#!!!S3J!!+))!!#M#!!!T!J!!+8 +)!!#Q#!!!T`J!!+J)!!#T#!!!UJJ!!+X)!!#X#!!!V3J!!+i)!!#[#!!!X!J!!,% +)!!#b#!!!X`J!!,3)!!#e#!!!YJJ!!,F)!!#i#!!!Z3J!!,S)!!#l#!!![!J!!,d +)!!#q#!!![`J!!-!)!!$"#!!!`JJ!!--)!!$%#!!!a3J!!-B)!!$(#!!!b!J!!-N +)!!$+#!!!b`J!!-`)!!$0#!!!cJJ!!-m)!!$3#!!!d3J!!0))!!$6#!!!e!J!!08 +)!!$@#!!!e`J!!0J)!!$C#!!!fJJ!!0X)!!$F#!!!h3J!!0i)!!$I#!!!i!J!!1% +)!!$L#!!!i`J!!13)!!$P#!!!jJJ!!1F)!!$S#!!!k3J!!1S)!!$V#!!!l!J!!1d +)!!$Z#!!!l`J!!2!)!!$a#!!!mJJ!!2-)!!$d#!!!p3J!!2B)!!$h#!!!q!J!!2N +)!!$k#!!!q`J!!2`)!!$p#!!!rJJ!!2m)!!%!#!!"!3J!!3))!!%$#!!""!J!!38 +)!!%'#!!""`J!!3J)!!%*#!!"G3J!!3S)!!%,#!!"$!J!!3d)!!%1#!!"$`J!!4! +)!!%4#!!"%JJ!!4-)!!%8#!!"&3J!!4B)!!%A#!!"'!J!!4N)!!%D#!!"'`J!!4` +)!!%G#!!"(JJ!!4m)!!%J#!!")3J!!5))!!%M#!!"*!J!!58)!!%Q#!!"*`J!!5J +)!!%T#!!"+JJ!!5X)!!%X#!!",3J!!5i)!!%[#!!"-!J!!6%)!!%b#!!"-`J!!63 +)!!%e#!!"0JJ!!6F)!!%i#!!"13J!!6S)!!%l#!!"2!J!!6d)!!%q#!!"2`J!!8! +)!!&"#!!"3JJ!!8-)!!&%#!!"43J!!8B)!!&(#!!"5!J!!8N)!!&+#!!"5`J!!8` +)!!&0#!!"6JJ!!8m)!!&3#!!"83J!!9))!!&6#!!"9!J!!98)!!&@#!!"9`J!!9J +)!!&C#!!"@JJ!!9X)!!&F#!!"A3J!!9i)!!&I#!!"B!J!!@%)!!&L#!!"B`J!!@3 +)!!&P#!!"CJJ!!@F)!!&S#!!"D3J!!@S)!!&V#!!"E!J!!@d)!!&Z#!!"E`J!!A! +)!!&a#!!"FJJ!!A-#!!!"!!!!!3)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!J!!!J!!!!)#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!3!!!!!!!!!!!)!!!- +!!!!$!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!#!!!%!!!!"!)"!!! +!!!!"!!%$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!"3!!!!8#!3!!!!!!!3!"!`! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!B!!!!'!J%!!!!!!!%!!3-!!!!!!!!!!!! +!!!!&!!!!!!!!!!!#!!!(!!!!"`)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!#!!!!!J#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!8!!!!!!!!!!!)!!!N +!!!!*!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!#!!!+!!!"I`)"!!! +!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!#`!!!DN#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!`!!!'U!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!#!!!0!!!"U`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!$J!!!D`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!m +!!!'Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!3!!!"VJ)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!%3!!!Dm#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!")!!!'`!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!#!!!6!!!"X3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!&!!!!E)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"8 +!!!'c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!@!!!"Y!)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!&`!!!E8#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"J!!!'f!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!#!!!C!!!"Y`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!'J!!!EJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"X +!!!'j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!F!!!"ZJ)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!(3!!!EX#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"i!!!'m!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!#!!!I!!!"[3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!)!!!!Ei#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#% +!!!'r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!L!!!"`!)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!)`!!!F%#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#3!!!(#!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!#!!!P!!!"``)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!*J!!!F3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#F +!!!(&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!S!!!"aJ)"!!! +!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!+3!!!FF#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#S!!!()!J%!!!!!!!%!!3%!!!!!!!!!!!! +!!!!"!!!!!!!!!!!#!!!V!!!"b3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!,!!!!FS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#d +!!!(,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!Z!!!"T3)"!!! +!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!,`!!!F`#!3!!!!!!!3!"!3! +!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!$!!!!(0!J%!!!!!!!%!!3-!!!!!!!!!!!! +!!!!"!!!!!!!!!!!#!!!a!!!"cJ)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!! +!!!!!!J!!-J!!!Fm#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!$- +!!!(p"!%!!!!!!!!!!3-!!!!!!!!!!!!!!!#"!!!!!!!!!!!#!!!d!!!"rJ3"!!! +!!!!!!!%$!!!!!!!!!!!!!!!!J3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!J)!!J!!!!!#!`!&!!! +!!!)%!!`!!!!!!J8!#J!!!!!#"J!#!!!!!!)(!!8!!!!!!JJ!!J!!!!!##3!'!!! +!!!)+!!d!!!!!!JX!"3!!!!!#$!!&!!!!!!)0!!%!!!!!!Ji!!3!!!!!#$`!(!!! +!!!)3!!J!!!!!!K%!"3!!!!!#%J!#!!!!!!)6!!)!!!!!!K3!#!!!!!!#&3!"!!! +!!!)@!!%!!!!!!KF!#!!!!!!#'!!*!!!!!!)C!!3!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!"jJF!!!%!!!!!!!!!!!!!!!!!!!!!Y0m2&2rrr[B +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(R#!!!!3!!!!!!!!!!!!!!!!!!!!# +dh`m8rrr13J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!"i!!!!!(L!!! +!!H%!!!!"j!!!!!(P!!!!!H-!!!!"jJ!!!!(R!!%!!!!b8Np29!!!!!!!!!!!!!! +!!!C(8P93!!!!!!!!!!%18Qpj*h-J4f9d5&488&-!!!!%4NP-43%!!D*'58a&!3! +"SdC*6%8"!!'K4NP-43%!!D"(8P93!!!!!!!!!!)66h"PEP066#""F("XD@0KG'P +[EJ!!!#0'58a&!J!!(%C*6%8#!!!U4NP-43)!!!e'58a&!J!!)%C*6%8#!!!54NP +-43)!!"0'58a&!J!!&NC*6%8#!!!B4NP-43)!!"G'58a&!J!!$NC*6%8#!!!H4NP +-43)!!"&'58a&!J!!%%C*6%8#!!!K4NP-43)!!"4'58a&!J!!&8C*6%8#!!!X4NP +-43)!!"T'58a&!J!!'8C*6%8#!!!S4NP-43)!!#G'58a&!J!!*%C*6%8#!!!Y4NP +-43)!!!Y'58a&!J!!*NC*6%8#!!!T4NP-43)!!!a'58a&!J!!+dC*6%8#!!!L4NP +-43)!!!p'58a&!J!!'dC*6%8#!!!G4NP-43)!!"p'58a&!J!!*8C*6%8#!!!M4e* +98!!!!!!!!!!$%8p`C@j68d`J6'PLFQ&bD@9c!!!!"%G599!!!!!!!!!!"!038%- +!!!!#4NP-43)!!$0'58a&!J!!0%G599!!!!!!!!!!"3-f1'X!!!!#4NP-438!!#" +'58a&"3!!(dG599!!!!!!!!!!"JCMFRP`G'm!!!!S4NP-43%!!Aa'58a&!3!"INC +*6%8"!!'N4NP-43%!!Cp'58a&!3!"I8C*6%8"!!&l4e*98!!!!!!!!!!("'&cEM% +!!!"A4NP-43%!!$j'58a&!3!!-8C*6%8"!!"&4NP-43%!!$P'58a&!3!!3dC*6%8 +"!!!m4NP-43%!!$p'58a&!3!!3%C*6%8"!!"%4NP-43%!!%&'58a&!3!!0dC*6%8 +"!!!e4NP-43%!!$Y'58a&!3!!-NC*6%8"!!!i4NP-43%!!%K'58a&!3!!4NC*6%8 +"!!"#4NP-43%!!$C'58a&!3!!4dC*6%8"!!')4NP-43%!!("'58a&!3!!I%C*6%8 +"!!"i4NP-43%!!(T'58a&!3!!H8C*6%8"!!"a4NP-43%!!(C'58a&!3!!FNC*6%8 +"!!"p4NP-43%!!B&'58a&!3!!FdC*6%8"!!"e4NP-43%!!(Y'58a&!3!!A8C*6%8 +"!!"04NP-43%!!&P'58a&!3!!6NC*6%8"!!"D4NP-43%!!%p'58a&!3!!@dC*6%8 +"!!"34NP-43%!!&a'58a&!3!!5dC*6%8"!!"A4NP-43%!!%a'58a&!3!!@%C*6%8 +"!!"Z4NP-43%!!'p'58a&!3!"LNC*6%8"!!"X4NP-43%!!'e'58a&!3!"L8C*6%8 +"!!',4NP-43%!!'9'58a&!3!!D8C*6%8"!!"S4NP-43%!!'G'58a&!3!!BdC*6%8 +"!!"N4NP-43%!!'&'58a&!3!!DNC*6%8"!!"L4NP-43%!!'C'58a&!3!!8dC*6%8 +"!!"84NP-43%!!&9'58a&!3!!9NC*6%8"!!"*4NP-43%!!%T'58a&!3!!ANC*6%8 +"!!"54NP-43%!!$T'58a&!3!!GdC*6%8"!!!c4NP-43%!!(4'58a&!3!!,dC*6%8 +"!!!Z4NP-43%!!#e'58a&!3!!28C*6%8"!!!d4NP-43%!!Ba'58a&!3!!88C*6%8 +"!!!`4NP-43%!!&p'58a&!3!!B%C*6%8"!!"V4e*98!!!!!!!!!!)!Q*Q!!!!"8C +*6%8"!!##4NP-43%!!(p'58a&!3!!J%C*6%8"!!"q4NP-43%!!)&(8P93!!!!!!! +!!!N$BQP[!!!!$NC*6%8"!!#%4NP-43%!!Be'58a&!3!!JdC*6%8"!!'14NP-43% +!!C&'58a&!3!"MdC*6%8"!!'3!%C*6%8"!!#&4NP-43%!!C*'58a&!3!"J%C*6%8 +"!!'(4NP-43%!!C9'58a&!3!"NdC*6%8"!!'84e*98!!!!!!!!!!+!Q*Z!!!!&%C +*6%8"!!#'4NP-43%!!)P'58a&!3!!LdC*6%8"!!#14NP-43%!!DC'58a&!3!!N8C +*6%8"!!#64NP-43%!!*4'58a&!3!!PNC*6%8"!!#B4NP-43%!!)K'58a&!3!!M8C +*6%8"!!#54NP-43%!!)T'58a&!3!!PdC*6%8"!!#(4NP-43%!!*9'58a&!3!!MdC +*6%8"!!#3!%C*6%8"!!#-4e*98!!!!!!!!!!,"Q*eCQCPFJ!!!!*'58a&!3!!Q8C +*6%8"!!#D4e*98!!!!!!!!!!-"'0KFh3!!!!&4NP-43%!!*p'58a&!3!!R%C*6%8 +"!!#G4NP-43%!!*Y'58a&!3!!RNG599!!!!!!!!!!$34MEfe`!!!!!dC*6%8"!!# +J4NP-43%!!+&'58a&!3!!SNG599!!!!!!!!!!$J4MEfjQ!!!!!NC*6%8"!!#M4NP +-43%!!+4(8P93!!!!!!!!!!m$C'9c!!!!'NC*6%8"!!#P4NP-43%!!+C'58a&!3! +!U%C*6%8"!!#T4NP-43%!!+Y'58a&!3!!V%C*6%8"!!#Z4NP-43%!!CC'58a&!3! +!VdC*6%8"!!#b4NP-43%!!,0'58a&!3!!Y%C*6%8"!!#e4NP-43%!!,C'58a&!3! +!Z%C*6%8"!!#j4NP-43%!!,T'58a&!3!!UNC*6%8"!!#`4NP-43%!!,G'58a&!3! +![8C*6%8"!!#l4NP-43%!!+G'58a&!3!!X8C*6%8"!!#m4NP-43%!!+e(8P93!!! +!!!!!!"!#C'J!!!!&4NP-43%!!-"'58a&!3!!`8C*6%8"!!$#4NP-43%!!,j'58a +&!3!![dG599!!!!!!!!!!%30NFf%!!!!)4NP-43%!!-9'58a&!3!!aNC*6%8"!!$ +(4NP-43%!!-0'58a&!3!!b8C*6%8"!!$)4NP-43%!!-4'58a&!3!"JNG599!!!!! +!!!!!%J0PFR)!!!!$4NP-43%!!-T'58a&!3!!bdC*6%8"!!$-4e*98!!!!!!!!!! +6!f9fF!!!!$p'58a&!3!!ddC*6%8"!!$54NP-43%!!04'58a&!3!!eNC*6%8"!!$ +V4NP-43%!!0e'58a&!3!!j%C*6%8"!!$c4NP-43%!!1a'58a&!3!!hNC*6%8"!!$ +P4NP-43%!!24'58a&!3!!k%C*6%8"!!$D4NP-43%!!2G'58a&!3!"!NC*6%8"!!$ +K4NP-43%!!2"'58a&!3!!q%C*6%8"!!$Y4NP-43%!!0p'58a&!3!!jNC*6%8"!!$ +e4NP-43%!!1P'58a&!3!!fdC*6%8"!!$L4NP-43%!!2&'58a&!3!!kNC*6%8"!!$ +F4NP-43%!!10'58a&!3!!mNC*6%8"!!$Z4NP-43%!!1"'58a&!3!!jdC*6%8"!!$ +f4NP-43%!!2j'58a&!3!!qdC*6%8"!!$m4NP-43%!!3"'58a&!3!"!8C*6%8"!!$ +j4NP-43%!!2T'58a&!3!!r8C*6%8"!!$r4NP-43%!!3C'58a&!3!""dC*6%8"!!% +)4NP-43%!!3P'58a&!3!""8C*6%8"!!%%4NP-43%!!30'58a&!3!!cdC*6%8"!!$ +04NP-43%!!-j'58a&!3!!e8C*6%8"!!$[4NP-43%!!0&'58a&!3!!edC*6%8"!!$ +34NP-43%!!0P'58a&!3!!f%C*6%8"!!'A4NP-43%!!CK(8P93!!!!!!!!!"3%D'e +KB`!!!!&'58a&!3!"#NG599!!!!!!!!!!&34TC'9K!!!!"8C*6%8"!!%,4NP-43% +!!3a'58a&!3!"$NC*6%8"!!%04NP-43%!!3p(8P93!!!!!!!!!"B&E'KKFfJ!!!! +#4NP-43%!!4"'58a&!3!"%8G599!!!!!!!!!!&`0YC$)!!!!#4NP-43%!!4*'58a +&!3!"%dG599!!!!!!!!!!'!0YC$8!!!!#4NP-43%!!44'58a&!3!"&8G599!!!!! +!!!!!'34YC'-b!!!!!NC*6%8"!!%@4NP-43%!!4G(8P93!!!!!!!!!"S(Ef*UC@0 +dF`!!!!4'58a&!3!"'dC*6%8"!!%B4NP-43%!!4T'58a&!3!"'8G599!!!!!!!!! +!'`0`C@d!!!!'4NP-43%!!5&'58a&!3!")%C*6%8"!!%H4NP-43%!!4p'58a&!3! +"(%C*6%8"!!%G4e*98!!!!!!!!!!F"R"VBh-a-J!!!""'58a&!3!")NC*6%8"!!% +M4NP-43%!!54'58a&!3!"*8C*6%8"!!%Q4NP-43%!!5G'58a&!3!"+%C*6%8"!!% +T4NP-43%!!5T'58a&!3!"+dC*6%8"!!%X4NP-43%!!5e'58a&!3!",NC*6%8"!!% +[4NP-43%!!CP'58a&!3!"-%G599!!!!!!!!!!(39`Df0c0`!!!!C'58a&!3!"-NC +*6%8"!!%c4NP-43%!!6&'58a&!3!"R%C*6%8"!!'D4NP-43%!!CY(8P93!!!!!!! +!!"i%FQ&ZC!!!!!4'58a&!3!"0%C*6%8"!!%e4NP-43%!!6C'58a&!3!"TdG599! +!!!!!!!!!(`0bBc)!!!!&4NP-43%!!6T'58a&!3!"1dC*6%8"!!%j4NP-43%!!6G +'58a&!3!"1%G599!!!!!!!!!!)!0bBc3!!!!#4NP-43%!!6e'58a&!3!"2%G599! +!!!!!!!!!)30bBc8!!!!&4NP-43%!!8*'58a&!3!"3%C*6%8"!!&"4NP-43%!!6j +'58a&!3!"2dG599!!!!!!!!!!)JCbDA"PE@3!!!!#4NP-43%!!80'58a&!3!"4%G +599!!!!!!!!!!)`0bFf%!!!!-4NP-43%!!89'58a&!3!"4dC*6%8"!!&)4NP-43% +!!8e'58a&!3!"6%C*6%8"!!&'4NP-43%!!8Y'58a&!3!"6NC*6%8"!!&*4NP-43% +!!8T'58a&!3!"R8C*6%8"!!'H4e*98!!!!!!!!!!N!h0SB3!!!!4'58a&!3!"88C +*6%8"!!&24NP-43%!!9*'58a&!3!"8%G599!!!!!!!!!!*39cG'&MD`!!!!&'58a +&!3!"8dG599!!!!!!!!!!*JCdH(4IC')!!!!"4NP-43%!!94(8P93!!!!!!!!!#F +%H$8`13!!!"9'58a&!3!"A%C*6%8"!!&E4NP-43%!!@&'58a&!3!"@NC*6%8"!!& +J4NP-43%!!@*'58a&!3!"JdC*6%8"!!&Q4NP-43%!!@0'58a&!3!"@%C*6%8"!!& +G4NP-43%!!9G'58a&!3!"C8C*6%8"!!&H4NP-43%!!9P'58a&!3!"AdC*6%8"!!& +R4NP-43%!!@4'58a&!3!"K%C*6%8"!!&94NP-43%!!9C(8P93!!!!!!!!!#J'H$8 +`1ABc!!!!&8C*6%8"!!&V4NP-43%!!@a'58a&!3!"E8C*6%8"!!&a4NP-43%!!A0 +'58a&!3!"G8C*6%8"!!&h4NP-43%!!AT'58a&!3!"D%C*6%8"!!&b4NP-43%!!@T +'58a&!3!"H%C*6%8"!!&T4NP-43%!!AC'58a&!3!"G%C*6%8"!!&`4NP-43%!!AP +'58a&!3!"ENC*6%8"!!&[4NP-43%!!B9'58a&!3!"KNG599!!!!!!!!!!+30cFf` +!!!!M4NP-43%!!"0'58a&!3!!&8C*6%8"!!!34NP-43%!!"*'58a&!3!!%8C*6%8 +"!!!84NP-43%!!"T'58a&!3!!(%C*6%8"!!!A4NP-43%!!"P'58a&!3!!'%C*6%8 +"!!!E4NP-43%!!"C'58a&!3!!$8C*6%8"!!!24NP-43%!!!Y'58a&!3!!$%C*6%8 +"!!!14NP-43%!!#Y'58a&!3!!,%C*6%8"!!!S4NP-43%!!#T'58a&!3!!+8C*6%8 +"!!!M4NP-43%!!#*'58a&!3!!(dC*6%8"!!!P4NP-43%!!#"'58a&!3!!*NC*6%8 +"!!!N4NP-43%!!"j'58a&!3!!*dC*6%8"!!!G4NP-43%!!!T'58a&!3!!)8G599! +!!!!!!!!!+Jj(990*)%aTBR*KFQPPF`!!!!0'58a&!J!!,dG599!!!!!!!!!!+`0 +38%-!!!!$4NP-43)!!$"'58a&!J!!-8C*6%8#!!!b4e*98!!!!!!!!!!X!cBiD`! +!!!0'58a&"3!!&%C*6%8&!!!94NP-438!!"C(8P93!!!!!!!!!#d138j655"-D@* +bBA*TCA-!!!!#4e*98!!!!!!!!!!Z!e"33`!!!!*'58a&!3!!!8C*6%8"!!&r4e* +98!!!!!!!!!![!cBiD`!!!!*'58a&!`!"S%C*6%8$!!'K4e*98!!!!!!!!!!`$8e +KBb"-D@*bBA*TCA-!!!!#4e*98!!!!!!!!!!a!e"33`!!!!P'58a&!3!!"%C*6%8 +"!!!#4NP-43%!!!0'58a&!3!!#8C*6%8"!!!)4NP-43%!!!G'58a&!3!!"NC*6%8 +"!!!&4NP-43%!!D9(8P93!!!!!!!!!$)$0MKV!!!!"NC*6%8$!!'D4NP-43-!!D* +'58a&!`!"R%C*6%8$!!'G4NP-43-!!Cp'58a&!`!"Q`!!!!!!!!!!!!!!Y,T3!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!#"J%#!!!c"`%#!!!d!!!!!J3""3!!)!J""3!!(`!!!HF +!!!)!!!!6e`!!&!!!!!(R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$*!!!!i!!!&0i +!!"J!!!!!b3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!H!"!!!"!!!!!!!!!!! +!"!!"!!!"k,6I$a6rrqXL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"i3)!!!% +!!!!!!!!!!!!%!!%!!!(dY0m2*3!!DlF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!(L!`!!!3!!!!!!!!!!!!3!!3!!!I@dh`m8!!!`R3!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!H-%!!!"!!!!!!!!!!!!"!!"!!!"ql6I$a6rrjeI!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!"j!8!!!%!!!!!!!!!!!!%!!%!!!(mY0m2*IrrcT! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"j3B!!!%!!!!!!!!!!!!%!!%!!!( +pY0m2&2rrVV8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(Q"`!!!3!!!!!!!!! +!!!3!!3!!!Ikdh`m8rrrqpJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!HF)!!! +"!!!!!!!!!!!!"!!"!!!"rl6I$a6rrmj#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!"+!!!'!"YFh4b!!!!!!!!!!!!!!!!!!!C+!!!#S"YFh4X!!!!!!!!!!!!!!! +!!!!MU!!!!i"YFh4Z!!!!!!!!!!!!!!!!!!!R+!!!'!"YFh4b!!!$k!!!!!!!!!! +!!!!r+!!!'B"YFh4X!!!$k!!!!!!!!!!!!!%0dJ!!#)"YFh4Z!!!$k!!!!!!!!!! +!!!"E+!!!"4"`FQ9Q!!jqcJ!!!!%!!!!!!!"J1!!!!!K`FQ9Q!!i,hJ!!!!)!!!! +!!!"J3!!!!"T`FQ9Q!!i*C!!!!!-!!!!!!!"J@J!!$+"`FQ9Q!!j"B3!!!!3!!!! +!!!"XqJ!!"K4`FQ9Q!!kHI3!!!!8!!!!!!!"c$J!!#*C`FQ9Q!!j,f`!!!!B!!!! +!!!"lT!!!!3G`FQ9Q!!ihQJ!!!!F!!!!!!!"mU`!!!b"`FQ9Q!!iT1`!!!!J!!!! +!!!"rb`!!!"4`FQ9Q!!jZi!!!!!N!!!!!!!"rh`!!!!T`FQ9Q!!jf-!!!!!S!!!! +!!!"rk3!!!!a`FQ9Q!!k$&3!!!!X!!!!!!!"rp3!!!!j`FQ9Q!!l6V!!!!!`!!!! +!!!#!!`!!!3C`FQ9Q!!l9e3!!!!d!!!!!!!#"#3!!!$j`FQ9Q!!k(*3!!!!i!!!! +!!!#"4`!!!!j`FQ9Q!!j"33!!!!m!!!!!!!#"93!!!GT`FQ9Q!!jMQ`!!!"!!!!! +!!!#$,`!!!'*`FQ9Q!!iIT3!!!"%!!!!!!!#$N3!!!"4`FQ9Q!!i)0`!!!")!!!! +!!!#$T3!!!!T`FQ9Q!!k[Z3!!!"-!!!!!!!#$V`!!!!a`FQ9Q!!kCE!!!!"3!!!! +!!!#$Z`!!!-T`FQ9Q!!jHY`!!!"8!!!!!!!#%K3!!!4K`FQ9Q!!kSh!!!!"B!!!! +!!!#&R3!!!+K`FQ9Q!!j(T3!!!"F!!!!!!!#'43!!!#j`FQ9Q!!i#aJ!!!"J!!!! +!!!#'F`!!!Ja`FQ9Q!!lpS`!!!"N!!!!!!!#)I`!!4J"YG("X!!!!!3!!!!!!!!! +!!!$1I`!!"`"YG("c!!!!!3!!!!!!!!!!!!$9I`!!!""YG("T!!!!!3!!!!!!!!! +!!!$9M`!!"TaYG'a[!!!!!3!!!!!!!!!!!!$F+`!!!#"YG(0X!!!!!3!!!!!!!!! +!!!$F5`!!"4"`FQ9Q!!klZ`!!!"S!!!!!!!$K@`!!!!K`FQ9Q!!lq$`!!!"X!!!! +!!!$KB`!!!"T`FQ9Q!!lTR!!!!"`!!!!!!!$KI3!!%0"`FQ9Q!!jkK!!!!"d!!!! +!!!$b63!!"K4`FQ9Q!!lQ%3!!!"i!!!!!!!$iB3!!#*C`FQ9Q!!l4QJ!!!"m!!!! +!!!%!p`!!!3G`FQ9Q!!l9lJ!!!#!!!!!!!!%"rJ!!!b"`FQ9Q!!i2K!!!!#%!!!! +!!!%&(J!!!"4`FQ9Q!!kki3!!!#)!!!!!!!%&-J!!!!T`FQ9Q!!lUEJ!!!#-!!!! +!!!%&2!!!!!a`FQ9Q!!l+`J!!!#3!!!!!!!%&5!!!!!j`FQ9Q!!j@3J!!!#8!!!! +!!!%&9J!!!3C`FQ9Q!!kR#`!!!#B!!!!!!!%'A!!!!$j`FQ9Q!!i993!!!#F!!!! +!!!%'QJ!!!!j`FQ9Q!!km6J!!!#J!!!!!!!%'U!!!!GT`FQ9Q!!kq6J!!!#N!!!! +!!!%)JJ!!!'*`FQ9Q!!lXDJ!!!#S!!!!!!!%)j!!!!"4`FQ9Q!!lEH!!!!#X!!!! +!!!%)q!!!!!T`FQ9Q!!i6c`!!!#`!!!!!!!%*!J!!!!a`FQ9Q!!iSA!!!!#d!!!! +!!!%*$J!!!-T`FQ9Q!!i15!!!!#i!!!!!!!%*f!!!!4K`FQ9Q!!i#2!!!!#m!!!! +!!!%+m!!!!+K`FQ9Q!!l,'3!!!$!!!!!!!!%,Q!!!!#j`FQ9Q!!l[K3!!!$%!!!! +!!!%,aJ!!!Ja`FQ9Q!!kqX!!!!$)!!!!!!!0#I!!!#J"YG("X!!!!!J!!!!!!!!! +!!!"BU!!!!3"YG("c!!!!!J!!!!!!!!!!!!"CU!!!!""YG("T!!!!!J!!!!!!!!! +!!!%BiJ!!!0"YG'a[!!!!!J!!!!!!!!!!!!%CXJ!!!#"YG(0X!!!!!J!!!!!!!!! +!!!%CdJ!!"4"`FQ9Q!!lk53!!!$-!!!!!!!%HiJ!!!!K`FQ9Q!!ibfJ!!!$3!!!! +!!!%HkJ!!!"T`FQ9Q!!j($3!!!$8!!!!!!!%I"!!!$+"`FQ9Q!!ipM3!!!$B!!!! +!!!%VT!!!"K4`FQ9Q!!kR*3!!!$F!!!!!!!%aZ!!!#5C`FQ9Q!!lqqJ!!!$J!!!! +!!!%khJ!!!3G`FQ9Q!!j"k!!!!$N!!!!!!!%lj3!!!b"`FQ9Q!!jU8`!!!$S!!!! +!!!%r"3!!!"4`FQ9Q!!m!0!!!!$X!!!!!!!%r'3!!!!T`FQ9Q!!kBq3!!!$`!!!! +!!!%r)`!!!!a`FQ9Q!!ia@3!!!$d!!!!!!!%r,`!!!!j`FQ9Q!!kDRJ!!!$i!!!! +!!!%r23!!!3C`FQ9Q!!i"i`!!!$m!!!!!!!&!3`!!!$j`FQ9Q!!ja`3!!!%!!!!! +!!!&!J3!!!!j`FQ9Q!!lI4!!!!%%!!!!!!!&!M`!!!GT`FQ9Q!!j[I`!!!%)!!!! +!!!&#D3!!!'*`FQ9Q!!iXV!!!!%-!!!!!!!&#b`!!!"4`FQ9Q!!i&T`!!!%3!!!! +!!!&#h`!!!!T`FQ9Q!!lfMJ!!!%8!!!!!!!&#k3!!!!a`FQ9Q!!km-!!!!%B!!!! +!!!&#p3!!!-T`FQ9Q!!k+c3!!!%F!!!!!!!&$[`!!!4K`FQ9Q!!jBk`!!!%J!!!! +!!!&%e`!!!+K`FQ9Q!!i30J!!!%N!!!!!!!&&I`!!!#j`FQ9Q!!kMJ3!!!%S!!!! +!!!&&V3!!!Ja`FQ9Q!!jc,3!!!%X!!!!!!!&(Z3!!4J"YG("X!!!!!`!!!!!!!!! +!!!'0Z3!!"`"YG("c!!!!!`!!!!!!!!!!!!'8Z3!!!""YG("T!!!!!`!!!!!!!!! +!!!'8b3!!!#"YG(0X!!!!!`!!!!!!!!!!!!'8k3!!"T!!EA4XE`!!!!-!!!!!!!! +!!!!"QhN!!!83F(*PCJ!1L,S!!!"-!!!!!!!"S)N!!!!)F(*PCJ!1iN8!!!"0!!! +!!!!"S*%!!!!DF(*PCJ!1d&S!!!"1!!!!!!!"S+X!!"$3F(*PCJ!1Rh-!!!"2!!! +!!!!"XAX!!!B8F(*PCJ!1P(-!!!"3!!!!!!!"Yim!!!NQF(*PCJ!1LkB!!!"4!!! +!!!!"`,8!!!%(F(*PCJ!1VAF!!!"5!!!!!!!"`E`!!!-JF(*PCJ!1ejm!!!"6!!! +!!!!"a0`!!!!8F(*PCJ!1FbF!!!"8!!!!!!!"a2!!!!!+F(*PCJ!1@,m!!!"9!!! +!!!!"a2S!!!!-F(*PCJ!1VG`!!!"@!!!!!!!"a3B!!!!1F(*PCJ!1@GJ!!!"A!!! +!!!!"a43!!!%'F(*PCJ!1G1)!!!"B!!!!!!!"aKS!!!!qF(*PCJ!1CB`!!!"C!!! +!!!!"aPJ!!!!1F(*PCJ!1*2X!!!"D!!!!!!!"aQB!!!(DF(*PCJ!19#X!!!"E!!! +!!!!"b%!!!!"LF(*PCJ!1mb!!!!"F!!!!!!!"b+)!!!!8F(*PCJ!1m`8!!!"G!!! +!!!!"b,B!!!!+F(*PCJ!1fHN!!!"H!!!!!!!"b-!!!!!-F(*PCJ!1$)-!!!"I!!! +!!!!"b-`!!!$+F(*PCJ!1%CN!!!"J!!!!!!!"bCB!!!%BF(*PCJ!1Y5%!!!"K!!! +!!!!"bUi!!!#SF(*PCJ!1$e8!!!"L!!!!!!!"beB!!!!ZF(*PCJ!1VXF!!!"M!!! +!!!!"bi3!!!)-F(*PCJ!1YBi!!!"N!!!!!!!"cC!!!!!+!'edF'`!!!!%!!!!!!! +!!!!!!GH3!!!!!3"YG("c!!!!"!!!!!!!!!!!!!(BN!!!!!!3EA4`D3!!!!3!!!! +!!!!!!!!"f+!!!!!JEA4cE!!!!!3!!!!!!!!!!!!"f-!!!!#-EA4XE`!!!!3!!!! +!!!!!!!!"f8`!!!83F(*PCJ!1C"3!!!"P!!!!!!!"hP`!!!!)F(*PCJ!1MEF!!!" +Q!!!!!!!"hQ3!!!!DF(*PCJ!1SV`!!!"R!!!!!!!"hRi!!"$3F(*PCJ!1NlJ!!!" +S!!!!!!!"ldi!!!B8F(*PCJ!1G1B!!!"T!!!!!!!"p@)!!!NQF(*PCJ!1lFS!!!" +U!!!!!!!"rSJ!!!%(F(*PCJ!1ff%!!!"V!!!!!!!"rim!!!-JF(*PCJ!1r-N!!!" +X!!!!!!!#!Um!!!!8F(*PCJ!1r(F!!!"Y!!!!!!!#!X-!!!!+F(*PCJ!1%0B!!!" +Z!!!!!!!#!Xd!!!!-F(*PCJ!11!J!!!"[!!!!!!!#!YN!!!!1F(*PCJ!1Lh%!!!" +`!!!!!!!#!ZF!!!%'F(*PCJ!1,BX!!!"a!!!!!!!#!qd!!!!qF(*PCJ!1KTd!!!" +b!!!!!!!#"#X!!!!1F(*PCJ!1%am!!!"c!!!!!!!#"$N!!!(DF(*PCJ!1HE-!!!" +d!!!!!!!#"K-!!!"LF(*PCJ!1idJ!!!"e!!!!!!!#"R8!!!!8F(*PCJ!1AA!!!!" +f!!!!!!!#"SN!!!!+F(*PCJ!1j"8!!!"h!!!!!!!#"T-!!!!-F(*PCJ!1Qr-!!!" +i!!!!!!!#"Tm!!!$+F(*PCJ!1a+%!!!"j!!!!!!!#"fN!!!%BF(*PCJ!1CMm!!!" +k!!!!!!!##)%!!!#SF(*PCJ!1XB!!!!"l!!!!!!!##5N!!!!ZF(*PCJ!1mR8!!!" +m!!!!!!!##9F!!!)-F(*PCJ!1Z,`!!!"p!!!!!!!##f-!!!8!EA4`E!!!!!8!!!! +!!!!!!!!!@EJ!!!#!EA4`F`!!!!8!!!!!!!!!!!!!@MJ!!!!3EA4`D3!!!!8!!!! +!!!!!!!!#%2-!!!!JEA4cE!!!!!8!!!!!!!!!!!!#%4-!!!#!EA4XE`!!!!8!!!! +!!!!!!!!#%C-!!!83F(*PCJ!1a$B!!!"q!!!!!!!#&U-!!!!)F(*PCJ!1ppX!!!" +r!!!!!!!#&UX!!!!DF(*PCJ!1YK%!!!#!!!!!!!!#&X8!!"$3F(*PCJ!1UKi!!!# +"!!!!!!!#*j8!!!B8F(*PCJ!1!fJ!!!##!!!!!!!#,DN!!!L@F(*PCJ!1bY3!!!# +$!!!!!!!#0Mm!!!%(F(*PCJ!1D*S!!!#%!!!!!!!#0dB!!!-JF(*PCJ!1Q1)!!!# +&!!!!!!!#1QB!!!!8F(*PCJ!1DmN!!!#'!!!!!!!#1RS!!!!+F(*PCJ!1B[N!!!# +(!!!!!!!#1S3!!!!-F(*PCJ!1Y%%!!!#)!!!!!!!#1T!!!!!!$R"bC@B!$Z2!!!! +!L3!!!!!!!MUH!!!""R"bC@B!$K+Q!!!!LJ!!!!!!!MZN!!!!2R"bC@B!$Y45!!! +!L`!!!!!!!M[L!!!!$R"bC@B!$ThJ!!!!M!!!!!!!!M[`!!!"fR"bC@B!$L2p!!! +!M3!!!!!!!Mh+!!!!BR"bC@B!$UH%!!!!MJ!!!!!!!MiX!!!!&("bC@B!$U1Q!!! +!M`!!!!!!!Mj!!!!!#R"bC@B!$Rrm!!!!N!!!!!!!!!)q5J!!!!a`FQ9Q!!iEh`! +!!*%!!!!!!!)q9J!!!-T`FQ9Q!!j-XJ!!!*)!!!!!!!)r)!!!!4K`FQ9Q!!jGN3! +!!*-!!!!!!!*!1!!!!+K`FQ9Q!!i5!3!!!*3!!!!!!!*!i!!!!#j`FQ9Q!!lG5`! +!!*8!!!!!!!*"$J!!!Ja`FQ9Q!!jL+`!!!*B!!!!!!!*$'J!!#J"YG("X!!!!"J! +!!!!!!!!!!!*0'J!!!3"YG("c!!!!"J!!!!!!!!!!!!*1'J!!!""YG("T!!!!"J! +!!!!!!!!!!!*1+J!!!)aYG'a[!!!!"J!!!!!!!!!!!!*1YJ!!!#"YG(0X!!!!"J! +!!!!!!!!!!!*1eJ!!"4"`FQ9Q!!ke'`!!!*F!!!!!!!*6jJ!!!!K`FQ9Q!!iPYJ! +!!*J!!!!!!!*6lJ!!!"T`FQ9Q!!k$'`!!!*N!!!!!!!*8#!!!%0"`FQ9Q!!iDS3! +!!*S!!!!!!!*Nf!!!"K4`FQ9Q!!k8"3!!!*X!!!!!!!*Ul!!!#*C`FQ9Q!!iKFJ! +!!*`!!!!!!!*cJJ!!!3G`FQ9Q!!iTD3!!!*d!!!!!!!*dL3!!!b"`FQ9Q!!i1j`! +!!*i!!!!!!!*hU3!!!"4`FQ9Q!!jL[3!!!*m!!!!!!!*h[3!!!!T`FQ9Q!!jXAJ! +!!+!!!!!!!!*ha`!!!!a`FQ9Q!!jr'`!!!+%!!!!!!!*hd`!!!!j`FQ9Q!!k0TJ! +!!+)!!!!!!!*hi3!!!3C`FQ9Q!!i0!3!!!+-!!!!!!!*ij`!!!$j`FQ9Q!!j!f3! +!!+3!!!!!!!*j*3!!!!j`FQ9Q!!k[33!!!+8!!!!!!!*j-`!!!GT`FQ9Q!!iY93! +!!+B!!!!!!!*l$3!!!'*`FQ9Q!!i`KJ!!!+F!!!!!!!*lE`!!!"4`FQ9Q!!jK6!! +!!+J!!!!!!!*lJ`!!!!T`FQ9Q!!kKkJ!!!+N!!!!!!!*lM3!!!!a`FQ9Q!!k[X3! +!!+S!!!!!!!*lQ3!!!-T`FQ9Q!!iUj!!!!+X!!!!!!!*mB`!!!4K`FQ9Q!!iAM3! +!!+`!!!!!!!*pH`!!!+K`FQ9Q!!jMNJ!!!+d!!!!!!!*q)`!!!#j`FQ9Q!!lid!! +!!+i!!!!!!!*q83!!!Ja`FQ9Q!!iiI!!!!+m!!!!!!!+!A3!!2!"YG("X!!!!"`! +!!!!!!!!!!!+mA3!!"J"YG("c!!!!"`!!!!!!!!!!!!,#A3!!!""YG("T!!!!"`! +!!!!!!!!!!!,#E3!!"G4YG'a[!!!!"`!!!!!!!!!!!!,)33!!!#"YG(0X!!!!"`! +!!!!!!!!!!!,)B3!!"4"`FQ9Q!!i1N!!!!!#`!!!!!!!#cA%!!!!)F(*PCJ!1PMd +!!!#a!!!!!!!#cAN!!!!DF(*PCJ!1G*S!!!#b!!!!!!!#cC-!!"$3F(*PCJ!1m28 +!!!#c!!!!!!!#hQ-!!!B8F(*PCJ!18k%!!!#d!!!!!!!#j(F!!!NQF(*PCJ!1&dF +!!!#e!!!!!!!#lCd!!!%(F(*PCJ!1a"8!!!#f!!!!!!!#lU3!!!-JF(*PCJ!1h-` +!!!#h!!!!!!!#mF3!!!!8F(*PCJ!1Gj-!!!#i!!!!!!!#mGJ!!!!+F(*PCJ!1c58 +!!!#j!!!!!!!#mH)!!!!-F(*PCJ!1Nd!!!!#k!!!!!!!#mHi!!!!1F(*PCJ!1Kq% +!!!#l!!!!!!!#mI`!!!%'F(*PCJ!1ebJ!!!#m!!!!!!!#m`)!!!!qF(*PCJ!1C`N +!!!#p!!!!!!!#md!!!!!1F(*PCJ!1qpm!!!#q!!!!!!!#mdi!!!(DF(*PCJ!1EaJ +!!!#r!!!!!!!#p5J!!!"LF(*PCJ!1m4i!!!$!!!!!!!!#pBS!!!!8F(*PCJ!1#Td +!!!$"!!!!!!!#pCi!!!!+F(*PCJ!1d"!!!!$#!!!!!!!#pDJ!!!!-F(*PCJ!1Mb- +!!!$$!!!!!!!#pE3!!!$+F(*PCJ!1+43!!!$%!!!!!!!#pRi!!!%BF(*PCJ!1BQB +!!!$&!!!!!!!#pjB!!!#SF(*PCJ!1JbF!!!$'!!!!!!!#q$i!!!!ZF(*PCJ!1jBJ +!!!$(!!!!!!!#q'`!!!)-F(*PCJ!1EJ)!!!$)!!!!!!!#qRJ!!$`!EA4`E!!!!!J +!!!!!!!!!!!!$0RJ!!!B!EA4`F`!!!!J!!!!!!!!!!!!$2(J!!!!3EA4`D3!!!!J +!!!!!!!!!!!!$2)J!!!!JEA4cE!!!!!J!!!!!!!!!!!!$2+J!!!A8EA4XE`!!!!J +!!!!!!!!!!!!$D9S!!"$%EA4RE!!!!qJ!!!!!!!!!!!!$8d!!!!!XE@pdD3!!!!! +!!!!!!!!!!!!$8f`!!"1!8%acG!!19TJ!!!$*!!!!!!!"&P)!!!)XEA"cD3!!!qJ +!!!!!!!!!!!!$D1S!!!!3EA0dF!!!!!)!!!!!!!!!!!!$D2S!!!!3EA0dF!!!!!8 +!!!!!!!!!!!!!@NJ!!!!SEA0dD3!!!qJ!!!!!!!!!!!!$D6)!!!!SEA0dD3!!!!! +!!!!!!!!!!!!!@R!!!!!-E@&XE!!!!!!!!!!!!!!!!!!$6(`!!!$%E@&`E!!!!!! +!!!!!!!!!!-eY!!!: diff --git a/lib/libssl/src/MacOS/TODO b/lib/libssl/src/MacOS/TODO new file mode 100644 index 00000000000..903eb133de7 --- /dev/null +++ b/lib/libssl/src/MacOS/TODO @@ -0,0 +1,18 @@ +------------------------------------------------------------------- +Verify server certificate +------------------------------------------------------------------- +Currently omitted from the project: + + crypto/tmdiff.c + crypto/bio/bss_conn.c + crypto/bio/b_sock.c + crypto/bio/bss_acpt.c + crypto/bio/bss_log.h + +------------------------------------------------------------------- +Build libraries to link with... +------------------------------------------------------------------- +Port openssl application. +------------------------------------------------------------------- +BN optimizations (currently PPC version is compiled with BN_LLONG) +------------------------------------------------------------------- diff --git a/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h b/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h new file mode 100644 index 00000000000..fe6b5387d6d --- /dev/null +++ b/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h @@ -0,0 +1,9 @@ +#include <MacHeaders.h> +#define B_ENDIAN +#ifdef __POWERPC__ +#pragma longlong on +#endif +#if 1 +#define MAC_OS_GUSI_SOURCE +#endif +#define MONOLITH diff --git a/lib/libssl/src/MacOS/_MWERKS_prefix.h b/lib/libssl/src/MacOS/_MWERKS_prefix.h new file mode 100644 index 00000000000..2189da753bf --- /dev/null +++ b/lib/libssl/src/MacOS/_MWERKS_prefix.h @@ -0,0 +1,9 @@ +#include <MacHeaders.h> +#define B_ENDIAN +#ifdef __POWERPC__ +#pragma longlong on +#endif +#if 0 +#define MAC_OS_GUSI_SOURCE +#endif +#define MONOLITH diff --git a/lib/libssl/src/MacOS/buildinf.h b/lib/libssl/src/MacOS/buildinf.h new file mode 100644 index 00000000000..90875b6e2f4 --- /dev/null +++ b/lib/libssl/src/MacOS/buildinf.h @@ -0,0 +1,5 @@ +#ifndef MK1MF_BUILD +# define CFLAGS "-DB_ENDIAN" +# define PLATFORM "macos" +# define DATE "Sun Feb 27 19:44:16 MET 2000" +#endif diff --git a/lib/libssl/src/MacOS/mklinks.as.hqx b/lib/libssl/src/MacOS/mklinks.as.hqx new file mode 100644 index 00000000000..fe3e7d53daf --- /dev/null +++ b/lib/libssl/src/MacOS/mklinks.as.hqx @@ -0,0 +1,820 @@ +(This file must be converted with BinHex 4.0) + +:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J! +!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C +cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3) +%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!! +!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J) +#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS +#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!! +!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9 +Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a +X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8 +[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P +d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'& +dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!` +!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0 +f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL +KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m +SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q +JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m +J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P* +&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4 +!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ! +J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J +%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr +m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr +rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!( +!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!! +2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c +-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h +`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph +-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$ +!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!` +!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!! +-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$ +-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh +mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`! +!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B! +13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr +r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`! +2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h +`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2! +!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i +Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a +TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9 +KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b! +!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M% +`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!* +X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X +!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!! +%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'& +`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp +XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j +N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R- +!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi +!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X +!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!" +KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9 +XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!! +!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!! +!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC +TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!! +!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0 +dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0 +dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#! +!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J! +A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F +!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa +NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3! +U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!! +!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`! +`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X +!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R +rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r +Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3! +!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0 +d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3! +q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3 ++rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri +0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!& +Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'& +dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!! +#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ! +!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4 +SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%` +!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9 +NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!! +!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!! +!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K +P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`! +"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T +849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'& +dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J" +K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J" +Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3! +!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3 +0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp +XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3" +U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0 +dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J! +!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0 +cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8 +!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp +UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3 +0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa +'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8 +!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p +XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J +!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d +!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3 +!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA) +JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!" +mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X +!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0 +d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm +!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3! +#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j +ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl` +0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS +U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q +irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3# +(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!) +!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J# +Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J +!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq +Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`! +!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP" +KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq +U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!! +Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8 +#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!! +!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9 +bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R) +!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi +!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark- ++rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d +!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb" +dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j +MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY +[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ +0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K +[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'& +dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$ +i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj +Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![ +rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!! +#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``! +#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'& +dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!) +!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J! +#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*! +!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q +-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS +!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9 +bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T +dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$ +6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8 +!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E +rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS +U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!! +"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`& +2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa +eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l +rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ! +%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!! +!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4 +S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip +f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ! +"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA* +3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![ +rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2 +rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$ +`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2- ++rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA +rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 +NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$ +h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9 +LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$ +rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q` +!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m +!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR" +KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J! +!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33 +""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j +eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3 ++B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T +MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'& +dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb! +J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!& +Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p +C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J +'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!% +9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[ +r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3! +!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF(" +KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp +bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0 +X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3% +J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh" +PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J +'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`) +'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3! +#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA" +`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`! +!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d +",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa +NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!! +!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!) +#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J% +d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2 +r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m +!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0 +-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!) +Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J` +"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`! +"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8! +"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!* +2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4 +[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X +!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&" +KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS +!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!* +8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q, +r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9 +NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im +V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3 ++CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh +r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9 +YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J& +B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!* +l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d +"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3 +`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@) ++rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V +r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`! +%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm +G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp +XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N +!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA! +ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm +B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V) +#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ! +!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!! +3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d +"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ +0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a +X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q& +XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC +[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J +!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d +"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3! +!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC +[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!) +"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!* +b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!! +3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`' +0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K +dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh* +PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3' +4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!) +d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0 +cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3 +!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S +"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3 +!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'& +dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!( +qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D) +!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9 +b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![ +qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2 +qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3' +S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX ++rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch +ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 +NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ' +[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4 +ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ +,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!) +$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!* +L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4 +S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!! +0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!' +p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9 +XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T +KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0 +QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4 +S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#! +0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d +!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC +[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!) +"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!* +b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!! +3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!( +5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K +dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9 +X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ! +"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!! +!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa +TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2 +qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi ++rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!! +$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J +!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB +!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!& +[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP" +KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl +%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl +#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd +"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V +q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k +p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4 +P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3 +0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9 +fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ +,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!) +$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!* +L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4 +S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J! +!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J% +#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j +eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3 ++B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T +MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'& +dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb! +J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!& +Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T +MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`! +!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K% +!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3 +`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3 +j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4 +S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9 +MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d +#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3! +#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j +cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J) +H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk +D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J! +#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA" +`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`! +!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d +#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa +NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!! +!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4 +f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M% +!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`! +$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!& +[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0 +66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!! +%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX +-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!! +"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md +#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35 +X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4 +[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S +!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'& +dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J! +!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",% +%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj +q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4 +PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX ++rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T +QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN +#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA" +3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93! +#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6 +ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX +!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K +dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR- +!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3! +%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP +ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3 +`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9 +b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3 +!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!) +!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$! +!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI +qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8 +@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP +`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!& +[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!! +$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ) +!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B +#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3* +l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh" +PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!* +Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8 +q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+ +"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!) +#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9 +'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP +`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS +!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K +dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9 +X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ! +"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!) +d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0 +cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T% +!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS +#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+ +9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9 +YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij +(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+ +J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC +[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!! +!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@ +*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3 +!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2 +q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m +!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0 +-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@ +H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ` +#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`! +!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d +#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'` +"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a +TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp +X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!! +BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+ +i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!! +&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp +X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+ +a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R) +!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!"" +MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB +-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J +!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0 +bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3, ++!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!) +d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0 +cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd +!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi +#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y% +!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e +`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX +!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y` +0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp +XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!! +!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!) +')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J, +J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2 +q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m +!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0 +-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B +h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ` +#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!& +[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!, +Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ +#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p +QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`! +&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'& +dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J! +!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd +'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri +#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4 +PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm ++rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T +QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h +p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e +`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3 +!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3 +'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3- ++!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!! +)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV +pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h +e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3 ++D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI% +!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa +NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3! +#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ +!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!! +8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[ +pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D +l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0 +bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`! +"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b- +!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih +Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@% +'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d +$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p +`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`! +#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF +'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3- +`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!) +$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E +b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP +`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN +!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA" +3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS +U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!! +(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F +3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa +eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d, +pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ! +%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[ +pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9 +YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0 +*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F +T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d +$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ +!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB +$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0 +9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h +$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF% +,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9 +'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d +$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP +`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e( +p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q` +!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f- +!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR" +KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!) +!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0 +S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!" +ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!! +%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3 ++BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR" +KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm +J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30 +c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3! +%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f +[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d +$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN +!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H +D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA" +`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0 +[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp +ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d +$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p +`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4 +S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m! +(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!! +0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K +dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS +$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!! +$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j- ++rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr +pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 +NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1 +A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y +cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`! +!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1 +F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3 +$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p +QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J! +%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4 +S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!! +!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J +-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB +$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9 +QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V +pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC +TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31 +a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&" +KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!) +$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2 +pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3! +"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$! +!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V +pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e +j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3 ++D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8 +!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa +NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!! +#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4 +L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![ +pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK +R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q) +!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J +!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!! +0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2 +6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9 +XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T +KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0 +QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4 +S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#! +0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!& +Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3 ++BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@- +!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J! +!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+) +)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e +D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4 +PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F ++r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T +QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L +c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!! +)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J! +!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m +!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'& +dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9! +,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre +2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d +$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2 +p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M +Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa +eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!! +%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J! +)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M +Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8 +!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8! +%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3 +,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d +p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X +,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9 +'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d +%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0 +X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[ +p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33 +@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9 +XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T +KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0 +QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4 +S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#! +0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d +!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0 +QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9 +b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0 +bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33 +Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!) +d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0 +cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N +!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5! +%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3! +#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C +[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B% +*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`! +$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N +%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!! +*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P +ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ +P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d +!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!! +*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!) +%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!! +!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd +1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B ++r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp +XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S +!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a +P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%` ++r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0 +cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!( +p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS +U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!! +*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R +Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa +eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I +mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ! +%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R +X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa +NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS +##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3! +B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3 ++DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j +cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$! +!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA* +3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!! +!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B +ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc +U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'! +!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!# +3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV +mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c +N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4 +PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3 ++G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d +%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S ++r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J +!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0` +"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i +!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!# +3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV +meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c +8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4 +PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3 ++G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d +%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c +2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!! +4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-` +%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!! +%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*- ++r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6 +ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 +NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5 +A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G +PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U +Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E +ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3! +"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d +!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X +!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!! +!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N +0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J +!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S +!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35 +Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb +Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!! +U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA- +!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4 +3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C +[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9 +NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh* +jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9 +bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p +`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4 +SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib +K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4 +[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!! +#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c +mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb +!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3% +q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43* +5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30 +R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35 +Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'& +QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV +mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3 ++BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4 +S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`! +Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K +[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'& +dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!! +H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C +[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0 +cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS +U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ! +%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M! +!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a +k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3 +`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a +a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9 +4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA +Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[ +Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K +B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp +K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp +K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp +K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3! +`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`! +Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3! +T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3! +CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3! +SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j +2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@% +!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!` +!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q% +!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m +!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f% +!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q% +!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'% +!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!! +Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9 +K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#` +-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T +K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P +I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp +K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T +K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#" +K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@! +!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`! +9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3! +X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp +I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp +K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp +K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T +K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m +!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'% +!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT +K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B +P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0 +2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N +[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i +[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q% +!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m +!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f% +!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q% +!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"- +[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#% +UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m +!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3! +T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P +I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f% +!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S +[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!` +!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q% +!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K +K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q% +!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0 +K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0 +[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!! +1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`! +%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0 +VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf` +Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp +XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",% +!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf` +Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9 +cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa +eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9 +b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3 +!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90 +139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#" +'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6 +%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6 +,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p +`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8 +!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e +KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139! +Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'& +cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!# +#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$ +LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!% +UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!! +!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!! +!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!! +!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH% +i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!! +!*4S: diff --git a/lib/libssl/src/MacOS/opensslconf.h b/lib/libssl/src/MacOS/opensslconf.h new file mode 100644 index 00000000000..ad557cc06aa --- /dev/null +++ b/lib/libssl/src/MacOS/opensslconf.h @@ -0,0 +1,116 @@ +/* MacOS/opensslconf.h */ + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/usr/local/ssl" +#endif +#endif + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned char +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if defined(HEADER_DES_H) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned long +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#if __option(longlong) +# define BN_LLONG +#else +# undef BN_LLONG +#endif + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#define BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#define DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +#endif /* HEADER_DES_LOCL_H */ + +#ifndef __POWERPC__ +#define MD32_XARRAY +#endif diff --git a/lib/libssl/src/VMS/test-includes.com b/lib/libssl/src/VMS/test-includes.com new file mode 100644 index 00000000000..c1d7ccd0ee8 --- /dev/null +++ b/lib/libssl/src/VMS/test-includes.com @@ -0,0 +1,28 @@ +$! Quick script to check how well including individual header files works +$! on VMS, even when the VMS macro isn't defined. +$ +$ sav_def = f$env("DEFAULT") +$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0" +$ set default 'here' +$ set default [-.include.openssl] +$ define openssl 'f$env("DEFAULT")' +$ set default [--] +$ +$ loop: +$ f = f$search("openssl:*.h") +$ if f .eqs. "" then goto loop_end +$ write sys$output "Checking ",f +$ open/write foo foo.c +$ write foo "#undef VMS" +$ write foo "#include <stdio.h>" +$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>" +$ write foo "main()" +$ write foo "{printf(""foo\n"");}" +$ close foo +$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c +$ delete foo.c; +$ goto loop +$ loop_end: +$ set default 'save_def' +$ exit + diff --git a/lib/libssl/src/apps/CA.pl.in b/lib/libssl/src/apps/CA.pl.in new file mode 100644 index 00000000000..4eef57e6e39 --- /dev/null +++ b/lib/libssl/src/apps/CA.pl.in @@ -0,0 +1,162 @@ +#!/usr/local/bin/perl +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# 27-Apr-98 snh Translation into perl, fix existing CA bug. +# +# +# Steve Henson +# shenson@bigfoot.com + +# default openssl.cnf file has setup as per the following +# demoCA ... where everything is stored + +$DAYS="-days 365"; +$REQ="openssl req $SSLEAY_CONFIG"; +$CA="openssl ca $SSLEAY_CONFIG"; +$VERIFY="openssl verify"; +$X509="openssl x509"; +$PKCS12="openssl pkcs12"; + +$CATOP="./demoCA"; +$CAKEY="cakey.pem"; +$CACERT="cacert.pem"; + +$DIRMODE = 0777; + +$RET = 0; + +foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate + system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Certificate (and private key) is in newreq.pem\n" + } elsif (/^-newreq$/) { + # create a certificate request + system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request (and private key) is in newreq.pem\n"; + } elsif (/^-newca$/) { + # if explicitly asked for or it doesn't exist then setup the + # directory structure that Eric likes to manage things + $NEW="1"; + if ( "$NEW" || ! -f "${CATOP}/serial" ) { + # create the directory hierarchy + mkdir $CATOP, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/serial"; + print OUT "01\n"; + close OUT; + open OUT, ">${CATOP}/index.txt"; + close OUT; + } + if ( ! -f "${CATOP}/private/$CAKEY" ) { + print "CA certificate filename (or enter to create)\n"; + $FILE = <STDIN>; + + chop $FILE; + + # ask user for existing CA certificate + if ($FILE) { + cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + $RET=$?; + } else { + print "Making CA certificate ...\n"; + system ("$REQ -new -x509 -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + $RET=$?; + } + } + } elsif (/^-pkcs12$/) { + my $cname = $ARGV[1]; + $cname = "My Certificate" unless defined $cname; + system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + "-certfile ${CATOP}/$CACERT -out newcert.p12 " . + "-export -name \"$cname\""); + $RET=$?; + exit $RET; + } elsif (/^-xsign$/) { + system ("$CA -policy policy_anything -infiles newreq.pem"); + $RET=$?; + } elsif (/^(-sign|-signreq)$/) { + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles newreq.pem"); + $RET=$?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-signcert$/) { + system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . + "-out tmp.pem"); + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles tmp.pem"); + $RET = $?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-verify$/) { + if (shift) { + foreach $j (@ARGV) { + system ("$VERIFY -CAfile $CATOP/$CACERT $j"); + $RET=$? if ($? != 0); + } + exit $RET; + } else { + system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); + $RET=$?; + exit 0; + } + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } +} + +exit $RET; + +sub cp_pem { +my ($infile, $outfile, $bound) = @_; +open IN, $infile; +open OUT, ">$outfile"; +my $flag = 0; +while (<IN>) { + $flag = 1 if (/^-----BEGIN.*$bound/) ; + print OUT $_ if ($flag); + if (/^-----END.*$bound/) { + close IN; + close OUT; + return; + } +} +} + diff --git a/lib/libssl/src/apps/app_rand.c b/lib/libssl/src/apps/app_rand.c new file mode 100644 index 00000000000..f7f133831d2 --- /dev/null +++ b/lib/libssl/src/apps/app_rand.c @@ -0,0 +1,211 @@ +/* apps/app_rand.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/rand.h> + + +static int seeded = 0; +static int egdsocket = 0; + +int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) + { + int consider_randfile = (file == NULL); + char buffer[200]; + +#ifdef WINDOWS + BIO_printf(bio_e,"Loading 'screen' into random state -"); + BIO_flush(bio_e); + RAND_screen(); + BIO_printf(bio_e," done\n"); +#endif + + if (file == NULL) + file = RAND_file_name(buffer, sizeof buffer); + else if (RAND_egd(file) > 0) + { + /* we try if the given filename is an EGD socket. + if it is, we don't write anything back to the file. */ + egdsocket = 1; + return 1; + } + if (file == NULL || !RAND_load_file(file, -1)) + { + if (RAND_status() == 0 && !dont_warn) + { + BIO_printf(bio_e,"unable to load 'random state'\n"); + BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); + BIO_printf(bio_e,"with much random data.\n"); + if (consider_randfile) /* explanation does not apply when a file is explicitly named */ + { + BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); + BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); + } + } + return 0; + } + seeded = 1; + return 1; + } + +long app_RAND_load_files(char *name) + { + char *p,*n; + int last; + long tot=0; + int egd; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + egd=RAND_egd(n); + if (egd > 0) tot+=egd; + tot+=RAND_load_file(n,1024L*1024L); + if (last) break; + } + if (tot > 512) + app_RAND_allow_write_file(); + return(tot); + } + +int app_RAND_write_file(const char *file, BIO *bio_e) + { + char buffer[200]; + + if (egdsocket || !seeded) + /* If we did not manage to read the seed file, + * we should not write a low-entropy seed file back -- + * it would suppress a crucial warning the next time + * we want to use it. */ + return 0; + + if (file == NULL) + file = RAND_file_name(buffer, sizeof buffer); + if (file == NULL || !RAND_write_file(file)) + { + BIO_printf(bio_e,"unable to write 'random state'\n"); + return 0; + } + return 1; + } + +void app_RAND_allow_write_file(void) + { + seeded = 1; + } diff --git a/lib/libssl/src/apps/dhparam.c b/lib/libssl/src/apps/dhparam.c new file mode 100644 index 00000000000..293a400d0c5 --- /dev/null +++ b/lib/libssl/src/apps/dhparam.c @@ -0,0 +1,368 @@ +/* apps/dhparam.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DH +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/dh.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG dhparam_main + +#define DEFBITS 512 + +/* -inform arg - input format - default PEM (DER or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -check - check the parameters are ok + * -noout + * -text + * -C + */ + +static void MS_CALLBACK dh_cb(int p, int n, void *arg); + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + DH *dh=NULL; + int i,badops=0,text=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,check=0,noout=0,C=0,ret=1; + char *infile,*outfile,*prog; + char *inrand=NULL; + int num = 0, g = 0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-check") == 0) + check=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-C") == 0) + C=1; + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-2") == 0) + g=2; + else if (strcmp(*argv,"-5") == 0) + g=5; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0))) + goto bad; + argv++; + argc--; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] [numbits]\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -check check the DH parameters\n"); + BIO_printf(bio_err," -text print a text form of the DH parameters\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); + BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); + BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + BIO_printf(bio_err," -noout no output\n"); + goto end; + } + + ERR_load_crypto_strings(); + + if(g && !num) num = DEFBITS; + else if(num && !g) g = 2; + + if(num) { + + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + + BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g); + BIO_printf(bio_err,"This is going to take a long time\n"); + dh=DH_generate_parameters(num,g,dh_cb,bio_err); + + if (dh == NULL) goto end; + + app_RAND_write_file(NULL, bio_err); + } else { + + in=BIO_new(BIO_s_file()); + if (in == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + dh=d2i_DHparams_bio(in,NULL); + else if (informat == FORMAT_PEM) + dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified\n"); + goto end; + } + if (dh == NULL) + { + BIO_printf(bio_err,"unable to load DH parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + } + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + + + if (text) + { + DHparams_print(out,dh); + } + + if (check) + { + if (!DH_check(dh,&i)) + { + ERR_print_errors(bio_err); + goto end; + } + if (i & DH_CHECK_P_NOT_PRIME) + printf("p value is not prime\n"); + if (i & DH_CHECK_P_NOT_STRONG_PRIME) + printf("p value is not a strong prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + printf("unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + printf("the g value is not a generator\n"); + if (i == 0) + printf("DH parameters appear to be ok.\n"); + } + if (C) + { + unsigned char *data; + int len,l,bits; + + len=BN_num_bytes(dh->p); + bits=BN_num_bits(dh->p); + data=(unsigned char *)Malloc(len); + if (data == NULL) + { + perror("Malloc"); + goto end; + } + l=BN_bn2bin(dh->p,data); + printf("static unsigned char dh%d_p[]={",bits); + for (i=0; i<l; i++) + { + if ((i%12) == 0) printf("\n\t"); + printf("0x%02X,",data[i]); + } + printf("\n\t};\n"); + + l=BN_bn2bin(dh->g,data); + printf("static unsigned char dh%d_g[]={",bits); + for (i=0; i<l; i++) + { + if ((i%12) == 0) printf("\n\t"); + printf("0x%02X,",data[i]); + } + printf("\n\t};\n\n"); + + printf("DH *get_dh%d()\n\t{\n",bits); + printf("\tDH *dh;\n\n"); + printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); + printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", + bits,bits); + printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", + bits,bits); + printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); + printf("\t\treturn(NULL);\n"); + printf("\treturn(dh);\n\t}\n"); + Free(data); + } + + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i=i2d_DHparams_bio(out,dh); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DHparams(out,dh); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write DH parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dh != NULL) DH_free(dh); + EXIT(ret); + } + +static void MS_CALLBACK dh_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } + +#endif diff --git a/lib/libssl/src/apps/passwd.c b/lib/libssl/src/apps/passwd.c new file mode 100644 index 00000000000..c7e21d2081a --- /dev/null +++ b/lib/libssl/src/apps/passwd.c @@ -0,0 +1,475 @@ +/* apps/passwd.c */ + +#if defined NO_MD5 || defined CHARSET_EBCDIC +# define NO_APR1 +#endif + +#if !defined(NO_DES) || !defined(NO_APR1) + +#include <assert.h> +#include <string.h> + +#include "apps.h" + +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/rand.h> + +#ifndef NO_DES +# include <openssl/des.h> +#endif +#ifndef NO_APR1 +# include <openssl/md5.h> +#endif + + +#undef PROG +#define PROG passwd_main + + +static unsigned const char cov_2char[64]={ + /* from crypto/des/fcrypt.c */ + 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, + 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, + 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, + 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, + 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, + 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, + 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, + 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A +}; + +static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, + char *passwd, BIO *out, int quiet, int table, int reverse, + size_t pw_maxlen, int usecrypt, int useapr1); + +/* -crypt - standard Unix password algorithm (default, only choice) + * -apr1 - MD5-based password algorithm + * -salt string - salt + * -in file - read passwords from file + * -stdin - read passwords from stdin + * -quiet - no warnings + * -table - format output as table + * -reverse - switch table columns + */ + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + int ret = 1; + char *infile = NULL; + int in_stdin = 0; + char *salt = NULL, *passwd = NULL, **passwds = NULL; + char *salt_malloc = NULL, *passwd_malloc = NULL; + int pw_source_defined = 0; + BIO *in = NULL, *out = NULL; + int i, badopt, opt_done; + int passed_salt = 0, quiet = 0, table = 0, reverse = 0; + int usecrypt = 0, useapr1 = 0; + size_t pw_maxlen = 0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + out = BIO_new(BIO_s_file()); + if (out == NULL) + goto err; + BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); + + badopt = 0, opt_done = 0; + i = 0; + while (!badopt && !opt_done && argv[++i] != NULL) + { + if (strcmp(argv[i], "-crypt") == 0) + usecrypt = 1; + else if (strcmp(argv[i], "-apr1") == 0) + useapr1 = 1; + else if (strcmp(argv[i], "-salt") == 0) + { + if ((argv[i+1] != NULL) && (salt == NULL)) + { + passed_salt = 1; + salt = argv[++i]; + } + else + badopt = 1; + } + else if (strcmp(argv[i], "-in") == 0) + { + if ((argv[i+1] != NULL) && !pw_source_defined) + { + pw_source_defined = 1; + infile = argv[++i]; + } + else + badopt = 1; + } + else if (strcmp(argv[i], "-stdin") == 0) + { + if (!pw_source_defined) + { + pw_source_defined = 1; + in_stdin = 1; + } + else + badopt = 1; + } + else if (strcmp(argv[i], "-quiet") == 0) + quiet = 1; + else if (strcmp(argv[i], "-table") == 0) + table = 1; + else if (strcmp(argv[i], "-reverse") == 0) + reverse = 1; + else if (argv[i][0] == '-') + badopt = 1; + else if (!pw_source_defined) + /* non-option arguments, use as passwords */ + { + pw_source_defined = 1; + passwds = &argv[i]; + opt_done = 1; + } + else + badopt = 1; + } + + if (!usecrypt && !useapr1) /* use default */ + usecrypt = 1; + if (usecrypt + useapr1 > 1) /* conflict */ + badopt = 1; + + /* reject unsupported algorithms */ +#ifdef NO_DES + if (usecrypt) badopt = 1; +#endif +#ifdef NO_APR1 + if (useapr1) badopt = 1; +#endif + + if (badopt) + { + BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); + BIO_printf(bio_err, "where options are\n"); +#ifndef NO_DES + BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); +#endif +#ifndef NO_APR1 + BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n"); +#endif + BIO_printf(bio_err, "-salt string use provided salt\n"); + BIO_printf(bio_err, "-in file read passwords from file\n"); + BIO_printf(bio_err, "-stdin read passwords from stdin\n"); + BIO_printf(bio_err, "-quiet no warnings\n"); + BIO_printf(bio_err, "-table format output as table\n"); + BIO_printf(bio_err, "-reverse switch table columns\n"); + + goto err; + } + + if ((infile != NULL) || in_stdin) + { + in = BIO_new(BIO_s_file()); + if (in == NULL) + goto err; + if (infile != NULL) + { + assert(in_stdin == 0); + if (BIO_read_filename(in, infile) <= 0) + goto err; + } + else + { + assert(in_stdin); + BIO_set_fp(in, stdin, BIO_NOCLOSE); + } + } + + if (usecrypt) + pw_maxlen = 8; + else if (useapr1) + pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */ + + if (passwds == NULL) + { + /* no passwords on the command line */ + passwd = passwd_malloc = Malloc(pw_maxlen + 1); + if (passwd_malloc == NULL) + goto err; + } + + if ((in == NULL) && (passwds == NULL)) + { + /* build a null-terminated list */ + static char *passwds_static[2] = {NULL, NULL}; + + passwds = passwds_static; + if (in == NULL) + if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0) + goto err; + passwds[0] = passwd_malloc; + } + + if (in == NULL) + { + assert(passwds != NULL); + assert(*passwds != NULL); + + do /* loop over list of passwords */ + { + passwd = *passwds++; + if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, + quiet, table, reverse, pw_maxlen, usecrypt, useapr1)) + goto err; + } + while (*passwds != NULL); + } + else + /* in != NULL */ + { + int done; + + assert (passwd != NULL); + do + { + int r = BIO_gets(in, passwd, pw_maxlen + 1); + if (r > 0) + { + char *c = (strchr(passwd, '\n')) ; + if (c != NULL) + *c = 0; /* truncate at newline */ + else + { + /* ignore rest of line */ + char trash[BUFSIZ]; + do + r = BIO_gets(in, trash, sizeof trash); + while ((r > 0) && (!strchr(trash, '\n'))); + } + + if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, + quiet, table, reverse, pw_maxlen, usecrypt, useapr1)) + goto err; + } + done = (r <= 0); + } + while (!done); + } + +err: + ERR_print_errors(bio_err); + if (salt_malloc) + Free(salt_malloc); + if (passwd_malloc) + Free(passwd_malloc); + if (in) + BIO_free(in); + if (out) + BIO_free(out); + EXIT(ret); + } + + +#ifndef NO_APR1 +/* MD5-based password algorithm compatible to the one found in Apache + * (should probably be available as a library function; + * then the static buffer would not be acceptable) */ +static char *apr1_crypt(const char *passwd, const char *salt) + { + static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ + unsigned char buf[MD5_DIGEST_LENGTH]; + char *salt_out; + int n, i; + MD5_CTX md; + size_t passwd_len, salt_len; + + passwd_len = strlen(passwd); + strcpy(out_buf, "$apr1$"); + strncat(out_buf, salt, 8); + assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ + salt_out = out_buf + 6; + salt_len = strlen(salt_out); + assert(salt_len <= 8); + + MD5_Init(&md); + MD5_Update(&md, passwd, passwd_len); + MD5_Update(&md, "$apr1$", 6); + MD5_Update(&md, salt_out, salt_len); + + { + MD5_CTX md2; + + MD5_Init(&md2); + MD5_Update(&md2, passwd, passwd_len); + MD5_Update(&md2, salt_out, salt_len); + MD5_Update(&md2, passwd, passwd_len); + MD5_Final(buf, &md2); + } + for (i = passwd_len; i > sizeof buf; i -= sizeof buf) + MD5_Update(&md, buf, sizeof buf); + MD5_Update(&md, buf, i); + + n = passwd_len; + while (n) + { + MD5_Update(&md, (n & 1) ? "\0" : passwd, 1); + n >>= 1; + } + MD5_Final(buf, &md); + + for (i = 0; i < 1000; i++) + { + MD5_CTX md2; + + MD5_Init(&md2); + MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf, + (i & 1) ? passwd_len : sizeof buf); + if (i % 3) + MD5_Update(&md2, salt_out, salt_len); + if (i % 7) + MD5_Update(&md2, passwd, passwd_len); + MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd, + (i & 1) ? sizeof buf : passwd_len); + MD5_Final(buf, &md2); + } + + { + /* transform buf into output string */ + + unsigned char buf_perm[sizeof buf]; + int dest, source; + char *output; + + /* silly output permutation */ + for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17) + buf_perm[dest] = buf[source]; + buf_perm[14] = buf[5]; + buf_perm[15] = buf[11]; +#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */ + assert(16 == sizeof buf_perm); +#endif + + output = salt_out + salt_len; + assert(output == out_buf + strlen(out_buf)); + + *output++ = '$'; + + for (i = 0; i < 15; i += 3) + { + *output++ = cov_2char[buf_perm[i+2] & 0x3f]; + *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) | + (buf_perm[i+2] >> 6)]; + *output++ = cov_2char[((buf_perm[i] & 3) << 4) | + (buf_perm[i+1] >> 4)]; + *output++ = cov_2char[buf_perm[i] >> 2]; + } + assert(i == 15); + *output++ = cov_2char[buf_perm[i] & 0x3f]; + *output++ = cov_2char[buf_perm[i] >> 6]; + *output = 0; + assert(strlen(out_buf) < sizeof(out_buf)); + } + + return out_buf; + } +#endif + + +static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, + char *passwd, BIO *out, int quiet, int table, int reverse, + size_t pw_maxlen, int usecrypt, int useapr1) + { + char *hash = NULL; + + assert(salt_p != NULL); + assert(salt_malloc_p != NULL); + + /* first make sure we have a salt */ + if (!passed_salt) + { +#ifndef NO_DES + if (usecrypt) + { + if (*salt_malloc_p == NULL) + { + *salt_p = *salt_malloc_p = Malloc(3); + if (*salt_malloc_p == NULL) + goto err; + } + if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0) + goto err; + (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ + (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ + (*salt_p)[2] = 0; +#ifdef CHARSET_EBCDIC + ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert + * back to ASCII */ +#endif + } +#endif /* !NO_DES */ + +#ifndef NO_APR1 + if (useapr1) + { + int i; + + if (*salt_malloc_p == NULL) + { + *salt_p = *salt_malloc_p = Malloc(9); + if (*salt_malloc_p == NULL) + goto err; + } + if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0) + goto err; + + for (i = 0; i < 8; i++) + (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ + (*salt_p)[8] = 0; + } +#endif /* !NO_APR1 */ + } + + assert(*salt_p != NULL); + + /* truncate password if necessary */ + if ((strlen(passwd) > pw_maxlen)) + { + if (!quiet) + BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen); + passwd[pw_maxlen] = 0; + } + assert(strlen(passwd) <= pw_maxlen); + + /* now compute password hash */ +#ifndef NO_DES + if (usecrypt) + hash = des_crypt(passwd, *salt_p); +#endif +#ifndef NO_APR1 + if (useapr1) + hash = apr1_crypt(passwd, *salt_p); +#endif + assert(hash != NULL); + + if (table && !reverse) + BIO_printf(out, "%s\t%s\n", passwd, hash); + else if (table && reverse) + BIO_printf(out, "%s\t%s\n", hash, passwd); + else + BIO_printf(out, "%s\n", hash); + return 1; + +err: + return 0; + } +#else + +int MAIN(int argc, char **argv) + { + fputs("Program not available.\n", stderr) + EXIT(1); + } +#endif diff --git a/lib/libssl/src/apps/smime.c b/lib/libssl/src/apps/smime.c new file mode 100644 index 00000000000..77633cfb600 --- /dev/null +++ b/lib/libssl/src/apps/smime.c @@ -0,0 +1,646 @@ +/* smime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* S/MIME utility function */ + +#include <stdio.h> +#include <string.h> +#include "apps.h" +#include <openssl/crypto.h> +#include <openssl/pem.h> +#include <openssl/err.h> + +#undef PROG +#define PROG smime_main +static X509 *load_cert(char *file); +static EVP_PKEY *load_key(char *file, char *pass); +static STACK_OF(X509) *load_certs(char *file); +static X509_STORE *setup_verify(char *CAfile, char *CApath); +static int save_certs(char *signerfile, STACK_OF(X509) *signers); + +#define SMIME_OP 0x10 +#define SMIME_ENCRYPT (1 | SMIME_OP) +#define SMIME_DECRYPT 2 +#define SMIME_SIGN (3 | SMIME_OP) +#define SMIME_VERIFY 4 +#define SMIME_PK7OUT 5 + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) +{ + int operation = 0; + int ret = 0; + char **args; + char *inmode = "r", *outmode = "w"; + char *infile = NULL, *outfile = NULL; + char *signerfile = NULL, *recipfile = NULL; + char *certfile = NULL, *keyfile = NULL; + EVP_CIPHER *cipher = NULL; + PKCS7 *p7 = NULL; + X509_STORE *store = NULL; + X509 *cert = NULL, *recip = NULL, *signer = NULL; + EVP_PKEY *key = NULL; + STACK_OF(X509) *encerts = NULL, *other = NULL; + BIO *in = NULL, *out = NULL, *indata = NULL; + int badarg = 0; + int flags = PKCS7_DETACHED; + char *to = NULL, *from = NULL, *subject = NULL; + char *CAfile = NULL, *CApath = NULL; + char *passargin = NULL, *passin = NULL; + char *inrand = NULL; + int need_rand = 0; + args = argv + 1; + + ret = 1; + + while (!badarg && *args && *args[0] == '-') { + if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; + else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT; + else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; + else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; + else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; +#ifndef NO_DES + else if (!strcmp (*args, "-des3")) + cipher = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-des")) + cipher = EVP_des_cbc(); +#endif +#ifndef NO_RC2 + else if (!strcmp (*args, "-rc2-40")) + cipher = EVP_rc2_40_cbc(); + else if (!strcmp (*args, "-rc2-128")) + cipher = EVP_rc2_cbc(); + else if (!strcmp (*args, "-rc2-64")) + cipher = EVP_rc2_64_cbc(); +#endif + else if (!strcmp (*args, "-text")) + flags |= PKCS7_TEXT; + else if (!strcmp (*args, "-nointern")) + flags |= PKCS7_NOINTERN; + else if (!strcmp (*args, "-noverify")) + flags |= PKCS7_NOVERIFY; + else if (!strcmp (*args, "-nochain")) + flags |= PKCS7_NOCHAIN; + else if (!strcmp (*args, "-nocerts")) + flags |= PKCS7_NOCERTS; + else if (!strcmp (*args, "-noattr")) + flags |= PKCS7_NOATTR; + else if (!strcmp (*args, "-nodetach")) + flags &= ~PKCS7_DETACHED; + else if (!strcmp (*args, "-binary")) + flags |= PKCS7_BINARY; + else if (!strcmp (*args, "-nosigs")) + flags |= PKCS7_NOSIGS; + else if (!strcmp(*args,"-rand")) { + if (args[1]) { + args++; + inrand = *args; + } else badarg = 1; + need_rand = 1; + } else if (!strcmp(*args,"-passin")) { + if (args[1]) { + args++; + passargin = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-to")) { + if (args[1]) { + args++; + to = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-from")) { + if (args[1]) { + args++; + from = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-subject")) { + if (args[1]) { + args++; + subject = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-signer")) { + if (args[1]) { + args++; + signerfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-recip")) { + if (args[1]) { + args++; + recipfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-inkey")) { + if (args[1]) { + args++; + keyfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-certfile")) { + if (args[1]) { + args++; + certfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-CAfile")) { + if (args[1]) { + args++; + CAfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-CApath")) { + if (args[1]) { + args++; + CApath = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else badarg = 1; + args++; + } + + if(operation == SMIME_SIGN) { + if(!signerfile) { + BIO_printf(bio_err, "No signer certificate specified\n"); + badarg = 1; + } + need_rand = 1; + } else if(operation == SMIME_DECRYPT) { + if(!recipfile) { + BIO_printf(bio_err, "No recipient certificate and key specified\n"); + badarg = 1; + } + } else if(operation == SMIME_ENCRYPT) { + if(!*args) { + BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); + badarg = 1; + } + need_rand = 1; + } else if(!operation) badarg = 1; + + if (badarg) { + BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-encrypt encrypt message\n"); + BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); + BIO_printf (bio_err, "-sign sign message\n"); + BIO_printf (bio_err, "-verify verify signed message\n"); + BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n"); +#ifndef NO_DES + BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); + BIO_printf (bio_err, "-des encrypt with DES\n"); +#endif +#ifndef NO_RC2 + BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); + BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); + BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); +#endif + BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); + BIO_printf (bio_err, "-nosigs don't verify message signature\n"); + BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); + BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); + BIO_printf (bio_err, "-nodetach use opaque signing\n"); + BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); + BIO_printf (bio_err, "-binary don't translate message to text\n"); + BIO_printf (bio_err, "-certfile file other certificates file\n"); + BIO_printf (bio_err, "-signer file signer certificate file\n"); + BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-to addr to address\n"); + BIO_printf (bio_err, "-from ad from address\n"); + BIO_printf (bio_err, "-subject s subject\n"); + BIO_printf (bio_err, "-text include or delete text MIME headers\n"); + BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); + BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, "-rand file:file:...\n"); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); + BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); + goto end; + } + + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + if (need_rand) { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + + ret = 2; + + if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED; + + if(flags & PKCS7_BINARY) { + if(operation & SMIME_OP) inmode = "rb"; + else outmode = "rb"; + } + + if(operation == SMIME_ENCRYPT) { + if (!cipher) { +#ifndef NO_RC2 + cipher = EVP_rc2_40_cbc(); +#else + BIO_printf(bio_err, "No cipher selected\n"); + goto end; +#endif + } +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("load encryption certificates"); +#endif + encerts = sk_X509_new_null(); + while (*args) { + if(!(cert = load_cert(*args))) { + BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); + goto end; + } + sk_X509_push(encerts, cert); + cert = NULL; + args++; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } + + if(signerfile && (operation == SMIME_SIGN)) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("load signer certificate"); +#endif + if(!(signer = load_cert(signerfile))) { + BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } + + if(certfile) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("load other certfiles"); +#endif + if(!(other = load_certs(certfile))) { + BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); + ERR_print_errors(bio_err); + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } + + if(recipfile && (operation == SMIME_DECRYPT)) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("load recipient certificate"); +#endif + if(!(recip = load_cert(recipfile))) { + BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); + ERR_print_errors(bio_err); + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } + + if(operation == SMIME_DECRYPT) { + if(!keyfile) keyfile = recipfile; + } else if(operation == SMIME_SIGN) { + if(!keyfile) keyfile = signerfile; + } else keyfile = NULL; + + if(keyfile) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("load keyfile"); +#endif + if(!(key = load_key(keyfile, passin))) { + BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); + ERR_print_errors(bio_err); + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } + +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("open input files"); +#endif + if (infile) { + if (!(in = BIO_new_file(infile, inmode))) { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + goto end; + } + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("open output files"); +#endif + if (outfile) { + if (!(out = BIO_new_file(outfile, outmode))) { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + goto end; + } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + + if(operation == SMIME_VERIFY) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("setup_verify"); +#endif + if(!(store = setup_verify(CAfile, CApath))) goto end; +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } + + ret = 3; + + if(operation == SMIME_ENCRYPT) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("PKCS7_encrypt"); +#endif + p7 = PKCS7_encrypt(encerts, in, cipher, flags); +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } else if(operation == SMIME_SIGN) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("PKCS7_sign"); +#endif + p7 = PKCS7_sign(signer, key, other, in, flags); + BIO_reset(in); +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } else { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("SMIME_read_PKCS7"); +#endif + if(!(p7 = SMIME_read_PKCS7(in, &indata))) { + BIO_printf(bio_err, "Error reading S/MIME message\n"); + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } + + if(!p7) { + BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); + goto end; + } + + ret = 4; + if(operation == SMIME_DECRYPT) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("PKCS7_decrypt"); +#endif + if(!PKCS7_decrypt(p7, key, recip, out, flags)) { + BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + } else if(operation == SMIME_VERIFY) { + STACK_OF(X509) *signers; +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("PKCS7_verify"); +#endif + if(PKCS7_verify(p7, other, store, indata, out, flags)) { + BIO_printf(bio_err, "Verification Successful\n"); + } else { + BIO_printf(bio_err, "Verification Failure\n"); + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("PKCS7_get0_signers"); +#endif + signers = PKCS7_get0_signers(p7, other, flags); +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("save_certs"); +#endif + if(!save_certs(signerfile, signers)) { + BIO_printf(bio_err, "Error writing signers to %s\n", + signerfile); + ret = 5; + goto end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + sk_X509_free(signers); + } else if(operation == SMIME_PK7OUT) { + PEM_write_bio_PKCS7(out, p7); + } else { + if(to) BIO_printf(out, "To: %s\n", to); + if(from) BIO_printf(out, "From: %s\n", from); + if(subject) BIO_printf(out, "Subject: %s\n", subject); + SMIME_write_PKCS7(out, p7, in, flags); + } + ret = 0; +end: +#ifdef CRYPTO_MDEBUG + CRYPTO_remove_all_info(); +#endif + if (need_rand) + app_RAND_write_file(NULL, bio_err); + if(ret) ERR_print_errors(bio_err); + sk_X509_pop_free(encerts, X509_free); + sk_X509_pop_free(other, X509_free); + X509_STORE_free(store); + X509_free(cert); + X509_free(recip); + X509_free(signer); + EVP_PKEY_free(key); + PKCS7_free(p7); + BIO_free(in); + BIO_free(indata); + BIO_free(out); + if(passin) Free(passin); + return (ret); +} + +static X509 *load_cert(char *file) +{ + BIO *in; + X509 *cert; + if(!(in = BIO_new_file(file, "r"))) return NULL; + cert = PEM_read_bio_X509(in, NULL, NULL,NULL); + BIO_free(in); + return cert; +} + +static EVP_PKEY *load_key(char *file, char *pass) +{ + BIO *in; + EVP_PKEY *key; + if(!(in = BIO_new_file(file, "r"))) return NULL; + key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass); + BIO_free(in); + return key; +} + +static STACK_OF(X509) *load_certs(char *file) +{ + BIO *in; + int i; + STACK_OF(X509) *othercerts; + STACK_OF(X509_INFO) *allcerts; + X509_INFO *xi; + if(!(in = BIO_new_file(file, "r"))) return NULL; + othercerts = sk_X509_new(NULL); + if(!othercerts) return NULL; + allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + for(i = 0; i < sk_X509_INFO_num(allcerts); i++) { + xi = sk_X509_INFO_value (allcerts, i); + if (xi->x509) { + sk_X509_push(othercerts, xi->x509); + xi->x509 = NULL; + } + } + sk_X509_INFO_pop_free(allcerts, X509_INFO_free); + BIO_free(in); + return othercerts; +} + +static X509_STORE *setup_verify(char *CAfile, char *CApath) +{ + X509_STORE *store; + X509_LOOKUP *lookup; +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("X509_STORE_new"); +#endif + if(!(store = X509_STORE_new())) goto end; +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("X509_STORE_add_lookup(...file)"); +#endif + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); + if (lookup == NULL) goto end; +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("X509_LOOKUP_load_file"); +#endif + if (CAfile) { + if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { + BIO_printf(bio_err, "Error loading file %s\n", CAfile); + goto end; + } + } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("X509_STORE_add_lookup(...hash_dir)"); +#endif + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); + if (lookup == NULL) goto end; +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("X509_LOOKUP_add_dir"); +#endif + if (CApath) { + if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { + BIO_printf(bio_err, "Error loading directory %s\n", CApath); + goto end; + } + } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); +#endif + + ERR_clear_error(); + return store; + end: + X509_STORE_free(store); + return NULL; +} + +static int save_certs(char *signerfile, STACK_OF(X509) *signers) +{ + int i; + BIO *tmp; + if(!signerfile) return 1; + tmp = BIO_new_file(signerfile, "w"); + if(!tmp) return 0; + for(i = 0; i < sk_X509_num(signers); i++) + PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); + BIO_free(tmp); + return 1; +} + diff --git a/lib/libssl/src/apps/spkac.c b/lib/libssl/src/apps/spkac.c new file mode 100644 index 00000000000..b35354a8d79 --- /dev/null +++ b/lib/libssl/src/apps/spkac.c @@ -0,0 +1,274 @@ +/* apps/spkac.c */ + +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. Based on an original idea by Massimiliano Pala + * (madwolf@openca.org). + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG spkac_main + +/* -in arg - input file - default stdin + * -out arg - output file - default stdout + */ + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + int i,badops=0, ret = 1; + BIO *in = NULL,*out = NULL, *key = NULL; + int verify=0,noout=0,pubkey=0; + char *infile = NULL,*outfile = NULL,*prog; + char *passargin = NULL, *passin = NULL; + char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; + char *challenge = NULL, *keyfile = NULL; + LHASH *conf = NULL; + NETSCAPE_SPKI *spki = NULL; + EVP_PKEY *pkey = NULL; + + apps_startup(); + + if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passargin= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-challenge") == 0) + { + if (--argc < 1) goto bad; + challenge= *(++argv); + } + else if (strcmp(*argv,"-spkac") == 0) + { + if (--argc < 1) goto bad; + spkac= *(++argv); + } + else if (strcmp(*argv,"-spksect") == 0) + { + if (--argc < 1) goto bad; + spksect= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-pubkey") == 0) + pubkey=1; + else if (strcmp(*argv,"-verify") == 0) + verify=1; + else badops = 1; + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options]\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -key arg create SPKAC using private key\n"); + BIO_printf(bio_err," -passin arg input file pass phrase source\n"); + BIO_printf(bio_err," -challenge arg challenge string\n"); + BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); + BIO_printf(bio_err," -noout don't print SPKAC\n"); + BIO_printf(bio_err," -pubkey output public key\n"); + BIO_printf(bio_err," -verify verify SPKAC signature\n"); + goto end; + } + + ERR_load_crypto_strings(); + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + if(keyfile) { + if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r"); + else key = BIO_new_fp(stdin, BIO_NOCLOSE); + if(!key) { + BIO_printf(bio_err, "Error opening key file\n"); + ERR_print_errors(bio_err); + goto end; + } + pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin); + if(!pkey) { + BIO_printf(bio_err, "Error reading private key\n"); + ERR_print_errors(bio_err); + goto end; + } + spki = NETSCAPE_SPKI_new(); + if(challenge) ASN1_STRING_set(spki->spkac->challenge, + challenge, strlen(challenge)); + NETSCAPE_SPKI_set_pubkey(spki, pkey); + NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); + spkstr = NETSCAPE_SPKI_b64_encode(spki); + + if (outfile) out = BIO_new_file(outfile, "w"); + else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if(!out) { + BIO_printf(bio_err, "Error opening output file\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(out, "SPKAC=%s\n", spkstr); + Free(spkstr); + ret = 0; + goto end; + } + + + + if (infile) in = BIO_new_file(infile, "r"); + else in = BIO_new_fp(stdin, BIO_NOCLOSE); + + if(!in) { + BIO_printf(bio_err, "Error opening input file\n"); + ERR_print_errors(bio_err); + goto end; + } + + conf = CONF_load_bio(NULL, in, NULL); + + if(!conf) { + BIO_printf(bio_err, "Error parsing config file\n"); + ERR_print_errors(bio_err); + goto end; + } + + spkstr = CONF_get_string(conf, spksect, spkac); + + if(!spkstr) { + BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); + ERR_print_errors(bio_err); + goto end; + } + + spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); + + if(!spki) { + BIO_printf(bio_err, "Error loading SPKAC\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile) out = BIO_new_file(outfile, "w"); + else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if(!out) { + BIO_printf(bio_err, "Error opening output file\n"); + ERR_print_errors(bio_err); + goto end; + } + + if(!noout) NETSCAPE_SPKI_print(out, spki); + pkey = NETSCAPE_SPKI_get_pubkey(spki); + if(verify) { + i = NETSCAPE_SPKI_verify(spki, pkey); + if(i) BIO_printf(bio_err, "Signature OK\n"); + else { + BIO_printf(bio_err, "Signature Failure\n"); + ERR_print_errors(bio_err); + goto end; + } + } + if(pubkey) PEM_write_bio_PUBKEY(out, pkey); + + ret = 0; + +end: + CONF_free(conf); + NETSCAPE_SPKI_free(spki); + BIO_free(in); + BIO_free(out); + BIO_free(key); + EVP_PKEY_free(pkey); + if(passin) Free(passin); + EXIT(ret); + } diff --git a/lib/libssl/src/crypto/asn1/a_mbstr.c b/lib/libssl/src/crypto/asn1/a_mbstr.c new file mode 100644 index 00000000000..7a710d54590 --- /dev/null +++ b/lib/libssl/src/crypto/asn1/a_mbstr.c @@ -0,0 +1,390 @@ +/* a_mbstr.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include "cryptlib.h" +#include <openssl/asn1.h> + +static int traverse_string(const unsigned char *p, int len, int inform, + int (*rfunc)(unsigned long value, void *in), void *arg); +static int in_utf8(unsigned long value, void *arg); +static int out_utf8(unsigned long value, void *arg); +static int type_str(unsigned long value, void *arg); +static int cpy_asc(unsigned long value, void *arg); +static int cpy_bmp(unsigned long value, void *arg); +static int cpy_univ(unsigned long value, void *arg); +static int cpy_utf8(unsigned long value, void *arg); +static int is_printable(unsigned long value); + +/* These functions take a string in UTF8, ASCII or multibyte form and + * a mask of permissible ASN1 string types. It then works out the minimal + * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) + * and creates a string of the correct type with the supplied data. + * Yes this is horrible: it has to be :-( + * The 'ncopy' form checks minimum and maximum size limits too. + */ + +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask) +{ + return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); +} + +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize) +{ + int str_type; + int ret; + int outform, outlen; + ASN1_STRING *dest; + unsigned char *p; + int nchar; + char strbuf[32]; + int (*cpyfunc)(unsigned long,void *) = NULL; + if(len == -1) len = strlen((const char *)in); + if(!mask) mask = DIRSTRING_TYPE; + + /* First do a string check and work out the number of characters */ + switch(inform) { + + case MBSTRING_BMP: + if(len & 1) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + nchar = len >> 1; + break; + + case MBSTRING_UNIV: + if(len & 3) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + nchar = len >> 2; + break; + + case MBSTRING_UTF8: + nchar = 0; + /* This counts the characters and does utf8 syntax checking */ + ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); + if(ret < 0) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ASN1_R_INVALID_UTF8STRING); + return -1; + } + break; + + case MBSTRING_ASC: + nchar = len; + break; + + default: + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT); + return -1; + } + + if((minsize > 0) && (nchar < minsize)) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); + sprintf(strbuf, "%ld", minsize); + ERR_add_error_data(2, "minsize=", strbuf); + return -1; + } + + if((maxsize > 0) && (nchar > maxsize)) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); + sprintf(strbuf, "%ld", maxsize); + ERR_add_error_data(2, "maxsize=", strbuf); + return -1; + } + + /* Now work out minimal type (if any) */ + if(traverse_string(in, len, inform, type_str, &mask) < 0) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS); + return -1; + } + + + /* Now work out output format and string type */ + outform = MBSTRING_ASC; + if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; + else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; + else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; + else if(mask & B_ASN1_BMPSTRING) { + str_type = V_ASN1_BMPSTRING; + outform = MBSTRING_BMP; + } else if(mask & B_ASN1_UNIVERSALSTRING) { + str_type = V_ASN1_UNIVERSALSTRING; + outform = MBSTRING_UNIV; + } else { + str_type = V_ASN1_UTF8STRING; + outform = MBSTRING_UTF8; + } + if(!out) return str_type; + if(*out) { + dest = *out; + if(dest->data) { + dest->length = 0; + Free(dest->data); + dest->data = NULL; + } + dest->type = str_type; + } else { + dest = ASN1_STRING_type_new(str_type); + if(!dest) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ERR_R_MALLOC_FAILURE); + return -1; + } + *out = dest; + } + /* If both the same type just copy across */ + if(inform == outform) { + if(!ASN1_STRING_set(dest, in, len)) { + ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); + return -1; + } + return str_type; + } + + /* Work out how much space the destination will need */ + switch(outform) { + case MBSTRING_ASC: + outlen = nchar; + cpyfunc = cpy_asc; + break; + + case MBSTRING_BMP: + outlen = nchar << 1; + cpyfunc = cpy_bmp; + break; + + case MBSTRING_UNIV: + outlen = nchar << 2; + cpyfunc = cpy_univ; + break; + + case MBSTRING_UTF8: + outlen = 0; + traverse_string(in, len, inform, out_utf8, &outlen); + cpyfunc = cpy_utf8; + break; + } + if(!(p = Malloc(outlen + 1))) { + ASN1_STRING_free(dest); + ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); + return -1; + } + dest->length = outlen; + dest->data = p; + p[outlen] = 0; + traverse_string(in, len, inform, cpyfunc, &p); + return str_type; +} + +/* This function traverses a string and passes the value of each character + * to an optional function along with a void * argument. + */ + +static int traverse_string(const unsigned char *p, int len, int inform, + int (*rfunc)(unsigned long value, void *in), void *arg) +{ + unsigned long value; + int ret; + while(len) { + if(inform == MBSTRING_ASC) { + value = *p++; + len--; + } else if(inform == MBSTRING_BMP) { + value = *p++ << 8; + value |= *p++; + len -= 2; + } else if(inform == MBSTRING_UNIV) { + value = *p++ << 24; + value |= *p++ << 16; + value |= *p++ << 8; + value |= *p++; + len -= 4; + } else { + ret = UTF8_getc(p, len, &value); + if(ret < 0) return -1; + len -= ret; + p += ret; + } + if(rfunc) { + ret = rfunc(value, arg); + if(ret <= 0) return ret; + } + } + return 1; +} + +/* Various utility functions for traverse_string */ + +/* Just count number of characters */ + +static int in_utf8(unsigned long value, void *arg) +{ + int *nchar; + nchar = arg; + (*nchar)++; + return 1; +} + +/* Determine size of output as a UTF8 String */ + +static int out_utf8(unsigned long value, void *arg) +{ + long *outlen; + outlen = arg; + *outlen += UTF8_putc(NULL, -1, value); + return 1; +} + +/* Determine the "type" of a string: check each character against a + * supplied "mask". + */ + +static int type_str(unsigned long value, void *arg) +{ + unsigned long types; + types = *((unsigned long *)arg); + if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) + types &= ~B_ASN1_PRINTABLESTRING; + if((types & B_ASN1_IA5STRING) && (value > 127)) + types &= ~B_ASN1_IA5STRING; + if((types & B_ASN1_T61STRING) && (value > 0xff)) + types &= ~B_ASN1_T61STRING; + if((types & B_ASN1_BMPSTRING) && (value > 0xffff)) + types &= ~B_ASN1_BMPSTRING; + if(!types) return -1; + *((unsigned long *)arg) = types; + return 1; +} + +/* Copy one byte per character ASCII like strings */ + +static int cpy_asc(unsigned long value, void *arg) +{ + unsigned char **p, *q; + p = arg; + q = *p; + *q = (unsigned char) value; + (*p)++; + return 1; +} + +/* Copy two byte per character BMPStrings */ + +static int cpy_bmp(unsigned long value, void *arg) +{ + unsigned char **p, *q; + p = arg; + q = *p; + *q++ = (unsigned char) ((value >> 8) & 0xff); + *q = (unsigned char) (value & 0xff); + *p += 2; + return 1; +} + +/* Copy four byte per character UniversalStrings */ + +static int cpy_univ(unsigned long value, void *arg) +{ + unsigned char **p, *q; + p = arg; + q = *p; + *q++ = (unsigned char) ((value >> 24) & 0xff); + *q++ = (unsigned char) ((value >> 16) & 0xff); + *q++ = (unsigned char) ((value >> 8) & 0xff); + *q = (unsigned char) (value & 0xff); + *p += 4; + return 1; +} + +/* Copy to a UTF8String */ + +static int cpy_utf8(unsigned long value, void *arg) +{ + unsigned char **p; + int ret; + p = arg; + /* We already know there is enough room so pass 0xff as the length */ + ret = UTF8_putc(*p, 0xff, value); + *p += ret; + return 1; +} + +/* Return 1 if the character is permitted in a PrintableString */ +static int is_printable(unsigned long value) +{ + int ch; + if(value > 0x7f) return 0; + ch = (int) value; + /* Note: we can't use 'isalnum' because certain accented + * characters may count as alphanumeric in some environments. + */ + if((ch >= 'a') && (ch <= 'z')) return 1; + if((ch >= 'A') && (ch <= 'Z')) return 1; + if((ch >= '0') && (ch <= '9')) return 1; + if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; + return 0; +} diff --git a/lib/libssl/src/crypto/asn1/a_strnid.c b/lib/libssl/src/crypto/asn1/a_strnid.c new file mode 100644 index 00000000000..ab8417ffabc --- /dev/null +++ b/lib/libssl/src/crypto/asn1/a_strnid.c @@ -0,0 +1,247 @@ +/* a_strnid.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include "cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/objects.h> + + +static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; +static void st_free(ASN1_STRING_TABLE *tbl); +static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b); +static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b); + + +/* This is the global mask for the mbstring functions: this is use to + * mask out certain types (such as BMPString and UTF8String) because + * certain software (e.g. Netscape) has problems with them. + */ + +static unsigned long global_mask = 0xFFFFFFFFL; + +void ASN1_STRING_set_default_mask(unsigned long mask) +{ + global_mask = mask; +} + +unsigned long ASN1_STRING_get_default_mask(void) +{ + return global_mask; +} + +/* This function sets the default to various "flavours" of configuration. + * based on an ASCII string. Currently this is: + * MASK:XXXX : a numerical mask value. + * nobmp : Don't use BMPStrings (just Printable, T61). + * pkix : PKIX recommendation in RFC2459. + * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). + * default: the default value, Printable, T61, BMP. + */ + +int ASN1_STRING_set_default_mask_asc(char *p) +{ + unsigned long mask; + char *end; + if(!strncmp(p, "MASK:", 5)) { + if(!p[5]) return 0; + mask = strtoul(p + 5, &end, 0); + if(*end) return 0; + } else if(!strcmp(p, "nombstr")) + mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING); + else if(!strcmp(p, "pkix")) + mask = ~B_ASN1_T61STRING; + else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; + else if(!strcmp(p, "default")) + mask = 0xFFFFFFFFL; + else return 0; + ASN1_STRING_set_default_mask(mask); + return 1; +} + +/* The following function generates an ASN1_STRING based on limits in a table. + * Frequently the types and length of an ASN1_STRING are restricted by a + * corresponding OID. For example certificates and certificate requests. + */ + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, + int inlen, int inform, int nid) +{ + ASN1_STRING_TABLE *tbl; + ASN1_STRING *str = NULL; + unsigned long mask; + int ret; + if(!out) out = &str; + tbl = ASN1_STRING_TABLE_get(nid); + if(tbl) { + mask = tbl->mask; + if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; + ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, + tbl->minsize, tbl->maxsize); + } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); + if(ret <= 0) return NULL; + return *out; +} + +/* Now the tables and helper functions for the string table: + */ + +/* size limits: this stuff is taken straight from RFC2459 */ + +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 + +/* This table must be kept in NID order */ + +static ASN1_STRING_TABLE tbl_standard[] = { +{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, +{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, +{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, +{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, +{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, +{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, +{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, +{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, +{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, +{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} +}; + +static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) +{ + return (*a)->nid - (*b)->nid; +} + +static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b) +{ + return a->nid - b->nid; +} + +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) +{ + int idx; + ASN1_STRING_TABLE *ttmp; + ASN1_STRING_TABLE fnd; + fnd.nid = nid; + ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, + (char *)tbl_standard, + sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), + sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp); + if(ttmp) return ttmp; + if(!stable) return NULL; + idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); + if(idx < 0) return NULL; + return sk_ASN1_STRING_TABLE_value(stable, idx); +} + +int ASN1_STRING_TABLE_add(int nid, + long minsize, long maxsize, unsigned long mask, + unsigned long flags) +{ + ASN1_STRING_TABLE *tmp; + char new_nid = 0; + flags &= ~STABLE_FLAGS_MALLOC; + if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); + if(!stable) { + ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } + if(!(tmp = ASN1_STRING_TABLE_get(nid))) { + tmp = Malloc(sizeof(ASN1_STRING_TABLE)); + if(!tmp) { + ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, + ERR_R_MALLOC_FAILURE); + return 0; + } + tmp->flags = flags | STABLE_FLAGS_MALLOC; + tmp->nid = nid; + new_nid = 1; + } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; + if(minsize != -1) tmp->minsize = minsize; + if(maxsize != -1) tmp->maxsize = maxsize; + tmp->mask = mask; + if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); + return 1; +} + +void ASN1_STRING_TABLE_cleanup(void) +{ + STACK_OF(ASN1_STRING_TABLE) *tmp; + tmp = stable; + if(!tmp) return; + stable = NULL; + sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); +} + +static void st_free(ASN1_STRING_TABLE *tbl) +{ + if(tbl->flags & STABLE_FLAGS_MALLOC) Free(tbl); +} + +IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) diff --git a/lib/libssl/src/crypto/asn1/p8_key.c b/lib/libssl/src/crypto/asn1/p8_key.c new file mode 100644 index 00000000000..0b243746279 --- /dev/null +++ b/lib/libssl/src/crypto/asn1/p8_key.c @@ -0,0 +1,131 @@ +/* crypto/asn1/p8_key.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1_mac.h> +#include <openssl/objects.h> + +int i2d_X509_KEY(X509 *a, unsigned char **pp) + { + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF); + M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR); + M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF); + M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR); + M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); + + M_ASN1_I2D_finish(); + } + +X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length) + { + M_ASN1_D2I_vars(a,X509 *,X509_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF); + M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); + M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); + M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509); + } + +X509 *X509_KEY_new(void) + { + X509_KEY *ret=NULL; + + M_ASN1_New_Malloc(ret,X509_KEY); + ret->references=1; + ret->type=NID + M_ASN1_New(ret->cert_info,X509_CINF_new); + M_ASN1_New(ret->sig_alg,X509_ALGOR_new); + M_ASN1_New(ret->signature,ASN1_BIT_STRING_new); + return(ret); + M_ASN1_New_Error(ASN1_F_X509_NEW); + } + +void X509_KEY_free(X509 *a) + { + int i; + + if (a == NULL) return; + + i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY); +#ifdef REF_PRINT + REF_PRINT("X509_KEY",a); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"X509_KEY_free, bad reference count\n"); + abort(); + } +#endif + + X509_CINF_free(a->cert_info); + X509_ALGOR_free(a->sig_alg); + ASN1_BIT_STRING_free(a->signature); + Free(a); + } + diff --git a/lib/libssl/src/crypto/asn1/t_bitst.c b/lib/libssl/src/crypto/asn1/t_bitst.c new file mode 100644 index 00000000000..8ee789f0825 --- /dev/null +++ b/lib/libssl/src/crypto/asn1/t_bitst.c @@ -0,0 +1,99 @@ +/* t_bitst.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/conf.h> +#include <openssl/x509v3.h> + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent) +{ + BIT_STRING_BITNAME *bnam; + char first = 1; + BIO_printf(out, "%*s", indent, ""); + for(bnam = tbl; bnam->lname; bnam++) { + if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { + if(!first) BIO_puts(out, ", "); + BIO_puts(out, bnam->lname); + first = 0; + } + } + BIO_puts(out, "\n"); + return 1; +} + +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl) +{ + int bitnum; + bitnum = ASN1_BIT_STRING_num_asc(name, tbl); + if(bitnum < 0) return 0; + if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value); + return 1; +} + +int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) +{ + BIT_STRING_BITNAME *bnam; + for(bnam = tbl; bnam->lname; bnam++) { + if(!strcmp(bnam->sname, name) || + !strcmp(bnam->lname, name) ) return bnam->bitnum; + } + return -1; +} diff --git a/lib/libssl/src/crypto/asn1/t_spki.c b/lib/libssl/src/crypto/asn1/t_spki.c new file mode 100644 index 00000000000..d708434fcab --- /dev/null +++ b/lib/libssl/src/crypto/asn1/t_spki.c @@ -0,0 +1,116 @@ +/* t_spki.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/asn1_mac.h> + +/* Print out an SPKI */ + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) +{ + EVP_PKEY *pkey; + ASN1_IA5STRING *chal; + int i, n; + char *s; + BIO_printf(out, "Netscape SPKI:\n"); + i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); + BIO_printf(out," Public Key Algorithm: %s\n", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); + pkey = X509_PUBKEY_get(spki->spkac->pubkey); + if(!pkey) BIO_printf(out, " Unable to load public key\n"); + else { +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + BIO_printf(out," RSA Public Key: (%d bit)\n", + BN_num_bits(pkey->pkey.rsa->n)); + RSA_print(out,pkey->pkey.rsa,2); + } + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + BIO_printf(out," DSA Public Key:\n"); + DSA_print(out,pkey->pkey.dsa,2); + } + else +#endif + BIO_printf(out," Unknown Public Key:\n"); + EVP_PKEY_free(pkey); + } + chal = spki->spkac->challenge; + if(chal->length) + BIO_printf(out, " Challenge String: %s\n", chal->data); + i=OBJ_obj2nid(spki->sig_algor->algorithm); + BIO_printf(out," Signature Algorithm: %s", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); + + n=spki->signature->length; + s=(char *)spki->signature->data; + for (i=0; i<n; i++) + { + if ((i%18) == 0) BIO_write(out,"\n ",7); + BIO_printf(out,"%02x%s",(unsigned char)s[i], + ((i+1) == n)?"":":"); + } + BIO_write(out,"\n",1); + return 1; +} diff --git a/lib/libssl/src/crypto/asn1/t_x509a.c b/lib/libssl/src/crypto/asn1/t_x509a.c new file mode 100644 index 00000000000..a18ebb586ce --- /dev/null +++ b/lib/libssl/src/crypto/asn1/t_x509a.c @@ -0,0 +1,102 @@ +/* t_x509a.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/asn1_mac.h> +#include <openssl/x509.h> + +/* X509_CERT_AUX and string set routines + */ + +int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) +{ + char oidstr[80], first; + int i; + if(!aux) return 1; + if(aux->trust) { + first = 1; + BIO_printf(out, "%*sTrusted Uses:\n%*s", + indent, "", indent + 2, ""); + for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { + if(!first) BIO_puts(out, ", "); + else first = 0; + OBJ_obj2txt(oidstr, 80, + sk_ASN1_OBJECT_value(aux->trust, i), 0); + BIO_puts(out, oidstr); + } + BIO_puts(out, "\n"); + } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); + if(aux->reject) { + first = 1; + BIO_printf(out, "%*sRejected Uses:\n%*s", + indent, "", indent + 2, ""); + for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { + if(!first) BIO_puts(out, ", "); + else first = 0; + OBJ_obj2txt(oidstr, 80, + sk_ASN1_OBJECT_value(aux->reject, i), 0); + BIO_puts(out, oidstr); + } + BIO_puts(out, "\n"); + } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); + if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "", + aux->alias->data); + return 1; +} diff --git a/lib/libssl/src/crypto/asn1/x_x509a.c b/lib/libssl/src/crypto/asn1/x_x509a.c new file mode 100644 index 00000000000..b9987ea9689 --- /dev/null +++ b/lib/libssl/src/crypto/asn1/x_x509a.c @@ -0,0 +1,200 @@ +/* a_x509a.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/asn1_mac.h> +#include <openssl/x509.h> + +/* X509_CERT_AUX routines. These are used to encode additional + * user modifiable data about a certificate. This data is + * appended to the X509 encoding when the *_X509_AUX routines + * are used. This means that the "traditional" X509 routines + * will simply ignore the extra data. + */ + +static X509_CERT_AUX *aux_get(X509 *x); + +X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length) +{ + M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + + M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust, + d2i_ASN1_OBJECT, ASN1_OBJECT_free); + M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject, + d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0); + M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING); + M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); + M_ASN1_D2I_get_IMP_set_opt_type(X509_ALGOR, ret->other, + d2i_X509_ALGOR, X509_ALGOR_free, 1); + + M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX); +} + +X509_CERT_AUX *X509_CERT_AUX_new() +{ + X509_CERT_AUX *ret = NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, X509_CERT_AUX); + ret->trust = NULL; + ret->reject = NULL; + ret->alias = NULL; + ret->keyid = NULL; + ret->other = NULL; + return(ret); + M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW); +} + +void X509_CERT_AUX_free(X509_CERT_AUX *a) +{ + if(a == NULL) return; + sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free); + sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free); + ASN1_UTF8STRING_free(a->alias); + ASN1_OCTET_STRING_free(a->keyid); + sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free); + Free(a); +} + +int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp) +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT); + M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0); + + M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING); + M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT); + M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0); + + M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING); + M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1); + + M_ASN1_I2D_finish(); +} + +static X509_CERT_AUX *aux_get(X509 *x) +{ + if(!x) return NULL; + if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL; + return x->aux; +} + +int X509_alias_set1(X509 *x, unsigned char *name, int len) +{ + X509_CERT_AUX *aux; + if(!(aux = aux_get(x))) return 0; + if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; + return ASN1_STRING_set(aux->alias, name, len); +} + +unsigned char *X509_alias_get0(X509 *x, int *len) +{ + if(!x->aux || !x->aux->alias) return NULL; + if(len) *len = x->aux->alias->length; + return x->aux->alias->data; +} + +int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) +{ + X509_CERT_AUX *aux; + ASN1_OBJECT *objtmp; + if(!(objtmp = OBJ_dup(obj))) return 0; + if(!(aux = aux_get(x))) return 0; + if(!aux->trust + && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0; + return sk_ASN1_OBJECT_push(aux->trust, objtmp); +} + +int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) +{ + X509_CERT_AUX *aux; + ASN1_OBJECT *objtmp; + if(!(objtmp = OBJ_dup(obj))) return 0; + if(!(aux = aux_get(x))) return 0; + if(!aux->reject + && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; + return sk_ASN1_OBJECT_push(aux->reject, objtmp); +} + +void X509_trust_clear(X509 *x) +{ + if(x->aux && x->aux->trust) { + sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); + x->aux->trust = NULL; + } +} + +void X509_reject_clear(X509 *x) +{ + if(x->aux && x->aux->reject) { + sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); + x->aux->reject = NULL; + } +} + diff --git a/lib/libssl/src/crypto/bn/bn_ctx.c b/lib/libssl/src/crypto/bn/bn_ctx.c new file mode 100644 index 00000000000..46132fd1806 --- /dev/null +++ b/lib/libssl/src/crypto/bn/bn_ctx.c @@ -0,0 +1,144 @@ +/* crypto/bn/bn_ctx.c */ +/* Written by Ulf Moeller for the OpenSSL project. */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef BN_CTX_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + +#include <stdio.h> +#include <assert.h> +#include "cryptlib.h" +#include <openssl/bn.h> + + +BN_CTX *BN_CTX_new(void) + { + BN_CTX *ret; + + ret=(BN_CTX *)Malloc(sizeof(BN_CTX)); + if (ret == NULL) + { + BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + + BN_CTX_init(ret); + ret->flags=BN_FLG_MALLOCED; + return(ret); + } + +void BN_CTX_init(BN_CTX *ctx) + { + int i; + ctx->tos = 0; + ctx->flags = 0; + ctx->depth = 0; + ctx->too_many = 0; + for (i = 0; i < BN_CTX_NUM; i++) + BN_init(&(ctx->bn[i])); + } + +void BN_CTX_free(BN_CTX *ctx) + { + int i; + + if (ctx == NULL) return; + assert(ctx->depth == 0); + + for (i=0; i < BN_CTX_NUM; i++) + BN_clear_free(&(ctx->bn[i])); + if (ctx->flags & BN_FLG_MALLOCED) + Free(ctx); + } + +void BN_CTX_start(BN_CTX *ctx) + { + if (ctx->depth < BN_CTX_NUM_POS) + ctx->pos[ctx->depth] = ctx->tos; + ctx->depth++; + } + +BIGNUM *BN_CTX_get(BN_CTX *ctx) + { + if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) + { + if (!ctx->too_many) + { + BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); + /* disable error code until BN_CTX_end is called: */ + ctx->too_many = 1; + } + return NULL; + } + return (&(ctx->bn[ctx->tos++])); + } + +void BN_CTX_end(BN_CTX *ctx) + { + if (ctx == NULL) return; + assert(ctx->depth > 0); + if (ctx->depth == 0) + /* should never happen, but we can tolerate it if not in + * debug mode (could be a 'goto err' in the calling function + * before BN_CTX_start was reached) */ + BN_CTX_start(ctx); + + ctx->too_many = 0; + ctx->depth--; + if (ctx->depth < BN_CTX_NUM_POS) + ctx->tos = ctx->pos[ctx->depth]; + } diff --git a/lib/libssl/src/crypto/bn/divtest.c b/lib/libssl/src/crypto/bn/divtest.c new file mode 100644 index 00000000000..13ba86e3c4e --- /dev/null +++ b/lib/libssl/src/crypto/bn/divtest.c @@ -0,0 +1,41 @@ +#include <openssl/bn.h> +#include <openssl/rand.h> + +static int rand(n) +{ + unsigned char x[2]; + RAND_pseudo_bytes(x,2); + return (x[0] + 2*x[1]); +} + +static void bug(char *m, BIGNUM *a, BIGNUM *b) +{ + printf("%s!\na=",m); + BN_print_fp(stdout, a); + printf("\nb="); + BN_print_fp(stdout, b); + printf("\n"); + fflush(stdout); +} + +main() +{ + BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(), + *C=BN_new(), *D=BN_new(); + BN_RECP_CTX *recp=BN_RECP_CTX_new(); + BN_CTX *ctx=BN_CTX_new(); + + for(;;) { + BN_pseudo_rand(a,rand(),0,0); + BN_pseudo_rand(b,rand(),0,0); + if (BN_is_zero(b)) continue; + + BN_RECP_CTX_set(recp,b,ctx); + if (BN_div(C,D,a,b,ctx) != 1) + bug("BN_div failed",a,b); + if (BN_div_recp(c,d,a,recp,ctx) != 1) + bug("BN_div_recp failed",a,b); + else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0) + bug("mismatch",a,b); + } +} diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c new file mode 100644 index 00000000000..b51cf6ad8d4 --- /dev/null +++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -0,0 +1,321 @@ +/* crypto/dsa/dsa_ossl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rand.h> +#include <openssl/asn1.h> + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa); +static int dsa_init(DSA *dsa); +static int dsa_finish(DSA *dsa); +static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + +static DSA_METHOD openssl_dsa_meth = { +"OpenSSL DSA method", +dsa_do_sign, +dsa_sign_setup, +dsa_do_verify, +dsa_mod_exp, +dsa_bn_mod_exp, +dsa_init, +dsa_finish, +0, +NULL +}; + +DSA_METHOD *DSA_OpenSSL(void) +{ + return &openssl_dsa_meth; +} + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + { + BIGNUM *kinv=NULL,*r=NULL,*s=NULL; + BIGNUM m; + BIGNUM xr; + BN_CTX *ctx=NULL; + int i,reason=ERR_R_BN_LIB; + DSA_SIG *ret=NULL; + + BN_init(&m); + BN_init(&xr); + s=BN_new(); + if (s == NULL) goto err; + + i=BN_num_bytes(dsa->q); /* should be 20 */ + if ((dlen > i) || (dlen > 50)) + { + reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + if ((dsa->kinv == NULL) || (dsa->r == NULL)) + { + if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; + } + else + { + kinv=dsa->kinv; + dsa->kinv=NULL; + r=dsa->r; + dsa->r=NULL; + } + + if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; + + /* Compute s = inv(k) (m + xr) mod q */ + if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ + if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ + if (BN_cmp(s,dsa->q) > 0) + BN_sub(s,s,dsa->q); + if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; + + ret=DSA_SIG_new(); + if (ret == NULL) goto err; + ret->r = r; + ret->s = s; + +err: + if (!ret) + { + DSAerr(DSA_F_DSA_DO_SIGN,reason); + BN_free(r); + BN_free(s); + } + if (ctx != NULL) BN_CTX_free(ctx); + BN_clear_free(&m); + BN_clear_free(&xr); + if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ + BN_clear_free(kinv); + return(ret); + } + +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) + { + BN_CTX *ctx; + BIGNUM k,*kinv=NULL,*r=NULL; + int ret=0; + + if (ctx_in == NULL) + { + if ((ctx=BN_CTX_new()) == NULL) goto err; + } + else + ctx=ctx_in; + + BN_init(&k); + if ((r=BN_new()) == NULL) goto err; + kinv=NULL; + + /* Get random k */ + for (;;) + { + if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; + if (BN_cmp(&k,dsa->q) >= 0) + BN_sub(&k,&k,dsa->q); + if (!BN_is_zero(&k)) break; + } + + if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + { + if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, + dsa->p,ctx)) goto err; + } + + /* Compute r = (g^k mod p) mod q */ + if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + (BN_MONT_CTX *)dsa->method_mont_p)) goto err; + if (!BN_mod(r,r,dsa->q,ctx)) goto err; + + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; + + if (*kinvp != NULL) BN_clear_free(*kinvp); + *kinvp=kinv; + kinv=NULL; + if (*rp != NULL) BN_clear_free(*rp); + *rp=r; + ret=1; +err: + if (!ret) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); + if (kinv != NULL) BN_clear_free(kinv); + if (r != NULL) BN_clear_free(r); + } + if (ctx_in == NULL) BN_CTX_free(ctx); + if (kinv != NULL) BN_clear_free(kinv); + BN_clear_free(&k); + return(ret); + } + +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa) + { + BN_CTX *ctx; + BIGNUM u1,u2,t1; + BN_MONT_CTX *mont=NULL; + int ret = -1; + + if ((ctx=BN_CTX_new()) == NULL) goto err; + BN_init(&u1); + BN_init(&u2); + BN_init(&t1); + + /* Calculate W = inv(S) mod Q + * save W in u2 */ + if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; + + /* save M in u1 */ + if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; + + /* u1 = M * w mod q */ + if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; + + /* u2 = r * w mod q */ + if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; + + if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + { + if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, + dsa->p,ctx)) goto err; + } + mont=(BN_MONT_CTX *)dsa->method_mont_p; + +#if 0 + { + BIGNUM t2; + + BN_init(&t2); + /* v = ( g^u1 * y^u2 mod p ) mod q */ + /* let t1 = g ^ u1 mod p */ + if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; + /* let t2 = y ^ u2 mod p */ + if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; + /* let u1 = t1 * t2 mod p */ + if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; + BN_free(&t2); + } + /* let u1 = u1 mod q */ + if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; +#else + { + if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, + dsa->p,ctx,mont)) goto err; + /* BN_copy(&u1,&t1); */ + /* let u1 = u1 mod q */ + if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; + } +#endif + /* V is now in u1. If the signature is correct, it will be + * equal to R. */ + ret=(BN_ucmp(&u1, sig->r) == 0); + + err: + if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); + if (ctx != NULL) BN_CTX_free(ctx); + BN_free(&u1); + BN_free(&u2); + BN_free(&t1); + return(ret); + } + +static int dsa_init(DSA *dsa) +{ + dsa->flags|=DSA_FLAG_CACHE_MONT_P; + return(1); +} + +static int dsa_finish(DSA *dsa) +{ + if(dsa->method_mont_p) + BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); + return(1); +} + +static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) +{ + return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); +} + +static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx) +{ + return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); +} diff --git a/lib/libssl/src/crypto/ebcdic.c b/lib/libssl/src/crypto/ebcdic.c new file mode 100644 index 00000000000..31397b2add7 --- /dev/null +++ b/lib/libssl/src/crypto/ebcdic.c @@ -0,0 +1,217 @@ +/* crypto/ebcdic.c */ + +#ifdef CHARSET_EBCDIC +#include "ebcdic.h" +/* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De> + * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De> + */ + +#ifdef _OSD_POSIX +/* + "BS2000 OSD" is a POSIX subsystem on a main frame. + It is made by Siemens AG, Germany, for their BS2000 mainframe machines. + Within the POSIX subsystem, the same character set was chosen as in + "native BS2000", namely EBCDIC. (EDF04) + + The name "ASCII" in these routines is misleading: actually, conversion + is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; + that means that (western european) national characters are preserved. + + This table is identical to the one used by rsh/rcp/ftp and other POSIX tools. +*/ + +/* Here's the bijective ebcdic-to-ascii table: */ +const unsigned char os_toascii[256] = { +/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, + 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ +/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, + 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ +/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/ +/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, + 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/ +/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, + 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/ +/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, + 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/ +/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, + 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ +/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, + 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/ +/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, + 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/ +/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, + 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/ +/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, + 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/ +/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, + 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/ +/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/ +/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, + 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/ +/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, + 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/ +/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /*0123456789.{.}.~*/ +}; + + +/* The ascii-to-ebcdic table: */ +const unsigned char os_toebcdic[256] = { +/*00*/ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, + 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ +/*10*/ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, + 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ +/*20*/ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, + 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ +/*30*/ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /*0123456789:;<=>?*/ +/*40*/ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /*@ABCDEFGHIJKLMNO*/ +/*50*/ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, + 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /*PQRSTUVWXYZ[\]^_*/ +/*60*/ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /*`abcdefghijklmno*/ +/*70*/ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, + 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /*pqrstuvwxyz{|}~.*/ +/*80*/ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /*................*/ +/*90*/ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, + 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /*................*/ +/*a0*/ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, + 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /*................*/ +/*b0*/ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, + 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /*................*/ +/*c0*/ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, + 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /*................*/ +/*d0*/ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, + 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /*................*/ +/*e0*/ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, + 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /*................*/ +/*f0*/ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, + 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /*................*/ +}; + +#else /*_OSD_POSIX*/ + +/* +This code does basic character mapping for IBM's TPF and OS/390 operating systems. +It is a modified version of the BS2000 table. + +Bijective EBCDIC (character set IBM-1047) to US-ASCII table: +This table is bijective - there are no ambigous or duplicate characters. +*/ +const unsigned char os_toascii[256] = { + 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ + 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ + 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */ + 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ + 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */ + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ + 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */ + 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ + 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */ + 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */ + 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */ + 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */ + 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */ + 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */ + 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */ + 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */ + 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */ + 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ + 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */ + 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ + 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */ + 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */ + 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */ + 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */ + 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */ + 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */ + 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */ + 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */ + 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */ + 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */ + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */ + 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */ +}; + + +/* +The US-ASCII to EBCDIC (character set IBM-1047) table: +This table is bijective (no ambiguous or duplicate characters) +*/ +const unsigned char os_toebcdic[256] = { + 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */ + 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ + 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */ + 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ + 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */ + 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */ + 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ + 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */ + 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ + 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */ + 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */ + 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */ + 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ + 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */ + 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */ + 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */ + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ + 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */ + 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */ + 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */ + 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */ + 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */ + 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ + 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */ + 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ + 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */ + 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */ + 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */ + 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ + 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ + 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ +}; +#endif /*_OSD_POSIX*/ + +/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset) + * dest and srce may be identical, or separate memory blocks, but + * should not overlap. These functions intentionally have an interface + * compatible to memcpy(3). + */ + +void * +ebcdic2ascii(void *dest, const void *srce, size_t count) +{ + unsigned char *udest = dest; + const unsigned char *usrce = srce; + + while (count-- != 0) { + *udest++ = os_toascii[*usrce++]; + } + + return dest; +} + +void * +ascii2ebcdic(void *dest, const void *srce, size_t count) +{ + unsigned char *udest = dest; + const unsigned char *usrce = srce; + + while (count-- != 0) { + *udest++ = os_toebcdic[*usrce++]; + } + + return dest; +} + +#else /*CHARSET_EBCDIC*/ +#ifdef PEDANTIC +static void *dummy=&dummy; +#endif +#endif diff --git a/lib/libssl/src/crypto/evp/c_allc.c b/lib/libssl/src/crypto/evp/c_allc.c new file mode 100644 index 00000000000..f24d3756c90 --- /dev/null +++ b/lib/libssl/src/crypto/evp/c_allc.c @@ -0,0 +1,149 @@ +/* crypto/evp/c_allc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/pkcs12.h> +#include <openssl/objects.h> + +void OpenSSL_add_all_ciphers(void) + { +#ifndef NO_DES + EVP_add_cipher(EVP_des_cfb()); + EVP_add_cipher(EVP_des_ede_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb()); + + EVP_add_cipher(EVP_des_ofb()); + EVP_add_cipher(EVP_des_ede_ofb()); + EVP_add_cipher(EVP_des_ede3_ofb()); + + EVP_add_cipher(EVP_desx_cbc()); + EVP_add_cipher_alias(SN_desx_cbc,"DESX"); + EVP_add_cipher_alias(SN_desx_cbc,"desx"); + + EVP_add_cipher(EVP_des_cbc()); + EVP_add_cipher_alias(SN_des_cbc,"DES"); + EVP_add_cipher_alias(SN_des_cbc,"des"); + EVP_add_cipher(EVP_des_ede_cbc()); + EVP_add_cipher(EVP_des_ede3_cbc()); + EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); + EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); + + EVP_add_cipher(EVP_des_ecb()); + EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher(EVP_des_ede3()); +#endif + +#ifndef NO_RC4 + EVP_add_cipher(EVP_rc4()); + EVP_add_cipher(EVP_rc4_40()); +#endif + +#ifndef NO_IDEA + EVP_add_cipher(EVP_idea_ecb()); + EVP_add_cipher(EVP_idea_cfb()); + EVP_add_cipher(EVP_idea_ofb()); + EVP_add_cipher(EVP_idea_cbc()); + EVP_add_cipher_alias(SN_idea_cbc,"IDEA"); + EVP_add_cipher_alias(SN_idea_cbc,"idea"); +#endif + +#ifndef NO_RC2 + EVP_add_cipher(EVP_rc2_ecb()); + EVP_add_cipher(EVP_rc2_cfb()); + EVP_add_cipher(EVP_rc2_ofb()); + EVP_add_cipher(EVP_rc2_cbc()); + EVP_add_cipher(EVP_rc2_40_cbc()); + EVP_add_cipher(EVP_rc2_64_cbc()); + EVP_add_cipher_alias(SN_rc2_cbc,"RC2"); + EVP_add_cipher_alias(SN_rc2_cbc,"rc2"); +#endif + +#ifndef NO_BF + EVP_add_cipher(EVP_bf_ecb()); + EVP_add_cipher(EVP_bf_cfb()); + EVP_add_cipher(EVP_bf_ofb()); + EVP_add_cipher(EVP_bf_cbc()); + EVP_add_cipher_alias(SN_bf_cbc,"BF"); + EVP_add_cipher_alias(SN_bf_cbc,"bf"); + EVP_add_cipher_alias(SN_bf_cbc,"blowfish"); +#endif + +#ifndef NO_CAST + EVP_add_cipher(EVP_cast5_ecb()); + EVP_add_cipher(EVP_cast5_cfb()); + EVP_add_cipher(EVP_cast5_ofb()); + EVP_add_cipher(EVP_cast5_cbc()); + EVP_add_cipher_alias(SN_cast5_cbc,"CAST"); + EVP_add_cipher_alias(SN_cast5_cbc,"cast"); + EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc"); + EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc"); +#endif + +#ifndef NO_RC5 + EVP_add_cipher(EVP_rc5_32_12_16_ecb()); + EVP_add_cipher(EVP_rc5_32_12_16_cfb()); + EVP_add_cipher(EVP_rc5_32_12_16_ofb()); + EVP_add_cipher(EVP_rc5_32_12_16_cbc()); + EVP_add_cipher_alias(SN_rc5_cbc,"rc5"); + EVP_add_cipher_alias(SN_rc5_cbc,"RC5"); +#endif + PKCS12_PBE_add(); + PKCS5_PBE_add(); + } diff --git a/lib/libssl/src/crypto/evp/c_alld.c b/lib/libssl/src/crypto/evp/c_alld.c new file mode 100644 index 00000000000..febe51a3ee4 --- /dev/null +++ b/lib/libssl/src/crypto/evp/c_alld.c @@ -0,0 +1,100 @@ +/* crypto/evp/c_alld.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/pkcs12.h> +#include <openssl/objects.h> + +void OpenSSL_add_all_digests(void) + { +#ifndef NO_MD2 + EVP_add_digest(EVP_md2()); +#endif +#ifndef NO_MD5 + EVP_add_digest(EVP_md5()); + EVP_add_digest_alias(SN_md5,"ssl2-md5"); + EVP_add_digest_alias(SN_md5,"ssl3-md5"); +#endif +#ifndef NO_SHA + EVP_add_digest(EVP_sha()); +#ifndef NO_DSA + EVP_add_digest(EVP_dss()); +#endif +#endif +#ifndef NO_SHA + EVP_add_digest(EVP_sha1()); + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); +#ifndef NO_DSA + EVP_add_digest(EVP_dss1()); + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); + EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); + EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); +#endif +#endif +#if !defined(NO_MDC2) && !defined(NO_DES) + EVP_add_digest(EVP_mdc2()); +#endif +#ifndef NO_RIPEMD + EVP_add_digest(EVP_ripemd160()); + EVP_add_digest_alias(SN_ripemd160,"ripemd"); + EVP_add_digest_alias(SN_ripemd160,"rmd160"); +#endif + } diff --git a/lib/libssl/src/crypto/mem_dbg.c b/lib/libssl/src/crypto/mem_dbg.c new file mode 100644 index 00000000000..14770c07337 --- /dev/null +++ b/lib/libssl/src/crypto/mem_dbg.c @@ -0,0 +1,703 @@ +/* crypto/mem_dbg.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <openssl/crypto.h> +#include <openssl/buffer.h> +#include <openssl/bio.h> +#include <openssl/lhash.h> +#include "cryptlib.h" + +static int mh_mode=CRYPTO_MEM_CHECK_OFF; +/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE + * when the application asks for it (usually after library initialisation + * for which no book-keeping is desired). + * + * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library + * thinks that certain allocations should not be checked (e.g. the data + * structures used for memory checking). It is not suitable as an initial + * state: the library will unexpectedly enable memory checking when it + * executes one of those sections that want to disable checking + * temporarily. + * + * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever. + */ + +static unsigned long order = 0; /* number of memory requests */ +static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ + + +typedef struct app_mem_info_st +/* For application-defined information (static C-string `info') + * to be displayed in memory leak list. + * Each thread has its own stack. For applications, there is + * CRYPTO_push_info("...") to push an entry, + * CRYPTO_pop_info() to pop an entry, + * CRYPTO_remove_all_info() to pop all entries. + */ + { + unsigned long thread; + const char *file; + int line; + const char *info; + struct app_mem_info_st *next; /* tail of thread's stack */ + int references; + } APP_INFO; + +static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's + * that are at the top of their thread's stack + * (with `thread' as key) */ + +typedef struct mem_st +/* memory-block description */ + { + char *addr; + int num; + const char *file; + int line; + unsigned long thread; + unsigned long order; + time_t time; + APP_INFO *app_info; + } MEM; + +static long options = /* extra information to be recorded */ +#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL) + V_CRYPTO_MDEBUG_TIME | +#endif +#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL) + V_CRYPTO_MDEBUG_THREAD | +#endif + 0; + + +static unsigned long disabling_thread = 0; + +int CRYPTO_mem_ctrl(int mode) + { + int ret=mh_mode; + + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + switch (mode) + { + /* for applications: */ + case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ + mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; + disabling_thread = 0; + break; + case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ + mh_mode = 0; + disabling_thread = 0; + break; + + /* switch off temporarily (for library-internal use): */ + case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ + if (mh_mode & CRYPTO_MEM_CHECK_ON) + { + mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE; + if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */ + { + /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while + * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if + * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release + * it because we block entry to this function). + * Give them a chance, first, and then claim the locks in + * appropriate order (long-time lock first). + */ + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + /* Note that after we have waited for CRYPTO_LOCK_MALLOC2 + * and CRYPTO_LOCK_MALLOC, we'll still be in the right + * "case" and "if" branch because MemCheck_start and + * MemCheck_stop may never be used while there are multiple + * OpenSSL threads. */ + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + disabling_thread=CRYPTO_thread_id(); + } + } + break; + case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ + if (mh_mode & CRYPTO_MEM_CHECK_ON) + { + mh_mode|=CRYPTO_MEM_CHECK_ENABLE; + if (disabling_thread != 0) + { + disabling_thread=0; + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + } + } + break; + + default: + break; + } + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + return(ret); + } + +int CRYPTO_is_mem_check_on(void) + { + int ret = 0; + + if (mh_mode & CRYPTO_MEM_CHECK_ON) + { + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + + ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) + && disabling_thread != CRYPTO_thread_id(); + + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + } + return(ret); + } + + +void CRYPTO_dbg_set_options(long bits) + { + options = bits; + } + +long CRYPTO_dbg_get_options(void) + { + return options; + } + +static int mem_cmp(MEM *a, MEM *b) + { + return(a->addr - b->addr); + } + +static unsigned long mem_hash(MEM *a) + { + unsigned long ret; + + ret=(unsigned long)a->addr; + + ret=ret*17851+(ret>>14)*7+(ret>>4)*251; + return(ret); + } + +static int app_info_cmp(APP_INFO *a, APP_INFO *b) + { + return(a->thread != b->thread); + } + +static unsigned long app_info_hash(APP_INFO *a) + { + unsigned long ret; + + ret=(unsigned long)a->thread; + + ret=ret*17851+(ret>>14)*7+(ret>>4)*251; + return(ret); + } + +static APP_INFO *pop_info() + { + APP_INFO tmp; + APP_INFO *ret = NULL; + + if (amih != NULL) + { + tmp.thread=CRYPTO_thread_id(); + if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL) + { + APP_INFO *next=ret->next; + + if (next != NULL) + { + next->references++; + lh_insert(amih,(char *)next); + } +#ifdef LEVITTE_DEBUG + if (ret->thread != tmp.thread) + { + fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", + ret->thread, tmp.thread); + abort(); + } +#endif + if (--(ret->references) <= 0) + { + ret->next = NULL; + if (next != NULL) + next->references--; + Free(ret); + } + } + } + return(ret); + } + +int CRYPTO_push_info_(const char *info, const char *file, int line) + { + APP_INFO *ami, *amim; + int ret=0; + + if (is_MemCheck_on()) + { + MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + + if ((ami = (APP_INFO *)Malloc(sizeof(APP_INFO))) == NULL) + { + ret=0; + goto err; + } + if (amih == NULL) + { + if ((amih=lh_new(app_info_hash,app_info_cmp)) == NULL) + { + Free(ami); + ret=0; + goto err; + } + } + + ami->thread=CRYPTO_thread_id(); + ami->file=file; + ami->line=line; + ami->info=info; + ami->references=1; + ami->next=NULL; + + if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) + { +#ifdef LEVITTE_DEBUG + if (ami->thread != amim->thread) + { + fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", + amim->thread, ami->thread); + abort(); + } +#endif + ami->next=amim; + } + err: + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + } + + return(ret); + } + +int CRYPTO_pop_info(void) + { + int ret=0; + + if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ + { + MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + + ret=(pop_info() != NULL); + + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + } + return(ret); + } + +int CRYPTO_remove_all_info(void) + { + int ret=0; + + if (is_MemCheck_on()) /* _must_ be true */ + { + MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + + while(pop_info() != NULL) + ret++; + + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + } + return(ret); + } + + +static unsigned long break_order_num=0; +void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, + int before_p) + { + MEM *m,*mm; + APP_INFO tmp,*amim; + + switch(before_p & 127) + { + case 0: + break; + case 1: + if (addr == NULL) + break; + + if (is_MemCheck_on()) + { + MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + if ((m=(MEM *)Malloc(sizeof(MEM))) == NULL) + { + Free(addr); + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + return; + } + if (mh == NULL) + { + if ((mh=lh_new(mem_hash,mem_cmp)) == NULL) + { + Free(addr); + Free(m); + addr=NULL; + goto err; + } + } + + m->addr=addr; + m->file=file; + m->line=line; + m->num=num; + if (options & V_CRYPTO_MDEBUG_THREAD) + m->thread=CRYPTO_thread_id(); + else + m->thread=0; + + if (order == break_order_num) + { + /* BREAK HERE */ + m->order=order; + } + m->order=order++; +#ifdef LEVITTE_DEBUG + fprintf(stderr, "LEVITTE_DEBUG: [%5d] %c 0x%p (%d)\n", + m->order, + (before_p & 128) ? '*' : '+', + m->addr, m->num); +#endif + if (options & V_CRYPTO_MDEBUG_TIME) + m->time=time(NULL); + else + m->time=0; + + tmp.thread=CRYPTO_thread_id(); + m->app_info=NULL; + if (amih != NULL + && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL) + { + m->app_info = amim; + amim->references++; + } + + if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL) + { + /* Not good, but don't sweat it */ + if (mm->app_info != NULL) + { + mm->app_info->references--; + } + Free(mm); + } + err: + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + } + break; + } + return; + } + +void CRYPTO_dbg_free(void *addr, int before_p) + { + MEM m,*mp; + + switch(before_p) + { + case 0: + if (addr == NULL) + break; + + if (is_MemCheck_on() && (mh != NULL)) + { + MemCheck_off(); + + m.addr=addr; + mp=(MEM *)lh_delete(mh,(char *)&m); + if (mp != NULL) + { +#ifdef LEVITTE_DEBUG + fprintf(stderr, "LEVITTE_DEBUG: [%5d] - 0x%p (%d)\n", + mp->order, mp->addr, mp->num); +#endif + if (mp->app_info != NULL) + { + mp->app_info->references--; + } + Free(mp); + } + + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + } + break; + case 1: + break; + } + } + +void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, + const char *file, int line, int before_p) + { + MEM m,*mp; + +#ifdef LEVITTE_DEBUG + fprintf(stderr, "LEVITTE_DEBUG: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", + addr1, addr2, num, file, line, before_p); +#endif + + switch(before_p) + { + case 0: + break; + case 1: + if (addr2 == NULL) + break; + + if (addr1 == NULL) + { + CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); + break; + } + + if (is_MemCheck_on()) + { + MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + + m.addr=addr1; + mp=(MEM *)lh_delete(mh,(char *)&m); + if (mp != NULL) + { +#ifdef LEVITTE_DEBUG + fprintf(stderr, "LEVITTE_DEBUG: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", + mp->order, + mp->addr, mp->num, + addr2, num); +#endif + mp->addr=addr2; + mp->num=num; + lh_insert(mh,(char *)mp); + } + + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + } + break; + } + return; + } + + +typedef struct mem_leak_st + { + BIO *bio; + int chunks; + long bytes; + } MEM_LEAK; + +static void print_leak(MEM *m, MEM_LEAK *l) + { + char buf[1024]; + char *bufp = buf; + APP_INFO *amip; + int ami_cnt; + struct tm *lcl = NULL; + unsigned long ti; + + if(m->addr == (char *)l->bio) + return; + + if (options & V_CRYPTO_MDEBUG_TIME) + { + lcl = localtime(&m->time); + + sprintf(bufp, "[%02d:%02d:%02d] ", + lcl->tm_hour,lcl->tm_min,lcl->tm_sec); + bufp += strlen(bufp); + } + + sprintf(bufp, "%5lu file=%s, line=%d, ", + m->order,m->file,m->line); + bufp += strlen(bufp); + + if (options & V_CRYPTO_MDEBUG_THREAD) + { + sprintf(bufp, "thread=%lu, ", m->thread); + bufp += strlen(bufp); + } + + sprintf(bufp, "number=%d, address=%08lX\n", + m->num,(unsigned long)m->addr); + bufp += strlen(bufp); + + BIO_puts(l->bio,buf); + + l->chunks++; + l->bytes+=m->num; + + amip=m->app_info; + ami_cnt=0; + if (!amip) + return; + ti=amip->thread; + + do + { + int buf_len; + int info_len; + + ami_cnt++; + memset(buf,'>',ami_cnt); + sprintf(buf + ami_cnt, + " thread=%lu, file=%s, line=%d, info=\"", + amip->thread, amip->file, amip->line); + buf_len=strlen(buf); + info_len=strlen(amip->info); + if (128 - buf_len - 3 < info_len) + { + memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); + buf_len = 128 - 3; + } + else + { + strcpy(buf + buf_len, amip->info); + buf_len = strlen(buf); + } + sprintf(buf + buf_len, "\"\n"); + + BIO_puts(l->bio,buf); + + amip = amip->next; + } + while(amip && amip->thread == ti); + +#ifdef LEVITTE_DEBUG + if (amip) + { + fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); + abort(); + } +#endif + } + +void CRYPTO_mem_leaks(BIO *b) + { + MEM_LEAK ml; + char buf[80]; + + if (mh == NULL) return; + ml.bio=b; + ml.bytes=0; + ml.chunks=0; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); + lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + if (ml.chunks != 0) + { + sprintf(buf,"%ld bytes leaked in %d chunks\n", + ml.bytes,ml.chunks); + BIO_puts(b,buf); + } + +#if 0 + lh_stats_bio(mh,b); + lh_node_stats_bio(mh,b); + lh_node_usage_stats_bio(mh,b); +#endif + } + +union void_fn_to_char_u + { + char *char_p; + void (*fn_p)(); + }; + +static void cb_leak(MEM *m, char *cb) + { + union void_fn_to_char_u mem_callback; + + mem_callback.char_p=cb; + mem_callback.fn_p(m->order,m->file,m->line,m->num,m->addr); + } + +void CRYPTO_mem_leaks_cb(void (*cb)()) + { + union void_fn_to_char_u mem_cb; + + if (mh == NULL) return; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); + mem_cb.fn_p=cb; + lh_doall_arg(mh,(void (*)())cb_leak,mem_cb.char_p); + mem_cb.char_p=NULL; + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + } + +#ifndef NO_FP_API +void CRYPTO_mem_leaks_fp(FILE *fp) + { + BIO *b; + + if (mh == NULL) return; + if ((b=BIO_new(BIO_s_file())) == NULL) + return; + BIO_set_fp(b,fp,BIO_NOCLOSE); + CRYPTO_mem_leaks(b); + BIO_free(b); + } +#endif + diff --git a/lib/libssl/src/crypto/pkcs12/p12_npas.c b/lib/libssl/src/crypto/pkcs12/p12_npas.c new file mode 100644 index 00000000000..ee71707e2c1 --- /dev/null +++ b/lib/libssl/src/crypto/pkcs12/p12_npas.c @@ -0,0 +1,212 @@ +/* p12_npas.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include <openssl/pkcs12.h> + +/* PKCS#12 password change routine */ + +static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); +static int newpass_bags(STACK *bags, char *oldpass, char *newpass); +static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); +static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); + +/* + * Change the password on a PKCS#12 structure. + */ + +int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) +{ + +/* Check for NULL PKCS12 structure */ + +if(!p12) { + PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); + return 0; +} + +/* Check the mac */ + +if (!PKCS12_verify_mac(p12, oldpass, -1)) { + PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); + return 0; +} + +if (!newpass_p12(p12, oldpass, newpass)) { + PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); + return 0; +} + +return 1; + +} + +/* Parse the outer PKCS#12 structure */ + +static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) +{ + STACK *asafes, *newsafes, *bags; + int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; + PKCS7 *p7, *p7new; + ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int maclen; + if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0; + if(!(newsafes = sk_new(NULL))) return 0; + for (i = 0; i < sk_num (asafes); i++) { + p7 = (PKCS7 *) sk_value(asafes, i); + bagnid = OBJ_obj2nid(p7->type); + if (bagnid == NID_pkcs7_data) { + bags = M_PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1); + alg_get(p7->d.encrypted->enc_data->algorithm, + &pbe_nid, &pbe_iter, &pbe_saltlen); + } else continue; + if (!bags) { + sk_pop_free(asafes, PKCS7_free); + return 0; + } + if (!newpass_bags(bags, oldpass, newpass)) { + sk_pop_free(bags, PKCS12_SAFEBAG_free); + sk_pop_free(asafes, PKCS7_free); + return 0; + } + /* Repack bag in same form with new password */ + if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); + else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, + pbe_saltlen, pbe_iter, bags); + sk_pop_free(bags, PKCS12_SAFEBAG_free); + if(!p7new) { + sk_pop_free(asafes, PKCS7_free); + return 0; + } + sk_push(newsafes, (char *)p7new); + } + sk_pop_free(asafes, PKCS7_free); + + /* Repack safe: save old safe in case of error */ + + p12_data_tmp = p12->authsafes->d.data; + if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr; + if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr; + + if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; + if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr; + if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr; + ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); + p12->mac->dinfo->digest = macnew; + ASN1_OCTET_STRING_free(p12_data_tmp); + + return 1; + + saferr: + /* Restore old safe */ + ASN1_OCTET_STRING_free(p12->authsafes->d.data); + ASN1_OCTET_STRING_free(macnew); + p12->authsafes->d.data = p12_data_tmp; + return 0; + +} + + +static int newpass_bags(STACK *bags, char *oldpass, char *newpass) +{ + int i; + for (i = 0; i < sk_num(bags); i++) { + if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i), + oldpass, newpass)) return 0; + } + return 1; +} + +/* Change password of safebag: only needs handle shrouded keybags */ + +static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) +{ + PKCS8_PRIV_KEY_INFO *p8; + X509_SIG *p8new; + int p8_nid, p8_saltlen, p8_iter; + + if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; + + if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0; + alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen); + if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, + p8_iter, p8))) return 0; + X509_SIG_free(bag->value.shkeybag); + bag->value.shkeybag = p8new; + return 1; +} + +static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) +{ + PBEPARAM *pbe; + unsigned char *p; + p = alg->parameter->value.sequence->data; + pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); + *pnid = OBJ_obj2nid(alg->algorithm); + *piter = ASN1_INTEGER_get(pbe->iter); + *psaltlen = pbe->salt->length; + PBEPARAM_free(pbe); + return 0; +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/lib/libssl/src/crypto/pkcs7/pk7_attr.c new file mode 100644 index 00000000000..3b9c0fe3f25 --- /dev/null +++ b/lib/libssl/src/crypto/pkcs7/pk7_attr.c @@ -0,0 +1,85 @@ +/* pk7_attr.c */ +/* S/MIME code. + * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) + * All Rights Reserved. + * Redistribution of this code without the authors permission is expressly + * prohibited. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <openssl/bio.h> +#include <openssl/asn1.h> +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap) +{ + ASN1_STRING *seq; + unsigned char *p, *pp; + int len; + len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(pp=(unsigned char *)Malloc(len))) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + p=pp; + i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(seq = ASN1_STRING_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!ASN1_STRING_set (seq, pp, len)) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + Free (pp); + return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq); +} + +STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *cap; + unsigned char *p; + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); + if (!cap) return NULL; + p = cap->value.sequence->data; + return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length, + (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL); +} + +/* Basic smime-capabilities OID and optional integer arg */ +int PKCS7_simple_smimecap(STACK *sk, int nid, int arg) +{ + X509_ALGOR *alg; + if(!(alg = X509_ALGOR_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = OBJ_nid2obj (nid); + if (arg > 0) { + ASN1_INTEGER *nbit; + if(!(alg->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!(nbit = ASN1_INTEGER_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!ASN1_INTEGER_set (nbit, arg)) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + alg->parameter->value.integer = nbit; + alg->parameter->type = V_ASN1_INTEGER; + } + sk_push (sk, (char *)alg); + return 1; +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/lib/libssl/src/crypto/pkcs7/pk7_mime.c new file mode 100644 index 00000000000..734643be287 --- /dev/null +++ b/lib/libssl/src/crypto/pkcs7/pk7_mime.c @@ -0,0 +1,673 @@ +/* pk7_mime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include "cryptlib.h" +#include <openssl/rand.h> +#include <openssl/x509.h> + +/* MIME and related routines */ + +/* MIME format structures + * Note that all are translated to lower case apart from + * parameter values. Quotes are stripped off + */ + +typedef struct { +char *name; /* Name of line e.g. "content-type" */ +char *value; /* Value of line e.g. "text/plain" */ +STACK /* MIME_PARAM */ *params; /* Zero or more parameters */ +} MIME_HEADER; + +typedef struct { +char *param_name; /* Param name e.g. "micalg" */ +char *param_value; /* Param value e.g. "sha1" */ +} MIME_PARAM; + + +static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); +static PKCS7 *B64_read_PKCS7(BIO *bio); +static char * strip_ends(char *name); +static char * strip_start(char *name); +static char * strip_end(char *name); +static MIME_HEADER *mime_hdr_new(char *name, char *value); +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); +static STACK *mime_parse_hdr(BIO *bio); +static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b); +static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b); +static void mime_param_free(MIME_PARAM *param); +static int mime_bound_check(char *line, int linelen, char *bound, int blen); +static int multi_split(BIO *bio, char *bound, STACK **ret); +static int iscrlf(char c); +static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name); +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); +static void mime_hdr_free(MIME_HEADER *hdr); + +#define MAX_SMLEN 1024 +#define mime_debug(x) /* x */ + + +typedef void (*stkfree)(); + +/* Base 64 read and write of PKCS#7 structure */ + +static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) +{ + BIO *b64; + if(!(b64 = BIO_new(BIO_f_base64()))) { + PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + i2d_PKCS7_bio(bio, p7); + BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return 1; +} + +static PKCS7 *B64_read_PKCS7(BIO *bio) +{ + BIO *b64; + PKCS7 *p7; + if(!(b64 = BIO_new(BIO_f_base64()))) { + PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + if(!(p7 = d2i_PKCS7_bio(bio, NULL))) + PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); + BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return p7; +} + +/* SMIME sender */ + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) +{ + char linebuf[MAX_SMLEN]; + char bound[33], c; + int i; + if((flags & PKCS7_DETACHED) && data) { + /* We want multipart/signed */ + /* Generate a random boundary */ + RAND_pseudo_bytes((unsigned char *)bound, 32); + for(i = 0; i < 32; i++) { + c = bound[i] & 0xf; + if(c < 10) c += '0'; + else c += 'A' - 10; + bound[i] = c; + } + bound[32] = 0; + BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "Content-Type: multipart/signed ; "); + BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); + BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); + BIO_printf(bio, "This is an S/MIME signed message\n\n"); + /* Now write out the first part */ + BIO_printf(bio, "------%s\r\n", bound); + if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); + while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) + BIO_write(bio, linebuf, i); + BIO_printf(bio, "\n------%s\n", bound); + + /* Headers for signature */ + + BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); + BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); + BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + B64_write_PKCS7(bio, p7); + BIO_printf(bio,"\n------%s--\n\n", bound); + return 1; + } + /* MIME headers */ + BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); + BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); + BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + B64_write_PKCS7(bio, p7); + BIO_printf(bio, "\n"); + return 1; +} + +/* SMIME reader: handle multipart/signed and opaque signing. + * in multipart case the content is placed in a memory BIO + * pointed to by "bcont". In opaque this is set to NULL + */ + +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) +{ + BIO *p7in; + STACK *headers = NULL; + STACK *parts = NULL; + MIME_HEADER *hdr; + MIME_PARAM *prm; + PKCS7 *p7; + int ret; + + if(bcont) *bcont = NULL; + + if (!(headers = mime_parse_hdr(bio))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR); + return NULL; + } + + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); + return NULL; + } + + /* Handle multipart/signed */ + + if(!strcmp(hdr->value, "multipart/signed")) { + /* Split into two parts */ + prm = mime_param_find(hdr, "boundary"); + if(!prm || !prm->param_value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); + return NULL; + } + ret = multi_split(bio, prm->param_value, &parts); + sk_pop_free(headers, mime_hdr_free); + if(!ret || (sk_num(parts) != 2) ) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + /* Parse the signature piece */ + p7in = (BIO *)sk_value(parts, 1); + + if (!(headers = mime_parse_hdr(p7in))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + /* Get content type */ + + if(!(hdr = mime_hdr_find(headers, "content-type")) || + !hdr->value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); + return NULL; + } + + if(strcmp(hdr->value, "application/x-pkcs7-signature") && + strcmp(hdr->value, "application/pkcs7-signature")) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + sk_pop_free(headers, mime_hdr_free); + /* Read in PKCS#7 */ + if(!(p7 = B64_read_PKCS7(p7in))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + if(bcont) { + *bcont = (BIO *)sk_value(parts, 0); + BIO_free(p7in); + sk_free(parts); + } else sk_pop_free(parts, (stkfree)BIO_free); + return p7; + } + + /* OK, if not multipart/signed try opaque signature */ + + if (strcmp (hdr->value, "application/x-pkcs7-mime") && + strcmp (hdr->value, "application/pkcs7-mime")) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(headers, mime_hdr_free); + return NULL; + } + + sk_pop_free(headers, mime_hdr_free); + + if(!(p7 = B64_read_PKCS7(bio))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); + return NULL; + } + return p7; + +} + +/* Copy text from one BIO to another making the output CRLF at EOL */ +int SMIME_crlf_copy(BIO *in, BIO *out, int flags) +{ + char eol; + int len; + char linebuf[MAX_SMLEN]; + if(flags & PKCS7_BINARY) { + while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) + BIO_write(out, linebuf, len); + return 1; + } + if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { + eol = 0; + while(iscrlf(linebuf[len - 1])) { + len--; + eol = 1; + } + BIO_write(out, linebuf, len); + if(eol) BIO_write(out, "\r\n", 2); + } + return 1; +} + +/* Strip off headers if they are text/plain */ +int SMIME_text(BIO *in, BIO *out) +{ + char iobuf[4096]; + int len; + STACK *headers; + MIME_HEADER *hdr; + if (!(headers = mime_parse_hdr(in))) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); + return 0; + } + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); + sk_pop_free(headers, mime_hdr_free); + return 0; + } + if (strcmp (hdr->value, "text/plain")) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(headers, mime_hdr_free); + return 0; + } + sk_pop_free(headers, mime_hdr_free); + while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) + BIO_write(out, iobuf, len); + return 1; +} + +/* Split a multipart/XXX message body into component parts: result is + * canonical parts in a STACK of bios + */ + +static int multi_split(BIO *bio, char *bound, STACK **ret) +{ + char linebuf[MAX_SMLEN]; + int len, blen; + BIO *bpart = NULL; + STACK *parts; + char state, part, first; + blen = strlen(bound); + part = 0; + state = 0; + first = 1; + parts = sk_new(NULL); + *ret = parts; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + state = mime_bound_check(linebuf, len, bound, blen); + if(state == 1) { + first = 1; + part++; + } else if(state == 2) { + sk_push(parts, (char *)bpart); + return 1; + } else if(part) { + if(first) { + first = 0; + if(bpart) sk_push(parts, (char *)bpart); + bpart = BIO_new(BIO_s_mem()); + + } else BIO_write(bpart, "\r\n", 2); + /* Strip CR+LF from linebuf */ + while(iscrlf(linebuf[len - 1])) len--; + BIO_write(bpart, linebuf, len); + } + } + return 0; +} + +static int iscrlf(char c) +{ + if(c == '\r' || c == '\n') return 1; + return 0; +} + +/* This is the big one: parse MIME header lines up to message body */ + +#define MIME_INVALID 0 +#define MIME_START 1 +#define MIME_TYPE 2 +#define MIME_NAME 3 +#define MIME_VALUE 4 +#define MIME_QUOTE 5 +#define MIME_COMMENT 6 + + +static STACK *mime_parse_hdr(BIO *bio) +{ + char *p, *q, c; + char *ntmp; + char linebuf[MAX_SMLEN]; + MIME_HEADER *mhdr = NULL; + STACK *headers; + int len, state, save_state = 0; + headers = sk_new(mime_hdr_cmp); + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ + if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; + else state = MIME_START; + ntmp = NULL; + /* Go through all characters */ + for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { + + /* State machine to handle MIME headers + * if this looks horrible that's because it *is* + */ + + switch(state) { + case MIME_START: + if(c == ':') { + state = MIME_TYPE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break; + + case MIME_TYPE: + if(c == ';') { + mime_debug("Found End Value\n"); + *p = 0; + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_push(headers, (char *)mhdr); + ntmp = NULL; + q = p + 1; + state = MIME_NAME; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_COMMENT: + if(c == ')') { + state = save_state; + } + break; + + case MIME_NAME: + if(c == '=') { + state = MIME_VALUE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break ; + + case MIME_VALUE: + if(c == ';') { + state = MIME_NAME; + *p = 0; + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + ntmp = NULL; + q = p + 1; + } else if (c == '"') { + mime_debug("Found Quote\n"); + state = MIME_QUOTE; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_QUOTE: + if(c == '"') { + mime_debug("Found Match Quote\n"); + state = MIME_VALUE; + } + break; + } + } + + if(state == MIME_TYPE) { + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_push(headers, (char *)mhdr); + } else if(state == MIME_VALUE) + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + if(p == linebuf) break; /* Blank line means end of headers */ +} + +return headers; + +} + +static char *strip_ends(char *name) +{ + return strip_end(strip_start(name)); +} + +/* Strip a parameter of whitespace from start of param */ +static char *strip_start(char *name) +{ + char *p, c; + /* Look for first non white space or quote */ + for(p = name; (c = *p) ;p++) { + if(c == '"') { + /* Next char is start of string if non null */ + if(p[1]) return p + 1; + /* Else null string */ + return NULL; + } + if(!isspace((unsigned char)c)) return p; + } + return NULL; +} + +/* As above but strip from end of string : maybe should handle brackets? */ +static char *strip_end(char *name) +{ + char *p, c; + if(!name) return NULL; + /* Look for first non white space or quote */ + for(p = name + strlen(name) - 1; p >= name ;p--) { + c = *p; + if(c == '"') { + if(p - 1 == name) return NULL; + *p = 0; + return name; + } + if(isspace((unsigned char)c)) *p = 0; + else return name; + } + return NULL; +} + +static MIME_HEADER *mime_hdr_new(char *name, char *value) +{ + MIME_HEADER *mhdr; + char *tmpname, *tmpval, *p; + int c; + if(name) { + if(!(tmpname = BUF_strdup(name))) return NULL; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + if(!(tmpval = BUF_strdup(value))) return NULL; + for(p = tmpval ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpval = NULL; + mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER)); + if(!mhdr) return NULL; + mhdr->name = tmpname; + mhdr->value = tmpval; + if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL; + return mhdr; +} + +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) +{ + char *tmpname, *tmpval, *p; + int c; + MIME_PARAM *mparam; + if(name) { + tmpname = BUF_strdup(name); + if(!tmpname) return 0; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + tmpval = BUF_strdup(value); + if(!tmpval) return 0; + } else tmpval = NULL; + /* Parameter values are case sensitive so leave as is */ + mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM)); + if(!mparam) return 0; + mparam->param_name = tmpname; + mparam->param_value = tmpval; + sk_push(mhdr->params, (char *)mparam); + return 1; +} + +static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b) +{ + return(strcmp((*a)->name, (*b)->name)); +} + +static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b) +{ + return(strcmp((*a)->param_name, (*b)->param_name)); +} + +/* Find a header with a given name (if possible) */ + +static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name) +{ + MIME_HEADER htmp; + int idx; + htmp.name = name; + idx = sk_find(hdrs, (char *)&htmp); + if(idx < 0) return NULL; + return (MIME_HEADER *)sk_value(hdrs, idx); +} + +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) +{ + MIME_PARAM param; + int idx; + param.param_name = name; + idx = sk_find(hdr->params, (char *)¶m); + if(idx < 0) return NULL; + return (MIME_PARAM *)sk_value(hdr->params, idx); +} + +static void mime_hdr_free(MIME_HEADER *hdr) +{ + if(hdr->name) Free(hdr->name); + if(hdr->value) Free(hdr->value); + if(hdr->params) sk_pop_free(hdr->params, mime_param_free); + Free(hdr); +} + +static void mime_param_free(MIME_PARAM *param) +{ + if(param->param_name) Free(param->param_name); + if(param->param_value) Free(param->param_value); + Free(param); +} + +/* Check for a multipart boundary. Returns: + * 0 : no boundary + * 1 : part boundary + * 2 : final boundary + */ +static int mime_bound_check(char *line, int linelen, char *bound, int blen) +{ + if(linelen == -1) linelen = strlen(line); + if(blen == -1) blen = strlen(bound); + /* Quickly eliminate if line length too short */ + if(blen + 2 > linelen) return 0; + /* Check for part boundary */ + if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { + if(!strncmp(line + blen + 2, "--", 2)) return 2; + else return 1; + } + return 0; +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/lib/libssl/src/crypto/pkcs7/pk7_smime.c new file mode 100644 index 00000000000..b41f42ed044 --- /dev/null +++ b/lib/libssl/src/crypto/pkcs7/pk7_smime.c @@ -0,0 +1,427 @@ +/* pk7_smime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Simple PKCS#7 processing functions */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/x509v3.h> + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags) +{ + PKCS7 *p7; + PKCS7_SIGNER_INFO *si; + BIO *p7bio; + STACK *smcap; + int i; + + if(!X509_check_private_key(signcert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + + if(!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + PKCS7_set_type(p7, NID_pkcs7_signed); + + PKCS7_content_new(p7, NID_pkcs7_data); + + if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + return NULL; + } + + if(!(flags & PKCS7_NOCERTS)) { + PKCS7_add_certificate(p7, signcert); + if(certs) for(i = 0; i < sk_X509_num(certs); i++) + PKCS7_add_certificate(p7, sk_X509_value(certs, i)); + } + + if(!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + + SMIME_crlf_copy(data, p7bio, flags); + + if(!(flags & PKCS7_NOATTR)) { + PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); + /* Add SMIMECapabilities */ + if(!(smcap = sk_new(NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } +#ifndef NO_DES + PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); +#endif +#ifndef NO_RC2 + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); +#endif +#ifndef NO_DES + PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); +#endif +#ifndef NO_RC2 + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); +#endif + PKCS7_add_attrib_smimecap (si, smcap); + sk_pop_free(smcap, X509_ALGOR_free); + } + + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); + + if (!PKCS7_dataFinal(p7,p7bio)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + return NULL; + } + + BIO_free_all(p7bio); + return p7; +} + +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags) +{ + STACK_OF(X509) *signers; + X509 *signer; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + X509_STORE_CTX cert_ctx; + char buf[4096]; + int i, j=0; + BIO *p7bio; + BIO *tmpout; + + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if(!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + /* Check for no data and no content: no data to verify signature */ + if(PKCS7_get_detached(p7) && !indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); + return 0; + } + + /* Check for data and content: two sets of data */ + if(!PKCS7_get_detached(p7) && indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); + return 0; + } + + sinfos = PKCS7_get_signer_info(p7); + + if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); + return 0; + } + + + signers = PKCS7_get0_signers(p7, certs, flags); + + if(!signers) return 0; + + /* Now verify the certificates */ + + if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) { + signer = sk_X509_value (signers, i); + if (!(flags & PKCS7_NOCHAIN)) { + X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert); + X509_STORE_CTX_set_purpose(&cert_ctx, + X509_PURPOSE_SMIME_SIGN); + } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); + X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + sk_X509_free(signers); + return 0; + } + /* Check for revocation status here */ + } + + p7bio=PKCS7_dataInit(p7,indata); + + if(flags & PKCS7_TEXT) { + if(!(tmpout = BIO_new(BIO_s_mem()))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + } else tmpout = out; + + /* We now have to 'read' from p7bio to calculate digests etc. */ + for (;;) + { + i=BIO_read(p7bio,buf,sizeof(buf)); + if (i <= 0) break; + if (tmpout) BIO_write(tmpout, buf, i); + } + + if(flags & PKCS7_TEXT) { + if(!SMIME_text(tmpout, out)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); + BIO_free(tmpout); + goto err; + } + BIO_free(tmpout); + } + + /* Now Verify All Signatures */ + if (!(flags & PKCS7_NOSIGS)) + for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++) + { + si=sk_PKCS7_SIGNER_INFO_value(sinfos,i); + signer = sk_X509_value (signers, i); + j=PKCS7_signatureVerify(p7bio,p7,si, signer); + if (j <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE); + goto err; + } + } + + sk_X509_free(signers); + if(indata) BIO_pop(p7bio); + BIO_free_all(p7bio); + + return 1; + + err: + + sk_X509_free(signers); + BIO_free(p7bio); + + return 0; +} + +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) +{ + STACK_OF(X509) *signers; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + PKCS7_ISSUER_AND_SERIAL *ias; + X509 *signer; + int i; + + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if(!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); + return NULL; + } + if(!(signers = sk_X509_new(NULL))) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* Collect all the signers together */ + + sinfos = PKCS7_get_signer_info(p7); + + if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); + return 0; + } + + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) + { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + ias = si->issuer_and_serial; + signer = NULL; + /* If any certificates passed they take priority */ + if (certs) signer = X509_find_by_issuer_and_serial (certs, + ias->issuer, ias->serial); + if (!signer && !(flags & PKCS7_NOINTERN) + && p7->d.sign->cert) signer = + X509_find_by_issuer_and_serial (p7->d.sign->cert, + ias->issuer, ias->serial); + if (!signer) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + sk_X509_free(signers); + return 0; + } + + sk_X509_push(signers, signer); + } + return signers; +} + + +/* Build a complete PKCS#7 enveloped data */ + +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, + int flags) +{ + PKCS7 *p7; + BIO *p7bio = NULL; + int i; + X509 *x509; + if(!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); + return NULL; + } + + PKCS7_set_type(p7, NID_pkcs7_enveloped); + if(!PKCS7_set_cipher(p7, cipher)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); + goto err; + } + + for(i = 0; i < sk_X509_num(certs); i++) { + x509 = sk_X509_value(certs, i); + if(!PKCS7_add_recipient(p7, x509)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, + PKCS7_R_ERROR_ADDING_RECIPIENT); + goto err; + } + } + + if(!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + SMIME_crlf_copy(in, p7bio, flags); + + BIO_flush(p7bio); + + if (!PKCS7_dataFinal(p7,p7bio)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); + goto err; + } + BIO_free_all(p7bio); + + return p7; + + err: + + BIO_free(p7bio); + PKCS7_free(p7); + return NULL; + +} + +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) +{ + BIO *tmpmem; + int ret, i; + char buf[4096]; + + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if(!PKCS7_type_is_enveloped(p7)) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + if(!X509_check_private_key(cert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return 0; + } + + if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); + return 0; + } + + if (flags & PKCS7_TEXT) { + BIO *tmpbuf, *bread; + /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ + if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + return 0; + } + if(!(bread = BIO_push(tmpbuf, tmpmem))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + return 0; + } + ret = SMIME_text(bread, data); + BIO_free_all(bread); + return ret; + } else { + for(;;) { + i = BIO_read(tmpmem, buf, sizeof(buf)); + if(i <= 0) break; + BIO_write(data, buf, i); + } + BIO_free_all(tmpmem); + return 1; + } +} diff --git a/lib/libssl/src/crypto/rand/rand_egd.c b/lib/libssl/src/crypto/rand/rand_egd.c new file mode 100644 index 00000000000..d834408bd4e --- /dev/null +++ b/lib/libssl/src/crypto/rand/rand_egd.c @@ -0,0 +1,110 @@ +/* crypto/rand/rand_egd.c */ +/* Written by Ulf Moeller for the OpenSSL project. */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/rand.h> + +/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>. + */ + +#if defined(WIN32) || defined(VMS) || defined(__VMS) +int RAND_egd(const char *path) + { + return(-1); + } +#else +#include <openssl/opensslconf.h> +#include OPENSSL_UNISTD +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <string.h> + +#ifndef offsetof +# define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) +#endif + +int RAND_egd(const char *path) + { + int ret = -1; + struct sockaddr_un addr; + int len, num; + int fd = -1; + unsigned char buf[256]; + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + if (strlen(path) > sizeof(addr.sun_path)) + return (-1); + strcpy(addr.sun_path,path); + len = offsetof(struct sockaddr_un, sun_path) + strlen(path); + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd == -1) return (-1); + if (connect(fd, (struct sockaddr *)&addr, len) == -1) goto err; + buf[0] = 1; + buf[1] = 255; + write(fd, buf, 2); + if (read(fd, buf, 1) != 1) goto err; + if (buf[0] == 0) goto err; + num = read(fd, buf, 255); + if (num < 1) goto err; + RAND_seed(buf, num); + if (RAND_status() == 1) + ret = num; + err: + if (fd != -1) close(fd); + return(ret); + } +#endif diff --git a/lib/libssl/src/crypto/rand/rand_err.c b/lib/libssl/src/crypto/rand/rand_err.c new file mode 100644 index 00000000000..d1263edf80f --- /dev/null +++ b/lib/libssl/src/crypto/rand/rand_err.c @@ -0,0 +1,93 @@ +/* crypto/rand/rand_err.c */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include <openssl/rand.h> + +/* BEGIN ERROR CODES */ +#ifndef NO_ERR +static ERR_STRING_DATA RAND_str_functs[]= + { +{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, +{0,NULL} + }; + +static ERR_STRING_DATA RAND_str_reasons[]= + { +{RAND_R_PRNG_NOT_SEEDED ,"prng not seeded"}, +{0,NULL} + }; + +#endif + +void ERR_load_RAND_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef NO_ERR + ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); + ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); +#endif + + } + } diff --git a/lib/libssl/src/crypto/rsa/rsa_null.c b/lib/libssl/src/crypto/rsa/rsa_null.c new file mode 100644 index 00000000000..7b58a0eca39 --- /dev/null +++ b/lib/libssl/src/crypto/rsa/rsa_null.c @@ -0,0 +1,149 @@ +/* rsa_null.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/rsa.h> +#include <openssl/rand.h> + +/* This is a dummy RSA implementation that just returns errors when called. + * It is designed to allow some RSA functions to work while stopping those + * covered by the RSA patent. That is RSA, encryption, decryption, signing + * and verify is not allowed but RSA key generation, key checking and other + * operations (like storing RSA keys) are permitted. + */ + +static int RSA_null_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_null_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_null_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_null_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +#if 0 /* not currently used */ +static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +#endif +static int RSA_null_init(RSA *rsa); +static int RSA_null_finish(RSA *rsa); +static RSA_METHOD rsa_null_meth={ + "Null RSA", + RSA_null_public_encrypt, + RSA_null_public_decrypt, + RSA_null_private_encrypt, + RSA_null_private_decrypt, + NULL, NULL, + RSA_null_init, + RSA_null_finish, + 0, + NULL, + }; + +RSA_METHOD *RSA_null_method(void) + { + return(&rsa_null_meth); + } + +static int RSA_null_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + return -1; + } + +static int RSA_null_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + return -1; + } + +static int RSA_null_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + return -1; + } + +static int RSA_null_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + return -1; + } + +#if 0 /* not currently used */ +static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) + { + RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + return -1; + } +#endif + +static int RSA_null_init(RSA *rsa) + { + return(1); + } + +static int RSA_null_finish(RSA *rsa) + { + return(1); + } + + diff --git a/lib/libssl/src/crypto/rsa/rsa_test.c b/lib/libssl/src/crypto/rsa/rsa_test.c new file mode 100644 index 00000000000..e5ae0c1f698 --- /dev/null +++ b/lib/libssl/src/crypto/rsa/rsa_test.c @@ -0,0 +1,314 @@ +/* test vectors from p1ovect1.txt */ + +#include <stdio.h> +#include <string.h> + +#include "openssl/e_os.h" + +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#ifdef NO_RSA +int main(int argc, char *argv[]) +{ + printf("No RSA support\n"); + return(0); +} +#else +#include <openssl/rsa.h> + +#define SetKey \ + key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ + key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \ + key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \ + key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \ + key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \ + key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \ + key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \ + key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \ + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ + return (sizeof(ctext_ex) - 1); + +static int key1(RSA *key, unsigned char *c) + { + static unsigned char n[] = +"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" +"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" +"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" +"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" +"\xF5"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = +"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" +"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" +"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" +"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; + + static unsigned char p[] = +"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" +"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" +"\x0D"; + + static unsigned char q[] = +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" +"\x89"; + + static unsigned char dmp1[] = +"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" +"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; + + static unsigned char dmq1[] = +"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" +"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" +"\x51"; + + static unsigned char iqmp[] = +"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" +"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; + + static unsigned char ctext_ex[] = +"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" +"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" +"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" +"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; + + SetKey; + } + +static int key2(RSA *key, unsigned char *c) + { + static unsigned char n[] = +"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" +"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" +"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" +"\x34\x77\xCF"; + + static unsigned char e[] = "\x3"; + + static unsigned char d[] = +"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" +"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" +"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" +"\xE5\xEB"; + + static unsigned char p[] = +"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" +"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; + + static unsigned char q[] = +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; + + static unsigned char dmp1[] = +"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" +"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; + + static unsigned char dmq1[] = +"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" +"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; + + static unsigned char iqmp[] = +"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" +"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; + + static unsigned char ctext_ex[] = +"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" +"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" +"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" +"\x62\x51"; + + SetKey; + } + +static int key3(RSA *key, unsigned char *c) + { + static unsigned char n[] = +"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" +"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" +"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" +"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" +"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" +"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" +"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" +"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" +"\xCB"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = +"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" +"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" +"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" +"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" +"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" +"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" +"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" +"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" +"\xC1"; + + static unsigned char p[] = +"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" +"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" +"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" +"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" +"\x99"; + + static unsigned char q[] = +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" +"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" +"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" +"\x03"; + + static unsigned char dmp1[] = +"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" +"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" +"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" +"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; + + static unsigned char dmq1[] = +"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" +"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" +"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" +"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; + + static unsigned char iqmp[] = +"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" +"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" +"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" +"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" +"\xF7"; + + static unsigned char ctext_ex[] = +"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" +"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" +"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" +"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" +"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" +"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" +"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" +"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; + + SetKey; + } + +static int pad_unknown(void) +{ + unsigned long l; + while ((l = ERR_get_error()) != 0) + if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) + return(1); + return(0); +} + +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + +int main(int argc, char *argv[]) + { + int err=0; + int v; + RSA *key; + unsigned char ptext[256]; + unsigned char ctext[256]; + static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; + unsigned char ctext_ex[256]; + int plen; + int clen = 0; + int num; + + RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + plen = sizeof(ptext_ex) - 1; + + for (v = 0; v < 3; v++) + { + key = RSA_new(); + switch (v) { + case 0: + clen = key1(key, ctext_ex); + break; + case 1: + clen = key2(key, ctext_ex); + break; + case 2: + clen = key3(key, ctext_ex); + break; + } + + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_PADDING); + if (num != clen) + { + printf("PKCS#1 v1.5 encryption failed!\n"); + err=1; + goto oaep; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) + { + printf("PKCS#1 v1.5 decryption failed!\n"); + err=1; + } + else + printf("PKCS #1 v1.5 encryption/decryption ok\n"); + + oaep: + ERR_clear_error(); + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_OAEP_PADDING); + if (num == -1 && pad_unknown()) + { + printf("No OAEP support\n"); + goto next; + } + if (num != clen) + { + printf("OAEP encryption failed!\n"); + err=1; + goto next; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) + { + printf("OAEP decryption (encrypted data) failed!\n"); + err=1; + } + else if (memcmp(ctext, ctext_ex, num) == 0) + { + printf("OAEP test vector %d passed!\n", v); + goto next; + } + + /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). + Try decrypting ctext_ex */ + + num = RSA_private_decrypt(clen, ctext_ex, ptext, key, + RSA_PKCS1_OAEP_PADDING); + + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) + { + printf("OAEP decryption (test vector data) failed!\n"); + err=1; + } + else + printf("OAEP encryption/decryption ok\n"); + next: + RSA_free(key); + } + + ERR_remove_state(0); + + CRYPTO_mem_leaks_fp(stdout); + + return err; + } +#endif diff --git a/lib/libssl/src/crypto/threads/README b/lib/libssl/src/crypto/threads/README new file mode 100644 index 00000000000..df6b26e146f --- /dev/null +++ b/lib/libssl/src/crypto/threads/README @@ -0,0 +1,14 @@ +Mutithreading testing area. + +Since this stuff is very very platorm specific, this is not part of the +normal build. Have a read of doc/threads.doc. + +mttest will do some testing and will currently build under Windows NT/95, +Solaris and Linux. The IRIX stuff is not finished. + +I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1) +and things seem to work ok. + +The Linux pthreads package can be retrieved from +http://www.mit.edu:8001/people/proven/pthreads.html + diff --git a/lib/libssl/src/crypto/threads/profile.sh b/lib/libssl/src/crypto/threads/profile.sh new file mode 100644 index 00000000000..6e3e342fc0b --- /dev/null +++ b/lib/libssl/src/crypto/threads/profile.sh @@ -0,0 +1,4 @@ +#!/bin/sh +/bin/rm -f mttest +cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread -lssl -lcrypto -lnsl -lsocket + diff --git a/lib/libssl/src/crypto/threads/ptest.bat b/lib/libssl/src/crypto/threads/ptest.bat new file mode 100644 index 00000000000..4071b5ffeac --- /dev/null +++ b/lib/libssl/src/crypto/threads/ptest.bat @@ -0,0 +1,4 @@ +del mttest.exe + +purify cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssl32.lib ..\..\out\crypt32.lib + diff --git a/lib/libssl/src/crypto/threads/pthread.sh b/lib/libssl/src/crypto/threads/pthread.sh new file mode 100644 index 00000000000..f1c49821d2f --- /dev/null +++ b/lib/libssl/src/crypto/threads/pthread.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# build using pthreads +# +# http://www.mit.edu:8001/people/proven/pthreads.html +# +/bin/rm -f mttest +pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto + diff --git a/lib/libssl/src/crypto/threads/pthread2.sh b/lib/libssl/src/crypto/threads/pthread2.sh new file mode 100644 index 00000000000..41264c6a504 --- /dev/null +++ b/lib/libssl/src/crypto/threads/pthread2.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# +# build using pthreads where it's already built into the system +# +/bin/rm -f mttest +gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread + diff --git a/lib/libssl/src/crypto/threads/pthreads-vms.com b/lib/libssl/src/crypto/threads/pthreads-vms.com new file mode 100644 index 00000000000..63f5b8cc2e9 --- /dev/null +++ b/lib/libssl/src/crypto/threads/pthreads-vms.com @@ -0,0 +1,9 @@ +$! To compile mttest on VMS. +$! +$! WARNING: only tested with DEC C so far. +$ +$ arch := vax +$ if f$getsyi("CPU") .ge. 128 then arch := axp +$ define/user openssl [--.include.openssl] +$ cc/def=PTHREADS mttest.c +$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib diff --git a/lib/libssl/src/crypto/threads/purify.sh b/lib/libssl/src/crypto/threads/purify.sh new file mode 100644 index 00000000000..6d44fe26b76 --- /dev/null +++ b/lib/libssl/src/crypto/threads/purify.sh @@ -0,0 +1,4 @@ +#!/bin/sh +/bin/rm -f mttest +purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket + diff --git a/lib/libssl/src/crypto/threads/solaris.sh b/lib/libssl/src/crypto/threads/solaris.sh new file mode 100644 index 00000000000..bc93094a274 --- /dev/null +++ b/lib/libssl/src/crypto/threads/solaris.sh @@ -0,0 +1,4 @@ +#!/bin/sh +/bin/rm -f mttest +cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket + diff --git a/lib/libssl/src/crypto/threads/win32.bat b/lib/libssl/src/crypto/threads/win32.bat new file mode 100644 index 00000000000..ee6da80a07d --- /dev/null +++ b/lib/libssl/src/crypto/threads/win32.bat @@ -0,0 +1,4 @@ +del mttest.exe + +cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssleay32.lib ..\..\out\libeay32.lib + diff --git a/lib/libssl/src/crypto/x509/x509_att.c b/lib/libssl/src/crypto/x509/x509_att.c new file mode 100644 index 00000000000..caafde658f3 --- /dev/null +++ b/lib/libssl/src/crypto/x509/x509_att.c @@ -0,0 +1,326 @@ +/* crypto/x509/x509_att.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <openssl/stack.h> +#include "cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/objects.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) +{ + if (!x) return 0; + return(sk_X509_ATTRIBUTE_num(x)); +} + +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos) +{ + ASN1_OBJECT *obj; + + obj=OBJ_nid2obj(nid); + if (obj == NULL) return(-2); + return(X509at_get_attr_by_OBJ(x,obj,lastpos)); +} + +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, + int lastpos) +{ + int n; + X509_ATTRIBUTE *ex; + + if (sk == NULL) return(-1); + lastpos++; + if (lastpos < 0) + lastpos=0; + n=sk_X509_ATTRIBUTE_num(sk); + for ( ; lastpos < n; lastpos++) + { + ex=sk_X509_ATTRIBUTE_value(sk,lastpos); + if (OBJ_cmp(ex->object,obj) == 0) + return(lastpos); + } + return(-1); +} + +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) +{ + if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) + return NULL; + else + return sk_X509_ATTRIBUTE_value(x,loc); +} + +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) +{ + X509_ATTRIBUTE *ret; + + if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) + return(NULL); + ret=sk_X509_ATTRIBUTE_delete(x,loc); + return(ret); +} + +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr) +{ + X509_ATTRIBUTE *new_attr=NULL; + STACK_OF(X509_ATTRIBUTE) *sk=NULL; + + if ((x != NULL) && (*x == NULL)) + { + if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) + goto err; + } + else + sk= *x; + + if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL) + goto err2; + if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) + goto err; + if ((x != NULL) && (*x == NULL)) + *x=sk; + return(sk); +err: + X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE); +err2: + if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); + if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); + return(NULL); +} + +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + ASN1_OBJECT *obj, int type, + unsigned char *bytes, int len) +{ + X509_ATTRIBUTE *attr; + STACK_OF(X509_ATTRIBUTE) *ret; + attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); + if(!attr) return 0; + ret = X509at_add1_attr(x, attr); + X509_ATTRIBUTE_free(attr); + return ret; +} + +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + unsigned char *bytes, int len) +{ + X509_ATTRIBUTE *attr; + STACK_OF(X509_ATTRIBUTE) *ret; + attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); + if(!attr) return 0; + ret = X509at_add1_attr(x, attr); + X509_ATTRIBUTE_free(attr); + return ret; +} + +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + char *attrname, int type, + unsigned char *bytes, int len) +{ + X509_ATTRIBUTE *attr; + STACK_OF(X509_ATTRIBUTE) *ret; + attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); + if(!attr) return 0; + ret = X509at_add1_attr(x, attr); + X509_ATTRIBUTE_free(attr); + return ret; +} + +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, void *data, int len) +{ + ASN1_OBJECT *obj; + X509_ATTRIBUTE *ret; + + obj=OBJ_nid2obj(nid); + if (obj == NULL) + { + X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID); + return(NULL); + } + ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len); + if (ret == NULL) ASN1_OBJECT_free(obj); + return(ret); +} + +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + ASN1_OBJECT *obj, int atrtype, void *data, int len) +{ + X509_ATTRIBUTE *ret; + + if ((attr == NULL) || (*attr == NULL)) + { + if ((ret=X509_ATTRIBUTE_new()) == NULL) + { + X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); + return(NULL); + } + } + else + ret= *attr; + + if (!X509_ATTRIBUTE_set1_object(ret,obj)) + goto err; + if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) + goto err; + + if ((attr != NULL) && (*attr == NULL)) *attr=ret; + return(ret); +err: + if ((attr == NULL) || (ret != *attr)) + X509_ATTRIBUTE_free(ret); + return(NULL); +} + +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + char *atrname, int type, unsigned char *bytes, int len) + { + ASN1_OBJECT *obj; + X509_ATTRIBUTE *nattr; + + obj=OBJ_txt2obj(atrname, 0); + if (obj == NULL) + { + X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, + X509_R_INVALID_FIELD_NAME); + ERR_add_error_data(2, "name=", atrname); + return(NULL); + } + nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len); + ASN1_OBJECT_free(obj); + return nattr; + } + +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj) +{ + if ((attr == NULL) || (obj == NULL)) + return(0); + ASN1_OBJECT_free(attr->object); + attr->object=OBJ_dup(obj); + return(1); +} + +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len) +{ + ASN1_TYPE *ttmp; + ASN1_STRING *stmp; + int atype; + if (!attr) return 0; + if(attrtype & MBSTRING_FLAG) { + stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, + OBJ_obj2nid(attr->object)); + if(!stmp) { + X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB); + return 0; + } + atype = stmp->type; + } else { + if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; + if(!ASN1_STRING_set(stmp, data, len)) goto err; + atype = attrtype; + } + if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; + if(!(ttmp = ASN1_TYPE_new())) goto err; + if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; + attr->set = 1; + ASN1_TYPE_set(ttmp, atype, stmp); + return 1; + err: + X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); + return 0; +} + +int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) +{ + if(attr->set) return sk_ASN1_TYPE_num(attr->value.set); + if(attr->value.single) return 1; + return 0; +} + +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) +{ + if (attr == NULL) return(NULL); + return(attr->object); +} + +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, + int atrtype, void *data) +{ + ASN1_TYPE *ttmp; + ttmp = X509_ATTRIBUTE_get0_type(attr, idx); + if(!ttmp) return NULL; + if(atrtype != ASN1_TYPE_get(ttmp)){ + X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); + return NULL; + } + return ttmp->value.ptr; +} + +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) +{ + if (attr == NULL) return(NULL); + if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; + if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx); + else return attr->value.single; +} diff --git a/lib/libssl/src/crypto/x509/x509_trs.c b/lib/libssl/src/crypto/x509/x509_trs.c new file mode 100644 index 00000000000..9f7d67952db --- /dev/null +++ b/lib/libssl/src/crypto/x509/x509_trs.c @@ -0,0 +1,263 @@ +/* x509_trs.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509v3.h> + + +static int tr_cmp(X509_TRUST **a, X509_TRUST **b); +static void trtable_free(X509_TRUST *p); + +static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); +static int trust_any(X509_TRUST *trust, X509 *x, int flags); + +static int obj_trust(int id, X509 *x, int flags); +static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; + +/* WARNING: the following table should be kept in order of trust + * and without any gaps so we can just subtract the minimum trust + * value to get an index into the table + */ + +static X509_TRUST trstandard[] = { +{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL}, +{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, +{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL}, +{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, +}; + +#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) + +IMPLEMENT_STACK_OF(X509_TRUST) + +static STACK_OF(X509_TRUST) *trtable = NULL; + +static int tr_cmp(X509_TRUST **a, X509_TRUST **b) +{ + return (*a)->trust - (*b)->trust; +} + +int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) +{ +int (*oldtrust)(int , X509 *, int); +oldtrust = default_trust; +default_trust = trust; +return oldtrust; +} + + +int X509_check_trust(X509 *x, int id, int flags) +{ + X509_TRUST *pt; + int idx; + if(id == -1) return 1; + if(!(idx = X509_TRUST_get_by_id(id))) + return default_trust(id, x, flags); + pt = X509_TRUST_get0(idx); + return pt->check_trust(pt, x, flags); +} + +int X509_TRUST_get_count(void) +{ + if(!trtable) return X509_TRUST_COUNT; + return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; +} + +X509_TRUST * X509_TRUST_get0(int idx) +{ + if(idx < 0) return NULL; + if(idx < X509_TRUST_COUNT) return trstandard + idx; + return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); +} + +int X509_TRUST_get_by_id(int id) +{ + X509_TRUST tmp; + int idx; + if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) + return id - X509_TRUST_MIN; + tmp.trust = id; + if(!trtable) return -1; + idx = sk_X509_TRUST_find(trtable, &tmp); + if(idx == -1) return -1; + return idx + X509_TRUST_COUNT; +} + +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2) +{ + int idx; + X509_TRUST *trtmp; + /* This is set according to what we change: application can't set it */ + flags &= ~X509_TRUST_DYNAMIC; + /* This will always be set for application modified trust entries */ + flags |= X509_TRUST_DYNAMIC_NAME; + /* Get existing entry if any */ + idx = X509_TRUST_get_by_id(id); + /* Need a new entry */ + if(idx == -1) { + if(!(trtmp = Malloc(sizeof(X509_TRUST)))) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + trtmp->flags = X509_TRUST_DYNAMIC; + } else trtmp = X509_TRUST_get0(idx); + + /* Free existing name if dynamic */ + if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name); + /* dup supplied name */ + if(!(trtmp->name = BUF_strdup(name))) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Keep the dynamic flag of existing entry */ + trtmp->flags &= X509_TRUST_DYNAMIC; + /* Set all other flags */ + trtmp->flags |= flags; + + trtmp->trust = id; + trtmp->check_trust = ck; + trtmp->arg1 = arg1; + trtmp->arg2 = arg2; + + /* If its a new entry manage the dynamic table */ + if(idx == -1) { + if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + if (!sk_X509_TRUST_push(trtable, trtmp)) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + } + return 1; +} + +static void trtable_free(X509_TRUST *p) + { + if(!p) return; + if (p->flags & X509_TRUST_DYNAMIC) + { + if (p->flags & X509_TRUST_DYNAMIC_NAME) + Free(p->name); + Free(p); + } + } + +void X509_TRUST_cleanup(void) +{ + int i; + for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); + sk_X509_TRUST_pop_free(trtable, trtable_free); + trtable = NULL; +} + +int X509_TRUST_get_flags(X509_TRUST *xp) +{ + return xp->flags; +} + +char *X509_TRUST_get0_name(X509_TRUST *xp) +{ + return xp->name; +} + +int X509_TRUST_get_trust(X509_TRUST *xp) +{ + return xp->trust; +} + +static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) +{ + if(x->aux) return obj_trust(trust->arg1, x, flags); + /* we don't have any trust settings: for compatibility + * we return trusted if it is self signed + */ + X509_check_purpose(x, -1, 0); + if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; + else return X509_TRUST_UNTRUSTED; +} + +static int obj_trust(int id, X509 *x, int flags) +{ + ASN1_OBJECT *obj; + int i; + X509_CERT_AUX *ax; + ax = x->aux; + if(!ax) return X509_TRUST_UNTRUSTED; + if(ax->reject) { + for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { + obj = sk_ASN1_OBJECT_value(ax->reject, i); + if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED; + } + } + if(ax->trust) { + for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { + obj = sk_ASN1_OBJECT_value(ax->trust, i); + if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED; + } + } + return X509_TRUST_UNTRUSTED; +} + +static int trust_any(X509_TRUST *trust, X509 *x, int flags) +{ + return X509_TRUST_TRUSTED; +} diff --git a/lib/libssl/src/crypto/x509/x509spki.c b/lib/libssl/src/crypto/x509/x509spki.c new file mode 100644 index 00000000000..b35c3f92e7f --- /dev/null +++ b/lib/libssl/src/crypto/x509/x509spki.c @@ -0,0 +1,121 @@ +/* x509spki.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/asn1_mac.h> + +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) +{ + if ((x == NULL) || (x->spkac == NULL)) return(0); + return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey)); +} + +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) +{ + if ((x == NULL) || (x->spkac == NULL)) + return(NULL); + return(X509_PUBKEY_get(x->spkac->pubkey)); +} + +/* Load a Netscape SPKI from a base64 encoded string */ + +NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) +{ + unsigned char *spki_der, *p; + int spki_len; + NETSCAPE_SPKI *spki; + if(len <= 0) len = strlen(str); + if (!(spki_der = Malloc(len + 1))) { + X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); + return NULL; + } + spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); + if(spki_len < 0) { + X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, + X509_R_BASE64_DECODE_ERROR); + Free(spki_der); + return NULL; + } + p = spki_der; + spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); + Free(spki_der); + return spki; +} + +/* Generate a base64 encoded string from an SPKI */ + +char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) +{ + unsigned char *der_spki, *p; + char *b64_str; + int der_len; + der_len = i2d_NETSCAPE_SPKI(spki, NULL); + der_spki = Malloc(der_len); + b64_str = Malloc(der_len * 2); + if(!der_spki || !b64_str) { + X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); + return NULL; + } + p = der_spki; + i2d_NETSCAPE_SPKI(spki, &p); + EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); + Free(der_spki); + return b64_str; +} diff --git a/lib/libssl/src/crypto/x509v3/ext_dat.h b/lib/libssl/src/crypto/x509v3/ext_dat.h new file mode 100644 index 00000000000..801a585a525 --- /dev/null +++ b/lib/libssl/src/crypto/x509v3/ext_dat.h @@ -0,0 +1,97 @@ +/* ext_dat.h */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* This file contains a table of "standard" extensions */ + +extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; +extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; +extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; +extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; + +/* This table will be searched using OBJ_bsearch so it *must* kept in + * order of the ext_nid values. + */ + +static X509V3_EXT_METHOD *standard_exts[] = { +&v3_nscert, +&v3_ns_ia5_list[0], +&v3_ns_ia5_list[1], +&v3_ns_ia5_list[2], +&v3_ns_ia5_list[3], +&v3_ns_ia5_list[4], +&v3_ns_ia5_list[5], +&v3_ns_ia5_list[6], +&v3_skey_id, +&v3_key_usage, +&v3_pkey_usage_period, +&v3_alt[0], +&v3_alt[1], +&v3_bcons, +&v3_crl_num, +&v3_cpols, +&v3_akey_id, +&v3_crld, +&v3_ext_ku, +&v3_crl_reason, +&v3_sxnet, +&v3_info, +}; + +/* Number of standard extensions */ + +#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) + diff --git a/lib/libssl/src/crypto/x509v3/tabtest.c b/lib/libssl/src/crypto/x509v3/tabtest.c new file mode 100644 index 00000000000..dad0d38dd53 --- /dev/null +++ b/lib/libssl/src/crypto/x509v3/tabtest.c @@ -0,0 +1,88 @@ +/* tabtest.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Simple program to check the ext_dat.h is correct and print out + * problems if it is not. + */ + +#include <stdio.h> + +#include <openssl/x509v3.h> + +#include "ext_dat.h" + +main() +{ + int i, prev = -1, bad = 0; + X509V3_EXT_METHOD **tmp; + i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *); + if(i != STANDARD_EXTENSION_COUNT) + fprintf(stderr, "Extension number invalid expecting %d\n", i); + tmp = standard_exts; + for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { + if((*tmp)->ext_nid < prev) bad = 1; + prev = (*tmp)->ext_nid; + + } + if(bad) { + tmp = standard_exts; + fprintf(stderr, "Extensions out of order!\n"); + for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) + printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); + } else fprintf(stderr, "Order OK\n"); +} diff --git a/lib/libssl/src/crypto/x509v3/v3_info.c b/lib/libssl/src/crypto/x509v3/v3_info.c new file mode 100644 index 00000000000..78d2135046e --- /dev/null +++ b/lib/libssl/src/crypto/x509v3/v3_info.c @@ -0,0 +1,236 @@ +/* v3_info.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/conf.h> +#include <openssl/asn1.h> +#include <openssl/asn1_mac.h> +#include <openssl/x509v3.h> + +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + STACK_OF(ACCESS_DESCRIPTION) *ainfo, + STACK_OF(CONF_VALUE) *ret); +static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +X509V3_EXT_METHOD v3_info = +{ NID_info_access, X509V3_EXT_MULTILINE, +(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new, +(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free, +(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS, +(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS, +NULL, NULL, +(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, +(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, +NULL, NULL, NULL}; + +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + STACK_OF(ACCESS_DESCRIPTION) *ainfo, + STACK_OF(CONF_VALUE) *ret) +{ + ACCESS_DESCRIPTION *desc; + int i; + char objtmp[80], *ntmp; + CONF_VALUE *vtmp; + for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { + desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); + ret = i2v_GENERAL_NAME(method, desc->location, ret); + if(!ret) break; + vtmp = sk_CONF_VALUE_value(ret, i); + i2t_ASN1_OBJECT(objtmp, 80, desc->method); + ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5); + if(!ntmp) { + X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, + ERR_R_MALLOC_FAILURE); + return NULL; + } + strcpy(ntmp, objtmp); + strcat(ntmp, " - "); + strcat(ntmp, vtmp->name); + Free(vtmp->name); + vtmp->name = ntmp; + + } + if(!ret) return sk_CONF_VALUE_new_null(); + return ret; +} + +static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ + STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL; + CONF_VALUE *cnf, ctmp; + ACCESS_DESCRIPTION *acc; + int i, objlen; + char *objtmp, *ptmp; + if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); + if(!(acc = ACCESS_DESCRIPTION_new()) + || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + goto err; + } + ptmp = strchr(cnf->name, ';'); + if(!ptmp) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); + goto err; + } + objlen = ptmp - cnf->name; + ctmp.name = ptmp + 1; + ctmp.value = cnf->value; + if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) + goto err; + if(!(objtmp = Malloc(objlen + 1))) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + goto err; + } + strncpy(objtmp, cnf->name, objlen); + objtmp[objlen] = 0; + acc->method = OBJ_txt2obj(objtmp, 0); + if(!acc->method) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", objtmp); + Free(objtmp); + goto err; + } + Free(objtmp); + + } + return ainfo; + err: + sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); + return NULL; +} + +int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp) +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT); + M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT); + M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME); + + M_ASN1_I2D_finish(); +} + +ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void) +{ + ACCESS_DESCRIPTION *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION); + ret->method = OBJ_nid2obj(NID_undef); + ret->location = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW); +} + +ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, + long length) +{ + M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT); + M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME); + M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION); +} + +void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) +{ + if (a == NULL) return; + ASN1_OBJECT_free(a->method); + GENERAL_NAME_free(a->location); + Free (a); +} + +STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void) +{ + return sk_ACCESS_DESCRIPTION_new(NULL); +} + +void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a) +{ + sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free); +} + +STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, + unsigned char **pp, long length) +{ +return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION, + ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); +} + +int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp) +{ +return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); +} + +IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION) +IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION) + + diff --git a/lib/libssl/src/crypto/x509v3/v3_purp.c b/lib/libssl/src/crypto/x509v3/v3_purp.c new file mode 100644 index 00000000000..b7494ebcd56 --- /dev/null +++ b/lib/libssl/src/crypto/x509v3/v3_purp.c @@ -0,0 +1,456 @@ +/* v3_purp.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509v3.h> + + +static void x509v3_cache_extensions(X509 *x); + +static int ca_check(X509 *x); +static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); +static int purpose_smime(X509 *x, int ca); +static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); +static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); + +static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); +static void xptable_free(X509_PURPOSE *p); + +static X509_PURPOSE xstandard[] = { + {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, + {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, + {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, + {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, + {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, + {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, +}; + +#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) + +IMPLEMENT_STACK_OF(X509_PURPOSE) + +static STACK_OF(X509_PURPOSE) *xptable = NULL; + +static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) +{ + return (*a)->purpose - (*b)->purpose; +} + +int X509_check_purpose(X509 *x, int id, int ca) +{ + int idx; + X509_PURPOSE *pt; + if(!(x->ex_flags & EXFLAG_SET)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(x); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + if(id == -1) return 1; + idx = X509_PURPOSE_get_by_id(id); + if(idx == -1) return -1; + pt = X509_PURPOSE_get0(idx); + return pt->check_purpose(pt, x, ca); +} + +int X509_PURPOSE_get_count(void) +{ + if(!xptable) return X509_PURPOSE_COUNT; + return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; +} + +X509_PURPOSE * X509_PURPOSE_get0(int idx) +{ + if(idx < 0) return NULL; + if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); +} + +int X509_PURPOSE_get_by_sname(char *sname) +{ + int i; + X509_PURPOSE *xptmp; + for(i = 0; i < X509_PURPOSE_get_count(); i++) { + xptmp = X509_PURPOSE_get0(i); + if(!strcmp(xptmp->sname, sname)) return i; + } + return -1; +} + + +int X509_PURPOSE_get_by_id(int purpose) +{ + X509_PURPOSE tmp; + int idx; + if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) + return purpose - X509_PURPOSE_MIN; + tmp.purpose = purpose; + if(!xptable) return -1; + idx = sk_X509_PURPOSE_find(xptable, &tmp); + if(idx == -1) return -1; + return idx + X509_PURPOSE_COUNT; +} + +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(X509_PURPOSE *, X509 *, int), + char *name, char *sname, void *arg) +{ + int idx; + X509_PURPOSE *ptmp; + /* This is set according to what we change: application can't set it */ + flags &= ~X509_PURPOSE_DYNAMIC; + /* This will always be set for application modified trust entries */ + flags |= X509_PURPOSE_DYNAMIC_NAME; + /* Get existing entry if any */ + idx = X509_PURPOSE_get_by_id(id); + /* Need a new entry */ + if(idx == -1) { + if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + ptmp->flags = X509_PURPOSE_DYNAMIC; + } else ptmp = X509_PURPOSE_get0(idx); + + /* Free existing name if dynamic */ + if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { + Free(ptmp->name); + Free(ptmp->sname); + } + /* dup supplied name */ + ptmp->name = BUF_strdup(name); + ptmp->sname = BUF_strdup(sname); + if(!ptmp->name || !ptmp->sname) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Keep the dynamic flag of existing entry */ + ptmp->flags &= X509_PURPOSE_DYNAMIC; + /* Set all other flags */ + ptmp->flags |= flags; + + ptmp->purpose = id; + ptmp->trust = trust; + ptmp->check_purpose = ck; + ptmp->usr_data = arg; + + /* If its a new entry manage the dynamic table */ + if(idx == -1) { + if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + if (!sk_X509_PURPOSE_push(xptable, ptmp)) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + } + return 1; +} + +static void xptable_free(X509_PURPOSE *p) + { + if(!p) return; + if (p->flags & X509_PURPOSE_DYNAMIC) + { + if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { + Free(p->name); + Free(p->sname); + } + Free(p); + } + } + +void X509_PURPOSE_cleanup(void) +{ + int i; + sk_X509_PURPOSE_pop_free(xptable, xptable_free); + for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); + xptable = NULL; +} + +int X509_PURPOSE_get_id(X509_PURPOSE *xp) +{ + return xp->purpose; +} + +char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) +{ + return xp->name; +} + +char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) +{ + return xp->sname; +} + +int X509_PURPOSE_get_trust(X509_PURPOSE *xp) +{ + return xp->trust; +} + +#ifndef NO_SHA +static void x509v3_cache_extensions(X509 *x) +{ + BASIC_CONSTRAINTS *bs; + ASN1_BIT_STRING *usage; + ASN1_BIT_STRING *ns; + STACK_OF(ASN1_OBJECT) *extusage; + int i; + if(x->ex_flags & EXFLAG_SET) return; + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); + /* Does subject name match issuer ? */ + if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) + x->ex_flags |= EXFLAG_SS; + /* V1 should mean no extensions ... */ + if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; + /* Handle basic constraints */ + if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { + if(bs->ca) x->ex_flags |= EXFLAG_CA; + if(bs->pathlen) { + if((bs->pathlen->type == V_ASN1_NEG_INTEGER) + || !bs->ca) { + x->ex_flags |= EXFLAG_INVALID; + x->ex_pathlen = 0; + } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); + } else x->ex_pathlen = -1; + BASIC_CONSTRAINTS_free(bs); + x->ex_flags |= EXFLAG_BCONS; + } + /* Handle key usage */ + if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { + if(usage->length > 0) { + x->ex_kusage = usage->data[0]; + if(usage->length > 1) + x->ex_kusage |= usage->data[1] << 8; + } else x->ex_kusage = 0; + x->ex_flags |= EXFLAG_KUSAGE; + ASN1_BIT_STRING_free(usage); + } + x->ex_xkusage = 0; + if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { + x->ex_flags |= EXFLAG_XKUSAGE; + for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { + switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { + case NID_server_auth: + x->ex_xkusage |= XKU_SSL_SERVER; + break; + + case NID_client_auth: + x->ex_xkusage |= XKU_SSL_CLIENT; + break; + + case NID_email_protect: + x->ex_xkusage |= XKU_SMIME; + break; + + case NID_code_sign: + x->ex_xkusage |= XKU_CODE_SIGN; + break; + + case NID_ms_sgc: + case NID_ns_sgc: + x->ex_xkusage |= XKU_SGC; + } + } + sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); + } + + if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { + if(ns->length > 0) x->ex_nscert = ns->data[0]; + else x->ex_nscert = 0; + x->ex_flags |= EXFLAG_NSCERT; + ASN1_BIT_STRING_free(ns); + } + x->ex_flags |= EXFLAG_SET; +} +#endif + +/* CA checks common to all purposes + * return codes: + * 0 not a CA + * 1 is a CA + * 2 basicConstraints absent so "maybe" a CA + * 3 basicConstraints absent but self signed V1. + */ + +#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) +#define ku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) +#define xku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) +#define ns_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) + +static int ca_check(X509 *x) +{ + /* keyUsage if present should allow cert signing */ + if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; + if(x->ex_flags & EXFLAG_BCONS) { + if(x->ex_flags & EXFLAG_CA) return 1; + /* If basicConstraints says not a CA then say so */ + else return 0; + } else { + if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; + else return 2; + } +} + + +static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) +{ + if(xku_reject(x,XKU_SSL_CLIENT)) return 0; + if(ca) { + int ca_ret; + ca_ret = ca_check(x); + if(!ca_ret) return 0; + /* check nsCertType if present */ + if(x->ex_flags & EXFLAG_NSCERT) { + if(x->ex_nscert & NS_SSL_CA) return ca_ret; + return 0; + } + if(ca_ret != 2) return ca_ret; + else return 0; + } + /* We need to do digital signatures with it */ + if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; + /* nsCertType if present should allow SSL client use */ + if(ns_reject(x, NS_SSL_CLIENT)) return 0; + return 1; +} + +static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +{ + if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; + /* Otherwise same as SSL client for a CA */ + if(ca) return check_purpose_ssl_client(xp, x, 1); + + if(ns_reject(x, NS_SSL_SERVER)) return 0; + /* Now as for keyUsage: we'll at least need to sign OR encipher */ + if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; + + return 1; + +} + +static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +{ + int ret; + ret = check_purpose_ssl_server(xp, x, ca); + if(!ret || ca) return ret; + /* We need to encipher or Netscape complains */ + if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; + return ret; +} + +/* common S/MIME checks */ +static int purpose_smime(X509 *x, int ca) +{ + if(xku_reject(x,XKU_SMIME)) return 0; + if(ca) { + int ca_ret; + ca_ret = ca_check(x); + if(!ca_ret) return 0; + /* check nsCertType if present */ + if(x->ex_flags & EXFLAG_NSCERT) { + if(x->ex_nscert & NS_SMIME_CA) return ca_ret; + return 0; + } + if(ca_ret != 2) return ca_ret; + else return 0; + } + if(x->ex_flags & EXFLAG_NSCERT) { + if(x->ex_nscert & NS_SMIME) return 1; + /* Workaround for some buggy certificates */ + if(x->ex_nscert & NS_SSL_CLIENT) return 2; + return 0; + } + return 1; +} + +static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) +{ + int ret; + ret = purpose_smime(x, ca); + if(!ret || ca) return ret; + if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; + return ret; +} + +static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) +{ + int ret; + ret = purpose_smime(x, ca); + if(!ret || ca) return ret; + if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; + return ret; +} + +static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) +{ + if(ca) { + int ca_ret; + if((ca_ret = ca_check(x)) != 2) return ca_ret; + else return 0; + } + if(ku_reject(x, KU_CRL_SIGN)) return 0; + return 1; +} diff --git a/lib/libssl/src/doc/apps/CA.pl.pod b/lib/libssl/src/doc/apps/CA.pl.pod new file mode 100644 index 00000000000..83e4c0af810 --- /dev/null +++ b/lib/libssl/src/doc/apps/CA.pl.pod @@ -0,0 +1,138 @@ + +=pod + +=head1 NAME + +CA.pl - friendlier interface for OpenSSL certificate programs + +=head1 SYNOPSIS + +B<CA.pl> +[B<-?>] +[B<-h>] +[B<-help>] +[B<-newcert>] +[B<-newreq>] +[B<-newca>] +[B<-xsign>] +[B<-sign>] +[B<-signreq>] +[B<-signcert>] +[B<-verify>] +[B<files>] + +=head1 DESCRIPTION + +The B<CA.pl> script is a perl script that supplies the relevant command line +arguments to the B<openssl> command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<?>, B<-h>, B<-help> + +prints a usage message. + +=item B<-newcert> + +creates a new self signed certificate. The private key and certificate are +written to the file "newreq.pem". + +=item B<-newreq> + +creates a new certificate request. The private key and request are +written to the file "newreq.pem". + +=item B<-newca> + +creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert> +and B<-xsign> options). The user is prompted to enter the filename of the CA +certificates (which should also contain the private key) or by hitting ENTER +details of the CA will be prompted for. The relevant files and directories +are created in a directory called "demoCA" in the current directory. + +=item B<-pkcs12> + +create a PKCS#12 file containing the user certificate, private key and CA +certificate. It expects the user certificate and private key to be in the +file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem, +it creates a file "newcert.p12". This command can thus be called after the +B<-sign> option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +"friendly name" for the certificate (which is typically displayed in the browser +list box), otherwise the name "My Certificate" is used. + +=item B<-sign>, B<-signreq>, B<-xsign> + +calls the B<ca> program to sign a certificate request. It expects the request +to be in the file "newreq.pem". The new certificate is written to the file +"newcert.pem" except in the case of the B<-xcert> option when it is written +to standard output. + +=item B<-signcert> + +this option is the same as B<-sign> except it expects a self signed certificate +to be present in the file "newreq.pem". + +=item B<-verify> + +verifies certificates against the CA certificate for "demoCA". If no certificates +are specified on the command line it tries to verify the file "newcert.pem". + +=item B<files> + +one or more optional certificate file names for use with the B<-verify> command. + +=back + +=head1 EXAMPLES + +Create a CA hierarchy: + + CA.pl -newca + +Complete certificate creation example: create a CA, create a request, sign +the request and finally create a PKCS#12 file containing it. + + CA.pl -newca + CA.pl -newreq + CA.pl -signreq + CA.pl -pkcs12 "My Test Certificate" + +=head1 NOTES + +Most of the filenames mentioned can be modified by editing the B<CA.pl> script. + +If the demoCA directory already exists then the B<-newca> command will not +overwrite it and will do nothing. This can happen if a previous call using +the B<-newca> option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists. + +Under some environments it may not be possible to run the B<CA.pl> script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command: + + perl -S CA.pl + +can be used and the B<OPENSSL_CONF> environment variable changed to point to +the correct path of the configuration file "openssl.cnf". + +The script is intended as a simple front end for the B<openssl> program for use +by a beginner. Its behaviour isn't always what is wanted. For more control over the +behaviour of the certificate commands call the B<openssl> command directly. + +=head1 ENVIRONMENT VARIABLES + +The variable B<OPENSSL_CONF> if defined allows an alternative configuration +file location to be specified, it should contain the full path to the +configuration file, not just its directory. + +=head1 SEE ALSO + +L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>, +L<config(5)|config(5)> + +=cut diff --git a/lib/libssl/src/doc/apps/asn1parse.pod b/lib/libssl/src/doc/apps/asn1parse.pod new file mode 100644 index 00000000000..e76e9813aba --- /dev/null +++ b/lib/libssl/src/doc/apps/asn1parse.pod @@ -0,0 +1,129 @@ +=pod + +=head1 NAME + +asn1parse - ASN.1 parsing tool + +=head1 SYNOPSIS + +B<openssl> B<asn1parse> +[B<-inform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-offset number>] +[B<-length number>] +[B<-i>] +[B<-oid filename>] +[B<-strparse offset>] + +=head1 DESCRIPTION + +The B<asn1parse> command is a diagnostic utility that can parse ASN.1 +structures. It can also be used to extract data from ASN.1 formatted data. + +=head1 OPTIONS + +=over 4 + +=item B<-inform> B<DER|PEM> + +the input format. B<DER> is binary format and B<PEM> (the default) is base64 +encoded. + +=item B<-in filename> + +the input file, default is standard input + +=item B<-out filename> + +output file to place the DER encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the B<-strparse> option. + +=item B<-noout> + +don't output the parsed version of the input file. + +=item B<-offset number> + +starting offset to begin parsing, default is start of file. + +=item B<-length number> + +number of bytes to parse, default is until end of file. + +=item B<-i> + +indents the output according to the "depth" of the structures. + +=item B<-oid filename> + +a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this +file is described in the NOTES section below. + +=item B<-strparse offset> + +parse the contents octets of the ASN.1 object starting at B<offset>. This +option can be used multiple times to "drill down" into a nested structure. + + +=back + +=head2 OUTPUT + +The output will typically contain lines like this: + + 0:d=0 hl=4 l= 681 cons: SEQUENCE + +..... + + 229:d=3 hl=3 l= 141 prim: BIT STRING + 373:d=2 hl=3 l= 162 cons: cont [ 3 ] + 376:d=3 hl=3 l= 159 cons: SEQUENCE + 379:d=4 hl=2 l= 29 cons: SEQUENCE + 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 386:d=5 hl=2 l= 22 prim: OCTET STRING + 410:d=4 hl=2 l= 112 cons: SEQUENCE + 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 417:d=5 hl=2 l= 105 prim: OCTET STRING + 524:d=4 hl=2 l= 12 cons: SEQUENCE + +..... + +This example is part of a self signed certificate. Each line starts with the +offset in decimal. B<d=XX> specifies the current depth. The depth is increased +within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length +(tag and length octets) of the current type. B<l=XX> gives the length of +the contents octets. + +The B<-i> option can be used to make the output more readable. + +Some knowledge of the ASN.1 structure is needed to interpret the output. + +In this example the BIT STRING at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option B<-strparse 229> to yield: + + 0:d=0 hl=3 l= 137 cons: SEQUENCE + 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 + 135:d=1 hl=2 l= 3 prim: INTEGER :010001 + +=head1 NOTES + +If an OID is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the B<-oid> option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the OID in numerical format and should be followed by white +space. The second column is the "short name" which is a single word followed +by white space. The final column is the rest of the line and is the +"long name". B<asn1parse> displays the long name. Example: + +C<1.2.3.4 shortName A long name> + +=head1 BUGS + +There should be options to change the format of input lines. The output of some +ASN.1 types is not well handled (if at all). + +=cut diff --git a/lib/libssl/src/doc/apps/ca.pod b/lib/libssl/src/doc/apps/ca.pod new file mode 100644 index 00000000000..03209aa6b17 --- /dev/null +++ b/lib/libssl/src/doc/apps/ca.pod @@ -0,0 +1,479 @@ + +=pod + +=head1 NAME + +ca - sample minimal CA application + +=head1 SYNOPSIS + +B<openssl> B<ca> +[B<-verbose>] +[B<-config filename>] +[B<-name section>] +[B<-gencrl>] +[B<-revoke file>] +[B<-crldays days>] +[B<-crlhours hours>] +[B<-crlexts section>] +[B<-startdate date>] +[B<-enddate date>] +[B<-days arg>] +[B<-md arg>] +[B<-policy arg>] +[B<-keyfile arg>] +[B<-key arg>] +[B<-cert file>] +[B<-in file>] +[B<-out file>] +[B<-notext>] +[B<-outdir dir>] +[B<-infiles>] +[B<-spkac file>] +[B<-ss_cert file>] +[B<-preserveDN>] +[B<-batch>] +[B<-msie_hack>] +[B<-extensions section>] + +=head1 DESCRIPTION + +The B<ca> command is a minimal CA application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs it also maintains a text database of issued certificates +and their status. + +The options descriptions will be divided into each purpose. + +=head1 CA OPTIONS + +=over 4 + +=item B<-config filename> + +specifies the configuration file to use. + +=item B<-in filename> + +an input filename containing a single certificate request to be +signed by the CA. + +=item B<-ss_cert filename> + +a single self signed certificate to be signed by the CA. + +=item B<-spkac filename> + +a file containing a single Netscape signed public key and challenge +and additional field values to be signed by the CA. See the B<NOTES> +section for information on the required format. + +=item B<-infiles> + +if present this should be the last option, all subsequent arguments +are assumed to the the names of files containing certificate requests. + +=item B<-out filename> + +the output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file. + +=item B<-outdir directory> + +the directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +".pem" appended. + +=item B<-cert> + +the CA certificate file. + +=item B<-keyfile filename> + +the private key to sign requests with. + +=item B<-key password> + +the password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the 'ps' utility) this option should be used with caution. + +=item B<-verbose> + +this prints extra details about the operations being performed. + +=item B<-notext> + +don't output the text form of a certificate to the output file. + +=item B<-startdate date> + +this allows the start date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). + +=item B<-enddate date> + +this allows the expiry date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). + +=item B<-days arg> + +the number of days to certify the certificate for. + +=item B<-md alg> + +the message digest to use. Possible values include md5, sha1 and mdc2. +This option also applies to CRLs. + +=item B<-policy arg> + +this option defines the CA "policy" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the CA certificate. Check out the B<POLICY FORMAT> section +for more information. + +=item B<-msie_hack> + +this is a legacy option to make B<ca> work with very old versions of +the IE certificate enrollment control "certenr3". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged. The newer control "Xenroll" does not +need this option. + +=item B<-preserveDN> + +Normally the DN order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older IE enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll. + +=item B<-batch> + +this sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically. + +=item B<-extensions section> + +the section of the configuration file containing certificate extensions +to be added when a certificate is issued. If no extension section is +present then a V1 certificate is created. If the extension section +is present (even if it is empty) then a V3 certificate is created. + +=back + +=head1 CRL OPTIONS + +=over 4 + +=item B<-gencrl> + +this option generates a CRL based on information in the index file. + +=item B<-crldays num> + +the number of days before the next CRL is due. That is the days from +now to place in the CRL nextUpdate field. + +=item B<-crlhours num> + +the number of hours before the next CRL is due. + +=item B<-revoke filename> + +a filename containing a certificate to revoke. + +=item B<-crlexts section> + +the section of the configuration file containing CRL extensions to +include. If no CRL extension section is present then a V1 CRL is +created, if the CRL extension section is present (even if it is +empty) then a V2 CRL is created. The CRL extensions specified are +CRL extensions and B<not> CRL entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. + +=back + +=head1 CONFIGURATION FILE OPTIONS + +The options for B<ca> are contained in the B<ca> section of the +configuration file. Many of these are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used. + +=over 4 + +=item B<oid_file> + +This specifies a file containing additional B<OBJECT IDENTIFIERS>. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. + +=item B<oid_section> + +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by B<=> and the numerical form. The short +and long names are the same when this option is used. + +=item B<new_certs_dir> + +the same as the B<-outdir> command line option. It specifies +the directory where new certificates will be placed. Mandatory. + +=item B<certificate> + +the same as B<-cert>. It gives the file containing the CA +certificate. Mandatory. + +=item B<private_key> + +same as the B<-keyfile> option. The file containing the +CA private key. Mandatory. + +=item B<RANDFILE> + +a file used to read and write random number seed information, or +an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). + +=item B<default_days> + +the same as the B<-days> option. The number of days to certify +a certificate for. + +=item B<default_startdate> + +the same as the B<-startdate> option. The start date to certify +a certificate for. If not set the current time is used. + +=item B<default_enddate> + +the same as the B<-enddate> option. Either this option or +B<default_days> (or the command line equivalents) must be +present. + +=item B<default_crl_hours default_crl_days> + +the same as the B<-crlhours> and the B<-crldays> options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a CRL. + +=item B<default_md> + +the same as the B<-md> option. The message digest to use. Mandatory. + +=item B<database> + +the text database file to use. Mandatory. This file must be present +though initially it will be empty. + +=item B<serialfile> + +a text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number. + +=item B<x509_extensions> + +the same as B<-extensions>. + +=item B<crl_extensions> + +the same as B<-crlexts>. + +=item B<preserve> + +the same as B<-preserveDN> + +=item B<msie_hack> + +the same as B<-msie_hack> + +=item B<policy> + +the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section +for more information. + +=back + +=head1 POLICY FORMAT + +The policy section consists of a set of variables corresponding to +certificate DN fields. If the value is "match" then the field value +must match the same field in the CA certificate. If the value is +"supplied" then it must be present. If the value is "optional" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the B<-preserveDN> option is set but +this can be regarded more of a quirk than intended behaviour. + +=head1 SPKAC FORMAT + +The input to the B<-spkac> command line option is a Netscape +signed public key and challenge. This will usually come from +the B<KEYGEN> tag in an HTML form to create a new private key. +It is however possible to create SPKACs using the B<spkac> utility. + +The file should contain the variable SPKAC set to the value of +the SPKAC and also the required DN components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'. + +=head1 EXAMPLES + +Note: these examples assume that the B<ca> directory structure is +already set up and the relevant files already exist. This usually +involves creating a CA certificate and private key with B<req>, a +serial number file and an empty index file and placing them in +the relevant directories. + +To use the sample configuration file below the directories demoCA, +demoCA/private and demoCA/newcerts would be created. The CA +certificate would be copied to demoCA/cacert.pem and its private +key to demoCA/private/cakey.pem. A file demoCA/serial would be +created containing for example "01" and the empty index file +demoCA/index.txt. + + +Sign a certificate request: + + openssl ca -in req.pem -out newcert.pem + +Generate a CRL + + openssl ca -gencrl -out crl.pem + +Sign several requests: + + openssl ca -infiles req1.pem req2.pem req3.pem + +Certify a Netscape SPKAC: + + openssl ca -spkac spkac.txt + +A sample SPKAC file (the SPKAC line has been truncated for clarity): + + SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 + CN=Steve Test + emailAddress=steve@openssl.org + 0.OU=OpenSSL Group + 1.OU=Another Group + +A sample configuration file with the relevant sections for B<ca>: + + [ ca ] + default_ca = CA_default # The default ca section + + [ CA_default ] + + dir = ./demoCA # top dir + database = $dir/index.txt # index file. + new_certs_dir = $dir/newcerts # new certs dir + + certificate = $dir/cacert.pem # The CA cert + serial = $dir/serial # serial no file + private_key = $dir/private/cakey.pem# CA private key + RANDFILE = $dir/private/.rand # random number file + + default_days = 365 # how long to certify for + default_crl_days= 30 # how long before next CRL + default_md = md5 # md to use + + policy = policy_any # default policy + + [ policy_any ] + countryName = supplied + stateOrProvinceName = optional + organizationName = optional + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + +=head1 WARNINGS + +The B<ca> command is quirky and at times downright unfriendly. + +The B<ca> utility was originally meant as an example of how to do things +in a CA. It was not supposed be be used as a full blown CA itself: +nevertheless some people are using it for this purpose. + +The B<ca> command is effectively a single user command: no locking is +done on the various files and attempts to run more than one B<ca> command +on the same database can have unpredictable results. + +=head1 FILES + +Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values. + + /usr/local/ssl/lib/openssl.cnf - master configuration file + ./demoCA - main CA directory + ./demoCA/cacert.pem - CA certificate + ./demoCA/private/cakey.pem - CA private key + ./demoCA/serial - CA serial number file + ./demoCA/serial.old - CA serial number backup file + ./demoCA/index.txt - CA text database file + ./demoCA/index.txt.old - CA text database backup file + ./demoCA/certs - certificate output file + ./demoCA/.rnd - CA random seed information + +=head1 ENVIRONMENT VARIABLES + +B<OPENSSL_CONF> reflects the location of master configuration file it can +be overridden by the B<-config> command line option. + +=head1 RESTRICTIONS + +The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +CRL: however there is no option to do this. + +CRL entry extensions cannot currently be created: only CRL extensions +can be added. + +V2 CRL features like delta CRL support and CRL numbers are not currently +supported. + +Although several requests can be input and handled at once it is only +possible to include one SPKAC or self signed certificate. + +=head1 BUGS + +The use of an in memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory. + +Certificate request extensions are ignored: some kind of "policy" should +be included to use certain static extensions and certain extensions +from the request. + +It is not possible to certify two certificates with the same DN: this +is a side effect of how the text database is indexed and it cannot easily +be fixed without introducing other problems. Some S/MIME clients can use +two certificates with the same DN for separate signing and encryption +keys. + +The B<ca> command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or GUI) can handle things properly. The scripts B<CA.sh> and +B<CA.pl> help a little but not very much. + +Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the B<-preserveDN> option is used but +the extra fields are not displayed when the user is asked to certify +a request. The behaviour should be more friendly and configurable. + +Cancelling some commands by refusing to certify a certificate can +create an empty file. + +=head1 SEE ALSO + +L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>, +L<config(5)|config(5)> + +=cut diff --git a/lib/libssl/src/doc/apps/ciphers.pod b/lib/libssl/src/doc/apps/ciphers.pod new file mode 100644 index 00000000000..2301e28251c --- /dev/null +++ b/lib/libssl/src/doc/apps/ciphers.pod @@ -0,0 +1,342 @@ +=pod + +=head1 NAME + +ciphers - SSL cipher display and cipher list tool. + +=head1 SYNOPSIS + +B<openssl> B<ciphers> +[B<-v>] +[B<-ssl2>] +[B<-ssl3>] +[B<-tls1>] +[B<cipherlist>] + +=head1 DESCRIPTION + +The B<cipherlist> command converts OpenSSL cipher lists into ordered +SSL cipher preference lists. It can be used as a test tool to determine +the appropriate cipherlist. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-v> + +verbose option. List ciphers with a complete description of the authentication, +key exchange, encryption and mac algorithms used along with any key size +restrictions and whether the algorithm is classed as an "export" cipher. + +=item B<-ssl3> + +only include SSL v3 ciphers. + +=item B<-ssl2> + +only include SSL v2 ciphers. + +=item B<-tls1> + +only include TLS v1 ciphers. + +=item B<-h>, B<-?> + +print a brief usage message. + +=item B<cipherlist> + +a cipher list to convert to a cipher preference list. If it is not included +then the default cipher list will be used. The format is described below. + +=back + +=head1 CIPHER LIST FORMAT + +The cipher list consists of one or more I<cipher strings> separated by colons. +Commas or spaces are also acceptable separators but colons are normally used. + +The actual cipher string can take several different forms. + +It can consist of a single cipher suite such as B<RC4-SHA>. + +It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example B<SHA1> represents all ciphers +suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3 +algorithms. + +Lists of cipher suites can be combined in a single cipher string using the +B<+> character. This is used as a logical B<and> operation. For example +B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES +algorithms. + +Each cipher string can be optionally preceded by the characters B<!>, +B<-> or B<+>. + +If B<!> is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated. + +If B<-> is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options. + +If B<+> is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones. + +If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list. + +Additionally the cipher string B<@STRENGTH> can be used at any point to sort +the current cipher list in order of encryption algorithm key length. + +=head1 CIPHER STRINGS + +The following is a list of all permitted cipher strings and their meanings. + +=over 4 + +=item B<DEFAULT> + +the default cipher list. This is determined at compile time and is normally +B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string +specified. + +=item B<ALL> + +all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled. + +=item B<HIGH> + +"high" encryption cipher suites. This currently means those with key lengths larger +than 128 bits. + +=item B<MEDIUM> + +"medium" encryption cipher suites, currently those using 128 bit encryption. + +=item B<LOW> + +"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms +but excluding export cipher suites. + +=item B<EXP>, B<EXPORT> + +export encryption algorithms. Including 40 and 56 bits algorithms. + +=item B<EXPORT40> + +40 bit export encryption algorithms + +=item B<EXPORT56> + +56 bit export encryption algorithms. + +=item B<eNULL>, B<NULL> + +the "NULL" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are disabled unless explicitly +included. + +=item B<aNULL> + +the cipher suites offering no authentication. This is currently the anonymous +DH algorithms. These cipher suites are vulnerable to a "man in the middle" +attack and so their use is normally discouraged. + +=item B<kRSA>, B<RSA> + +cipher suites using RSA key exchange. + +=item B<kEDH> + +cipher suites using ephemeral DH key agreement. + +=item B<kDHr>, B<kDHd> + +cipher suites using DH key agreement and DH certificates signed by CAs with RSA +and DSS keys respectively. Not implemented. + +=item B<aRSA> + +cipher suites using RSA authentication, i.e. the certificates carry RSA keys. + +=item B<aDSS>, B<DSS> + +cipher suites using DSS authentication, i.e. the certificates carry DSS keys. + +=item B<aDH> + +cipher suites effectively using DH authentication, i.e. the certificates carry +DH keys. Not implemented. + +=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA> + +ciphers suites using FORTEZZA key exchange, authentication, encryption or all +FORTEZZA algorithms. Not implemented. + +=item B<TLSv1>, B<SSLv3>, B<SSLv2> + +TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. + +=item B<DH> + +cipher suites using DH, including anonymous DH. + +=item B<ADH> + +anonymous DH cipher suites. + +=item B<3DES> + +cipher suites using triple DES. + +=item B<DES> + +cipher suites using DES (not triple DES). + +=item B<RC4> + +cipher suites using RC4. + +=item B<RC2> + +cipher suites using RC2. + +=item B<IDEA> + +cipher suites using IDEA. + +=item B<MD5> + +cipher suites using MD5. + +=item B<SHA1>, B<SHA> + +cipher suites using SHA1. + +=back + +=head1 CIPHER SUITE NAMES + +The following lists give the SSL or TLS cipher suites names from the +relevant specification and their OpenSSL equivalents. + +=head2 SSL v3.0 cipher suites. + + SSL_RSA_WITH_NULL_MD5 NULL-MD5 + SSL_RSA_WITH_NULL_SHA NULL-SHA + SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 + SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 + SSL_RSA_WITH_RC4_128_SHA RC4-SHA + SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 + SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA + SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA + SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA + SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA + + SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. + SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. + SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. + SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. + SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. + SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. + SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA + SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA + SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA + SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA + SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA + + SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 + SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 + SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA + SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA + SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA + + SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. + SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. + SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. + +=head2 TLS v1.0 cipher suites. + + TLS_RSA_WITH_NULL_MD5 NULL-MD5 + TLS_RSA_WITH_NULL_SHA NULL-SHA + TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 + TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 + TLS_RSA_WITH_RC4_128_SHA RC4-SHA + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 + TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA + TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA + + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA + TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA + TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA + + TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 + TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 + TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA + TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA + TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA + +=head2 Additional Export 1024 and other cipher suites + +Note: these ciphers can also be used in SSL v3. + + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA + TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA + +=head2 SSL v2.0 cipher suites. + + SSL_CK_RC4_128_WITH_MD5 RC4-MD5 + SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 + SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 + SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 + SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 + SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 + SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 + +=head1 NOTES + +The non-ephemeral DH modes are currently unimplemented in OpenSSL +because there is no support for DH certificates. + +Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time. + +=head1 EXAMPLES + +Verbose listing of all OpenSSL ciphers including NULL ciphers: + + openssl ciphers -v 'ALL:eNULL' + +Include all ciphers except NULL and anonymous DH then sort by +strength: + + openssl ciphers -v 'ALL:!ADH:@STRENGTH' + +Include only 3DES ciphers and then place RSA ciphers last: + + openssl ciphers -v '3DES:+RSA' + +=head1 SEE ALSO + +L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)> + +=cut diff --git a/lib/libssl/src/doc/apps/config.pod b/lib/libssl/src/doc/apps/config.pod new file mode 100644 index 00000000000..ce874a42ce1 --- /dev/null +++ b/lib/libssl/src/doc/apps/config.pod @@ -0,0 +1,138 @@ + +=pod + +=head1 NAME + +config - OpenSSL CONF library configuration files + +=head1 DESCRIPTION + +The OpenSSL CONF library can be used to read configuration files. +It is used for the OpenSSL master configuration file B<openssl.cnf> +and in a few other places like B<SPKAC> files and certificate extension +files for the B<x509> utility. + +A configuration file is divided into a number of sections. Each section +starts with a line B<[ section_name ]> and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. + +The first section of a configuration file is special and is referred +to as the B<default> section this is usually unnamed and is from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section. + +The environment is mapped onto a section called B<ENV>. + +Comments can be included by preceding them with the B<#> character + +Each section in a configuration file consists of a number of name and +value pairs of the form B<name=value> + +The B<name> string can contain any alphanumeric characters as well as +a few punctuation symbols such as B<.> B<,> B<;> and B<_>. + +The B<value> string consists of the string following the B<=> character +until end of line with any leading and trailing white space removed. + +The value string undergoes variable expansion. This can be done by +including the form B<$var> or B<${var}>: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax B<$section::name> +or B<${section::name}>. By using the form B<$ENV::name> environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name B<ENV::name>, this will work +if the program looks up environment variables using the B<CONF> library +instead of calling B<getenv()> directly. + +It is possible to escape certain characters by using any kind of quote +or the B<\> character. By making the last character of a line a B<\> +a B<value> string can be spread across multiple lines. In addition +the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized. + +=head1 NOTES + +If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example the default OpenSSL master configuration file used +the value of B<HOME> which may not be defined on non Unix systems. + +This can be worked around by including a B<default> section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the B<EXAMPLES> section for an example of how to do this. + +If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial B<.> e.g. + + 1.OU="My first OU" + 2.OU="My Second OU" + +=head1 EXAMPLES + +Here is a sample configuration file using some of the features +mentioned above. + + # This is the default section. + + HOME=/temp + RANDFILE= ${ENV::HOME}/.rnd + configdir=$ENV::HOME/config + + [ section_one ] + + # We are now in section one. + + # Quotes permit leading and trailing whitespace + any = " any variable name " + + other = A string that can \ + cover several lines \ + by including \\ characters + + message = Hello World\n + + [ section_two ] + + greeting = $section_one::message + +This next example shows how to expand environment variables safely. + +Suppose you want a variable called B<tmpfile> to refer to a +temporary filename. The directory it is placed in can determined by +the the B<TEMP> or B<TMP> environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with B<TEMP> taking +priority and B</tmp> used if neither is defined: + + TMP=/tmp + # The above value is used if TMP isn't in the environment + TEMP=$ENV::TMP + # The above value is used if TEMP isn't in the environment + tmpfile=${ENV::TEMP}/tmp.filename + +=head1 BUGS + +Currently there is no way to include characters using the octal B<\nnn> +form. Strings are all null terminated so nulls cannot form part of +the value. + +The escaping isn't quite right: if you want to use sequences like B<\n> +you can't use any quote escaping on the same line. + +Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file. + +=head1 SEE ALSO + +L<x509(1)|x509(1)>, L<req(1)|req(1)>, L<ca(1)|ca(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/crl.pod b/lib/libssl/src/doc/apps/crl.pod new file mode 100644 index 00000000000..a40c873b956 --- /dev/null +++ b/lib/libssl/src/doc/apps/crl.pod @@ -0,0 +1,117 @@ +=pod + +=head1 NAME + +crl - CRL utility + +=head1 SYNOPSIS + +B<openssl> B<crl> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-text>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-hash>] +[B<-issuer>] +[B<-lastupdate>] +[B<-nextupdate>] +[B<-CAfile file>] +[B<-CApath dir>] + +=head1 DESCRIPTION + +The B<crl> command processes CRL files in DER or PEM format. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. B<DER> format is DER encoded CRL +structure. B<PEM> (the default) is a base64 encoded version of +the DER form with header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read from or standard input if this +option is not specified. + +=item B<-out filename> + +specifies the output filename to write to or standard output by +default. + +=item B<-text> + +print out the CRL in text form. + +=item B<-noout> + +don't output the encoded version of the CRL. + +=item B<-hash> + +output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name. + +=item B<-issuer> + +output the issuer name. + +=item B<-lastupdate> + +output the lastUpdate field. + +=item B<-nextupdate> + +output the nextUpdate field. + +=item B<-CAfile file> + +verify the signature on a CRL by looking up the issuing certificate in +B<file> + +=item B<-CApath dir> + +verify the signature on a CRL by looking up the issuing certificate in +B<dir>. This directory must be a standard certificate directory: that +is a hash of each subject name (using B<x509 -hash>) should be linked +to each certificate. + +=back + +=head1 NOTES + +The PEM CRL format uses the header and footer lines: + + -----BEGIN X509 CRL----- + -----END X509 CRL----- + +=head1 EXAMPLES + +Convert a CRL file from PEM to DER: + + openssl crl -in crl.pem -outform DER -out crl.der + +Output the text form of a DER encoded certificate: + + openssl crl -in crl.der -text -noout + +=head1 BUGS + +Ideally it should be possible to create a CRL using appropriate options +and files too. + +=head1 SEE ALSO + +L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/crl2pkcs7.pod b/lib/libssl/src/doc/apps/crl2pkcs7.pod new file mode 100644 index 00000000000..da199b044a8 --- /dev/null +++ b/lib/libssl/src/doc/apps/crl2pkcs7.pod @@ -0,0 +1,90 @@ +=pod + +=head1 NAME + +crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. + +=head1 SYNOPSIS + +B<openssl> B<pkcs7> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-print_certs>] + +=head1 DESCRIPTION + +The B<crl2pkcs7> command takes an optional CRL and one or more +certificates and converts them into a PKCS#7 degenerate "certificates +only" structure. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the CRL input format. B<DER> format is DER encoded CRL +structure.B<PEM> (the default) is a base64 encoded version of +the DER form with header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the PKCS#7 structure output format. B<DER> format is DER +encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of +the DER form with header and footer lines. + +=item B<-in filename> + +This specifies the input filename to read a CRL from or standard input if this +option is not specified. + +=item B<-out filename> + +specifies the output filename to write the PKCS#7 structure to or standard +output by default. + +=item B<-certfile filename> + +specifies a filename containing one or more certificates in B<PEM> format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files. + +=item B<-nocrl> + +normally a CRL is included in the output file. With this option no CRL is +included in the output file and a CRL is not read from the input file. + +=back + +=head1 EXAMPLES + +Create a PKCS#7 structure from a certificate and CRL: + + openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem + +Creates a PKCS#7 structure in DER format with no CRL from several +different certificates: + + openssl crl2pkcs7 -nocrl -certfile newcert.pem + -certfile demoCA/cacert.pem -outform DER -out p7.der + +=head1 NOTES + +The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional CRL. + +This utility can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the DER encoded output +as MIME type application/x-x509-user-cert. + +The B<PEM> encoded form with the header and footer lines removed can be used to +install user certificates and CAs in MSIE using the Xenroll control. + +=head1 SEE ALSO + +L<pkcs7(1)|pkcs7(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/dgst.pod b/lib/libssl/src/doc/apps/dgst.pod new file mode 100644 index 00000000000..cbf2cc529aa --- /dev/null +++ b/lib/libssl/src/doc/apps/dgst.pod @@ -0,0 +1,49 @@ +=pod + +=head1 NAME + +dgst, md5, md2, sha1, sha, mdc2, ripemd160 - message digests + +=head1 SYNOPSIS + +[B<dgst>] +[B<-md5|-md2|-sha1|-sha|mdc2|-ripemd160>] +[B<-c>] +[B<-d>] +[B<file...>] + +[B<md5|md2|sha1|sha|mdc2|ripemd160>] +[B<-c>] +[B<-d>] +[B<file...>] + +=head1 DESCRIPTION + +The digest functions print out the message digest of a supplied file or files +in hexadecimal form. + +=head1 OPTIONS + +=over 4 + +=item B<-c> + +print out the digest in two digit groups separated by colons. + +=item B<-d> + +print out BIO debugging information. + +=item B<file...> + +file or files to digest. If no files are specified then standard input is +used. + +=back + +=head1 NOTES + +The digest of choice for all new applications is SHA1. Other digests are +however still widely used. + +=cut diff --git a/lib/libssl/src/doc/apps/dhparam.pod b/lib/libssl/src/doc/apps/dhparam.pod new file mode 100644 index 00000000000..6b237ec05a9 --- /dev/null +++ b/lib/libssl/src/doc/apps/dhparam.pod @@ -0,0 +1,115 @@ +=pod + +=head1 NAME + +dhparam - DH parameter manipulation and generation + +=head1 SYNOPSIS + +B<openssl dh> +[B<-inform DER|PEM>] +[B<-outform DER|PEM>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-text>] +[B<-C>] +[B<-2>] +[B<-5>] +[B<-rand file(s)>] +[numbits] + +=head1 DESCRIPTION + +This command is used to manipulate DH parameter files. + +=head1 OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B<DER> option uses an ASN1 DER encoded +form compatible with the PKCS#3 DHparameter structure. The PEM form is the +default format: it consists of the B<DER> format base64 encoded with +additional header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read parameters from or standard input if +this option is not specified. + +=item B<-out filename> + +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should B<not> be the same +as the input filename. + +=item B<-2>, B<-5> + +The generator to use, either 2 or 5. 2 is the default. If present then the +input file is ignored and parameters are generated instead. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for +all others. + +=item B<numbits> + +this option specifies that a parameter set should be generated of size +B<numbits>. It must be the last option. If not present then a value of 512 +is used. If this option is present then the input file is ignored and +parameters are generated instead. + +=item B<-noout> + +this option inhibits the output of the encoded version of the parameters. + +=item B<-text> + +this option prints out the DH parameters in human readable form. + +=item B<-C> + +this option converts the parameters into C code. The parameters can then +be loaded by calling the B<get_dhXXX()> function. + +=back + +=head1 WARNINGS + +The program B<dhparam> combines the functionality of the programs B<dh> and +B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh> +programs are retained for now but may have different purposes in future +versions of OpenSSL. + +=head1 NOTES + +PEM format DH parameters use the header and footer lines: + + -----BEGIN DH PARAMETERS----- + -----END DH PARAMETERS----- + +OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 +DH. + +This program manipulates DH parameters not keys. + +=head1 BUGS + +There should be a way to generate and manipulate DH keys. + +=head1 SEE ALSO + +L<dsaparam(1)|dsaparam(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/dsa.pod b/lib/libssl/src/doc/apps/dsa.pod new file mode 100644 index 00000000000..28e534bb956 --- /dev/null +++ b/lib/libssl/src/doc/apps/dsa.pod @@ -0,0 +1,150 @@ +=pod + +=head1 NAME + +dsa - DSA key processing + +=head1 SYNOPSIS + +B<openssl> B<dsa> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-passin arg>] +[B<-out filename>] +[B<-passout arg>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-text>] +[B<-noout>] +[B<-modulus>] +[B<-pubin>] +[B<-pubout>] + +=head1 DESCRIPTION + +The B<dsa> command processes DSA keys. They can be converted between various +forms and their components printed out. B<Note> This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the B<pkcs8> + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B<DER> option with a private key uses +an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of +version (currently zero), p, q, g, the public and private key components +respectively as ASN.1 INTEGERs. When used with a public key it uses a +SubjectPublicKeyInfo structure: it is an error if the key is not DSA. + +The B<PEM> form is the default format: it consists of the B<DER> format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. + +=item B<-passin arg> + +the input file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-out filename> + +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should B<not> be the same as the input +filename. + +=item B<-passout arg> + +the output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-des|-des3|-idea> + +These options encrypt the private key with the DES, triple DES, or the +IDEA ciphers respectively before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the B<dsa> utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with PEM format output files. + +=item B<-text> + +prints out the public, private key components and parameters. + +=item B<-noout> + +this option prevents output of the encoded version of the key. + +=item B<-modulus> + +this option prints out the value of the public key component of the key. + +=item B<-pubin> + +by default a private key is read from the input file: with this option a +public key is read instead. + +=item B<-pubout> + +by default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. + +=back + +=head1 NOTES + +The PEM private key format uses the header and footer lines: + + -----BEGIN DSA PRIVATE KEY----- + -----END DSA PRIVATE KEY----- + +The PEM public key format uses the header and footer lines: + + -----BEGIN PUBLIC KEY----- + -----END PUBLIC KEY----- + +=head1 EXAMPLES + +To remove the pass phrase on a DSA private key: + + openssl dsa -in key.pem -out keyout.pem + +To encrypt a private key using triple DES: + + openssl dsa -in key.pem -des3 -out keyout.pem + +To convert a private key from PEM to DER format: + + openssl dsa -in key.pem -outform DER -out keyout.der + +To print out the components of a private key to standard output: + + openssl dsa -in key.pem -text -noout + +To just output the public part of a private key: + + openssl dsa -in key.pem -pubout -out pubkey.pem + +=head1 SEE ALSO + +L<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>, +L<genrsa(1)|genrsa(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/dsaparam.pod b/lib/libssl/src/doc/apps/dsaparam.pod new file mode 100644 index 00000000000..8647f34698c --- /dev/null +++ b/lib/libssl/src/doc/apps/dsaparam.pod @@ -0,0 +1,102 @@ +=pod + +=head1 NAME + +dsaparam - DSA parameter manipulation and generation + +=head1 SYNOPSIS + +B<openssl dsaparam> +[B<-inform DER|PEM>] +[B<-outform DER|PEM>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-text>] +[B<-C>] +[B<-rand file(s)>] +[B<-genkey>] +[B<numbits>] + +=head1 DESCRIPTION + +This command is used to manipulate or generate DSA parameter files. + +=head1 OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B<DER> option uses an ASN1 DER encoded +form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting +of p, q and g respectively. The PEM form is the default format: it consists +of the B<DER> format base64 encoded with additional header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read parameters from or standard input if +this option is not specified. If the B<numbits> parameter is included then +this option will be ignored. + +=item B<-out filename> + +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should B<not> be the same +as the input filename. + +=item B<-noout> + +this option inhibits the output of the encoded version of the parameters. + +=item B<-text> + +this option prints out the DSA parameters in human readable form. + +=item B<-C> + +this option converts the parameters into C code. The parameters can then +be loaded by calling the B<get_dsaXXX()> function. + +=item B<-genkey> + +this option will generate a DSA either using the specified or generated +parameters. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for +all others. + +=item B<numbits> + +this option specifies that a parameter set should be generated of size +B<numbits>. It must be the last option. If this option is included then +the input file (if any) is ignored. + +=back + +=head1 NOTES + +PEM format DSA parameters use the header and footer lines: + + -----BEGIN DSA PARAMETERS----- + -----END DSA PARAMETERS----- + +DSA parameter generation is a slow process and as a result the same set of +DSA parameters is often used to generate several distinct keys. + +=head1 SEE ALSO + +L<gendsa(1)|gendsa(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, +L<rsa(1)|rsa(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/enc.pod b/lib/libssl/src/doc/apps/enc.pod new file mode 100644 index 00000000000..e436ccc37e6 --- /dev/null +++ b/lib/libssl/src/doc/apps/enc.pod @@ -0,0 +1,257 @@ +=pod + +=head1 NAME + +enc - symmetric cipher routines + +=head1 SYNOPSIS + +B<openssl enc -ciphername> +[B<-in filename>] +[B<-out filename>] +[B<-pass arg>] +[B<-e>] +[B<-d>] +[B<-a>] +[B<-A>] +[B<-k password>] +[B<-kfile filename>] +[B<-K key>] +[B<-iv IV>] +[B<-p>] +[B<-P>] +[B<-bufsize number>] +[B<-debug>] + +=head1 DESCRIPTION + +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. + +=head1 OPTIONS + +=over 4 + +=item B<-in filename> + +the input filename, standard input by default. + +=item B<-out filename> + +the output filename, standard output by default. + +=item B<-pass arg> + +the password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-salt> + +use a salt in the key derivation routines. This option should B<ALWAYS> +be used unless compatibility with previous versions of OpenSSL or SSLeay +is required. This option is only present on OpenSSL versions 0.9.5 or +above. + +=item B<-nosalt> + +don't use a salt in the key derivation routines. This is the default for +compatibility with previous versions of OpenSSL and SSLeay. + +=item B<-e> + +encrypt the input data: this is the default. + +=item B<-d> + +decrypt the input data. + +=item B<-a> + +base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. + +=item B<-A> + +if the B<-a> option is set then base64 process the data on one line. + +=item B<-k password> + +the password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the B<-pass> argument. + +=item B<-kfile filename> + +read the password to derive the key from the first line of B<filename>. +This is for computability with previous versions of OpenSSL. Superseded by +the B<-pass> argument. + +=item B<-S salt> + +the actual salt to use: this must be represented as a string comprised only +of hex digits. + +=item B<-K key> + +the actual key to use: this must be represented as a string comprised only +of hex digits. + +=item B<-iv IV> + +the actual IV to use: this must be represented as a string comprised only +of hex digits. + +=item B<-p> + +print out the key and IV used. + +=item B<-P> + +print out the key and IV used then immediately exit: don't do any encryption +or decryption. + +=item B<-bufsize number> + +set the buffer size for I/O + +=item B<-debug> + +debug the BIOs used for I/O. + +=back + +=head1 NOTES + +The program can be called either as B<openssl ciphername> or +B<openssl enc -ciphername>. + +A password will be prompted for to derive the key and IV if necessary. + +The B<-salt> option should B<ALWAYS> be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL and SSLeay. + +Without the B<-salt> option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted. + +Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher in CBC mode such as bf or des3. + +All the block ciphers use PKCS#5 padding also known as standard block +padding: this allows a rudimentary integrity or password check to be +performed. However since the chance of random data passing the test is +better than 1 in 256 it isn't a very good test. + +All RC2 ciphers have the same key and effective key length. + +Blowfish and RC5 algorithms use a 128 bit key. + +=head1 SUPPORTED CIPHERS + + base64 Base 64 + + bf-cbc Blowfish in CBC mode + bf Alias for bf-cbc + bf-cfb Blowfish in CFB mode + bf-ecb Blowfish in ECB mode + bf-ofb Blowfish in OFB mode + + cast-cbc CAST in CBC mode + cast Alias for cast-cbc + cast5-cbc CAST5 in CBC mode + cast5-cfb CAST5 in CFB mode + cast5-ecb CAST5 in ECB mode + cast5-ofb CAST5 in OFB mode + + des-cbc DES in CBC mode + des Alias for des-cbc + des-cfb DES in CBC mode + des-ofb DES in OFB mode + des-ecb DES in ECB mode + + des-ede-cbc Two key triple DES EDE in CBC mode + des-ede Alias for des-ede + des-ede-cfb Two key triple DES EDE in CFB mode + des-ede-ofb Two key triple DES EDE in OFB mode + + des-ede3-cbc Three key triple DES EDE in CBC mode + des-ede3 Alias for des-ede3-cbc + des3 Alias for des-ede3-cbc + des-ede3-cfb Three key triple DES EDE CFB mode + des-ede3-ofb Three key triple DES EDE in OFB mode + + desx DESX algorithm. + + idea-cbc IDEA algorithm in CBC mode + idea same as idea-cbc + idea-cfb IDEA in CFB mode + idea-ecb IDEA in ECB mode + idea-ofb IDEA in OFB mode + + rc2-cbc 128 bit RC2 in CBC mode + rc2 Alias for rc2-cbc + rc2-cfb 128 bit RC2 in CBC mode + rc2-ecb 128 bit RC2 in CBC mode + rc2-ofb 128 bit RC2 in CBC mode + rc2-64-cbc 64 bit RC2 in CBC mode + rc2-40-cbc 40 bit RC2 in CBC mode + + rc4 128 bit RC4 + rc4-64 64 bit RC4 + rc4-40 40 bit RC4 + + rc5-cbc RC5 cipher in CBC mode + rc5 Alias for rc5-cbc + rc5-cfb RC5 cipher in CBC mode + rc5-ecb RC5 cipher in CBC mode + rc5-ofb RC5 cipher in CBC mode + +=head1 EXAMPLES + +Just base64 encode a binary file: + + openssl base64 -in file.bin -out file.b64 + +Decode the same file + + openssl base64 -d -in file.b64 -out file.bin + +Encrypt a file using triple DES in CBC mode using a prompted password: + + openssl des3 -salt -in file.txt -out file.des3 + +Decrypt a file using a supplied password: + + openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword + +Encrypt a file then base64 encode it (so it can be sent via mail for example) +using Blowfish in CBC mode: + + openssl bf -a -salt -in file.txt -out file.bf + +Base64 decode a file then decrypt it: + + openssl bf -d -salt -a -in file.bf -out file.txt + +Decrypt some data using a supplied 40 bit RC4 key: + + openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 + +=head1 BUGS + +The B<-A> option when used with large files doesn't work properly. + +There should be an option to allow an iteration count to be included. + +Like the EVP library the B<enc> program only supports a fixed number of +algorithms with certain parameters. So if, for example, you want to use RC2 +with a 76 bit key or RC4 with an 84 bit key you can't use this program. + +=cut diff --git a/lib/libssl/src/doc/apps/gendsa.pod b/lib/libssl/src/doc/apps/gendsa.pod new file mode 100644 index 00000000000..3314ace5172 --- /dev/null +++ b/lib/libssl/src/doc/apps/gendsa.pod @@ -0,0 +1,58 @@ +=pod + +=head1 NAME + +gendsa - generate a DSA private key from a set of parameters + +=head1 SYNOPSIS + +B<openssl> B<gendsa> +[B<-out filename>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-rand file(s)>] +[B<paramfile>] + +=head1 DESCRIPTION + +The B<gendsa> command generates a DSA private key from a DSA parameter file +(which will be typically generated by the B<openssl dsaparam> command). + +=head1 OPTIONS + +=over 4 + +=item B<-des|-des3|-idea> + +These options encrypt the private key with the DES, triple DES, or the +IDEA ciphers respectively before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for +all others. + +=item B<paramfile> + +This option specifies the DSA parameter file to use. The parameters in this +file determine the size of the private key. DSA parameters can be generated +and examined using the B<openssl dsaparam> command. + +=back + +=head1 NOTES + +DSA key generation is little more than random number generation so it is +much quicker that RSA key generation for example. + +=head1 SEE ALSO + +L<dsaparam(1)|dsaparam(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, +L<rsa(1)|rsa(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/genrsa.pod b/lib/libssl/src/doc/apps/genrsa.pod new file mode 100644 index 00000000000..a2d878410b0 --- /dev/null +++ b/lib/libssl/src/doc/apps/genrsa.pod @@ -0,0 +1,85 @@ +=pod + +=head1 NAME + +genrsa - generate an RSA private key + +=head1 SYNOPSIS + +B<openssl> B<genrsa> +[B<-out filename>] +[B<-passout arg>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-f4>] +[B<-3>] +[B<-rand file(s)>] +[B<numbits>] + +=head1 DESCRIPTION + +The B<genrsa> command generates an RSA private key. + +=head1 OPTIONS + +=over 4 + +=item B<-out filename> + +the output filename. If this argument is not specified then standard output is +used. + +=item B<-passout arg> + +the output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-des|-des3|-idea> + +These options encrypt the private key with the DES, triple DES, or the +IDEA ciphers respectively before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the B<-passout> argument. + +=item B<-F4|-3> + +the public exponent to use, either 65537 or 3. The default is 65537. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for +all others. + +=item B<numbits> + +the size of the private key to generate in bits. This must be the last option +specified. The default is 512. + +=back + +=head1 NOTES + +RSA private key generation essentially involves the generation of two prime +numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A B<.> represents each number which +has passed an initial sieve test, B<+> means a number has passed a single +round of the Miller-Rabin primality test. A newline means that the number has +passed all the prime tests (the actual number depends on the key size). + +Because key generation is a random process the time taken to generate a key +may vary somewhat. + +=head1 BUGS + +A quirk of the prime generation algorithm is that it cannot generate small +primes. Therefore the number of bits should not be less that 64. For typical +private keys this will not matter because for security reasons they will +be much larger (typically 1024 bits). + +=head1 SEE ALSO + +L<gendsa(1)|gendsa(1)> diff --git a/lib/libssl/src/doc/apps/nseq.pod b/lib/libssl/src/doc/apps/nseq.pod new file mode 100644 index 00000000000..989c3108fb8 --- /dev/null +++ b/lib/libssl/src/doc/apps/nseq.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +nseq - create or examine a netscape certificate sequence + +=head1 SYNOPSIS + +B<openssl> B<nseq> +[B<-in filename>] +[B<-out filename>] +[B<-toseq>] + +=head1 DESCRIPTION + +The B<nseq> command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-in filename> + +This specifies the input filename to read or standard input if this +option is not specified. + +=item B<-out filename> + +specifies the output filename or standard output by default. + +=item B<-toseq> + +normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the B<-toseq> option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates. + +=back + +=head1 EXAMPLES + +Output the certificates in a Netscape certificate sequence + + openssl nseq -in nseq.pem -out certs.pem + +Create a Netscape certificate sequence + + openssl nseq -in certs.pem -toseq -out nseq.pem + +=head1 NOTES + +The B<PEM> encoded form uses the same headers and footers as a certificate: + + -----BEGIN CERTIFICATE----- + -----END CERTIFICATE----- + +A Netscape certificate sequence is a Netscape specific form that can be sent +to browsers as an alternative to the standard PKCS#7 format when several +certificates are sent to the browser: for example during certificate enrollment. +It is used by Netscape certificate server for example. + +=head1 BUGS + +This program needs a few more options: like allowing DER or PEM input and +output files and allowing multiple certificate files to be used. + +=cut diff --git a/lib/libssl/src/doc/apps/openssl.pod b/lib/libssl/src/doc/apps/openssl.pod new file mode 100644 index 00000000000..9b1320606ba --- /dev/null +++ b/lib/libssl/src/doc/apps/openssl.pod @@ -0,0 +1,298 @@ + +=pod + +=head1 NAME + +openssl - OpenSSL command line tool + +=head1 SYNOPSIS + +B<openssl> +I<command> +[ I<command_opts> ] +[ I<command_args> ] + +=head1 DESCRIPTION + +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL +v2/v3) and Transport Layer Security (TLS v1) network protocols and related +cryptography standards required by them. + +The B<openssl> program is a command line tool for using the various +cryptography functions of OpenSSL's B<crypto> library from the shell. +It can be used for + + o Creation of RSA, DH and DSA key parameters + o Creation of X.509 certificates, CSRs and CRLs + o Calculation of Message Digests + o Encryption and Decryption with Ciphers + o SSL/TLS Client and Server Tests + o Handling of S/MIME signed or encrypted mail + +=head1 COMMAND SUMMARY + +The B<openssl> program provides a rich variety of commands (I<command> in the +SYNOPSIS above), each of which often has a wealth of options and arguments +(I<command_opts> and I<command_args> in the SYNOPSIS). + +=head2 STANDARD COMMANDS + +=over 10 + +=item L<B<asn1parse>|asn1parse(1)> + +Parse an ASN.1 sequence. + +=item L<B<ca>|ca(1)> + +Certificate Authority (CA) Management. + +=item L<B<ciphers>|ciphers(1)> + +Cipher Suite Description Determination. + +=item L<B<crl>|crl(1)> + +Certificate Revocation List (CRL) Management. + +=item L<B<crl2pkcs7>|crl2pkcs7(1)> + +CRL to PKCS#7 Conversion. + +=item L<B<dgst>|dgst(1)> + +Message Digest Calculation. + +=item L<B<dh>|dh(1)> + +Diffie-Hellman Data Management. + +=item L<B<dsa>|dsa(1)> + +DSA Data Management. + +=item L<B<dsaparam>|dsaparam(1)> + +DSA Parameter Generation. + +=item L<B<enc>|enc(1)> + +Encoding with Ciphers. + +=item L<B<errstr>|errstr(1)> + +Error Number to Error String Conversion. + +=item L<B<gendh>|gendh(1)> + +Generation of Diffie-Hellman Parameters. + +=item L<B<gendsa>|gendsa(1)> + +Generation of DSA Parameters. + +=item L<B<genrsa>|genrsa(1)> + +Generation of RSA Parameters. + +=item L<B<passwd>|passwd(1)> + +Generation of hashed passwords. + +=item L<B<pkcs7>|pkcs7(1)> + +PKCS#7 Data Management. + +=item L<B<req>|req(1)> + +X.509 Certificate Signing Request (CSR) Management. + +=item L<B<rsa>|rsa(1)> + +RSA Data Management. + +=item L<B<s_client>|s_client(1)> + +This implements a generic SSL/TLS client which can establish a transparent +connection to a remote server speaking SSL/TLS. It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL B<ssl> library. + +=item L<B<s_server>|s_server(1)> + +This implements a generic SSL/TLS server which accepts connections from remote +clients speaking SSL/TLS. It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL B<ssl> library. It provides both an own command +line oriented protocol for testing SSL functions and a simple HTTP response +facility to emulate an SSL/TLS-aware webserver. + +=item L<B<s_time>|s_time(1)> + +SSL Connection Timer. + +=item L<B<sess_id>|sess_id(1)> + +SSL Session Data Management. + +=item L<B<smime>|smime(1)> + +S/MIME mail processing. + +=item L<B<speed>|speed(1)> + +Algorithm Speed Measurement. + +=item L<B<verify>|verify(1)> + +X.509 Certificate Verification. + +=item L<B<version>|version(1)> + +OpenSSL Version Information. + +=item L<B<x509>|x509(1)> + +X.509 Certificate Data Management. + +=back + +=head2 MESSAGE DIGEST COMMANDS + +=over 10 + +=item B<md2> + +MD2 Digest + +=item B<md5> + +MD5 Digest + +=item B<mdc2> + +MDC2 Digest + +=item B<rmd160> + +RMD-160 Digest + +=item B<sha> + +SHA Digest + +=item B<sha1> + +SHA-1 Digest + +=back + +=head2 ENCODING AND CIPHER COMMANDS + +=over 10 + +=item B<base64> + +Base64 Encoding + +=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb> + +Blowfish Cipher + +=item B<cast cast-cbc> + +CAST Cipher + +=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb> + +CAST5 Cipher + +=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb> + +DES Cipher + +=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb> + +Triple-DES Cipher + +=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb> + +IDEA Cipher + +=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb> + +RC2 Cipher + +=item B<rc4> + +RC4 Cipher + +=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb> + +RC5 Cipher + +=back + +=head1 PASS PHRASE ARGUMENTS + +Several commands accept password arguments, typically using B<-passin> +and B<-passout> for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off. + +=over 10 + +=item B<pass:password> + +the actual password is B<password>. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important. + +=item B<env:var> + +obtain the password from the environment variable B<var>. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution. + +=item B<file:pathname> + +the first line of B<pathname> is the password. If the same B<pathname> +argument is supplied to B<-passin> and B<-passout> arguments then the first +line will be used for the input password and the next line for the output +password. B<pathname> need not refer to a regular file: it could for example +refer to a device or named pipe. + +=item B<fd:number> + +read the password from the file descriptor B<number>. This can be used to +send the data via a pipe for example. + +=item B<stdin> + +read the password from standard input. + +=back + +=head1 SEE ALSO + +L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>, +L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>, +L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, +L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, +L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, +L<passwd(1)|passwd(1)>, +L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, +L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, L<s_client(1)|s_client(1)>, +L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, +L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, +L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> + +=head1 HISTORY + +The openssl(1) document appeared in OpenSSL 0.9.2 + +=cut + diff --git a/lib/libssl/src/doc/apps/passwd.pod b/lib/libssl/src/doc/apps/passwd.pod new file mode 100644 index 00000000000..cee6a2f172e --- /dev/null +++ b/lib/libssl/src/doc/apps/passwd.pod @@ -0,0 +1,69 @@ +=pod + +=head1 NAME + +passwd - compute password hashes + +=head1 SYNOPSIS + +B<openssl passwd> +[B<-crypt>] +[B<-apr1>] +[B<-salt> I<string>] +[B<-in> I<file>] +[B<-stdin>] +[B<-quiet>] +[B<-table>] +{I<password>} + +=head1 DESCRIPTION + +The B<passwd> command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option B<-in file>, from stdin for +option B<-stdin>, and from the command line otherwise. +The Unix standard algorithm B<crypt> and the MD5-based B<apr1> algorithm +are available. + +=head1 OPTIONS + +=over 4 + +=item B<-crypt> + +Use the B<crypt> algorithm (default). + +=item B<-apr1> + +Use the B<apr1> algorithm. + +=item B<-salt> I<string> + +Use the specified salt. + +=item B<-in> I<file> + +Read passwords from I<file>. + +=item B<-stdin> + +Read passwords from B<stdin>. + +=item B<-quiet> + +Don't output warnings when passwords given at the command line are truncated. + +=item B<-table> + +In the output list, prepend the cleartext password and a TAB character +to each password hash. + +=back + +=head1 EXAMPLES + +B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. + +B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. + +=cut diff --git a/lib/libssl/src/doc/apps/pkcs12.pod b/lib/libssl/src/doc/apps/pkcs12.pod new file mode 100644 index 00000000000..241f9c4a8b0 --- /dev/null +++ b/lib/libssl/src/doc/apps/pkcs12.pod @@ -0,0 +1,310 @@ + +=pod + +=head1 NAME + +pkcs12 - PKCS#12 file utility + +=head1 SYNOPSIS + +B<openssl> B<pkcs12> +[B<-export>] +[B<-chain>] +[B<-inkey filename>] +[B<-certfile filename>] +[B<-name name>] +[B<-caname name>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-nomacver>] +[B<-nocerts>] +[B<-clcerts>] +[B<-cacerts>] +[B<-nokeys>] +[B<-info>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-nodes>] +[B<-noiter>] +[B<-maciter>] +[B<-twopass>] +[B<-descert>] +[B<-certpbe>] +[B<-keypbe>] +[B<-keyex>] +[B<-keysig>] +[B<-password arg>] +[B<-passin arg>] +[B<-passout arg>] +[B<-rand file(s)>] + +=head1 DESCRIPTION + +The B<pkcs12> command allows PKCS#12 files (sometimes referred to as +PFX files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, MSIE and MS Outlook. + +=head1 COMMAND OPTIONS + +There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12 +file can be created by using the B<-export> option (see below). + +=head1 PARSING OPTIONS + +=over 4 + +=item B<-in filename> + +This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default. + +=item B<-out filename> + +The filename to write certificates and private keys to, standard output by default. +They are all written in PEM format. + +=item B<-pass arg>, B<-passin arg> + +the PKCS#12 file (i.e. input file) password source. For more information about the +format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in +L<openssl(1)|openssl(1)>. + +=item B<-passout arg> + +pass phrase source to encrypt any outputed private keys with. For more information +about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in +L<openssl(1)|openssl(1)>. + +=item B<-noout> + +this option inhibits output of the keys and certificates to the output file version +of the PKCS#12 file. + +=item B<-clcerts> + +only output client certificates (not CA certificates). + +=item B<-cacerts> + +only output CA certificates (not client certificates). + +=item B<-nocerts> + +no certificates at all will be output. + +=item B<-nokeys> + +no private keys will be output. + +=item B<-info> + +output additional information about the PKCS#12 file structure, algorithms used and +iteration counts. + +=item B<-des> + +use DES to encrypt private keys before outputting. + +=item B<-des3> + +use triple DES to encrypt private keys before outputting, this is the default. + +=item B<-idea> + +use IDEA to encrypt private keys before outputting. + +=item B<-nodes> + +don't encrypt the private keys at all. + +=item B<-nomacver> + +don't attempt to verify the integrity MAC before reading the file. + +=item B<-twopass> + +prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. + +=back + +=head1 FILE CREATION OPTIONS + +=over 4 + +=item B<-export> + +This option specifies that a PKCS#12 file will be created rather than +parsed. + +=item B<-out filename> + +This specifies filename to write the PKCS#12 file to. Standard output is used +by default. + +=item B<-in filename> + +The filename to read certificates and private keys from, standard input by default. +They must all be in PEM format. The order doesn't matter but one private key and +its corresponding certificate should be present. If additional certificates are +present they will also be included in the PKCS#12 file. + +=item B<-inkey filename> + +file to read private key from. If not present then a private key must be present +in the input file. + +=item B<-name friendlyname> + +This specifies the "friendly name" for the certificate and private key. This name +is typically displayed in list boxes by software importing the file. + +=item B<-certfile filename> + +A filename to read additional certificates from. + +=item B<-caname friendlyname> + +This specifies the "friendly name" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas MSIE +displays them. + +=item B<-pass arg>, B<-passout arg> + +the PKCS#12 file (i.e. output file) password source. For more information about +the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in +L<openssl(1)|openssl(1)>. + +=item B<-passin password> + +pass phrase source to decrypt any input private keys with. For more information +about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in +L<openssl(1)|openssl(1)>. + +=item B<-chain> + +if this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard CA store is used +for this search. If the search fails it is considered a fatal error. + +=item B<-descert> + +encrypt the certificate using triple DES, this may render the PKCS#12 +file unreadable by some "export grade" software. By default the private +key is encrypted using triple DES and the certificate using 40 bit RC2. + +=item B<-keypbe alg>, B<-certpbe alg> + +these options allow the algorithm used to encrypt the private key and +certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms +can be selected it is advisable only to use PKCS#12 algorithms. See the list +in the B<NOTES> section for more information. + +=item B<-keyex|-keysig> + +specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by MSIE and similar MS software. Normally +"export grade" software will only allow 512 bit RSA keys to be used for +encryption purposes but arbitrary length keys for signing. The B<-keysig> +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and SSL client +authentication, however due to a bug only MSIE 5.0 and later support +the use of signing only keys for SSL client authentication. + +=item B<-nomaciter>, B<-noiter> + +these options affect the iteration counts on the MAC and key algorithms. +Unless you wish to produce files compatible with MSIE 4.0 you should leave +these options alone. + +To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The MAC is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked. +By default both MAC and encryption iteration counts are set to 2048, using +these options the MAC and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both MAC and key iteration counts. +MSIE 4.0 doesn't support MAC iteration counts so it needs the B<-nomaciter> +option. + +=item B<-maciter> + +This option is included for compatibility with previous versions, it used +to be needed to use MAC iterations counts but they are now used by default. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for +all others. + +=back + +=head1 NOTES + +Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used +for PKCS#12 file creation B<-export> and B<-name> are also used. + +If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the B<-clcerts> option will solve this problem by only +outputing the certificate corresponding to the private key. If the CA +certificates are required then they can be output to a separate file using +the B<-nokeys -cacerts> options to just output CA certificates. + +The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple DES +encrypted private keys, then the option B<-keypbe PBE-SHA1-RC2-40> can +be used to reduce the private key encryption to 40 bit RC2. A complete +description of all algorithms is contained in the B<pkcs8> manual page. + +=head1 EXAMPLES + +Parse a PKCS#12 file and output it to a file: + + openssl pkcs12 -in file.p12 -out file.pem + +Output only client certificates to a file: + + openssl pkcs12 -in file.p12 -clcerts -out file.pem + +Don't encrypt the private key: + + openssl pkcs12 -in file.p12 -out file.pem -nodes + +Print some info about a PKCS#12 file: + + openssl pkcs12 -in file.p12 -info -noout + +Create a PKCS#12 file: + + openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" + +Include some extra certificates: + + openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \ + -certfile othercerts.pem + +=head1 BUGS + +Some would argue that the PKCS#12 standard is one big bug :-) + +=head1 SEE ALSO + +L<pkcs8(1)|pkcs8(1)> + diff --git a/lib/libssl/src/doc/apps/pkcs7.pod b/lib/libssl/src/doc/apps/pkcs7.pod new file mode 100644 index 00000000000..4e9bd6e46bf --- /dev/null +++ b/lib/libssl/src/doc/apps/pkcs7.pod @@ -0,0 +1,97 @@ +=pod + +=head1 NAME + +pkcs7 - PKCS#7 utility + +=head1 SYNOPSIS + +B<openssl> B<pkcs7> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-print_certs>] +[B<-text>] +[B<-noout>] + +=head1 DESCRIPTION + +The B<pkcs7> command processes PKCS#7 files in DER or PEM format. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. B<DER> format is DER encoded PKCS#7 +v1.5 structure.B<PEM> (the default) is a base64 encoded version of +the DER form with header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read from or standard input if this +option is not specified. + +=item B<-out filename> + +specifies the output filename to write to or standard output by +default. + +=item B<-print_certs> + +prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format. + +=item B<-text> + +prints out certificates details in full rather than just subject and +issuer names. + +=item B<-noout> + +don't output the encoded version of the PKCS#7 structure (or certificates +is B<-print_certs> is set). + +=back + +=head1 EXAMPLES + +Convert a PKCS#7 file from PEM to DER: + + openssl pkcs7 -in file.pem -outform DER -out file.der + +Output all certificates in a file: + + openssl pkcs7 -in file.pem -print_certs -out certs.pem + +=head1 NOTES + +The PEM PKCS#7 format uses the header and footer lines: + + -----BEGIN PKCS7----- + -----END PKCS7----- + +For compatability with some CAs it will also accept: + + -----BEGIN CERTIFICATE----- + -----END CERTIFICATE----- + +=head1 RESTRICTIONS + +There is no option to print out all the fields of a PKCS#7 file. + +This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they +cannot currently parse, for example, the new CMS as described in RFC2630. + +=head1 SEE ALSO + +L<crl2pkcs7(1)|crl2pkcs7(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/pkcs8.pod b/lib/libssl/src/doc/apps/pkcs8.pod new file mode 100644 index 00000000000..a56b2dd0020 --- /dev/null +++ b/lib/libssl/src/doc/apps/pkcs8.pod @@ -0,0 +1,235 @@ +=pod + +=head1 NAME + +pkcs8 - PKCS#8 format private key conversion tool + +=head1 SYNOPSIS + +B<openssl> B<pkcs8> +[B<-topk8>] +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-passin arg>] +[B<-out filename>] +[B<-passout arg>] +[B<-noiter>] +[B<-nocrypt>] +[B<-nooct>] +[B<-embed>] +[B<-nsdb>] +[B<-v2 alg>] +[B<-v1 alg>] + +=head1 DESCRIPTION + +The B<pkcs8> command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-topk8> + +Normally a PKCS#8 private key is expected on input and a traditional format +private key will be written. With the B<-topk8> option the situation is +reversed: it reads a traditional format private key and writes a PKCS#8 +format key. + +=item B<-inform DER|PEM> + +This specifies the input format. If a PKCS#8 format key is expected on input +then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be +expected. Otherwise the B<DER> or B<PEM> format of the traditional format +private key is used. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. + +=item B<-passin arg> + +the input file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-out filename> + +This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should B<not> be the same as the input +filename. + +=item B<-passout arg> + +the output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-nocrypt> + +PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys. + +=item B<-nooct> + +This option generates RSA private keys in a broken format that some software +uses. Specifically the private key should be enclosed in a OCTET STRING +but some software just includes the structure itself without the +surrounding OCTET STRING. + +=item B<-embed> + +This option generates DSA keys in a broken format. The DSA parameters are +embedded inside the PrivateKey structure. In this form the OCTET STRING +contains an ASN1 SEQUENCE consisting of two structures: a SEQUENCE containing +the parameters and an ASN1 INTEGER containing the private key. + +=item B<-nsdb> + +This option generates DSA keys in a broken format compatible with Netscape +private key databases. The PrivateKey contains a SEQUENCE consisting of +the public and private keys respectively. + +=item B<-v2 alg> + +This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8 +private keys are encrypted with the password based encryption algorithm +called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it +was the strongest encryption algorithm supported in PKCS#5 v1.5. Using +the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any +encryption algorithm such as 168 bit triple DES or 128 bit RC2 however +not many implementations support PKCS#5 v2.0 yet. If you are just using +private keys with OpenSSL then this doesn't matter. + +The B<alg> argument is the encryption algorithm to use, valid values include +B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used. + +=item B<-v1 alg> + +This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete +list of possible algorithms is included below. + +=back + +=head1 NOTES + +The encrypted form of a PEM encode PKCS#8 files uses the following +headers and footers: + + -----BEGIN ENCRYPTED PRIVATE KEY----- + -----END ENCRYPTED PRIVATE KEY----- + +The unencrypted form uses: + + -----BEGIN PRIVATE KEY----- + -----END PRIVATE KEY----- + +Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted. + +The default encryption is only 56 bits because this is the encryption +that most current implementations of PKCS#8 will support. + +Some software may use PKCS#12 password based encryption algorithms +with PKCS#8 format private keys: these are handled automatically +but there is no option to produce them. + +It is possible to write out DER encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an ASN1 +level whereas the traditional format includes them at a PEM level. + +=head1 PKCS#5 v1.5 and PKCS#12 algorithms. + +Various algorithms can be used with the B<-v1> command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below. + +=over 4 + +=item B<PBE-MD2-DES PBE-MD5-DES> + +These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use DES. + +=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES> + +These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or +56 bit DES. + +=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40> + +These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple DES or 128 bit RC2 to be used. + +=back + +=head1 EXAMPLES + +Convert a private from traditional to PKCS#5 v2.0 format using triple +DES: + + openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem + +Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(DES): + + openssl pkcs8 -in key.pem -topk8 -out enckey.pem + +Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES): + + openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES + +Read a DER unencrypted PKCS#8 format private key: + + openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem + +Convert a private key from any PKCS#8 format to traditional format: + + openssl pkcs8 -in pk8.pem -out key.pem + +=head1 STANDARDS + +Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple DES, DES and RC2 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned. + +The format of PKCS#8 DSA (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA +PKCS#8 private key format complies with this standard. + +=head1 BUGS + +There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count. + +PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private +key format for OpenSSL: for compatibility several of the utilities use +the old format at present. + +=head1 SEE ALSO + +L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>, +L<gendsa(1)|gendsa(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/req.pod b/lib/libssl/src/doc/apps/req.pod new file mode 100644 index 00000000000..fde6ff2e9fe --- /dev/null +++ b/lib/libssl/src/doc/apps/req.pod @@ -0,0 +1,528 @@ + +=pod + +=head1 NAME + +req - PKCS#10 certificate and certificate generating utility. + +=head1 SYNOPSIS + +B<openssl> B<req> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-passin arg>] +[B<-out filename>] +[B<-passout arg>] +[B<-text>] +[B<-noout>] +[B<-verify>] +[B<-modulus>] +[B<-new>] +[B<-newkey rsa:bits>] +[B<-newkey dsa:file>] +[B<-nodes>] +[B<-key filename>] +[B<-keyform PEM|DER>] +[B<-keyout filename>] +[B<-[md5|sha1|md2|mdc2]>] +[B<-config filename>] +[B<-x509>] +[B<-days n>] +[B<-asn1-kludge>] +[B<-newhdr>] +[B<-extensions section>] +[B<-reqexts section>] + +=head1 DESCRIPTION + +The B<req> command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B<DER> option uses an ASN1 DER encoded +form compatible with the PKCS#10. The B<PEM> form is the default format: it +consists of the B<DER> format base64 encoded with additional header and +footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (B<-new> and B<-newkey>) are not specified. + +=item B<-passin arg> + +the input file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-out filename> + +This specifies the output filename to write to or standard output by +default. + +=item B<-passout arg> + +the output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-text> + +prints out the certificate request in text form. + +=item B<-noout> + +this option prevents output of the encoded version of the request. + +=item B<-modulus> + +this option prints out the value of the modulus of the public key +contained in the request. + +=item B<-verify> + +verifies the signature on the request. + +=item B<-new> + +this option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions. + +If the B<-key> option is not used it will generate a new RSA private +key using information specified in the configuration file. + +=item B<-newkey arg> + +this option creates a new certificate request and a new private +key. The argument takes one of two forms. B<rsa:nbits>, where +B<nbits> is the number of bits, generates an RSA key B<nbits> +in size. B<dsa:filename> generates a DSA key using the parameters +in the file B<filename>. + +=item B<-key filename> + +This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for PEM format files. + +=item B<-keyform PEM|DER> + +the format of the private key file specified in the B<-key> +argument. PEM is the default. + +=item B<-keyout filename> + +this gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used. + +=item B<-nodes> + +if this option is specified then if a private key is created it +will not be encrypted. + +=item B<-[md5|sha1|md2|mdc2]> + +this specifies the message digest to sign the request with. This +overrides the digest algorithm specified in the configuration file. +This option is ignored for DSA requests: they always use SHA1. + +=item B<-config filename> + +this allows an alternative configuration file to be specified, +this overrides the compile time filename or any specified in +the B<OPENSSL_CONF> environment variable. + +=item B<-x509> + +this option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root CA. The extensions added to the certificate +(if any) are specified in the configuration file. + +=item B<-days n> + +when the B<-x509> option is being used this specifies the number of +days to certify the certificate for. The default is 30 days. + +=item B<-extensions section> +=item B<-reqexts section> + +these options specify alternative sections to include certificate +extensions (if the B<-x509> option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes. + +=item B<-asn1-kludge> + +by default the B<req> command outputs certificate requests containing +no attributes in the correct PKCS#10 format. However certain CAs will only +accept requests containing no attributes in an invalid form: this +option produces this invalid format. + +More precisely the B<Attributes> in a PKCS#10 certificate request +are defined as a B<SET OF Attribute>. They are B<not OPTIONAL> so +if no attributes are present then they should be encoded as an +empty B<SET OF>. The invalid form does not include the empty +B<SET OF> whereas the correct form does. + +It should be noted that very few CAs still require the use of this option. + +=item B<-newhdr> + +Adds the word B<NEW> to the PEM file header and footer lines on the outputed +request. Some software (Netscape certificate server) and some CAs need this. + +=back + +=head1 CONFIGURATION FILE FORMAT + +The configuration options are specified in the B<req> section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. B<req>) then +the initial unnamed or B<default> section is searched too. + +The options available are described in detail below. + +=over 4 + +=item B<input_password output_password> + +The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options B<passin> and B<passout> override the +configuration file values. + +=item B<default_bits> + +This specifies the default key size in bits. If not specified then +512 is used. It is used if the B<-new> option is used. It can be +overridden by using the B<-newkey> option. + +=item B<default_keyfile> + +This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the B<-keyout> option. + +=item B<oid_file> + +This specifies a file containing additional B<OBJECT IDENTIFIERS>. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. + +=item B<oid_section> + +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by B<=> and the numerical form. The short +and long names are the same when this option is used. + +=item B<RANDFILE> + +This specifies a filename in which random number seed information is +placed and read from, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +It is used for private key generation. + +=item B<encrypt_key> + +If this is set to B<no> then if a private key is generated it is +B<not> encrypted. This is equivalent to the B<-nodes> command line +option. For compatibility B<encrypt_rsa_key> is an equivalent option. + +=item B<default_md> + +This option specifies the digest algorithm to use. Possible values +include B<md5 sha1 mdc2>. If not present then MD5 is used. This +option can be overridden on the command line. + +=item B<string_mask> + +This option masks out the use of certain string types in certain +fields. Most users will not need to change this option. + +It can be set to several values B<default> which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +B<pkix> value is used then only PrintableStrings and BMPStrings will +be used. This follows the PKIX recommendation in RFC2459. If the +B<utf8only> option is used then only UTF8Strings will be used: this +is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr> +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape. + +=item B<req_extensions> + +this specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the B<-reqexts> command line switch. + +=item B<x509_extensions> + +this specifies the configuration file section containing a list of +extensions to add to certificate generated when the B<-x509> switch +is used. It can be overridden by the B<-extensions> command line switch. + +=item B<prompt> + +if set to the value B<no> this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the B<distinguished_name> and B<attributes> sections. + +=item B<attributes> + +this specifies the section containing any request attributes: its format +is the same as B<distinguished_name>. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them. + +=item B<distinguished_name> + +This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section. + +=back + +=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT + +There are two separate formats for the distinguished name and attribute +sections. If the B<prompt> option is set to B<no> then these sections +just consist of field names and values: for example, + + CN=My Name + OU=My Organization + emailAddress=someone@somewhere.org + +This allows external programs (e.g. GUI based) to generate a template file +with all the field names and values and just pass it to B<req>. An example +of this kind of configuration file is contained in the B<EXAMPLES> section. + +Alternatively if the B<prompt> option is absent or not set to B<no> then the +file contains field prompting information. It consists of lines of the form: + + fieldName="prompt" + fieldName_default="default field value" + fieldName_min= 2 + fieldName_max= 4 + +"fieldName" is the field name being used, for example commonName (or CN). +The "prompt" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character. + +The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString). + +Some fields (such as organizationName) can be used more than once +in a DN. This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it "1.organizationName". + +The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationUnitName, stateOrPrivinceName. Additionally emailAddress +is include as well as name, surname, givenName initials and dnQualifier. + +Additional object identifiers can be defined with the B<oid_file> or +B<oid_section> options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString. + + +=head1 EXAMPLES + +Examine and verify certificate request: + + openssl req -in req.pem -text -verify -noout + +Create a private key and then generate a certificate request from it: + + openssl genrsa -out key.pem 1024 + openssl req -new -key key.pem -out req.pem + +The same but just using req: + + openssl req -newkey rsa:1024 -keyout key.pem -out req.pem + +Generate a self signed root certificate: + + openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem + +Example of a file pointed to by the B<oid_file> option: + + 1.2.3.4 shortName A longer Name + 1.2.3.6 otherName Other longer Name + +Example of a section pointed to by B<oid_section> making use of variable +expansion: + + testoid1=1.2.3.5 + testoid2=${testoid1}.6 + +Sample configuration file prompting for field values: + + [ req ] + default_bits = 1024 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes + x509_extensions = v3_ca + + dirstring_type = nobmp + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) + countryName_default = AU + countryName_min = 2 + countryName_max = 2 + + localityName = Locality Name (eg, city) + + organizationalUnitName = Organizational Unit Name (eg, section) + + commonName = Common Name (eg, YOUR name) + commonName_max = 64 + + emailAddress = Email Address + emailAddress_max = 40 + + [ req_attributes ] + challengePassword = A challenge password + challengePassword_min = 4 + challengePassword_max = 20 + + [ v3_ca ] + + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid:always,issuer:always + basicConstraints = CA:true + +Sample configuration containing all field values: + + + RANDFILE = $ENV::HOME/.rnd + + [ req ] + default_bits = 1024 + default_keyfile = keyfile.pem + distinguished_name = req_distinguished_name + attributes = req_attributes + prompt = no + output_password = mypass + + [ req_distinguished_name ] + C = GB + ST = Test State or Province + L = Test Locality + O = Organization Name + OU = Organizational Unit Name + CN = Common Name + emailAddress = test@email.address + + [ req_attributes ] + challengePassword = A challenge password + + +=head1 NOTES + +The header and footer lines in the B<PEM> format are normally: + + -----BEGIN CERTIFICATE REQUEST---- + -----END CERTIFICATE REQUEST---- + +some software (some versions of Netscape certificate server) instead needs: + + -----BEGIN NEW CERTIFICATE REQUEST---- + -----END NEW CERTIFICATE REQUEST---- + +which is produced with the B<-newhdr> option but is otherwise compatible. +Either form is accepted transparently on input. + +The certificate requests generated by B<Xenroll> with MSIE have extensions +added. It includes the B<keyUsage> extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an extendedKeyUsage extension. + +=head1 DIAGNOSTICS + +The following messages are frequently asked about: + + Using configuration from /some/path/openssl.cnf + Unable to load config info + +This is followed some time later by... + + unable to find 'distinguished_name' in config + problems making Certificate Request + +The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug. + +Another puzzling message is this: + + Attributes: + a0:00 + +this is displayed when no attributes are present and the request includes +the correct empty B<SET OF> structure (the DER encoding of which is 0xa0 +0x00). If you just see: + + Attributes: + +then the B<SET OF> is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option B<-asn1-kludge> +for more information. + +=head1 ENVIRONMENT VARIABLES + +The variable B<OPENSSL_CONF> if defined allows an alternative configuration +file location to be specified, it will be overridden by the B<-config> command +line switch if it is present. For compatibility reasons the B<SSLEAY_CONF> +environment variable serves the same purpose but its use is discouraged. + +=head1 BUGS + +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings. + +As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and MSIE then you currently need to use the invalid T61String form. + +The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user. + +=head1 SEE ALSO + +L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, +L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)> + +=cut diff --git a/lib/libssl/src/doc/apps/rsa.pod b/lib/libssl/src/doc/apps/rsa.pod new file mode 100644 index 00000000000..62ad62e23df --- /dev/null +++ b/lib/libssl/src/doc/apps/rsa.pod @@ -0,0 +1,156 @@ + +=pod + +=head1 NAME + +rsa - RSA key processing tool + +=head1 SYNOPSIS + +B<openssl> B<rsa> +[B<-inform PEM|NET|DER>] +[B<-outform PEM|NET|DER>] +[B<-in filename>] +[B<-passin arg>] +[B<-out filename>] +[B<-passout arg>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-text>] +[B<-noout>] +[B<-modulus>] +[B<-check>] +[B<-pubin>] +[B<-pubout>] + +=head1 DESCRIPTION + +The B<rsa> command processes RSA keys. They can be converted between various +forms and their components printed out. B<Note> this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the B<pkcs8> +utility. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|NET|PEM> + +This specifies the input format. The B<DER> option uses an ASN1 DER encoded +form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. +The B<PEM> form is the default format: it consists of the B<DER> format base64 +encoded with additional header and footer lines. On input PKCS#8 format private +keys are also accepted. The B<NET> form is a format compatible with older Netscape +servers and MS IIS, this uses unsalted RC4 for its encryption. It is not very +secure and so should only be used when necessary. + +=item B<-outform DER|NET|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. + +=item B<-passin arg> + +the input file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-out filename> + +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should B<not> be the same as the input +filename. + +=item B<-passout password> + +the output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-des|-des3|-idea> + +These options encrypt the private key with the DES, triple DES, or the +IDEA ciphers respectively before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the B<rsa> utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with PEM format output files. + +=item B<-text> + +prints out the various public or private key components in +plain text in addition to the encoded version. + +=item B<-noout> + +this option prevents output of the encoded version of the key. + +=item B<-modulus> + +this option prints out the value of the modulus of the key. + +=item B<-check> + +this option checks the consistency of an RSA private key. + +=item B<-pubin> + +by default a private key is read from the input file: with this +option a public key is read instead. + +=item B<-pubout> + +by default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. + +=back + +=head1 NOTES + +The PEM private key format uses the header and footer lines: + + -----BEGIN RSA PRIVATE KEY----- + -----END RSA PRIVATE KEY----- + +The PEM public key format uses the header and footer lines: + + -----BEGIN PUBLIC KEY----- + -----END PUBLIC KEY----- + +=head1 EXAMPLES + +To remove the pass phrase on an RSA private key: + + openssl rsa -in key.pem -out keyout.pem + +To encrypt a private key using triple DES: + + openssl rsa -in key.pem -des3 -out keyout.pem + +To convert a private key from PEM to DER format: + + openssl rsa -in key.pem -outform DER -out keyout.der + +To print out the components of a private key to standard output: + + openssl rsa -in key.pem -text -noout + +To just output the public part of a private key: + + openssl rsa -in key.pem -pubout -out pubkey.pem + +=head1 SEE ALSO + +L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, +L<gendsa(1)|gendsa(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/s_client.pod b/lib/libssl/src/doc/apps/s_client.pod new file mode 100644 index 00000000000..3ede134164c --- /dev/null +++ b/lib/libssl/src/doc/apps/s_client.pod @@ -0,0 +1,213 @@ + +=pod + +=head1 NAME + +s_client - SSL/TLS client program + +=head1 SYNOPSIS + +B<openssl> B<s_client> +[B<-connect> host:port>] +[B<-verify depth>] +[B<-cert filename>] +[B<-key filename>] +[B<-CApath directory>] +[B<-CAfile filename>] +[B<-reconnect>] +[B<-pause>] +[B<-showcerts>] +[B<-debug>] +[B<-nbio_test>] +[B<-state>] +[B<-nbio>] +[B<-crlf>] +[B<-quiet>] +[B<-ssl2>] +[B<-ssl3>] +[B<-tls1>] +[B<-no_ssl2>] +[B<-no_ssl3>] +[B<-no_tls1>] +[B<-bugs>] +[B<-cipher cipherlist>] + +=head1 DESCRIPTION + +The B<s_client> command implements a generic SSL/TLS client which connects +to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for +SSL servers. + +=head1 OPTIONS + +=over 4 + +=item B<-connect host:port> + +This specifies the host and optional port to connect to. If not specified +then an attempt is made to connect to the local host on port 4433. + +=item B<-cert certname> + +The certificate to use, if one is requested by the server. The default is +not to use a certificate. + +=item B<-key keyfile> + +The private key to use. If not specified then the certificate file will +be used. + +=item B<-verify depth> + +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. + +=item B<-CApath directory> + +The directory to use for server certificate verification. This directory +must be in "hash format", see B<verify> for more information. These are +also used when building the client certificate chain. + +=item B<-CAfile file> + +A file containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. + +=item B<-reconnect> + +reconnects to the same server 5 times using the same session ID, this can +be used as a test that session caching is working. + +=item B<-pause> + +pauses 1 second between each read and write call. + +=item B<-showcerts> + +display the whole server certificate chain: normally only the server +certificate itself is displayed. + +=item B<-prexit> + +print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain URL. Note: the output produced by this +option is not always accurate because a connection might never have been +established. + +=item B<-state> + +prints out the SSL session states. + +=item B<-debug> + +print extensive debugging information including a hex dump of all traffic. + +=item B<-nbio_test> + +tests non-blocking I/O + +=item B<-nbio> + +turns on non-blocking I/O + +=item B<-crlf> + +this option translated a line feed from the terminal into CR+LF as required +by some servers. + +=item B<-quiet> + +inhibit printing of session and certificate information. + +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> + +these options disable the use of certain SSL or TLS protocols. By default +the initial handshake uses a method which should be compatible with all +servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. + +Unfortunately there are a lot of ancient and broken servers in use which +cannot handle this technique and will fail to connect. Some servers only +work if TLS is turned off with the B<-no_tls> option others will only +support SSL v2 and may need the B<-ssl2> option. + +=item B<-bugs> + +there are several known bug in SSL and TLS implementations. Adding this +option enables various workarounds. + +=item B<-cipher cipherlist> + +this allows the cipher list sent by the client to be modified. Although +the server determines which cipher suite is used it should take the first +supported cipher in the list sent by the client. See the B<ciphers> +command for more information. + +=back + +=head1 CONNECTED COMMANDS + +If a connection is established with an SSL server then any data received +from the server is displayed and any key presses will be sent to the +server. If the line begins with an B<R> then the session will be +renegotiated. If the line begins with a B<Q> the connection will be closed +down. + +=head1 NOTES + +B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP +server the command: + + openssl s_client -connect servername:443 + +would typically be used (https uses port 443). If the connection succeeds +then an HTTP command can be given such as "GET /" to retrieve a web page. + +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, +B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried +in case it is a buggy server. In particular you should play with these +options B<before> submitting a bug report to an OpenSSL mailing list. + +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using B<s_client> the CA list can be viewed +and checked. However some servers only request client authentication +after a specific URL is requested. To obtain the list in this case it +is necessary to use the B<-prexit> command and send an HTTP request +for an appropriate page. + +If a certificate is specified on the command line using the B<-cert> +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. + +If there are problems verifying a server certificate then the +B<-showcerts> option can be used to show the whole chain. + +=head1 BUGS + +Because this program has a lot of options and also because some of +the techniques used are rather old, the C source of s_client is rather +hard to read and not a model of how things should be done. A typical +SSL client program would be much simpler. + +The B<-verify> option should really exit if the server verification +fails. + +The B<-prexit> option is a bit of a hack. We should really report +information whenever a session is renegotiated. + +=head1 SEE ALSO + +L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/s_server.pod b/lib/libssl/src/doc/apps/s_server.pod new file mode 100644 index 00000000000..0f29c361d90 --- /dev/null +++ b/lib/libssl/src/doc/apps/s_server.pod @@ -0,0 +1,265 @@ + +=pod + +=head1 NAME + +s_server - SSL/TLS server program + +=head1 SYNOPSIS + +B<openssl> B<s_client> +[B<-accept port>] +[B<-context id>] +[B<-verify depth>] +[B<-Verify depth>] +[B<-cert filename>] +[B<-key keyfile>] +[B<-dcert filename>] +[B<-dkey keyfile>] +[B<-dhparam filename>] +[B<-nbio>] +[B<-nbio_test>] +[B<-crlf>] +[B<-debug>] +[B<-state>] +[B<-CApath directory>] +[B<-CAfile filename>] +[B<-nocert>] +[B<-cipher cipherlist>] +[B<-quiet>] +[B<-no_tmp_rsa>] +[B<-ssl2>] +[B<-ssl3>] +[B<-tls1>] +[B<-no_ssl2>] +[B<-no_ssl3>] +[B<-no_tls1>] +[B<-no_dhe>] +[B<-bugs>] +[B<-hack>] +[B<-www>] +[B<-WWW>] + +=head1 DESCRIPTION + +The B<s_server> command implements a generic SSL/TLS server which listens +for connections on a given port using SSL/TLS. + +=head1 OPTIONS + +=over 4 + +=item B<-accept port> + +the TCP port to listen on for connections. If not specified 4433 is used. + +=item B<-context id> + +sets the SSL context id. It can be given any string value. If this option +is not present a default value will be used. + +=item B<-cert certname> + +The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the DSS cipher suites require a certificate containing a DSS +(DSA) key. If not specified then the filename "server.pem" will be used. + +=item B<-key keyfile> + +The private key to use. If not specified then the certificate file will +be used. + +=item B<-dcert filename>, B<-dkey keyname> + +specify an additional certificate and private key, these behave in the +same manner as the B<-cert> and B<-key> options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an RSA key +and some a DSS (DSA) key. By using RSA and DSS certificates and keys +a server can support clients which only support RSA or DSS cipher suites +by using an appropriate certificate. + +=item B<-nocert> + +if this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +DH). + +=item B<-dhparam filename> + +the DH parameter file to use. The ephemeral DH cipher suites generate keys +using a set of DH parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. If this fails then +a static set of parameters hard coded into the s_server program will be used. + +=item B<-nodhe> + +if this option is set then no DH parameters will be loaded effectively +disabling the ephemeral DH cipher suites. + +=item B<-no_tmp_rsa> + +certain export cipher suites sometimes use a temporary RSA key, this option +disables temporary RSA key generation. + +=item B<-verify depth>, B<-Verify depth> + +The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the B<-verify> option a certificate is requested but the +client does not have to send one, with the B<-Verify> option the client +must supply a certificate or an error occurs. + +=item B<-CApath directory> + +The directory to use for client certificate verification. This directory +must be in "hash format", see B<verify> for more information. These are +also used when building the server certificate chain. + +=item B<-CAfile file> + +A file containing trusted certificates to use during client authentication +and to use when attempting to build the server certificate chain. The list +is also used in the list of acceptable client CAs passed to the client when +a certificate is requested. + +=item B<-state> + +prints out the SSL session states. + +=item B<-debug> + +print extensive debugging information including a hex dump of all traffic. + +=item B<-nbio_test> + +tests non blocking I/O + +=item B<-nbio> + +turns on non blocking I/O + +=item B<-crlf> + +this option translated a line feed from the terminal into CR+LF. + +=item B<-quiet> + +inhibit printing of session and certificate information. + +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> + +these options disable the use of certain SSL or TLS protocols. By default +the initial handshake uses a method which should be compatible with all +servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. + +=item B<-bugs> + +there are several known bug in SSL and TLS implementations. Adding this +option enables various workarounds. + +=item B<-hack> + +this option enables a further workaround for some some early Netscape +SSL code (?). + +=item B<-cipher cipherlist> + +this allows the cipher list used by the server to be modified. When +the client sends a list of supported ciphers the first client cipher +also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist irrelevant. See +the B<ciphers> command for more information. + +=item B<-www> + +sends a status message back to the client when it connects. This includes +lots of information about the ciphers used and various session parameters. +The output is in HTML format so this option will normally be used with a +web browser. + +=item B<-WWW> + +emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the URL https://myhost/page.html is +requested the file ./page.html will be loaded. + +=back + +=head1 CONNECTED COMMANDS + +If a connection request is established with an SSL client and neither the +B<-www> nor the B<-WWW> option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client. + +Certain single letter commands are also recognized which perform special +operations: these are listed below. + +=over 4 + +=item B<q> + +end the current SSL connection but still accept new connections. + +=item B<Q> + +end the current SSL connection and exit. + +=item B<r> + +renegotiate the SSL session. + +=item B<R> + +renegotiate the SSL session and request a client certificate. + +=item B<P> + +send some plain text down the underlying TCP connection: this should +cause the client to disconnect due to a protocol violation. + +=item B<S> + +print out some session cache status information. + +=back + +=head1 NOTES + +B<s_server> can be used to debug SSL clients. To accept connections from +a web browser the command: + + openssl s_server -accept 443 -www + +can be used for example. + +Most web browsers (in particular Netscape and MSIE) only support RSA cipher +suites, so they cannot connect to servers which don't use a certificate +carrying an RSA key or a version of OpenSSL with RSA disabled. + +Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some SSL clients interpret this to +mean any CA is acceptable. This is useful for debugging purposes. + +The session parameters can printed out using the B<sess_id> program. + +=head1 BUGS + +Because this program has a lot of options and also because some of +the techniques used are rather old, the C source of s_server is rather +hard to read and not a model of how things should be done. A typical +SSL server program would be much simpler. + +The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports. + +There should be a way for the B<s_server> program to print out details of any +unknown cipher suites a client says it supports. + +=head1 SEE ALSO + +L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/sess_id.pod b/lib/libssl/src/doc/apps/sess_id.pod new file mode 100644 index 00000000000..9988d2cd3d5 --- /dev/null +++ b/lib/libssl/src/doc/apps/sess_id.pod @@ -0,0 +1,151 @@ + +=pod + +=head1 NAME + +sess_id - SSL/TLS session handling utility + +=head1 SYNOPSIS + +B<openssl> B<sess_id> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-text>] +[B<-noout>] +[B<-context ID>] + +=head1 DESCRIPTION + +The B<sess_id> process the encoded version of the SSL session structure +and optionally prints out SSL session details (for example the SSL session +master key) in human readable format. Since this is a diagnostic tool that +needs some knowledge of the SSL protocol to use properly, most users will +not need to use it. + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B<DER> option uses an ASN1 DER encoded +format containing session details. The precise format can vary from one version +to the next. The B<PEM> form is the default format: it consists of the B<DER> +format base64 encoded with additional header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read session information from or standard +input by default. + +=item B<-out filename> + +This specifies the output filename to write session information to or standard +output if this option is not specified. + +=item B<-text> + +prints out the various public or private key components in +plain text in addition to the encoded version. + +=item B<-cert> + +if a certificate is present in the session it will be output using this option, +if the B<-text> option is also present then it will be printed out in text form. + +=item B<-noout> + +this option prevents output of the encoded version of the session. + +=item B<-context ID> + +this option can set the session id so the output session information uses the +supplied ID. The ID can be any string of characters. This option wont normally +be used. + +=back + +=head1 OUTPUT + +Typical output: + + SSL-Session: + Protocol : TLSv1 + Cipher : 0016 + Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED + Session-ID-ctx: 01000000 + Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD + Key-Arg : None + Start Time: 948459261 + Timeout : 300 (sec) + Verify return code 0 (ok) + +Theses are described below in more detail. + +=over 4 + +=item B<Protocol> + +this is the protocol in use TLSv1, SSLv3 or SSLv2. + +=item B<Cipher> + +the cipher used this is the actual raw SSL or TLS cipher code, see the SSL +or TLS specifications for more information. + +=item B<Session-ID> + +the SSL session ID in hex format. + +=item B<Session-ID-ctx> + +the session ID context in hex format. + +=item B<Master-Key> + +this is the SSL session master key. + +=item B<Key-Arg> + +the key argument, this is only used in SSL v2. + +=item B<Start Time> + +this is the session start time represented as an integer in standard Unix format. + +=item B<Timeout> + +the timeout in seconds. + +=item B<Verify return code> + +this is the return code when an SSL client certificate is verified. + +=back + +=head1 NOTES + +The PEM encoded session format uses the header and footer lines: + + -----BEGIN SSL SESSION PARAMETERS----- + -----END SSL SESSION PARAMETERS----- + +Since the SSL session output contains the master key it is possible to read the contents +of an encrypted session using this information. Therefore appropriate security precautions +should be taken if the information is being output by a "real" application. This is +however strongly discouraged and should only be used for debugging purposes. + +=head1 BUGS + +The cipher and start time should be printed out in human readable form. + +=head1 SEE ALSO + +L<ciphers(1)|ciphers(1)>, L<s_server(1)|s_server(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/smime.pod b/lib/libssl/src/doc/apps/smime.pod new file mode 100644 index 00000000000..631ecdc241e --- /dev/null +++ b/lib/libssl/src/doc/apps/smime.pod @@ -0,0 +1,325 @@ +=pod + +=head1 NAME + +smime - S/MIME utility + +=head1 SYNOPSIS + +B<openssl> B<smime> +[B<-encrypt>] +[B<-decrypt>] +[B<-sign>] +[B<-verify>] +[B<-pk7out>] +[B<-des>] +[B<-des3>] +[B<-rc2-40>] +[B<-rc2-64>] +[B<-rc2-128>] +[B<-in file>] +[B<-certfile file>] +[B<-signer file>] +[B<-recip file>] +[B<-in file>] +[B<-inkey file>] +[B<-out file>] +[B<-to addr>] +[B<-from ad>] +[B<-subject s>] +[B<-text>] +[B<-rand file(s)>] +[cert.pem]... + +=head1 DESCRIPTION + +The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and +verify S/MIME messages. + +=head1 COMMAND OPTIONS + +There are five operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type. + +=over 4 + +=item B<-encrypt> + +encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in MIME format. + +=item B<-decrypt> + +decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in MIME format for the input file. The decrypted mail +is written to the output file. + +=item B<-sign> + +sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in MIME format is written +to the output file. + +=item B<-verify> + +verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. + +=item B<-pk7out> + +takes an input message and writes out a PEM encoded PKCS#7 structure. + +=item B<-in filename> + +the input message to be encrypted or signed or the MIME message to +be decrypted or verified. + +=item B<-out filename> + +the message text that has been decrypted or verified or the output MIME +format message that has been signed or verified. + +=item B<-text> + +this option adds plain text (text/plain) MIME headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of MIME +type text/plain then an error occurs. + +=item B<-CAfile file> + +a file containing trusted CA certificates, only used with B<-verify>. + +=item B<-CApath dir> + +a directory containing trusted CA certificates, only used with +B<-verify>. This directory must be a standard certificate directory: that +is a hash of each subject name (using B<x509 -hash>) should be linked +to each certificate. + +=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128> + +the encryption algorithm to use. DES (56 bits), triple DES (168 bits) +or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is +used. Only used with B<-encrypt>. + +=item B<-nointern> + +when verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the B<-certfile> option are used. +The supplied certificates can still be used as untrusted CAs however. + +=item B<-noverify> + +do not verify the signers certificate of a signed message. + +=item B<-nochain> + +do not do chain verification of signers certificates: that is don't +use the certificates in the signed message as untrusted CAs. + +=item B<-nosigs> + +don't try to verify the signatures on the message. + +=item B<-nocerts> + +when signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the B<-certfile> option for example). + +=item B<-noattr> + +normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. + +=item B<-binary> + +normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in MIME format. + +=item B<-nodetach> + +when signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the MIME type multipart/signed is used. + +=item B<-certfile file> + +allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in PEM format. + +=item B<-signer file> + +the signers certificate when signing a message. If a message is +being verified then the signers certificates will be written to this +file if the verification was successful. + +=item B<-recip file> + +the recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs. + +=item B<-inkey file> + +the private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the B<-recip> or B<-signer> file. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for +all others. + +=item B<cert.pem...> + +one or more certificates of message recipients: used when encrypting +a message. + +=item B<-to, -from, -subject> + +the relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. + +=back + +=head1 NOTES + +The MIME message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. + +The supplied message to be signed or encrypted must include the +necessary MIME headers: or many S/MIME clients wont display it +properly (if at all). You can use the B<-text> option to automatically +add plain text headers. + +A "signed and encrypted" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. + +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages "in parallel" by signing an already signed message. + +The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes. + +=head1 EXIT CODES + +=over 4 + +=item 0 + +the operation was completely successfully. + +=item 1 + +an error occurred parsing the command options. + +=item 2 + +one of the input files could not be read. + +=item 3 + +an error occurred creating the PKCS#7 file or when reading the MIME +message. + +=item 4 + +an error occurred decrypting or verifying the message. + +=item 5 + +the message was verified correctly but an error occurred writing out +the signers certificates. + +=back + +=head1 EXAMPLES + +Create a cleartext signed message: + + openssl smime -sign -in message.txt -text -out mail.msg \ + -signer mycert.pem + +Create and opaque signed message + + openssl smime -sign -in message.txt -text -out mail.msg -nodetach \ + -signer mycert.pem + +Create a signed message, include some additional certificates and +read the private key from another file: + + openssl smime -sign -in in.txt -text -out mail.msg \ + -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem + +Send a signed message under Unix directly to sendmail, including headers: + + openssl smime -sign -in in.txt -text -signer mycert.pem \ + -from steve@openssl.org -to someone@somewhere \ + -subject "Signed message" | sendmail someone@somewhere + +Verify a message and extract the signer's certificate if successful: + + openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt + +Send encrypted mail using triple DES: + + openssl smime -encrypt -in in.txt -from steve@openssl.org \ + -to someone@somewhere -subject "Encrypted message" \ + -des3 user.pem -out mail.msg + +Sign and encrypt mail: + + openssl smime -sign -in ml.txt -signer my.pem -text \ + | openssl -encrypt -out mail.msg \ + -from steve@openssl.org -to someone@somewhere \ + -subject "Signed and Encrypted message" -des3 user.pem + +Note: the encryption command does not include the B<-text> option because the message +being encrypted already has MIME headers. + +Decrypt mail: + + openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem + +=head1 BUGS + +The MIME parser isn't very clever: it seems to handle most messages that I've thrown +at it but it may choke on others. + +The code currently will only write out the signer's certificate to a file: if the +signer has a separate encryption certificate this must be manually extracted. There +should be some heuristic that determines the correct encryption certificate. + +Ideally a database should be maintained of a certificates for each email address. + +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. + +No revocation checking is done on the signer's certificate. + +The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors. + +=cut diff --git a/lib/libssl/src/doc/apps/speed.pod b/lib/libssl/src/doc/apps/speed.pod new file mode 100644 index 00000000000..fecd9a994de --- /dev/null +++ b/lib/libssl/src/doc/apps/speed.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +speed - test library performance + +=head1 SYNOPSIS + +B<openssl speed> +[B<md2>] +[B<mdc2>] +[B<md5>] +[B<hmac>] +[B<sha1>] +[B<rmd160>] +[B<idea-cbc>] +[B<rc2-cbc>] +[B<rc5-cbc>] +[B<bf-cbc>] +[B<des-cbc>] +[B<des-ede3>] +[B<rc4>] +[B<rsa512>] +[B<rsa1024>] +[B<rsa2048>] +[B<rsa4096>] +[B<dsa512>] +[B<dsa1024>] +[B<dsa2048>] +[B<idea>] +[B<rc2>] +[B<des>] +[B<rsa>] +[B<blowfish>] + +=head1 DESCRIPTION + +This command is used to test the performance of cryptographic algorithms. + +=head1 OPTIONS + +If an option is given, B<speed> test that algorithm, otherwise all of +the above are tested. + +=cut diff --git a/lib/libssl/src/doc/apps/spkac.pod b/lib/libssl/src/doc/apps/spkac.pod new file mode 100644 index 00000000000..bb84dfbe335 --- /dev/null +++ b/lib/libssl/src/doc/apps/spkac.pod @@ -0,0 +1,127 @@ +=pod + +=head1 NAME + +spkac - SPKAC printing and generating utility + +=head1 SYNOPSIS + +B<openssl> B<spkac> +[B<-in filename>] +[B<-out filename>] +[B<-key keyfile>] +[B<-passin arg>] +[B<-challenge string>] +[B<-pubkey>] +[B<-spkac spkacname>] +[B<-spksect section>] +[B<-noout>] +[B<-verify>] + + +=head1 DESCRIPTION + +The B<spkac> command processes Netscape signed public key and challenge +(SPKAC) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-in filename> + +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the B<-key> option is used. + +=item B<-out filename> + +specifies the output filename to write to or standard output by +default. + +=item B<-key keyfile> + +create an SPKAC file using the private key in B<keyfile>. The +B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if +present. + +=item B<-passin password> + +the input file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-challenge string> + +specifies the challenge string if an SPKAC is being created. + +=item B<-spkac spkacname> + +allows an alternative name form the variable containing the +SPKAC. The default is "SPKAC". This option affects both +generated and input SPKAC files. + +=item B<-spksect section> + +allows an alternative name form the section containing the +SPKAC. The default is the default section. + +=item B<-noout> + +don't output the text version of the SPKAC (not used if an +SPKAC is being created). + +=item B<-pubkey> + +output the public key of an SPKAC (not used if an SPKAC is +being created). + +=item B<-verify> + +verifies the digital signature on the supplied SPKAC. + + +=back + +=head1 EXAMPLES + +Print out the contents of an SPKAC: + + openssl spkac -in spkac.cnf + +Verify the signature of an SPKAC: + + openssl spkac -in spkac.cnf -noout -verify + +Create an SPKAC using the challenge string "hello": + + openssl spkac -key key.pem -challenge hello -out spkac.cnf + +Example of an SPKAC, (long lines split up for clarity): + + SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\ + PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\ + PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\ + 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ + 4= + +=head1 NOTES + +A created SPKAC with suitable DN components appended can be fed into +the B<ca> utility. + +SPKACs are typically generated by Netscape when a form is submitted +containing the B<KEYGEN> tag as part of the certificate enrollment +process. + +The challenge string permits a primitive form of proof of possession +of private key. By checking the SPKAC signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous SPKAC +to be used in a "replay attack". + +=head1 SEE ALSO + +L<ca(1)|ca(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/verify.pod b/lib/libssl/src/doc/apps/verify.pod new file mode 100644 index 00000000000..4a6572d3b89 --- /dev/null +++ b/lib/libssl/src/doc/apps/verify.pod @@ -0,0 +1,273 @@ +=pod + +=head1 NAME + +pkcs7 - PKCS#7 utility + +=head1 SYNOPSIS + +B<openssl> B<verify> +[B<-CApath directory>] +[B<-CAfile file>] +[B<-purpose purpose>] +[B<-untrusted file>] +[B<-help>] +[B<-verbose>] +[B<->] +[certificates] + + +=head1 DESCRIPTION + +The B<verify> command verifies certificate chains. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-CApath directory> + +A directory of trusted certificates. The certificates should have names +of the form: hash.0 or have symbolic links to them of this +form ("hash" is the hashed certificate subject name: see the B<-hash> option +of the B<x509> utility). Under Unix the B<c_rehash> script will automatically +create symbolic links to a directory of certificates. + +=item B<-CAfile file> + +A file of trusted certificates. The file should contain multiple certificates +in PEM format concatenated together. + +=item B<-untrusted file> + +A file of untrusted certificates. The file should contain multiple certificates + +=item B<-purpose purpose> + +the intended use for the certificate. Without this option no chain verification +will be done. Currently accepted uses are B<sslclient>, B<sslserver>, +B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> +section for more information. + +=item B<-help> + +prints out a usage message. + +=item B<-verbose> + +print extra information about the operations being performed. + +=item B<-> + +marks the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a B<->. + +=item B<certificates> + +one or more certificates to verify. If no certificate filenames are included +then an attempt is made to read a certificate from standard input. They should +all be in PEM format. + + +=back + +=head1 VERIFY OPERATION + +The B<verify> program uses the same functions as the internal SSL and S/MIME +verification, therefore this description applies to these verify operations +too. + +There is one crucial difference between the verify operations performed +by the B<verify> program: wherever possible an attempt is made to continue +after an error whereas normally the verify operation would halt on the +first error. This allows all the problems with a certificate chain to be +determined. + +The verify operation consists of a number of separate steps. + +Firstly a certificate chain is built up starting from the supplied certificate +and ending in the root CA. It is an error if the whole chain cannot be built +up. The chain is built up by looking up a certificate whose subject name +matches the issuer name of the current certificate. If a certificate is found +whose subject and issuer names are identical it is assumed to be the root CA. +The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root CA +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list. + +The second operation is to check every untrusted certificate's extensions for +consistency with the supplied purpose. If the B<-purpose> option is not included +then no checks are done. The supplied or "leaf" certificate must have extensions +compatible with the supplied purpose and all other certificates must also be valid +CA certificates. The precise extensions required are described in more detail in +the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility. + +The third operation is to check the trust settings on the root CA. The root +CA should be trusted for the supplied purpose. For compatibility with previous +versions of SSLeay and OpenSSL a certificate with no trust settings is considered +to be valid for all purposes. + +The final operation is to check the validity of the certificate chain. The validity +period is checked against the current system time and the notBefore and notAfter +dates in the certificate. The certificate signatures are also checked at this +point. + +If all operations complete successfully then certificate is considered valid. If +any operation fails then the certificate is not valid. + +=head1 DIAGNOSTICS + +When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is: + + server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) + error 24 at 1 depth lookup:invalid CA certificate + +The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the CA that signed the certificate and so on. Finally a text version +of the error number is presented. + +An exhaustive list of the error codes and messages is shown below, this also +includes the name of the error code as defined in the header file x509_vfy.h +Some of the error codes are defined but never returned: these are described +as "unused". + +=over 4 + +=item B<0 X509_V_OK: ok> + +the operation was successful. + +=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate> + +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. + +=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL> + +the CRL of a certificate could not be found. Unused. + +=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature> + +the certificate signature could not be decrypted. This means that the actual signature value +could not be determined rather than it not matching the expected value, this is only +meaningful for RSA keys. + +=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature> + +the CRL signature could not be decrypted: this means that the actual signature value +could not be determined rather than it not matching the expected value. Unused. + +=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key> + +the public key in the certificate SubjectPublicKeyInfo could not be read. + +=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure> + +the signature of the certificate is invalid. + +=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure> + +the signature of the certificate is invalid. Unused. + +=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid> + +the certificate is not yet valid: the notBefore date is after the current time. + +=item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> + +the CRL is not yet valid. Unused. + +=item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired> + +the certificate has expired: that is the notAfter date is before the current time. + +=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired> + +the CRL has expired. Unused. + +=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field> + +the certificate notBefore field contains an invalid time. + +=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field> + +the certificate notAfter field contains an invalid time. + +=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field> + +the CRL lastUpdate field contains an invalid time. Unused. + +=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field> + +the CRL nextUpdate field contains an invalid time. Unused. + +=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory> + +an error occurred trying to allocate memory. This should never happen. + +=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate> + +the passed certificate is self signed and the same certificate cannot be found in the list of +trusted certificates. + +=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain> + +the certificate chain could be built up using the untrusted certificates but the root could not +be found locally. + +=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate> + +the issuer certificate of a locally looked up certificate could not be found. This normally means +the list of trusted certificates is not complete. + +=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate> + +no signatures could be verified because the chain contains only one certificate and it is not +self signed. + +=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long> + +the certificate chain length is greater than the supplied maximum depth. Unused. + +=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked> + +the certificate has been revoked. Unused. + +=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate> + +a CA certificate is invalid. Either it is not a CA or its extensions are not consistent +with the supplied purpose. + +=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded> + +the basicConstraints pathlength parameter has been exceeded. + +=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose> + +the supplied certificate cannot be used for the specified purpose. + +=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted> + +the root CA is not marked as trusted for the specified purpose. + +=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected> + +the root CA is marked to reject the specified purpose. + +=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure> + +an application specific error. Unused. + +=back + +=head1 SEE ALSO + +L<x509(1)|x509(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/version.pod b/lib/libssl/src/doc/apps/version.pod new file mode 100644 index 00000000000..5d261a64057 --- /dev/null +++ b/lib/libssl/src/doc/apps/version.pod @@ -0,0 +1,56 @@ +=pod + +=head1 NAME + +version - print OpenSSL version information + +=head1 SYNOPSIS + +B<openssl version> +[B<-a>] +[B<-v>] +[B<-b>] +[B<-o>] +[B<-f>] +[B<-p>] + +=head1 DESCRIPTION + +This command is used to print out version information about OpenSSL. + +=head1 OPTIONS + +=over 4 + +=item B<-a> + +all information, this is the same as setting all the other flags. + +=item B<-v> + +the current OpenSSL version. + +=item B<-b> + +the date the current version of OpenSSL was built. + +=item B<-o> + +option information: various options set when the library was built. + +=item B<-c> + +compilation flags. + +=item B<-p> + +platform setting. + +=back + +=head1 NOTES + +The output of B<openssl version -a> would typically be used when sending +in a bug report. + +=cut diff --git a/lib/libssl/src/doc/apps/x509.pod b/lib/libssl/src/doc/apps/x509.pod new file mode 100644 index 00000000000..b127182bbbf --- /dev/null +++ b/lib/libssl/src/doc/apps/x509.pod @@ -0,0 +1,543 @@ + +=pod + +=head1 NAME + +x509 - Certificate display and signing utility + +=head1 SYNOPSIS + +B<openssl> B<x509> +[B<-inform DER|PEM|NET>] +[B<-outform DER|PEM|NET>] +[B<-keyform DER|PEM>] +[B<-CAform DER|PEM>] +[B<-CAkeyform DER|PEM>] +[B<-in filename>] +[B<-out filename>] +[B<-serial>] +[B<-hash>] +[B<-subject>] +[B<-issuer>] +[B<-startdate>] +[B<-enddate>] +[B<-purpose>] +[B<-dates>] +[B<-modulus>] +[B<-fingerprint>] +[B<-alias>] +[B<-noout>] +[B<-trustout>] +[B<-clrtrust>] +[B<-clrreject>] +[B<-addtrust arg>] +[B<-addreject arg>] +[B<-setalias arg>] +[B<-days arg>] +[B<-signkey filename>] +[B<-x509toreq>] +[B<-req>] +[B<-CA filename>] +[B<-CAkey filename>] +[B<-CAcreateserial>] +[B<-CAserial filename>] +[B<-text>] +[B<-C>] +[B<-md2|-md5|-sha1|-mdc2>] +[B<-clrext>] +[B<-extfile filename>] +[B<-extensions section>] + +=head1 DESCRIPTION + +The B<x509> command is a multi purpose certificate utility. It can be +used to display certificate information, convert certificates to +various forms, sign certificate requests like a "mini CA" or edit +certificate trust settings. + +Since there are a large number of options they will split up into +various sections. + + +=head1 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS + +=over 4 + +=item B<-inform DER|PEM|NET> + +This specifies the input format normally the command will expect an X509 +certificate but this can change if other options such as B<-req> are +present. The DER format is the DER encoding of the certificate and PEM +is the base64 encoding of the DER encoding with header and footer lines +added. The NET option is an obscure Netscape server format that is now +obsolete. + +=item B<-outform DER|PEM|NET> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a certificate from or standard input +if this option is not specified. + +=item B<-out filename> + +This specifies the output filename to write to or standard output by +default. + +=item B<-md2|-md5|-sha1|-mdc2> + +the digest to use. This affects any signing or display option that uses a message +digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not +specified then MD5 is used. If the key being used to sign with is a DSA key then +this option has no effect: SHA1 is always used with DSA keys. + + +=back + +=head1 DISPLAY OPTIONS + +Note: the B<-alias> and B<-purpose> options are also display options +but are described in the B<TRUST OPTIONS> section. + +=over 4 + +=item B<-text> + +prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings. + +=item B<-noout> + +this option prevents output of the encoded version of the request. + +=item B<-modulus> + +this option prints out the value of the modulus of the public key +contained in the certificate. + +=item B<-serial> + +outputs the certificate serial number. + +=item B<-hash> + +outputs the "hash" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name. + +=item B<-subject> + +outputs the subject name. + +=item B<-issuer> + +outputs the issuer name. + +=item B<-startdate> + +prints out the start date of the certificate, that is the notBefore date. + +=item B<-enddate> + +prints out the expiry date of the certificate, that is the notAfter date. + +=item B<-dates> + +prints out the start and expiry dates of a certificate. + +=item B<-fingerprint> + +prints out the digest of the DER encoded version of the whole certificate. + +=item B<-C> + +this outputs the certificate in the form of a C source file. + +=back + +=head1 TRUST SETTINGS + +Please note these options are currently experimental and may well change. + +A B<trusted certificate> is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an "alias". + +Normally when a certificate is being verified at least one certificate +must be "trusted". By default a trusted certificate must be stored +locally and must be a root CA: any certificate chain ending in this CA +is then usable for any purpose. + +Trust settings currently are only used with a root CA. They allow a finer +control over the purposes the root CA can be used for. For example a CA +may be trusted for SSL client but not SSL server use. + +See the description of the B<verify> utility for more information on the +meaning of trust settings. + +Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs. + + +=over 4 + +=item B<-trustout> + +this causes B<x509> to output a B<trusted> certificate. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +B<-trustout> option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified. + +=item B<-setalias arg> + +sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example "Steve's Certificate". + +=item B<-alias> + +outputs the certificate alias, if any. + +=item B<-clrtrust> + +clears all the permitted or trusted uses of the certificate. + +=item B<-clrreject> + +clears all the prohibited or rejected uses of the certificate. + +=item B<-addtrust arg> + +adds a trusted certificate use. Currently acceptable values +are B<all> (any purpose), B<sslclient> (SSL client use), B<sslserver> +(SSL server use) B<email> (S/MIME email) and B<objsign> (Object signing). + +=item B<-addreject arg> + +adds a prohibited use. It accepts the same values as the B<-addtrust> +option. + +=item B<-purpose> + +this option performs tests on the certificate extensions and outputs +the results. For a more complete description see the B<CERTIFICATE +EXTENSIONS> section. + +=back + +=head1 SIGNING OPTIONS + +The B<x509> utility can be used to sign certificates and requests: it +can thus behave like a "mini CA". + +=over 4 + +=item B<-signkey filename> + +this option causes the input file to be self signed using the supplied +private key. + +If the input file is a certificate it sets the issuer name to the +subject name (i.e. makes it self signed) changes the public key to the +supplied value and changes the start and end dates. The start date is +set to the current time and the end date is set to a value determined +by the B<-days> option. Any certificate extensions are retained unless +the B<-clrext> option is supplied. + +If the input is a certificate request then a self signed certificate +is created using the supplied private key using the subject name in +the request. + +=item B<-clrext> + +delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the B<-signkey> or the B<-CA> options). Normally all extensions are +retained. + +=item B<-keyform PEM|DER> + +specifies the format (DER or PEM) of the private key file used in the +B<-signkey> option. + +=item B<-days arg> + +specifies the number of days to make a certificate valid for. The default +is 30 days. + +=item B<-x509toreq> + +converts a certificate into a certificate request. The B<-signkey> option +is used to pass the required private key. + +=item B<-req> + +by default a certificate is expected on input. With this option a +certificate request is expected instead. + +=item B<-CA filename> + +specifies the CA certificate to be used for signing. When this option is +present B<x509> behaves like a "mini CA". The input file is signed by this +CA using this option: that is its issuer name is set to the subject name +of the CA and it is digitally signed using the CAs private key. + +This option is normally combined with the B<-req> option. Without the +B<-req> option the input is a certificate which must be self signed. + +=item B<-CAkey filename> + +sets the CA private key to sign a certificate with. If this option is +not specified then it is assumed that the CA private key is present in +the CA certificate file. + +=item B<-CAserial filename> + +sets the CA serial number file to use. + +When the B<-CA> option is used to sign a certificate it uses a serial +number specified in a file. This file consist of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again. + +The default filename consists of the CA certificate file base name with +".srl" appended. For example if the CA certificate file is called +"mycacert.pem" it expects to find a serial number file called "mycacert.srl". + +=item B<-CAcreateserial filename> + +with this option the CA serial number file is created if it does not exist: +it will contain the serial number "02" and the certificate being signed will +have the 1 as its serial number. Normally if the B<-CA> option is specified +and the serial number file does not exist it is an error. + +=item B<-extfile filename> + +file containing certificate extensions to use. If not specified then +no extensions are added to the certificate. + +=item B<-extensions section> + +the section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +"extensions" which contains the section to use. + +=back + +=head1 EXAMPLES + +Note: in these examples the '\' means the example should be all on one +line. + +Display the contents of a certificate: + + openssl x509 -in cert.pem -noout -text + +Display the certificate serial number: + + openssl x509 -in cert.pem -noout -serial + +Display the certificate MD5 fingerprint: + + openssl x509 -in cert.pem -noout -fingerprint + +Display the certificate SHA1 fingerprint: + + openssl x509 -sha1 -in cert.pem -noout -fingerprint + +Convert a certificate from PEM to DER format: + + openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER + +Convert a certificate to a certificate request: + + openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem + +Convert a certificate request into a self signed certificate using +extensions for a CA: + + openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \ + -signkey key.pem -out cacert.pem + +Sign a certificate request using the CA certificate above and add user +certificate extensions: + + openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \ + -CA cacert.pem -CAkey key.pem -CAcreateserial + + +Set a certificate to be trusted for SSL client use and change set its alias to +"Steve's Class 1 CA" + + openssl x509 -in cert.pem -addtrust sslclient \ + -alias "Steve's Class 1 CA" -out trust.pem + +=head1 NOTES + +The PEM format uses the header and footer lines: + + -----BEGIN CERTIFICATE---- + -----END CERTIFICATE---- + +it will also handle files containing: + + -----BEGIN X509 CERTIFICATE---- + -----END X509 CERTIFICATE---- + +Trusted certificates have the lines + + -----BEGIN TRUSTED CERTIFICATE---- + -----END TRUSTED CERTIFICATE---- + +The B<-fingerprint> option takes the digest of the DER encoded certificate. +This is commonly called a "fingerprint". Because of the nature of message +digests the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. + +The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. + +=head1 CERTIFICATE EXTENSIONS + +The B<-purpose> option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software. + +The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code. + +The basicConstraints extension CA flag is used to determine whether the +certificate can be used as a CA. If the CA flag is true then it is a CA, +if the CA flag is false then it is not a CA. B<All> CAs should have the +CA flag set to true. + +If the basicConstraints extension is absent then the certificate is +considered to be a "possible CA" other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a CA: however +it is allowed to be a CA to work around some broken software. + +If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a CA but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates. + +If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A CA certificate B<must> have the +keyCertSign bit set if the keyUsage extension is present. + +The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified. + +A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to B<all> +CA certificates. + + +=over 4 + +=item B<SSL Client> + +The extended key usage extension must be absent or include the "web client +authentication" OID. keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the SSL client bit set. + +=item B<SSL Client CA> + +The extended key usage extension must be absent or include the "web client +authentication" OID. Netscape certificate type must be absent or it must have +the SSL CA bit set: this is used as a work around if the basicConstraints +extension is absent. + +=item B<SSL Server> + +The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the SSL server bit set. + +=item B<SSL Server CA> + +The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. Netscape certificate type must +be absent or the SSL CA bit must be set: this is used as a work around if the +basicConstraints extension is absent. + +=item B<Netscape SSL Server> + +For Netscape SSL clients to connect to an SSL server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal SSL server. + +=item B<Common S/MIME Client Tests> + +The extended key usage extension must be absent or include the "email +protection" OID. Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in netscape certificate type +then the SSL client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit. + +=item B<S/MIME Signing> + +In addition to the common S/MIME client tests the digitalSignature bit must +be set if the keyUsage extension is present. + +=item B<S/MIME Encryption> + +In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present. + +=item B<S/MIME CA> + +The extended key usage extension must be absent or include the "email +protection" OID. Netscape certificate type must be absent or must have the +S/MIME CA bit set: this is used as a work around if the basicConstraints +extension is absent. + +=item B<CRL Signing> + +The keyUsage extension must be absent or it must have the CRL signing bit +set. + +=item B<CRL Signing CA> + +The normal CA tests apply. Except in this case the basicConstraints extension +must be present. + +=back + +=head1 BUGS + +The way DNs are printed is in a "historical SSLeay" format which doesn't +follow any published standard. It should follow some standard like RFC2253 +or RFC1779 with options to make the stuff more readable. + +Extensions in certificates are not transferred to certificate requests and +vice versa. + +It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked. + +There should be options to explicitly set such things as start and end +dates rather than an offset from the current time. + +The code to implement the verify behaviour described in the B<TRUST SETTINGS> +is currently being developed. It thus describes the intended behavior rather +than the current behaviour. It is hoped that it will represent reality in +OpenSSL 0.9.5 and later. + +=head1 SEE ALSO + +L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, +L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)> + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_CTX_new.pod b/lib/libssl/src/doc/crypto/BN_CTX_new.pod new file mode 100644 index 00000000000..c94d8c610da --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_CTX_new.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BN_CTX *BN_CTX_new(void); + + void BN_CTX_init(BN_CTX *c); + + void BN_CTX_free(BN_CTX *c); + +=head1 DESCRIPTION + +A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by +library functions. Since dynamic memory allocation to create B<BIGNUM>s +is rather expensive when used in conjunction with repeated subroutine +calls, the B<BN_CTX> structure is used. + +BN_CTX_new() allocates and initializes a B<BN_CTX> +structure. BN_CTX_init() initializes an existing uninitialized +B<BN_CTX>. + +BN_CTX_free() frees the components of the B<BN_CTX>, and if it was +created by BN_CTX_new(), also the structure itself. +If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>, +L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX> +may be freed by BN_CTX_free(). + + +=head1 RETURN VALUES + +BN_CTX_new() returns a pointer to the B<BN_CTX>. If the allocation fails, +it returns B<NULL> and sets an error code that can be obtained by +L<ERR_get_error(3)|ERR_get_error(3)>. + +BN_CTX_init() and BN_CTX_free() have no return values. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>, +L<BN_CTX_start(3)|BN_CTX_start(3)> + +=head1 HISTORY + +BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay +and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_CTX_start.pod b/lib/libssl/src/doc/crypto/BN_CTX_start.pod new file mode 100644 index 00000000000..c30552b1220 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_CTX_start.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + void BN_CTX_start(BN_CTX *ctx); + + BIGNUM *BN_CTX_get(BN_CTX *ctx); + + void BN_CTX_end(BN_CTX *ctx); + +=head1 DESCRIPTION + +These functions are used to obtain temporary B<BIGNUM> variables from +a B<BN_CTX> in order to save the overhead of repeatedly creating and +freeing B<BIGNUM>s in functions that are called from inside a loop. + +A function must call BN_CTX_start() first. Then, BN_CTX_get() may be +called repeatedly to obtain temporary B<BIGNUM>s. All BN_CTX_get() +calls must be made before calling any other functions that use the +B<ctx> as an argument. + +Finally, BN_CTX_end() must be called before returning from the function. +When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from +BN_CTX_get() become invalid. + +=head1 RETURN VALUES + +BN_CTX_start() and BN_CTX_end() return no values. + +BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error. +Once BN_CTX_get() has failed, the subsequent calls will return B<NULL> +as well, so it is sufficient to check the return value of the last +BN_CTX_get() call. In case of an error, an error code is set, which +can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + + +=head1 SEE ALSO + +L<BN_CTX_new(3)|BN_CTX_new(3)> + +=head1 HISTORY + +BN_CTX_start(), BN_CTX_get() and BN_CTX_end() were added in OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_add.pod b/lib/libssl/src/doc/crypto/BN_add.pod new file mode 100644 index 00000000000..0541d456435 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_add.pod @@ -0,0 +1,99 @@ +=pod + +=head1 NAME + +BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp, +BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); + + int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); + + int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, + BN_CTX *ctx); + + int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); + + int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + + int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); + + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); + + int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + + int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + +=head1 DESCRIPTION + +BN_add() adds B<a> and B<b> and places the result in B<r> (C<r=a+b>). +B<r> may be the same B<BIGNUM> as B<a> or B<b>. + +BN_sub() subtracts B<b> from B<a> and places the result in B<r> (C<r=a-b>). + +BN_mul() multiplies B<a> and B<b> and places the result in B<r> (C<r=a*b>). +B<r> may be the same B<BIGNUM> as B<a> or B<b>. +For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>. + +BN_div() divides B<a> by B<d> and places the result in B<dv> and the +remainder in B<rem> (C<dv=a/d, rem=a%d>). Either of B<dv> and B<rem> may +be NULL, in which case the respective value is not returned. +For division by powers of 2, use BN_rshift(3). + +BN_sqr() takes the square of B<a> and places the result in B<r> +(C<r=a^2>). B<r> and B<a> may be the same B<BIGNUM>. +This function is faster than BN_mul(r,a,a). + +BN_mod() find the remainder of B<a> divided by B<m> and places it in +B<rem> (C<rem=a%m>). + +BN_mod_mul() multiplies B<a> by B<b> and finds the remainder when +divided by B<m> (C<r=(a*b)%m>). B<r> may be the same B<BIGNUM> as B<a> +or B<b>. For a more efficient algorithm, see +L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>; for repeated +computations using the same modulus, see L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>. + +BN_exp() raises B<a> to the B<p>-th power and places the result in B<r> +(C<r=a^p>). This function is faster than repeated applications of +BN_mul(). + +BN_mod_exp() computes B<a> to the B<p>-th power modulo B<m> (C<r=a^p % +m>). This function uses less time and space than BN_exp(). + +BN_gcd() computes the greatest common divisor of B<a> and B<b> and +places the result in B<r>. B<r> may be the same B<BIGNUM> as B<a> or +B<b>. + +For all functions, B<ctx> is a previously allocated B<BN_CTX> used for +temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>. + +Unless noted otherwise, the result B<BIGNUM> must be different from +the arguments. + +=head1 RETURN VALUES + +For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>). +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, +L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)> + +=head1 HISTORY + +BN_add(), BN_sub(), BN_div(), BN_sqr(), BN_mod(), BN_mod_mul(), +BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and +OpenSSL. The B<ctx> argument to BN_mul() was added in SSLeay +0.9.1b. BN_exp() appeared in SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_add_word.pod b/lib/libssl/src/doc/crypto/BN_add_word.pod new file mode 100644 index 00000000000..66bedfb9244 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_add_word.pod @@ -0,0 +1,57 @@ +=pod + +=head1 NAME + +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic +functions on BIGNUMs with integers + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_add_word(BIGNUM *a, BN_ULONG w); + + int BN_sub_word(BIGNUM *a, BN_ULONG w); + + int BN_mul_word(BIGNUM *a, BN_ULONG w); + + BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); + + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); + +=head1 DESCRIPTION + +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal BIGNUM +arithmetic operations. + +BN_add_word() adds B<w> to B<a> (C<a+=w>). + +BN_sub_word() subtracts B<w> from B<a> (C<a-=w>). + +BN_mul_word() multiplies B<a> and B<w> (C<a*=b>). + +BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder. + +BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%m>). + +For BN_div_word() and BN_mod_word(), B<w> must not be 0. + +=head1 RETURN VALUES + +BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 +on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +BN_mod_word() and BN_div_word() return B<a>%B<w>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)> + +=head1 HISTORY + +BN_add_word() and BN_mod_word() are available in all versions of +SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and +BN_sub_word() and BN_mul_word() in SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_bn2bin.pod b/lib/libssl/src/doc/crypto/BN_bn2bin.pod new file mode 100644 index 00000000000..05f9e628cc3 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_bn2bin.pod @@ -0,0 +1,95 @@ +=pod + +=head1 NAME + +BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, +BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_bn2bin(const BIGNUM *a, unsigned char *to); + BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); + + char *BN_bn2hex(const BIGNUM *a); + char *BN_bn2dec(const BIGNUM *a); + int BN_hex2bn(BIGNUM **a, const char *str); + int BN_dec2bn(BIGNUM **a, const char *str); + + int BN_print(BIO *fp, const BIGNUM *a); + int BN_print_fp(FILE *fp, const BIGNUM *a); + + int BN_bn2mpi(const BIGNUM *a, unsigned char *to); + BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); + +=head1 DESCRIPTION + +BN_bn2bin() converts the absolute value of B<a> into big-endian form +and stores it at B<to>. B<to> must point to BN_num_bytes(B<a>) bytes of +memory. + +BN_bin2bn() converts the positive integer in big-endian form of length +B<len> at B<s> into a B<BIGNUM> and places it in B<ret>. If B<ret> is +NULL, a new B<BIGNUM> is created. + +BN_bn2hex() and BN_bn2dec() return printable strings containing the +hexadecimal and decimal encoding of B<a> respectively. For negative +numbers, the string is prefaced with a leading '-'. The string must be +Free()d later. + +BN_hex2bn() converts the string B<str> containing a hexadecimal number +to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new +B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's +length in hexadecimal digits. If the string starts with '-', the +number is negative. BN_dec2bn() is the same using the decimal system. + +BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>, +with a leading '-' for negative numbers, to the B<BIO> or B<FILE> +B<fp>. + +BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format +that consists of the number's length in bytes represented as a 3-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the MSB set is prefixed with null byte). + +BN_bn2mpi() stores the representation of B<a> at B<to>, where B<to> +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(B<a>, NULL). + +BN_mpi2bn() converts the B<len> bytes long representation at B<s> to +a B<BIGNUM> and stores it at B<ret>, or in a newly allocated B<BIGNUM> +if B<ret> is NULL. + +=head1 RETURN VALUES + +BN_bn2bin() returns the length of the big-endian number placed at B<to>. +BN_bin2bn() returns the B<BIGNUM>, NULL on error. + +BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL +on error. BN_hex2bn() and BN_dec2bn() return the number's length in +hexadecimal or decimal digits, and 0 on error. + +BN_print_fp() and BN_print() return 1 on success, 0 on write errors. + +BN_bn2mpi() returns the length of the representation. BN_mpi2bn() +returns the B<BIGNUM>, and NULL on error. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>, +L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>, +L<BN_num_bytes(3)|BN_num_bytes(3)> + +=head1 HISTORY + +BN_bn2bin(), BN_bin2bn(), BN_print_fp() and BN_print() are available +in all versions of SSLeay and OpenSSL. + +BN_bn2hex(), BN_bn2dec(), BN_hex2bn(), BN_dec2bn(), BN_bn2mpi() and +BN_mpi2bn() were added in SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_cmp.pod b/lib/libssl/src/doc/crypto/BN_cmp.pod new file mode 100644 index 00000000000..23e9ed0b4f9 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_cmp.pod @@ -0,0 +1,48 @@ +=pod + +=head1 NAME + +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_cmp(BIGNUM *a, BIGNUM *b); + int BN_ucmp(BIGNUM *a, BIGNUM *b); + + int BN_is_zero(BIGNUM *a); + int BN_is_one(BIGNUM *a); + int BN_is_word(BIGNUM *a, BN_ULONG w); + int BN_is_odd(BIGNUM *a); + +=head1 DESCRIPTION + +BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their +absolute values. + +BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1, +or B<w> respectively. BN_is_odd() tests if a is odd. + +BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. + +=head1 RETURN VALUES + +BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if +B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values +of B<a> and B<b>. + +BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if +the condition is true, 0 otherwise. + +=head1 SEE ALSO + +L<bn(3)|bn(3)> + +=head1 HISTORY + +BN_cmp(), BN_ucmp(), BN_is_zero(), BN_is_one() and BN_is_word() are +available in all versions of SSLeay and OpenSSL. +BN_is_odd() was added in SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_copy.pod b/lib/libssl/src/doc/crypto/BN_copy.pod new file mode 100644 index 00000000000..8ad25e7834f --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_copy.pod @@ -0,0 +1,34 @@ +=pod + +=head1 NAME + +BN_copy, BN_dup - copy BIGNUMs + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); + + BIGNUM *BN_dup(const BIGNUM *from); + +=head1 DESCRIPTION + +BN_copy() copies B<from> to B<to>. BN_dup() creates a new B<BIGNUM> +containing the value B<from>. + +=head1 RETURN VALUES + +BN_copy() returns B<to> on success, NULL on error. BN_dup() returns +the new B<BIGNUM>, and NULL on error. The error codes can be obtained +by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)> + +=head1 HISTORY + +BN_copy() and BN_dup() are available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_generate_prime.pod b/lib/libssl/src/doc/crypto/BN_generate_prime.pod new file mode 100644 index 00000000000..638f6514ee8 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_generate_prime.pod @@ -0,0 +1,102 @@ +=pod + +=head1 NAME + +BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, + BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); + + int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, + void *), BN_CTX *ctx, void *cb_arg); + + int BN_is_prime_fasttest(const BIGNUM *a, int checks, + void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg, + int do_trial_division); + +=head1 DESCRIPTION + +BN_generate_prime() generates a pseudo-random prime number of B<num> +bits. +If B<ret> is not B<NULL>, it will be used to store the number. + +If B<callback> is not B<NULL>, it is called as follows: + +=over 4 + +=item * + +B<callback(0, i, cb_arg)> is called after generating the i-th +potential prime number. + +=item * + +While the number is being tested for primality, B<callback(1, j, +cb_arg)> is called as described below. + +=item * + +When a prime has been found, B<callback(2, i, cb_arg)> is called. + +=back + +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: + +If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add> +== B<rem> (p % B<add> == 1 if B<rem> == B<NULL>) in order to suit a given +generator. + +If B<safe> is true, it will be a safe prime (i.e. a prime p so +that (p-1)/2 is also prime). + +The PRNG must be seeded prior to calling BN_generate_prime(). +The prime number generation has a negligible error probability. + +BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is +prime. The following tests are performed until one of them shows that +B<a> is composite; if B<a> passes all these tests, it is considered +prime. + +BN_is_prime_fasttest(), when called with B<do_trial_division == 1>, +first attempts trial division by a number of small primes; +if no divisors are found by this test and B<callback> is not B<NULL>, +B<callback(1, -1, cb_arg)> is called. +If B<do_trial_division == 0>, this test is skipped. + +Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin +probabilistic primality test with B<checks> iterations. If +B<checks == BN_prime_check>, a number of iterations is used that +yields a false positive rate of at most 2^-80 for random input. + +If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called +after the j-th iteration (j = 0, 1, ...). B<ctx> is a +pre-allocated B<BN_CTX> (to save the overhead of allocating and +freeing the structure in a loop), or B<NULL>. + +=head1 RETURN VALUES + +BN_generate_prime() returns the prime number on success, B<NULL> otherwise. + +BN_is_prime() returns 0 if the number is composite, 1 if it is +prime with an error probability of less than 0.25^B<checks>, and +-1 on error. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)> + +=head1 HISTORY + +The B<cb_arg> arguments to BN_generate_prime() and to BN_is_prime() +were added in SSLeay 0.9.0. The B<ret> argument to BN_generate_prime() +was added in SSLeay 0.9.1. +BN_is_prime_fasttest() was added in OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_mod_inverse.pod b/lib/libssl/src/doc/crypto/BN_mod_inverse.pod new file mode 100644 index 00000000000..49e62daf9f2 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_mod_inverse.pod @@ -0,0 +1,36 @@ +=pod + +=head1 NAME + +BN_mod_inverse - compute inverse modulo n + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx); + +=head1 DESCRIPTION + +BN_mod_inverse() computes the inverse of B<a> modulo B<n> +places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL, +a new B<BIGNUM> is created. + +B<ctx> is a previously allocated B<BN_CTX> used for temporary +variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>. + +=head1 RETURN VALUES + +BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and +NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)> + +=head1 HISTORY + +BN_mod_inverse() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod b/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod new file mode 100644 index 00000000000..0f0c1375af2 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod @@ -0,0 +1,95 @@ +=pod + +=head1 NAME + +BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init, +BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, +BN_from_montgomery, BN_to_montgomery - Montgomery multiplication + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BN_MONT_CTX *BN_MONT_CTX_new(void); + void BN_MONT_CTX_init(BN_MONT_CTX *ctx); + void BN_MONT_CTX_free(BN_MONT_CTX *mont); + + int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); + BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); + + int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); + + int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); + + int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); + +=head1 DESCRIPTION + +These functions implement Montgomery multiplication. They are used +automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus. + +BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure. +BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>. + +BN_MONT_CTX_set() sets up the B<mont> structure from the modulus B<m> +by precomputing its inverse and a value R. + +BN_MONT_CTX_copy() copies the B<N_MONT_CTX> B<from> to B<to>. + +BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if +it was created by BN_MONT_CTX_new(), also the structure itself. + +BN_mod_mul_montgomery() computes Mont(B<a>,B<b>):=B<a>*B<b>*R^-1 and places +the result in B<r>. + +BN_from_montgomery() performs the Montgomery reduction B<r> = B<a>*R^-1. + +BN_to_montgomery() computes Mont(B<a>,R^2). + +For all functions, B<ctx> is a previously allocated B<BN_CTX> used for +temporary variables. + +The B<BN_MONT_CTX> structure is defined as follows: + + typedef struct bn_mont_ctx_st + { + int ri; /* number of bits in R */ + BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0; /* least significant word of Ni */ + int flags; + } BN_MONT_CTX; + +BN_to_montgomery() is a macro. + +=head1 RETURN VALUES + +BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL +on error. + +BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values. + +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>, +L<BN_CTX_new(3)|BN_CTX_new(3)> + +=head1 HISTORY + +BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(), +BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery() +are available in all versions of SSLeay and OpenSSL. + +BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod b/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod new file mode 100644 index 00000000000..32432ce4e68 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod @@ -0,0 +1,81 @@ +=pod + +=head1 NAME + +BN_mod_mul_reciprocal, BN_RECP_CTX_new, BN_RECP_CTX_init, +BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using +reciprocal + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BN_RECP_CTX *BN_RECP_CTX_new(void); + void BN_RECP_CTX_init(BN_RECP_CTX *recp); + void BN_RECP_CTX_free(BN_RECP_CTX *recp); + + int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); + + int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, + BN_CTX *ctx); + + int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, + BN_RECP_CTX *recp, BN_CTX *ctx); + +=head1 DESCRIPTION + +BN_mod_mul_reciprocal() can be used to perform an efficient +L<BN_mod_mul(3)|BN_mod_mul(3)> operation when the operation will be performed +repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m> +using B<recp>=1/B<m>, which is set as described below. B<ctx> is a +previously allocated B<BN_CTX> used for temporary variables. + +BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure. +BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>. + +BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it +was created by BN_RECP_CTX_new(), also the structure itself. + +BN_RECP_CTX_set() stores B<m> in B<recp> and sets it up for computing +1/B<m> and shifting it left by BN_num_bits(B<m>)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in B<recp>. + +BN_div_recp() divides B<a> by B<m> using B<recp>. It places the quotient +in B<dv> and the remainder in B<rem>. + +The B<BN_RECP_CTX> structure is defined as follows: + + typedef struct bn_recp_ctx_st + { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; + } BN_RECP_CTX; + +It cannot be shared between threads. + +=head1 RETURN VALUES + +BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL +on error. + +BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values. + +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>, +L<BN_CTX_new(3)|BN_CTX_new(3)> + +=head1 HISTORY + +B<BN_RECP_CTX> was added in SSLeay 0.9.0. Before that, the function +BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal() +arguments were different. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_new.pod b/lib/libssl/src/doc/crypto/BN_new.pod new file mode 100644 index 00000000000..c1394ff2a37 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_new.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BIGNUM *BN_new(void); + + void BN_init(BIGNUM *); + + void BN_clear(BIGNUM *a); + + void BN_free(BIGNUM *a); + + void BN_clear_free(BIGNUM *a); + +=head1 DESCRIPTION + +BN_new() allocated and initializes a B<BIGNUM> structure. BN_init() +initializes an existing uninitialized B<BIGNUM>. + +BN_clear() is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by B<a> and sets it +to the value 0. + +BN_free() frees the components of the B<BIGNUM>, and if it was created +by BN_new(), also the structure itself. BN_clear_free() additionally +overwrites the data before the memory is returned to the system. + +=head1 RETURN VALUES + +BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails, +it returns B<NULL> and sets an error code that can be obtained +by L<ERR_get_error(3)|ERR_get_error(3)>. + +BN_init(), BN_clear(), BN_free() and BN_clear_free() have no return +values. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)> + +=head1 HISTORY + +BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in +all versions on SSLeay and OpenSSL. BN_init() was added in SSLeay +0.9.1b. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_num_bytes.pod b/lib/libssl/src/doc/crypto/BN_num_bytes.pod new file mode 100644 index 00000000000..61589fb9aca --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_num_bytes.pod @@ -0,0 +1,37 @@ +=pod + +=head1 NAME + +BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_num_bytes(const BIGNUM *a); + + int BN_num_bits(const BIGNUM *a); + + int BN_num_bits_word(BN_ULONG w); + +=head1 DESCRIPTION + +These functions return the size of a B<BIGNUM> in bytes or bits, +and the size of an unsigned integer in bits. + +BN_num_bytes() is a macro. + +=head1 RETURN VALUES + +The size. + +=head1 SEE ALSO + +L<bn(3)|bn(3)> + +=head1 HISTORY + +BN_num_bytes(), BN_num_bits() and BN_num_bits_word() are available in +all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_rand.pod b/lib/libssl/src/doc/crypto/BN_rand.pod new file mode 100644 index 00000000000..33363c981f6 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_rand.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +BN_rand, BN_pseudo_rand - generate pseudo-random number + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); + + int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); + +=head1 DESCRIPTION + +BN_rand() generates a cryptographically strong pseudo-random number of +B<bits> bits in length and stores it in B<rnd>. If B<top> is true, the +two most significant bits of the number will be set to 1, so that the +product of two such random numbers will always have 2*B<bits> length. +If B<bottom> is true, the number will be odd. + +BN_pseudo_rand() does the same, but pseudo-random numbers generated by +this function are not necessarily unpredictable. They can be used for +non-cryptographic purposes and for certain purposes in cryptographic +protocols, but usually not for key generation etc. + +The PRNG must be seeded prior to calling BN_rand(). + +=head1 RETURN VALUES + +BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error. +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, +L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> + +=head1 HISTORY + +BN_rand() is available in all versions of SSLeay and OpenSSL. +BN_pseudo_rand() was added in OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_set_bit.pod b/lib/libssl/src/doc/crypto/BN_set_bit.pod new file mode 100644 index 00000000000..b7c47b9b015 --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_set_bit.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, +BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_set_bit(BIGNUM *a, int n); + int BN_clear_bit(BIGNUM *a, int n); + + int BN_is_bit_set(const BIGNUM *a, int n); + + int BN_mask_bits(BIGNUM *a, int n); + + int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); + int BN_lshift1(BIGNUM *r, BIGNUM *a); + + int BN_rshift(BIGNUM *r, BIGNUM *a, int n); + int BN_rshift1(BIGNUM *r, BIGNUM *a); + +=head1 DESCRIPTION + +BN_set_bit() sets bit B<n> in B<a> to 1 (C<a|=(1E<lt>E<lt>n)>). The +number is expanded if necessary. + +BN_clear_bit() sets bit B<n> in B<a> to 0 (C<a&=~(1E<lt>E<lt>n)>). An +error occurs if B<a> is shorter than B<n> bits. + +BN_is_bit_set() tests if bit B<n> in B<a> is set. + +BN_mask_bits() truncates B<a> to an B<n> bit number +(C<a&=~((~0)E<gt>E<gt>n)>). An error occurs if B<a> already is +shorter than B<n> bits. + +BN_lshift() shifts B<a> left by B<n> bits and places the result in +B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places +the result in B<r> (C<r=2*a>). + +BN_rshift() shifts B<a> right by B<n> bits and places the result in +B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places +the result in B<r> (C<r=a/2>). + +For the shift functions, B<r> and B<a> may be the same variable. + +=head1 RETURN VALUES + +BN_is_bit_set() returns 1 if the bit is set, 0 otherwise. + +All other functions return 1 for success, 0 on error. The error codes +can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)> + +=head1 HISTORY + +BN_set_bit(), BN_clear_bit(), BN_is_bit_set(), BN_mask_bits(), +BN_lshift(), BN_lshift1(), BN_rshift(), and BN_rshift1() are available +in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_zero.pod b/lib/libssl/src/doc/crypto/BN_zero.pod new file mode 100644 index 00000000000..165fd9a228c --- /dev/null +++ b/lib/libssl/src/doc/crypto/BN_zero.pod @@ -0,0 +1,55 @@ +=pod + +=head1 NAME + +BN_zero, BN_one, BN_set_word, BN_get_word - BIGNUM assignment operations + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + int BN_zero(BIGNUM *a); + int BN_one(BIGNUM *a); + + BIGNUM *BN_value_one(void); + + int BN_set_word(BIGNUM *a, unsigned long w); + unsigned long BN_get_word(BIGNUM *a); + +=head1 DESCRIPTION + +BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and +B<w> respectively. BN_zero() and BN_one() are macros. + +BN_value_one() returns a B<BIGNUM> constant of value 1. This constant +is useful for use in comparisons and assignment. + +BN_get_word() returns B<a>, if it can be represented as an unsigned +long. + +=head1 RETURN VALUES + +BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot +be represented as an unsigned long. + +BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise. +BN_value_one() returns the constant. + +=head1 BUGS + +Someone might change the constant. + +If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an +unsigned long but this value is also returned on error. + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)> + +=head1 HISTORY + +BN_zero(), BN_one() and BN_set_word() are available in all versions of +SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in +SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod b/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod new file mode 100644 index 00000000000..1bd5bed67d7 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data functions + +=head1 SYNOPSIS + + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); + + void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); + +=head1 DESCRIPTION + +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. + +These functions should only be used by applications to manipulate +B<CRYPTO_EX_DATA> structures passed to the B<new_func()>, B<free_func()> and +B<dup_func()> callbacks: as passed to B<RSA_get_ex_new_index()> for example. + +B<CRYPTO_set_ex_data()> is used to set application specific data, the data is +supplied in the B<arg> parameter and its precise meaning is up to the +application. + +B<CRYPTO_get_ex_data()> is used to retrieve application specific data. The data +is returned to the application, this will be the same value as supplied to +a previous B<CRYPTO_set_ex_data()> call. + +=head1 RETURN VALUES + +B<CRYPTO_set_ex_data()> returns 1 on success or 0 on failure. + +B<CRYPTO_get_ex_data()> returns the application data or 0 on failure. 0 may also +be valid application data but currently it can only fail if given an invalid B<idx> +parameter. + +On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, +L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>, +L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)> + +=head1 HISTORY + +CRYPTO_set_ex_data() and CRYPTO_get_ex_data() have been available since SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/DH_generate_key.pod b/lib/libssl/src/doc/crypto/DH_generate_key.pod new file mode 100644 index 00000000000..920995b2e5a --- /dev/null +++ b/lib/libssl/src/doc/crypto/DH_generate_key.pod @@ -0,0 +1,50 @@ +=pod + +=head1 NAME + +DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + int DH_generate_key(DH *dh); + + int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); + +=head1 DESCRIPTION + +DH_generate_key() performs the first step of a Diffie-Hellman key +exchange by generating private and public DH values. By calling +DH_compute_key(), these are combined with the other party's public +value to compute the shared key. + +DH_generate_key() expects B<dh> to contain the shared parameters +B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value +unless B<dh-E<gt>priv_key> is already set, and computes the +corresponding public value B<dh-E<gt>pub_key>, which can then be +published. + +DH_compute_key() computes the shared secret from the private DH value +in B<dh> and the other party's public value in B<pub_key> and stores +it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory. + +=head1 RETURN VALUES + +DH_generate_key() returns 1 on success, 0 otherwise. + +DH_compute_key() returns the size of the shared secret on success, -1 +on error. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> + +=head1 HISTORY + +DH_generate_key() and DH_compute_key() are available in all versions +of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/DH_generate_parameters.pod b/lib/libssl/src/doc/crypto/DH_generate_parameters.pod new file mode 100644 index 00000000000..a7d0c75f0cb --- /dev/null +++ b/lib/libssl/src/doc/crypto/DH_generate_parameters.pod @@ -0,0 +1,72 @@ +=pod + +=head1 NAME + +DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int, int, void *), void *cb_arg); + + int DH_check(DH *dh, int *codes); + +=head1 DESCRIPTION + +DH_generate_parameters() generates Diffie-Hellman parameters that can +be shared among a group of users, and returns them in a newly +allocated B<DH> structure. The pseudo-random number generator must be +seeded prior to calling DH_generate_parameters(). + +B<prime_len> is the length in bits of the safe prime to be generated. +B<generator> is a small number E<gt> 1, typically 2 or 5. + +A callback function may be used to provide feedback about the progress +of the key generation. If B<callback> is not B<NULL>, it will be +called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime +number is generated, and when a prime has been found, B<callback(3, +0, cb_arg)> is called. + +DH_check() validates Diffie-Hellman parameters. It checks that B<p> is +a safe prime, and that B<g> is a suitable generator. In the case of an +error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or +DH_NOT_SUITABLE_GENERATOR are set in B<*codes>. +DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be +checked, i.e. it does not equal 2 or 5. + +=head1 RETURN VALUES + +DH_generate_parameters() returns a pointer to the DH structure, or +NULL if the parameter generation fails. The error codes can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +DH_check() returns 1 if the check could be performed, 0 otherwise. + +=head1 NOTES + +DH_generate_parameters() may run for several hours before finding a +suitable prime. + +The parameters generated by DH_generate_parameters() are not to be +used in signature schemes. + +=head1 BUGS + +If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not +a usable generator. + +=head1 SEE ALSO + +L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)> + +=head1 HISTORY + +DH_check() is available in all versions of SSLeay and OpenSSL. +The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0. + +In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used +instead of DH_CHECK_P_NOT_SAFE_PRIME. + +=cut diff --git a/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod b/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod new file mode 100644 index 00000000000..82e2548bcdf --- /dev/null +++ b/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod @@ -0,0 +1,36 @@ +=pod + +=head1 NAME + +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + int DH_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + int DH_set_ex_data(DH *d, int idx, void *arg); + + char *DH_get_ex_data(DH *d, int idx); + +=head1 DESCRIPTION + +These functions handle application specific data in DH +structures. Their usage is identical to that of +RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() +as described in L<RSA_get_ex_new_index(3)>. + +=head1 SEE ALSO + +L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)> + +=head1 HISTORY + +DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are +available since OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/DH_new.pod b/lib/libssl/src/doc/crypto/DH_new.pod new file mode 100644 index 00000000000..64624b9d156 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DH_new.pod @@ -0,0 +1,40 @@ +=pod + +=head1 NAME + +DH_new, DH_free - allocate and free DH objects + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + DH* DH_new(void); + + void DH_free(DH *dh); + +=head1 DESCRIPTION + +DH_new() allocates and initializes a B<DH> structure. + +DH_free() frees the B<DH> structure and its components. The values are +erased before the memory is returned to the system. + +=head1 RETURN VALUES + +If the allocation fails, DH_new() returns B<NULL> and sets an error +code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns +a pointer to the newly allocated structure. + +DH_free() returns no value. + +=head1 SEE ALSO + +L<dh(3)|dh(3)>, L<err(3)|err(3)>, +L<DH_generate_parameters(3)|DH_generate_parameters(3)>, +L<DH_generate_key(3)|DH_generate_key(3)> + +=head1 HISTORY + +DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/DH_set_method.pod b/lib/libssl/src/doc/crypto/DH_set_method.pod new file mode 100644 index 00000000000..dca41d8dbc8 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DH_set_method.pod @@ -0,0 +1,99 @@ +=pod + +=head1 NAME + +DH_set_default_method, DH_get_default_method, DH_set_method, +DH_new_method, DH_OpenSSL - select DH method + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + void DH_set_default_method(DH_METHOD *meth); + + DH_METHOD *DH_get_default_method(void); + + DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); + + DH *DH_new_method(DH_METHOD *meth); + + DH_METHOD *DH_OpenSSL(void); + +=head1 DESCRIPTION + +A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. + +Initially, the default is to use the OpenSSL internal implementation. +DH_OpenSSL() returns a pointer to that method. + +DH_set_default_method() makes B<meth> the default method for all B<DH> +structures created later. + +DH_get_default_method() returns a pointer to the current default +method. + +DH_set_method() selects B<meth> for all operations using the structure B<dh>. + +DH_get_method() returns a pointer to the method currently selected +for B<dh>. + +DH_new_method() allocates and initializes a B<DH> structure so that +B<method> will be used for the DH operations. If B<method> is B<NULL>, +the default method is used. + +=head1 THE DH_METHOD STRUCTURE + + typedef struct dh_meth_st + { + /* name of the implementation */ + const char *name; + + /* generate private and public DH values for key agreement */ + int (*generate_key)(DH *dh); + + /* compute shared secret */ + int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); + + /* compute r = a ^ p mod m. May be NULL */ + int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + + /* called at DH_new */ + int (*init)(DH *dh); + + /* called at DH_free */ + int (*finish)(DH *dh); + + int flags; + + char *app_data; /* ?? */ + + } DH_METHOD; + +=head1 RETURN VALUES + +DH_OpenSSL(), DH_get_default_method() and DH_get_method() return +pointers to the respective B<DH_METHOD>s. + +DH_set_default_method() returns no value. + +DH_set_method() returns a pointer to the B<DH_METHOD> previously +associated with B<dh>. + +DH_new_method() returns B<NULL> and sets an error code that can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. + +=head1 SEE ALSO + +L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)> + +=head1 HISTORY + +DH_set_default_method(), DH_get_default_method(), DH_set_method(), +DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. + +=cut diff --git a/lib/libssl/src/doc/crypto/DH_size.pod b/lib/libssl/src/doc/crypto/DH_size.pod new file mode 100644 index 00000000000..97f26fda785 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DH_size.pod @@ -0,0 +1,33 @@ +=pod + +=head1 NAME + +DH_size - get Diffie-Hellman prime size + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + int DH_size(DH *dh); + +=head1 DESCRIPTION + +This function returns the Diffie-Hellman size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by DH_compute_key(). + +B<dh-E<gt>p> must not be B<NULL>. + +=head1 RETURN VALUE + +The size in bytes. + +=head1 SEE ALSO + +L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)> + +=head1 HISTORY + +DH_size() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_SIG_new.pod b/lib/libssl/src/doc/crypto/DSA_SIG_new.pod new file mode 100644 index 00000000000..671655554a5 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_SIG_new.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + DSA_SIG *DSA_SIG_new(void); + + void DSA_SIG_free(DSA_SIG *a); + +=head1 DESCRIPTION + +DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure. + +DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The +values are erased before the memory is returned to the system. + +=head1 RETURN VALUES + +If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an +error code that can be obtained by +L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer +to the newly allocated structure. + +DSA_SIG_free() returns no value. + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)> + +=head1 HISTORY + +DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_do_sign.pod b/lib/libssl/src/doc/crypto/DSA_do_sign.pod new file mode 100644 index 00000000000..a24fd5714ef --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_do_sign.pod @@ -0,0 +1,47 @@ +=pod + +=head1 NAME + +DSA_do_sign, DSA_do_verify - raw DSA signature operations + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); + + int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +=head1 DESCRIPTION + +DSA_do_sign() computes a digital signature on the B<len> byte message +digest B<dgst> using the private key B<dsa> and returns it in a +newly allocated B<DSA_SIG> structure. + +L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part +of the signing operation in case signature generation is +time-critical. + +DSA_do_verify() verifies that the signature B<sig> matches a given +message digest B<dgst> of size B<len>. B<dsa> is the signer's public +key. + +=head1 RETURN VALUES + +DSA_do_sign() returns the signature, NULL on error. DSA_do_verify() +returns 1 for a valid signature, 0 for an incorrect signature and -1 +on error. The error codes can be obtained by +L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, +L<DSA_SIG_new(3)|DSA_SIG_new(3)>, +L<DSA_sign(3)|DSA_sign(3)> + +=head1 HISTORY + +DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_dup_DH.pod b/lib/libssl/src/doc/crypto/DSA_dup_DH.pod new file mode 100644 index 00000000000..29cb1075d11 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_dup_DH.pod @@ -0,0 +1,36 @@ +=pod + +=head1 NAME + +DSA_dup_DH - create a DH structure out of DSA structure + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + DH * DSA_dup_DH(DSA *r); + +=head1 DESCRIPTION + +DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q +is lost during that conversion, but the resulting DH parameters +contain its length. + +=head1 RETURN VALUE + +DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The +error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 NOTE + +Be careful to avoid small subgroup attacks when using this. + +=head1 SEE ALSO + +L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)> + +=head1 HISTORY + +DSA_dup_DH() was added in OpenSSL 0.9.4. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_generate_key.pod b/lib/libssl/src/doc/crypto/DSA_generate_key.pod new file mode 100644 index 00000000000..52890db5be2 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_generate_key.pod @@ -0,0 +1,33 @@ +=pod + +=head1 NAME + +DSA_generate_key - generate DSA key pair + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + int DSA_generate_key(DSA *a); + +=head1 DESCRIPTION + +DSA_generate_key() expects B<a> to contain DSA parameters. It generates +a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>. + +The PRNG must be seeded prior to calling DSA_generate_key(). + +=head1 RETURN VALUE + +DSA_generate_key() returns 1 on success, 0 otherwise. +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> + +=head1 HISTORY + +DSA_generate_key() is available since SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_generate_parameters.pod b/lib/libssl/src/doc/crypto/DSA_generate_parameters.pod new file mode 100644 index 00000000000..43f60b0eb95 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_generate_parameters.pod @@ -0,0 +1,105 @@ +=pod + +=head1 NAME + +DSA_generate_parameters - generate DSA parameters + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + DSA *DSA_generate_parameters(int bits, unsigned char *seed, + int seed_len, int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), void *cb_arg); + +=head1 DESCRIPTION + +DSA_generate_parameters() generates primes p and q and a generator g +for use in the DSA. + +B<bits> is the length of the prime to be generated; the DSS allows a +maximum of 1024 bits. + +If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be +generated at random. Otherwise, the seed is used to generate +them. If the given seed does not yield a prime q, a new random +seed is chosen and placed at B<seed>. + +DSA_generate_parameters() places the iteration count in +*B<counter_ret> and a counter used for finding a generator in +*B<h_ret>, unless these are B<NULL>. + +A callback function may be used to provide feedback about the progress +of the key generation. If B<callback> is not B<NULL>, it will be +called as follows: + +=over 4 + +=item * + +When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called +(m is 0 for the first candidate). + +=item * + +When a candidate for q has passed a test by trial division, +B<callback(1, -1, cb_arg)> is called. +While a candidate for q is tested by Miller-Rabin primality tests, +B<callback(1, i, cb_arg)> is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). + +=item * + +When a prime q has been found, B<callback(2, 0, cb_arg)> and +B<callback(3, 0, cb_arg)> are called. + +=item * + +Before a candidate for p (other than the first) is generated and tested, +B<callback(0, counter, cb_arg)> is called. + +=item * + +When a candidate for p has passed the test by trial division, +B<callback(1, -1, cb_arg)> is called. +While it is tested by the Miller-Rabin primality test, +B<callback(1, i, cb_arg)> is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). + +=item * + +When p has been found, B<callback(2, 1, cb_arg)> is called. + +=item * + +When the generator has been found, B<callback(3, 1, cb_arg)> is called. + +=back + +=head1 RETURN VALUE + +DSA_generate_parameters() returns a pointer to the DSA structure, or +B<NULL> if the parameter generation fails. The error codes can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 BUGS + +Seed lengths E<gt> 20 are not supported. + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, +L<DSA_free(3)|DSA_free(3)> + +=head1 HISTORY + +DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg> +argument was added in SSLeay 0.9.0. +In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called +in the inner loop of the Miller-Rabin test whenever it reached the +squaring step (the parameters to B<callback> did not reveal how many +witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)> +is called as in BN_is_prime(3), i.e. once for each witness. +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod b/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod new file mode 100644 index 00000000000..4612e708ecc --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod @@ -0,0 +1,36 @@ +=pod + +=head1 NAME + +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures + +=head1 SYNOPSIS + + #include <openssl/DSA.h> + + int DSA_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + int DSA_set_ex_data(DSA *d, int idx, void *arg); + + char *DSA_get_ex_data(DSA *d, int idx); + +=head1 DESCRIPTION + +These functions handle application specific data in DSA +structures. Their usage is identical to that of +RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() +as described in L<RSA_get_ex_new_index(3)>. + +=head1 SEE ALSO + +L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)> + +=head1 HISTORY + +DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are +available since OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_new.pod b/lib/libssl/src/doc/crypto/DSA_new.pod new file mode 100644 index 00000000000..7dde54445b7 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_new.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +DSA_new, DSA_free - allocate and free DSA objects + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + DSA* DSA_new(void); + + void DSA_free(DSA *dsa); + +=head1 DESCRIPTION + +DSA_new() allocates and initializes a B<DSA> structure. + +DSA_free() frees the B<DSA> structure and its components. The values are +erased before the memory is returned to the system. + +=head1 RETURN VALUES + +If the allocation fails, DSA_new() returns B<NULL> and sets an error +code that can be obtained by +L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer +to the newly allocated structure. + +DSA_free() returns no value. + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, +L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, +L<DSA_generate_key(3)|DSA_generate_key(3)> + +=head1 HISTORY + +DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_set_method.pod b/lib/libssl/src/doc/crypto/DSA_set_method.pod new file mode 100644 index 00000000000..0b13ec9237c --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_set_method.pod @@ -0,0 +1,111 @@ +=pod + +=head1 NAME + +DSA_set_default_method, DSA_get_default_method, DSA_set_method, +DSA_new_method, DSA_OpenSSL - select RSA method + +=head1 SYNOPSIS + + #include <openssl/DSA.h> + + void DSA_set_default_method(DSA_METHOD *meth); + + DSA_METHOD *DSA_get_default_method(void); + + DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); + + DSA *DSA_new_method(DSA_METHOD *meth); + + DSA_METHOD *DSA_OpenSSL(void); + +=head1 DESCRIPTION + +A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. + +Initially, the default is to use the OpenSSL internal implementation. +DSA_OpenSSL() returns a pointer to that method. + +DSA_set_default_method() makes B<meth> the default method for all B<DSA> +structures created later. + +DSA_get_default_method() returns a pointer to the current default +method. + +DSA_set_method() selects B<meth> for all operations using the structure B<DSA>. + +DSA_get_method() returns a pointer to the method currently selected +for B<DSA>. + +DSA_new_method() allocates and initializes a B<DSA> structure so that +B<method> will be used for the DSA operations. If B<method> is B<NULL>, +the default method is used. + +=head1 THE DSA_METHOD STRUCTURE + +struct + { + /* name of the implementation */ + const char *name; + + /* sign */ + DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, + DSA *dsa); + + /* pre-compute k^-1 and r */ + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + + /* verify */ + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + + /* compute rr = a1^p1 * a2^p2 mod m. May be NULL */ + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *in_mont); + + /* compute r = a ^ p mod m. May be NULL */ + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); + + /* called at DSA_new */ + int (*init)(DSA *DSA); + + /* called at DSA_free */ + int (*finish)(DSA *DSA); + + int flags; + + char *app_data; /* ?? */ + + } DSA_METHOD; + +=head1 RETURN VALUES + +DSA_OpenSSL(), DSA_get_default_method() and DSA_get_method() return +pointers to the respective B<DSA_METHOD>s. + +DSA_set_default_method() returns no value. + +DSA_set_method() returns a pointer to the B<DSA_METHOD> previously +associated with B<dsa>. + +DSA_new_method() returns B<NULL> and sets an error code that can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation +fails. Otherwise it returns a pointer to the newly allocated +structure. + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> + +=head1 HISTORY + +DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), +DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_sign.pod b/lib/libssl/src/doc/crypto/DSA_sign.pod new file mode 100644 index 00000000000..f6e60a8ca32 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_sign.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + +DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + int DSA_sign(int type, const unsigned char *dgst, int len, + unsigned char *sigret, unsigned int *siglen, DSA *dsa); + + int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, + BIGNUM **rp); + + int DSA_verify(int type, const unsigned char *dgst, int len, + unsigned char *sigbuf, int siglen, DSA *dsa); + +=head1 DESCRIPTION + +DSA_sign() computes a digital signature on the B<len> byte message +digest B<dgst> using the private key B<dsa> and places its ASN.1 DER +encoding at B<sigret>. The length of the signature is places in +*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory. + +DSA_sign_setup() may be used to precompute part of the signing +operation in case signature generation is time-critical. It expects +B<dsa> to contain DSA parameters. It places the precomputed values +in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing +the old ones unless *B<kinvp> and *B<rp> are NULL. These values may +be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>. +B<ctx> is a pre-allocated B<BN_CTX> or NULL. + +DSA_verify() verifies that the signature B<sigbuf> of size B<siglen> +matches a given message digest B<dgst> of size B<len>. +B<dsa> is the signer's public key. + +The B<type> parameter is ignored. + +The PRNG must be seeded before DSA_sign() (or DSA_sign_setup()) +is called. + +=head1 RETURN VALUES + +DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. +DSA_verify() returns 1 for a valid signature, 0 for an incorrect +signature and -1 on error. The error codes can be obtained by +L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 CONFORMING TO + +US Federal Information Processing Standard FIPS 186 (Digital Signature +Standard, DSS), ANSI X9.30 + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, +L<DSA_do_sign(3)|DSA_do_sign(3)> + +=head1 HISTORY + +DSA_sign() and DSA_verify() are available in all versions of SSLeay. +DSA_sign_setup() was added in SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/DSA_size.pod b/lib/libssl/src/doc/crypto/DSA_size.pod new file mode 100644 index 00000000000..23b6320a4d4 --- /dev/null +++ b/lib/libssl/src/doc/crypto/DSA_size.pod @@ -0,0 +1,33 @@ +=pod + +=head1 NAME + +DSA_size - get DSA signature size + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + int DSA_size(DSA *dsa); + +=head1 DESCRIPTION + +This function returns the size of an ASN.1 encoded DSA signature in +bytes. It can be used to determine how much memory must be allocated +for a DSA signature. + +B<dsa-E<gt>q> must not be B<NULL>. + +=head1 RETURN VALUE + +The size in bytes. + +=head1 SEE ALSO + +L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)> + +=head1 HISTORY + +DSA_size() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod b/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod new file mode 100644 index 00000000000..2a129da036c --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and +reason code + +=head1 SYNOPSIS + + #include <openssl/err.h> + + int ERR_GET_LIB(unsigned long e); + + int ERR_GET_FUNC(unsigned long e); + + int ERR_GET_REASON(unsigned long e); + +=head1 DESCRIPTION + +The error code returned by ERR_get_error() consists of a library +number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC() +and ERR_GET_REASON() can be used to extract these. + +The library number and function code describe where the error +occurred, the reason code is the information about what went wrong. + +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons. + +B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number. + +ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros. + +=head1 RETURN VALUES + +The library number, function code and reason code respectively. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> + +=head1 HISTORY + +ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in +all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_clear_error.pod b/lib/libssl/src/doc/crypto/ERR_clear_error.pod new file mode 100644 index 00000000000..566e1f4e317 --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_clear_error.pod @@ -0,0 +1,29 @@ +=pod + +=head1 NAME + +ERR_clear_error - clear the error queue + +=head1 SYNOPSIS + + #include <openssl/err.h> + + void ERR_clear_error(void); + +=head1 DESCRIPTION + +ERR_clear_error() empties the current thread's error queue. + +=head1 RETURN VALUES + +ERR_clear_error() has no return value. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> + +=head1 HISTORY + +ERR_clear_error() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_error_string.pod b/lib/libssl/src/doc/crypto/ERR_error_string.pod new file mode 100644 index 00000000000..0d2417599cd --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_error_string.pod @@ -0,0 +1,65 @@ +=pod + +=head1 NAME + +ERR_error_string - obtain human-readable error message + +=head1 SYNOPSIS + + #include <openssl/err.h> + + char *ERR_error_string(unsigned long e, char *buf); + + const char *ERR_lib_error_string(unsigned long e); + const char *ERR_func_error_string(unsigned long e); + const char *ERR_reason_error_string(unsigned long e); + +=head1 DESCRIPTION + +ERR_error_string() generates a human-readable string representing the +error code B<e>, and places it at B<buf>. B<buf> must be at least 120 +bytes long. If B<buf> is B<NULL>, the error string is placed in a +static buffer. + +The string will have the following format: + + error:[error code]:[library name]:[function name]:[reason string] + +I<error code> is an 8 digit hexadecimal number, I<library name>, +I<function name> and I<reason string> are ASCII text. + +ERR_lib_error_string(), ERR_func_error_string() and +ERR_reason_error_string() return the library name, function +name and reason string respectively. + +The OpenSSL error strings should be loaded by calling +L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL +applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> +first. +If there is no text string registered for the given error code, +the error string will contain the numeric code. + +L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print +all error codes currently in the queue. + +=head1 RETURN VALUES + +ERR_error_string() returns a pointer to a static buffer containing the +string if B<buf == NULL>, B<buf> otherwise. + +ERR_lib_error_string(), ERR_func_error_string() and +ERR_reason_error_string() return the strings, and B<NULL> if +none is registered for the error code. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, +L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, +L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> +L<ERR_print_errors(3)|ERR_print_errors(3)> + +=head1 HISTORY + +ERR_error_string() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_get_error.pod b/lib/libssl/src/doc/crypto/ERR_get_error.pod new file mode 100644 index 00000000000..75ece00d976 --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_get_error.pod @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + +ERR_get_error, ERR_peek_error - obtain error code + +=head1 SYNOPSIS + + #include <openssl/err.h> + + unsigned long ERR_get_error(void); + unsigned long ERR_peek_error(void); + + unsigned long ERR_get_error_line(const char **file, int *line); + unsigned long ERR_peek_error_line(const char **file, int *line); + + unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); + unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); + +=head1 DESCRIPTION + +ERR_get_error() returns the last error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return. + +ERR_peek_error() returns the last error code from the thread's +error queue without modifying it. + +See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about +location and reason of the error, and +L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error +messages. + +ERR_get_error_line() and ERR_peek_error_line() are the same as the +above, but they additionally store the file name and line number where +the error occurred in *B<file> and *B<line>, unless these are B<NULL>. + +ERR_get_error_line_data() and ERR_peek_error_line_data() store +additional data and flags associated with the error code in *B<data> +and *B<flags>, unless these are B<NULL>. *B<data> contains a string +if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by Malloc(), +*B<flags>&B<ERR_TXT_MALLOCED> is true. + +=head1 RETURN VALUES + +The error code, or 0 if there is no error in the queue. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, +L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> + +=head1 HISTORY + +ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and +ERR_peek_error_line() are available in all versions of SSLeay and +OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data() +were added in SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod b/lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod new file mode 100644 index 00000000000..9bdec75a463 --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod @@ -0,0 +1,46 @@ +=pod + +=head1 NAME + +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings - +load and free error strings + +=head1 SYNOPSIS + + #include <openssl/err.h> + + void ERR_load_crypto_strings(void); + void ERR_free_strings(void); + + #include <openssl/ssl.h> + + void SSL_load_error_strings(void); + +=head1 DESCRIPTION + +ERR_load_crypto_strings() registers the error strings for all +B<libcrypto> functions. SSL_load_error_strings() does the same, +but also registers the B<libssl> error strings. + +One of these functions should be called before generating +textual error messages. However, this is not required when memory +usage is an issue. + +ERR_free_strings() frees all previously loaded error strings. + +=head1 RETURN VALUES + +ERR_load_crypto_strings(), SSL_load_error_strings() and +ERR_free_strings() return no values. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> + +=head1 HISTORY + +ERR_load_error_strings(), SSL_load_error_strings() and +ERR_free_strings() are available in all versions of SSLeay and +OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_load_strings.pod b/lib/libssl/src/doc/crypto/ERR_load_strings.pod new file mode 100644 index 00000000000..5acdd0edbc5 --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_load_strings.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + +ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load +arbitrary error strings + +=head1 SYNOPSIS + + #include <openssl/err.h> + + void ERR_load_strings(int lib, ERR_STRING_DATA str[]); + + int ERR_get_next_error_library(void); + + unsigned long ERR_PACK(int lib, int func, int reason); + +=head1 DESCRIPTION + +ERR_load_strings() registers error strings for library number B<lib>. + +B<str> is an array of error string data: + + typedef struct ERR_string_data_st + { + unsigned long error; + char *string; + } ERR_STRING_DATA; + +The error code is generated from the library number and a function and +reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>). +ERR_PACK() is a macro. + +The last entry in the array is {0,0}. + +ERR_get_next_error_library() can be used to assign library numbers +to user libraries at runtime. + +=head1 RETURN VALUE + +ERR_load_strings() returns no value. ERR_PACK() return the error code. +ERR_get_next_error_library() returns a new library number. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> + +=head1 HISTORY + +ERR_load_error_strings() and ERR_PACK() are available in all versions +of SSLeay and OpenSSL. ERR_get_next_error_library() was added in +SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_print_errors.pod b/lib/libssl/src/doc/crypto/ERR_print_errors.pod new file mode 100644 index 00000000000..b100a5fa2b3 --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_print_errors.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +ERR_print_errors, ERR_print_errors_fp - print error messages + +=head1 SYNOPSIS + + #include <openssl/err.h> + + void ERR_print_errors(BIO *bp); + void ERR_print_errors_fp(FILE *fp); + +=head1 DESCRIPTION + +ERR_print_errors() is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to B<bp>, thus +emptying the error queue. + +ERR_print_errors_fp() is the same, except that the output goes to a +B<FILE>. + + +The error strings will have the following format: + + [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] + +I<error code> is an 8 digit hexadecimal number. I<library name>, +I<function name> and I<reason string> are ASCII text, as is I<optional +text message> if one was set for the respective error code. + +If there is no text string registered for the given error code, +the error string will contain the numeric code. + +=head1 RETURN VALUES + +ERR_print_errors() and ERR_print_errors_fp() return no values. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, +L<ERR_get_error(3)|ERR_get_error(3)>, +L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, +L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> + +=head1 HISTORY + +ERR_print_errors() and ERR_print_errors_fp() +are available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_put_error.pod b/lib/libssl/src/doc/crypto/ERR_put_error.pod new file mode 100644 index 00000000000..acd241fbe47 --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_put_error.pod @@ -0,0 +1,44 @@ +=pod + +=head1 NAME + +ERR_put_error, ERR_add_error_data - record an error + +=head1 SYNOPSIS + + #include <openssl/err.h> + + void ERR_put_error(int lib, int func, int reason, const char *file, + int line); + + void ERR_add_error_data(int num, ...); + +=head1 DESCRIPTION + +ERR_put_error() adds an error code to the thread's error queue. It +signals that the error of reason code B<reason> occurred in function +B<func> of library B<lib>, in line number B<line> of B<file>. +This function is usually called by a macro. + +ERR_add_error_data() associates the concatenation of its B<num> string +arguments with the error code added last. + +L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register +error strings so that the application can a generate human-readable +error messages for the error code. + +=head1 RETURN VALUES + +ERR_put_error() and ERR_add_error_data() return +no values. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> + +=head1 HISTORY + +ERR_put_error() is available in all versions of SSLeay and OpenSSL. +ERR_add_error_data() was added in SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/ERR_remove_state.pod b/lib/libssl/src/doc/crypto/ERR_remove_state.pod new file mode 100644 index 00000000000..ebcdc0f5a5b --- /dev/null +++ b/lib/libssl/src/doc/crypto/ERR_remove_state.pod @@ -0,0 +1,34 @@ +=pod + +=head1 NAME + +ERR_remove_state - free a thread's error queue + +=head1 SYNOPSIS + + #include <openssl/err.h> + + void ERR_remove_state(unsigned long pid); + +=head1 DESCRIPTION + +ERR_remove_state() frees the error queue associated with thread B<pid>. +If B<pid> == 0, the current thread will have its error queue removed. + +Since error queue data structures are allocated automatically for new +threads, they must be freed when threads are terminated in oder to +avoid memory leaks. + +=head1 RETURN VALUE + +ERR_remove_state() returns no value. + +=head1 SEE ALSO + +L<err(3)|err(3)> + +=head1 HISTORY + +ERR_remove_state() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod new file mode 100644 index 00000000000..345b1ddfa79 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod @@ -0,0 +1,197 @@ +=pod + +=head1 NAME + +EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); + void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); + + #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ + + int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); + + #define EVP_MD_type(e) ((e)->type) + #define EVP_MD_pkey_type(e) ((e)->pkey_type) + #define EVP_MD_size(e) ((e)->md_size) + #define EVP_MD_block_size(e) ((e)->block_size) + + #define EVP_MD_CTX_md(e) (e)->digest) + #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) + #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) + #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) + + EVP_MD *EVP_md_null(void); + EVP_MD *EVP_md2(void); + EVP_MD *EVP_md5(void); + EVP_MD *EVP_sha(void); + EVP_MD *EVP_sha1(void); + EVP_MD *EVP_dss(void); + EVP_MD *EVP_dss1(void); + EVP_MD *EVP_mdc2(void); + EVP_MD *EVP_ripemd160(void); + + const EVP_MD *EVP_get_digestbyname(const char *name); + #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) + #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) + +=head1 DESCRIPTION + +The EVP digest routines are a high level interface to message digests. + +EVP_DigestInit() initialises a digest context B<ctx> to use a digest +B<type>: this will typically be supplied by a function such as +EVP_sha1(). + +EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the +digest context B<ctx>. This funtion can be called several times on the +same B<ctx> to hash additional data. + +EVP_DigestFinal() retrieves the digest value from B<ctx> and places +it in B<md>. If the B<s> parameter is not NULL then the number of +bytes of data written (i.e. the length of the digest) will be written +to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written. +After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate() +can be made, but EVP_DigestInit() can be called to initialiase a new +digest operation. + +EVP_MD_CTX_copy() can be used to copy the message digest state from +B<in> to B<out>. This is useful if large amounts of data are to be +hashed which only differ in the last few bytes. + +EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest +when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the +hash. + +EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the +message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure. + +EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER +representing the given message digest when passed an B<EVP_MD> structure. +For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is +normally used when setting ASN1 OIDs. + +EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed +B<EVP_MD_CTX>. + +EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated +with this digest. For example EVP_sha1() is associated with RSA so this will +return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature +algorithms may not be retained in future versions of OpenSSL. + +EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160() +return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest +algorithms respectively. The associated signature algorithm is RSA in each case. + +EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest +algorithms but using DSS (DSA) for the signature algorithm. + +EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it +returns is of zero length. + +EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() +return an B<EVP_MD> structure when passed a digest name, a digest NID or +an ASN1_OBJECT structure respectively. The digest table must be initialised +using, for example, OpenSSL_add_all_digests() for these functions to work. + +=head1 RETURN VALUES + +EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values. + +EVP_MD_CTX_copy() returns 1 if successful or 0 for failure. + +EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the +corresponding OBJECT IDENTIFIER or NID_undef if none exists. + +EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(), +EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block +size in bytes. + +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), +EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the +corresponding EVP_MD structures. + +EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() +return either an B<EVP_MD> structure or NULL if an error occurs. + +=head1 NOTES + +The B<EVP> interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. + +SHA1 is the digest of choice for new applications. The other digest algorithms +are still in common use. + +=head1 EXAMPLE + +This example digests the data "Test Message\n" and "Hello World\n", using the +digest name passed on the command line. + + #include <stdio.h> + #include <openssl/evp.h> + + main(int argc, char *argv[]) + { + EVP_MD_CTX mdctx; + const EVP_MD *md; + char mess1[] = "Test Message\n"; + char mess2[] = "Hello World\n"; + unsigned char md_value[EVP_MAX_MD_SIZE]; + int md_len, i; + + OpenSSL_add_all_digests(); + + if(!argv[1]) { + printf("Usage: mdtest digestname\n"); + exit(1); + } + + md = EVP_get_digestbyname(argv[1]); + + if(!md) { + printf("Unknown message digest %s\n", argv[1]); + exit(1); + } + + EVP_DigestInit(&mdctx, md); + EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); + EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); + EVP_DigestFinal(&mdctx, md_value, &md_len); + + printf("Digest is: "); + for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); + printf("\n"); + } + +=head1 BUGS + +Several of the functions do not return values: maybe they should. Although the +internal digest operations will never fail some future hardware based operations +might. + +The link between digests and signing algorithms results in a situation where +EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS +even though they are identical digests. + +The size of an B<EVP_MD_CTX> structure is determined at compile time: this results +in code that must be recompiled if the size of B<EVP_MD_CTX> increases. + +=head1 SEE ALSO + +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, +L<sha(3)|sha(3)>, L<digest(1)|digest(1)> + +=head1 HISTORY + +EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are +available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod new file mode 100644 index 00000000000..77ed4ccdba2 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod @@ -0,0 +1,224 @@ +=pod + +=head1 NAME + +EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); + void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); + void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + + void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); + void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); + int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + + void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv, int enc); + void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); + int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + + void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); + + const EVP_CIPHER *EVP_get_cipherbyname(const char *name); + #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) + #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + + #define EVP_CIPHER_nid(e) ((e)->nid) + #define EVP_CIPHER_block_size(e) ((e)->block_size) + #define EVP_CIPHER_key_length(e) ((e)->key_len) + #define EVP_CIPHER_iv_length(e) ((e)->iv_len) + + int EVP_CIPHER_type(const EVP_CIPHER *ctx); + #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) + #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) + #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) + #define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) + #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) + #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) + + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +=head1 DESCRIPTION + +The EVP cipher routines are a high level interface to certain +symmetric ciphers. + +EVP_EncryptInit() initialises a cipher context B<ctx> for encryption +with cipher B<type>. B<type> is normally supplied by a function such +as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the +IV to use (if necessary), the actual number of bytes used for the +key and IV depends on the cipher. It is possible to set all parameters +to NULL except B<type> in an initial call and supply the remaining +parameters in subsequent calls. This is normally done when the +EVP_CIPHER_asn1_to_param() function is called to set the cipher +parameters from an ASN1 AlgorithmIdentifier and the key from a +different source. + +EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and +writes the encrypted version to B<out>. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size - 1) so B<outl> should contain sufficient +room. The actual number of bytes written is placed in B<outl>. + +EVP_EncryptFinal() encrypts the "final" data, that is any data that +remains in a partial block. It uses L<standard block padding|/NOTES> (aka PKCS +padding). The encrypted final data is written to B<out> which should +have sufficient space for one cipher block. The number of bytes written +is placed in B<outl>. After this function is called the encryption operation +is finished and no further calls to EVP_EncryptUpdate() should be made. + +EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the +corresponding decryption operations. EVP_DecryptFinal() will return an +error code if the final block is not correctly formatted. The parameters +and restrictions are identical to the encryption operations except that +the decrypted data buffer B<out> passed to EVP_DecryptUpdate() should +have sufficient room for (B<inl> + cipher_block_size) bytes unless the +cipher block size is 1 in which case B<inl> bytes is sufficient. + +EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions +that can be used for decryption or encryption. The operation performed +depends on the value of the B<enc> parameter. It should be set to 1 for +encryption and 0 for decryption. + +EVP_CIPHER_CTX_cleanup() clears all information from a cipher context. +It should be called after all operations using a cipher are complete +so sensitive information does not remain in memory. + +EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() +return an EVP_CIPHER structure when passed a cipher name, a NID or an +ASN1_OBJECT structure. + +EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when +passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The actual NID +value is an internal value which may not have a corresponding OBJECT +IDENTIFIER. + +EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> +structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length +for all ciphers. + +EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>. +It will return zero if the cipher does not use an IV. The constant +B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers. + +EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block +size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> +structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block +length for all ciphers. + +EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed +cipher or context. This "type" is the actual NID of the cipher OBJECT +IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and +128 bit RC2 have the same NID. If the cipher does not have an object +identifier or does not have ASN1 support this function will return +B<NID_undef>. + +EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed +an B<EVP_CIPHER_CTX> structure. + +EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based +on the passed cipher. This will typically include any parameters and an +IV. The cipher IV (if any) must be set when this call is made. This call +should be made before the cipher is actually "used" (before any +EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function +may fail if the cipher does not have any ASN1 support. + +EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1 +AlgorithmIdentifier "parameter". The precise effect depends on the cipher +In the case of RC2, for example, it will set the IV and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example EVP_CipherInit() will be called with the IV and +key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally +EVP_CipherInit() again with all parameters except the key set to NULL. It is +possible for this function to fail if the cipher does not have any ASN1 support +or the parameters cannot be set (for example the RC2 effective key length +does not have an B<EVP_CIPHER> structure). + +=head1 RETURN VALUES + +EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() do not return +values. + +EVP_DecryptInit() and EVP_DecryptUpdate() do not return values. +EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success. + +EVP_CipherInit() and EVP_CipherUpdate() do not return values. +EVP_CipherFinal() returns 1 for a decryption failure or 1 for success, if +the operation is encryption then it always returns 1. + +EVP_CIPHER_CTX_cleanup() does not return a value. + +EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() +return an B<EVP_CIPHER> structure or NULL on error. + +EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID. + +EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block +size. + +EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +length. + +EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +length or zero if the cipher does not use an IV. + +EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's +OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. + +EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure. + +EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for +success or zero for failure. + +=head1 NOTES + +Where possible the B<EVP> interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. + +PKCS padding works by adding B<n> padding bytes of value B<n> to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size B<n> will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added. + +When decrypting the final block is checked to see if it has the correct form. + +Although the decryption operation can produce an error, it is not a strong +test that the input data or key is correct. A random block has better than +1 in 256 chance of being of the correct format and problems with the +input data earlier on will not produce a final decrypt error. + +=head1 BUGS + +The current B<EVP> cipher interface is not as flexible as it should be. Only +certain "spot" encryption algorithms can be used for ciphers which have various +parameters associated with them (RC2, RC5 for example) this is inadequate. + +Several of the functions do not return error codes because the software versions +can never fail. This is not true of hardware versions. + +=head1 SEE ALSO + +L<evp(3)|evp(3)> + +=head1 HISTORY + +=cut diff --git a/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod new file mode 100644 index 00000000000..b0b1058d196 --- /dev/null +++ b/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -0,0 +1,46 @@ +=pod + +=head1 NAME + +OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number + +=head1 SYNOPSIS + + #include <openssl/opensslv.h> + #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL + + #include <openssl/crypto.h> + long SSLeay(void); + +=head1 DESCRIPTION + +OPENSSL_VERSION_NUMBER is a numeric release version identifier: + + MMNNFFRBB major minor fix final beta/patch + +for example + + 0x000904100 == 0.9.4 release + 0x000905000 == 0.9.5 dev + +Versions prior to 0.9.3 have identifiers E<lt> 0x0930. +For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. + +SSLeay() returns this number. The return value can be compared to the +macro to make sure that the correct version of the library has been +loaded, especially when using DLLs on Windows systems. + +=head1 RETURN VALUE + +The version number. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)> + +=head1 HISTORY + +SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL. +OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod b/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod new file mode 100644 index 00000000000..1300fe190c7 --- /dev/null +++ b/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -0,0 +1,65 @@ +=pod + +=head1 NAME + +OpenSSL_add_all_algorithms() - add algorithms to internal table + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + void OpenSSL_add_all_algorithms(void); + void OpenSSL_add_all_ciphers(void); + void OpenSSL_add_all_digests(void); + + void EVP_cleanup(void); + +=head1 DESCRIPTION + +OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as EVP_get_cipher_byname(). + +OpenSSL_add_all_digests() adds all digest algorithms to the table. + +OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and +ciphers). + +OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including +password based encryption algorithms. + +EVP_cleanup() removes all ciphers and digests from the table. + +=head1 RETURN VALUES + +None of the functions return a value. + +=head1 NOTES + +A typical application will will call OpenSSL_add_all_algorithms() initially and +EVP_cleanup() before exiting. + +An application does not need to add algorithms to use them explicitly, for example +by EVP_sha1(). It just needs to add them if it (or any of the functions it calls) +needs to lookup algorithms. + +The cipher and digest lookup functions are used in many parts of the library. If +the table is not initialised several functions will misbehave and complain they +cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. +This is a common query in the OpenSSL mailing lists. + +Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a +statically linked executable can be quite large. If this is important it is possible +to just add the required ciphers and digests. + +=head1 BUGS + +Although the functions do not return error codes it is possible for them to fail. +This will only happen as a result of a memory allocation failure so this is not +too much of a problem in practice. + +=head1 SEE ALSO + +L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>, +L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/RAND_add.pod b/lib/libssl/src/doc/crypto/RAND_add.pod new file mode 100644 index 00000000000..0a13ec2a92b --- /dev/null +++ b/lib/libssl/src/doc/crypto/RAND_add.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG + +=head1 SYNOPSIS + + #include <openssl/rand.h> + + void RAND_seed(const void *buf, int num); + + void RAND_add(const void *buf, int num, double entropy); + + int RAND_status(void); + + void RAND_screen(void); + +=head1 DESCRIPTION + +RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus, +if the data at B<buf> are unpredictable to an adversary, this +increases the uncertainty about the state and makes the PRNG output +less predictable. Suitable input comes from user interaction (random +key presses, mouse movements) and certain hardware events. The +B<entropy> argument is (the lower bound of) an estimate of how much +randomness is contained in B<buf>, measured in bytes. Details about +sources of randomness and how to estimate their entropy can be found +in the literature, e.g. RFC 1750. + +RAND_add() may be called with sensitive data such as user entered +passwords. The seed values cannot be recovered from the PRNG output. + +OpenSSL makes sure that the PRNG state is unique for each thread. On +systems that provide C</dev/urandom>, the randomness device is used +to seed the PRNG transparently. However, on all other systems, the +application is responsible for seeding the PRNG by calling RAND_add(), +L<RAND_egd(3)|RAND_egd(3)> +or L<RAND_load_file(3)|RAND_load_file(3)>. + +RAND_seed() is equivalent to RAND_add() when B<num == entropy>. + +The RAND_screen() function is available for the convenience of Windows +programmers. It adds the current contents of the screen to the PRNG. +For applications that can catch Windows events, seeding the PRNG with +the parameters of B<WM_MOUSEMOVE> events is a significantly better +source of randomness. It should be noted that both methods cannot be +used on servers that run without user interaction. + +=head1 RETURN VALUES + +RAND_status() returns 1 if the PRNG has been seeded with enough data, +0 otherwise. + +The other functions do not return values. + +=head1 SEE ALSO + +L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, +L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> + +=head1 HISTORY + +RAND_seed() and RAND_screen() are available in all versions of SSLeay +and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL +0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/RAND_bytes.pod b/lib/libssl/src/doc/crypto/RAND_bytes.pod new file mode 100644 index 00000000000..b6ebd505278 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RAND_bytes.pod @@ -0,0 +1,46 @@ +=pod + +=head1 NAME + +RAND_bytes, RAND_pseudo_bytes - generate random data + +=head1 SYNOPSIS + + #include <openssl/rand.h> + + int RAND_bytes(unsigned char *buf, int num); + + int RAND_pseudo_bytes(unsigned char *buf, int num); + +=head1 DESCRIPTION + +RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes +into B<buf>. An error occurs if the PRNG has not been seeded with +enough randomness to ensure an unpredictable byte sequence. + +RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>. +Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be +unique if they are of sufficient length, but are not necessarily +unpredictable. They can be used for non-cryptographic purposes and for +certain purposes in cryptographic protocols, but usually not for key +generation etc. + +=head1 RETURN VALUES + +RAND_bytes() returns 1 on success, 0 otherwise. The error code can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the +bytes generated are cryptographically strong, 0 otherwise. Both +functions return -1 if they are not supported by the current RAND +method. + +=head1 SEE ALSO + +L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)> + +=head1 HISTORY + +RAND_bytes() is available in all versions of SSLeay and OpenSSL. It +has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added +in OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/RAND_cleanup.pod b/lib/libssl/src/doc/crypto/RAND_cleanup.pod new file mode 100644 index 00000000000..3a8f0749a8d --- /dev/null +++ b/lib/libssl/src/doc/crypto/RAND_cleanup.pod @@ -0,0 +1,29 @@ +=pod + +=head1 NAME + +RAND_cleanup - erase the PRNG state + +=head1 SYNOPSIS + + #include <openssl/rand.h> + + void RAND_cleanup(void); + +=head1 DESCRIPTION + +RAND_cleanup() erases the memory used by the PRNG. + +=head1 RETURN VALUE + +RAND_cleanup() returns no value. + +=head1 SEE ALSO + +L<rand(3)|rand(3)> + +=head1 HISTORY + +RAND_cleanup() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/RAND_egd.pod b/lib/libssl/src/doc/crypto/RAND_egd.pod new file mode 100644 index 00000000000..a40bd961988 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RAND_egd.pod @@ -0,0 +1,38 @@ +=pod + +=head1 NAME + +RAND_egd - query entropy gathering daemon + +=head1 SYNOPSIS + + #include <openssl/rand.h> + + int RAND_egd(const char *path); + +=head1 DESCRIPTION + +RAND_egd() queries the entropy gathering daemon EGD on socket B<path>. + +EGD is available from http://www.lothar.com/tech/crypto/ (C<perl +Makefile.PL; make; make install> to install). It is run as B<egd> +I<path>, where I<path> is an absolute path designating a socket. When +RAND_egd() is called with that path as an argument, it tries to read +random bytes that EGD has collected. The read is performed in +non-blocking mode. + +=head1 RETURN VALUE + +RAND_egd() returns the number of bytes read from the daemon on +success, and -1 if the connection failed or the daemon did not return +enough data to fully seed the PRNG. + +=head1 SEE ALSO + +L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> + +=head1 HISTORY + +RAND_egd() is available since OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/RAND_load_file.pod b/lib/libssl/src/doc/crypto/RAND_load_file.pod new file mode 100644 index 00000000000..8dd700ca3d4 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RAND_load_file.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file + +=head1 SYNOPSIS + + #include <openssl/rand.h> + + const char *RAND_file_name(char *buf, int num); + + int RAND_load_file(const char *filename, long max_bytes); + + int RAND_write_file(const char *filename); + +=head1 DESCRIPTION + +RAND_file_name() generates a default path for the random seed +file. B<buf> points to a buffer of size B<num> in which to store the +filename. The seed file is $RANDFILE if that environment variable is +set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is +too small for the path name, an error occurs. + +RAND_load_file() reads a number of bytes from file B<filename> and +adds them to the PRNG. If B<max_bytes> is non-negative, +up to to B<max_bytes> are read; starting with OpenSSL 0.9.5, +if B<max_bytes> is -1, the complete file is read. + +RAND_write_file() writes a number of random bytes (currently 1024) to +file B<filename> which can be used to initialize the PRNG by calling +RAND_load_file() in a later session. + +=head1 RETURN VALUES + +RAND_load_file() returns the number of bytes read. + +RAND_write_file() returns the number of bytes written, and -1 if the +bytes written were generated without appropriate seed. + +RAND_file_name() returns a pointer to B<buf> on success, and NULL on +error. + +=head1 SEE ALSO + +L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> + +=head1 HISTORY + +RAND_load_file(), RAND_write_file() and RAND_file_name() are available in +all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod new file mode 100644 index 00000000000..466e9b8767b --- /dev/null +++ b/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod @@ -0,0 +1,57 @@ +=pod + +=head1 NAME + +RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method + +=head1 SYNOPSIS + + #include <openssl/rand.h> + + void RAND_set_rand_method(RAND_METHOD *meth); + + RAND_METHOD *RAND_get_rand_method(void); + + RAND_METHOD *RAND_SSLeay(void); + +=head1 DESCRIPTION + +A B<RAND_METHOD> specifies the functions that OpenSSL uses for random +number generation. By modifying the method, alternative +implementations such as hardware RNGs may be used. Initially, the +default is to use the OpenSSL internal implementation. RAND_SSLeay() +returns a pointer to that method. + +RAND_set_rand_method() sets the RAND method to B<meth>. +RAND_get_rand_method() returns a pointer to the current method. + +=head1 THE RAND_METHOD STRUCTURE + + typedef struct rand_meth_st + { + void (*seed)(const void *buf, int num); + int (*bytes)(unsigned char *buf, int num); + void (*cleanup)(void); + void (*add)(const void *buf, int num, int entropy); + int (*pseudorand)(unsigned char *buf, int num); + } RAND_METHOD; + +The components point to the implementation of RAND_seed(), +RAND_bytes(), RAND_cleanup(), RAND_add() and RAND_pseudo_rand(). +Each component may be NULL if the function is not implemented. + +=head1 RETURN VALUES + +RAND_set_rand_method() returns no value. RAND_get_rand_method() and +RAND_SSLeay() return pointers to the respective methods. + +=head1 SEE ALSO + +L<rand(3)|rand(3)> + +=head1 HISTORY + +RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are +available in all versions of OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_blinding_on.pod b/lib/libssl/src/doc/crypto/RSA_blinding_on.pod new file mode 100644 index 00000000000..fd2c69abd86 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_blinding_on.pod @@ -0,0 +1,43 @@ +=pod + +=head1 NAME + +RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); + + void RSA_blinding_off(RSA *rsa); + +=head1 DESCRIPTION + +RSA is vulnerable to timing attacks. In a setup where attackers can +measure the time of RSA decryption or signature operations, blinding +must be used to protect the RSA operation from that attack. + +RSA_blinding_on() turns blinding on for key B<rsa> and generates a +random blinding factor. B<ctx> is B<NULL> or a pre-allocated and +initialized B<BN_CTX>. The random number generator must be seeded +prior to calling RSA_blinding_on(). + +RSA_blinding_off() turns blinding off and frees the memory used for +the blinding factor. + +=head1 RETURN VALUES + +RSA_blinding_on() returns 1 on success, and 0 if an error occurred. + +RSA_blinding_off() returns no value. + +=head1 SEE ALSO + +L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> + +=head1 HISTORY + +RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_check_key.pod b/lib/libssl/src/doc/crypto/RSA_check_key.pod new file mode 100644 index 00000000000..79fed753ade --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_check_key.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +RSA_check_key - validate private RSA keys + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_check_key(RSA *rsa); + +=head1 DESCRIPTION + +This function validates RSA keys. It checks that B<p> and B<q> are +in fact prime, and that B<n = p*q>. + +It also checks that B<d*e = 1 mod (p-1*q-1)>, +and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>. + +The key's public components may not be B<NULL>. + +=head1 RETURN VALUE + +RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise. +-1 is returned if an error occurs while checking the key. + +If the key is invalid or an error occurred, the reason code can be +obtained using L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<rsa(3)|rsa(3)>, L<err(3)|err(3)> + +=head1 HISTORY + +RSA_check() appeared in OpenSSL 0.9.4. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_generate_key.pod b/lib/libssl/src/doc/crypto/RSA_generate_key.pod new file mode 100644 index 00000000000..fdaddbcb13c --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_generate_key.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +RSA_generate_key - generate RSA key pair + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + RSA *RSA_generate_key(int num, unsigned long e, + void (*callback)(int,int,void *), void *cb_arg); + +=head1 DESCRIPTION + +RSA_generate_key() generates a key pair and returns it in a newly +allocated B<RSA> structure. The pseudo-random number generator must +be seeded prior to calling RSA_generate_key(). + +The modulus size will be B<num> bits, and the public exponent will be +B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure. +The exponent is an odd number, typically 3 or 65535. + +A callback function may be used to provide feedback about the +progress of the key generation. If B<callback> is not B<NULL>, it +will be called as follows: + +=over 4 + +=item * + +While a random prime number is generated, it is called as +described in L<BN_generate_prime(3)|BN_generate_prime(3)>. + +=item * + +When the n-th randomly generated prime is rejected as not +suitable for the key, B<callback(2, n, cb_arg)> is called. + +=item * + +When a random p has been found with p-1 relatively prime to B<e>, +it is called as B<callback(3, 0, cb_arg)>. + +=back + +The process is then repeated for prime q with B<callback(3, 1, cb_arg)>. + +=head1 RETURN VALUE + +If key generation fails, RSA_generate_key() returns B<NULL>; the +error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 BUGS + +B<callback(2, x, cb_arg)> is used with two different meanings. + +RSA_generate_key() goes into an infinite loop for illegal input values. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)> + +=head1 HISTORY + +The B<cb_arg> argument was added in SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod b/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod new file mode 100644 index 00000000000..920dc76325a --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod @@ -0,0 +1,122 @@ +=pod + +=head1 NAME + +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + int RSA_set_ex_data(RSA *r, int idx, void *arg); + + void *RSA_get_ex_data(RSA *r, int idx); + + int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + + void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + + int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); + +=head1 DESCRIPTION + +Several OpenSSL structures can have application specific data attached to them. +This has several potential uses, it can be used to cache data associated with +a structure (for example the hash of some part of the structure) or some +additional data (for example a handle to the data in an external library). + +Since the application data can be anything at all it is passed and retrieved +as a B<void *> type. + +The B<RSA_get_ex_new_index()> function is initially called to "register" some +new application specific data. It takes three optional function pointers which +are called when the parent structure (in this case an RSA structure) is +initially created, when it is copied and when it is freed up. If any or all of +these function pointer arguments are not used they should be set to NULL. The +precise manner in which these function pointers are called is described in more +detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer +parameters which will be passed to the supplied functions but which otherwise +have no special meaning. It returns an B<index> which should be stored +(typically in a static variable) and passed used in the B<idx> parameter in +the remaining functions. Each successful call to B<RSA_get_ex_new_index()> +will return an index greater than any previously returned, this is important +because the optional functions are called in order of increasing index value. + +B<RSA_set_ex_data()> is used to set application specific data, the data is +supplied in the B<arg> parameter and its precise meaning is up to the +application. + +B<RSA_get_ex_data()> is used to retrieve application specific data. The data +is returned to the application, this will be the same value as supplied to +a previous B<RSA_set_ex_data()> call. + +B<new_func()> is called when a structure is initially allocated (for example +with B<RSA_new()>. The parent structure members will not have any meaningful +values at this point. This function will typically be used to allocate any +application specific structure. + +B<free_func()> is called when a structure is being freed up. The dynamic parent +structure members should not be accessed because they will be freed up when +this function is called. + +B<new_func()> and B<free_func()> take the same parameters. B<parent> is a +pointer to the parent RSA structure. B<ptr> is a the application specific data +(this wont be of much use in B<new_func()>. B<ad> is a pointer to the +B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions +B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate +it. The B<idx> parameter is the index: this will be the same value returned by +B<RSA_get_ex_new_index()> when the functions were initially registered. Finally +the B<argl> and B<argp> parameters are the values originally passed to the same +corresponding parameters when B<RSA_get_ex_new_index()> was called. + +B<dup_func()> is called when a structure is being copied. Pointers to the +destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and +B<from> parameters respectively. The B<from_d> parameter is passed a pointer to +the source application data when the function is called, when the function returns +the value is copied to the destination: the application can thus modify the data +pointed to by B<from_d> and have different values in the source and destination. +The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()> +and B<free_func()>. + +=head1 RETURN VALUES + +B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid +index value). + +B<RSA_set_ex_data()> returns 1 on success or 0 on failure. + +B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also +be valid application data but currently it can only fail if given an invalid B<idx> +parameter. + +B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success. + +On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 BUGS + +B<dup_func()> is currently never called. + +The return value of B<new_func()> is ignored. + +The B<new_func()> function isn't very useful because no meaningful values are +present in the parent RSA structure when it is called. + +=head1 SEE ALSO + +L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)> + +=head1 HISTORY + +RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are +available since SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_new.pod b/lib/libssl/src/doc/crypto/RSA_new.pod new file mode 100644 index 00000000000..f16490ea6a1 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_new.pod @@ -0,0 +1,38 @@ +=pod + +=head1 NAME + +RSA_new, RSA_free - allocate and free RSA objects + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + RSA * RSA_new(void); + + void RSA_free(RSA *rsa); + +=head1 DESCRIPTION + +RSA_new() allocates and initializes an B<RSA> structure. + +RSA_free() frees the B<RSA> structure and its components. The key is +erased before the memory is returned to the system. + +=head1 RETURN VALUES + +If the allocation fails, RSA_new() returns B<NULL> and sets an error +code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns +a pointer to the newly allocated structure. + +RSA_free() returns no value. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)> + +=head1 HISTORY + +RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod new file mode 100644 index 00000000000..b8f678fe729 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod @@ -0,0 +1,124 @@ +=pod + +=head1 NAME + +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, +RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, +RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, +RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, +RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption +padding + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + unsigned char *f, int fl); + + int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + unsigned char *f, int fl, int rsa_len); + + int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + unsigned char *f, int fl); + + int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + unsigned char *f, int fl, int rsa_len); + + int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + unsigned char *f, int fl, unsigned char *p, int pl); + + int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl); + + int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + unsigned char *f, int fl); + + int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + unsigned char *f, int fl, int rsa_len); + + int RSA_padding_add_none(unsigned char *to, int tlen, + unsigned char *f, int fl); + + int RSA_padding_check_none(unsigned char *to, int tlen, + unsigned char *f, int fl, int rsa_len); + +=head1 DESCRIPTION + +The RSA_padding_xxx_xxx() functions are called from the RSA encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs. + +However, they can also be called directly to implement padding for other +asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and +RSA_padding_check_PKCS1_OAEP() may be used in an application combined +with B<RSA_NO_PADDING> in order to implement OAEP with an encoding +parameter. + +RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into +B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl> +does not meet the size requirements of the encoding method. + +The following encoding methods are implemented: + +=over 4 + +=item PKCS1_type_1 + +PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures + +=item PKCS1_type_2 + +PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2) + +=item PKCS1_OAEP + +PKCS #1 v2.0 EME-OAEP + +=item SSLv23 + +PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification + +=item none + +simply copy the data + +=back + +The random number generator must be seeded prior to calling +RSA_padding_add_xxx(). + +RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain +a valid encoding for a B<rsa_len> byte RSA key in the respective +encoding method and stores the recovered data of at most B<tlen> bytes +(for B<RSA_NO_PADDING>: of size B<tlen>) +at B<to>. + +For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter +of length B<pl>. B<p> may be B<NULL> if B<pl> is 0. + +=head1 RETURN VALUES + +The RSA_padding_add_xxx() functions return 1 on success, 0 on error. +The RSA_padding_check_xxx() functions return the length of the +recovered data, -1 on error. Error codes can be obtained by calling +L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, +L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>, +L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)> + +=head1 HISTORY + +RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(), +RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(), +RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(), +RSA_padding_add_none() and RSA_padding_check_none() appeared in +SSLeay 0.9.0. + +RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were +added in OpenSSL 0.9.2b. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_print.pod b/lib/libssl/src/doc/crypto/RSA_print.pod new file mode 100644 index 00000000000..dd968a5274e --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_print.pod @@ -0,0 +1,48 @@ +=pod + +=head1 NAME + +RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp - print +cryptographic parameters + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_print(BIO *bp, RSA *x, int offset); + int RSA_print_fp(FILE *fp, RSA *x, int offset); + + #include <openssl/dsa.h> + + int DSAparams_print(BIO *bp, DSA *x); + int DSAparams_print_fp(FILE *fp, DSA *x); + int DSA_print(BIO *bp, DSA *x, int offset); + int DSA_print_fp(FILE *fp, DSA *x, int offset); + + #include <openssl/dh.h> + + int DHparams_print(BIO *bp, DH *x); + int DHparams_print_fp(FILE *fp, DH *x); + +=head1 DESCRIPTION + +A human-readable hexadecimal output of the components of the RSA +key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>. + +The output lines are indented by B<offset> spaces. + +=head1 RETURN VALUES + +These functions return 1 on success, 0 on error. + +=head1 SEE ALSO + +L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)> + +=head1 HISTORY + +RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), +DH_print_fp() are available in all versions of SSLeay and OpenSSL. +DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod b/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod new file mode 100644 index 00000000000..6861a98a109 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod @@ -0,0 +1,69 @@ +=pod + +=head1 NAME + +RSA_private_encrypt, RSA_public_decrypt - low level signature operations + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + int RSA_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + +=head1 DESCRIPTION + +These functions handle RSA signatures at a low level. + +RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a +message digest with an algorithm identifier) using the private key +B<rsa> and stores the signature in B<to>. B<to> must point to +B<RSA_size(rsa)> bytes of memory. + +B<padding> denotes one of the following modes: + +=over 4 + +=item RSA_PKCS1_PADDING + +PKCS #1 v1.5 padding. This function does not handle the +B<algorithmIdentifier> specified in PKCS #1. When generating or +verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be +used. + +=item RSA_NO_PADDING + +Raw RSA signature. This mode should I<only> be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with RSA is insecure. + +=back + +RSA_public_decrypt() recovers the message digest from the B<flen> +bytes long signature at B<from> using the signer's public key +B<rsa>. B<to> must point to a memory section large enough to hold the +message digest (which is smaller than B<RSA_size(rsa) - +11>). B<padding> is the padding mode that was used to sign the data. + +=head1 RETURN VALUES + +RSA_private_encrypt() returns the size of the signature (i.e., +RSA_size(rsa)). RSA_public_decrypt() returns the size of the +recovered message digest. + +On error, -1 is returned; the error codes can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)> + +=head1 HISTORY + +The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is +available since SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod b/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod new file mode 100644 index 00000000000..910c4752b8d --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod @@ -0,0 +1,86 @@ +=pod + +=head1 NAME + +RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + int RSA_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + +=head1 DESCRIPTION + +RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a +session key) using the public key B<rsa> and stores the ciphertext in +B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory. + +B<padding> denotes one of the following modes: + +=over 4 + +=item RSA_PKCS1_PADDING + +PKCS #1 v1.5 padding. This currently is the most widely used mode. + +=item RSA_PKCS1_OAEP_PADDING + +EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty +encoding parameter. This mode is recommended for all new applications. + +=item RSA_SSLV23_PADDING + +PKCS #1 v1.5 padding with an SSL-specific modification that denotes +that the server is SSL3 capable. + +=item RSA_NO_PADDING + +Raw RSA encryption. This mode should I<only> be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with RSA is insecure. + +=back + +B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 +based padding modes, and less than RSA_size(B<rsa>) - 21 for +RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded +prior to calling RSA_public_encrypt(). + +RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the +private key B<rsa> and stores the plaintext in B<to>. B<to> must point +to a memory section large enough to hold the decrypted data (which is +smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that +was used to encrypt the data. + +=head1 RETURN VALUES + +RSA_public_encrypt() returns the size of the encrypted data (i.e., +RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the +recovered plaintext. + +On error, -1 is returned; the error codes can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 CONFORMING TO + +SSL, PKCS #1 v2.0 + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)> + +=head1 NOTES + +The L<RSA_PKCS1_RSAref(3)|RSA_PKCS1_RSAref(3)> method supports only the RSA_PKCS1_PADDING mode. + +=head1 HISTORY + +The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is +available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_set_method.pod b/lib/libssl/src/doc/crypto/RSA_set_method.pod new file mode 100644 index 00000000000..deb1183a235 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_set_method.pod @@ -0,0 +1,153 @@ +=pod + +=head1 NAME + +RSA_set_default_method, RSA_get_default_method, RSA_set_method, +RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, +RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + void RSA_set_default_method(RSA_METHOD *meth); + + RSA_METHOD *RSA_get_default_method(void); + + RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + + RSA_METHOD *RSA_get_method(RSA *rsa); + + RSA_METHOD *RSA_PKCS1_SSLeay(void); + + RSA_METHOD *RSA_PKCS1_RSAref(void); + + RSA_METHOD *RSA_null_method(void); + + int RSA_flags(RSA *rsa); + + RSA *RSA_new_method(RSA_METHOD *method); + +=head1 DESCRIPTION + +An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. + +Initially, the default is to use the OpenSSL internal implementation, +unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL> +options. RSA_PKCS1_SSLeay() returns a pointer to that method. + +RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref +library. This is the default method in the C<rsaref> configuration; +the function is not available in other configurations. +RSA_null_method() returns a pointer to a method that does not support +the RSA transformation. It is the default if OpenSSL is compiled with +C<-DRSA_NULL>. These methods may be useful in the USA because of a +patent on the RSA cryptosystem. + +RSA_set_default_method() makes B<meth> the default method for all B<RSA> +structures created later. + +RSA_get_default_method() returns a pointer to the current default +method. + +RSA_set_method() selects B<meth> for all operations using the key +B<rsa>. + +RSA_get_method() returns a pointer to the method currently selected +for B<rsa>. + +RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. + +RSA_new_method() allocates and initializes an B<RSA> structure so that +B<method> will be used for the RSA operations. If B<method> is B<NULL>, +the default method is used. + +=head1 THE RSA_METHOD STRUCTURE + + typedef struct rsa_meth_st + { + /* name of the implementation */ + const char *name; + + /* encrypt */ + int (*rsa_pub_enc)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* verify arbitrary data */ + int (*rsa_pub_dec)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* sign arbitrary data */ + int (*rsa_priv_enc)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* decrypt */ + int (*rsa_priv_dec)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* compute r0 = r0 ^ I mod rsa->n. May be NULL */ + int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); + + /* compute r = a ^ p mod m. May be NULL */ + int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + + /* called at RSA_new */ + int (*init)(RSA *rsa); + + /* called at RSA_free */ + int (*finish)(RSA *rsa); + + /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key + * operations, even if p,q,dmp1,dmq1,iqmp + * are NULL + * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify + * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match + */ + int flags; + + char *app_data; /* ?? */ + + /* sign. For backward compatibility, this is used only + * if (flags & RSA_FLAG_SIGN_VER) + */ + int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); + + /* verify. For backward compatibility, this is used only + * if (flags & RSA_FLAG_SIGN_VER) + */ + int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + + } RSA_METHOD; + +=head1 RETURN VALUES + +RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(), +RSA_get_default_method() and RSA_get_method() return pointers to the +respective B<RSA_METHOD>s. + +RSA_set_default_method() returns no value. + +RSA_set_method() returns a pointer to the B<RSA_METHOD> previously +associated with B<rsa>. + +RSA_new_method() returns B<NULL> and sets an error code that can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. + +=head1 SEE ALSO + +L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)> + +=head1 HISTORY + +RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8. +RSA_get_default_method(), RSA_set_method() and RSA_get_method() as +well as the rsa_sign and rsa_verify components of RSA_METHOD were +added in OpenSSL 0.9.4. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_sign.pod b/lib/libssl/src/doc/crypto/RSA_sign.pod new file mode 100644 index 00000000000..f0bf6eea1b3 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_sign.pod @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + +RSA_sign, RSA_verify - RSA signatures + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_sign(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); + + int RSA_verify(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +=head1 DESCRIPTION + +RSA_sign() signs the message digest B<m> of size B<m_len> using the +private key B<rsa> as specified in PKCS #1 v2.0. It stores the +signature in B<sigret> and the signature size in B<siglen>. B<sigret> +must point to RSA_size(B<rsa>) bytes of memory. + +B<type> denotes the message digest algorithm that was used to generate +B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>; +see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>, +an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding +and no algorithm identifier) is created. + +RSA_verify() verifies that the signature B<sigbuf> of size B<siglen> +matches a given message digest B<m> of size B<m_len>. B<type> denotes +the message digest algorithm that was used to generate the signature. +B<rsa> is the signer's public key. + +=head1 RETURN VALUES + +RSA_sign() returns 1 on success, 0 otherwise. RSA_verify() returns 1 +on successful verification, 0 otherwise. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 BUGS + +Certain signatures with an improper algorithm identifier are accepted +for compatibility with SSLeay 0.4.5 :-) + +=head1 CONFORMING TO + +SSL, PKCS #1 v2.0 + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>, +L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>, +L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> + +=head1 HISTORY + +RSA_sign() and RSA_verify() are available in all versions of SSLeay +and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod new file mode 100644 index 00000000000..df9ceb339a6 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod @@ -0,0 +1,59 @@ +=pod + +=head1 NAME + +RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, + unsigned int m_len, unsigned char *sigret, unsigned int *siglen, + RSA *rsa); + + int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, + unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, + RSA *rsa); + +=head1 DESCRIPTION + +RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size +B<m_len> using the private key B<rsa> represented in DER using PKCS #1 +padding. It stores the signature in B<sigret> and the signature size +in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of +memory. + +B<dummy> is ignored. + +The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING(). + +RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf> +of size B<siglen> is the DER representation of a given octet string +B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's +public key. + +=head1 RETURN VALUES + +RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise. +RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0 +otherwise. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 BUGS + +These functions serve no recognizable purpose. + +=head1 SEE ALSO + +L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>, +L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, +L<RSA_verify(3)|RSA_verify(3)> + +=head1 HISTORY + +RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were +added in SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/RSA_size.pod b/lib/libssl/src/doc/crypto/RSA_size.pod new file mode 100644 index 00000000000..b36b4d58d54 --- /dev/null +++ b/lib/libssl/src/doc/crypto/RSA_size.pod @@ -0,0 +1,33 @@ +=pod + +=head1 NAME + +RSA_size - get RSA modulus size + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + int RSA_size(RSA *rsa); + +=head1 DESCRIPTION + +This function returns the RSA modulus size in bytes. It can be used to +determine how much memory must be allocated for an RSA encrypted +value. + +B<rsa-E<gt>n> must not be B<NULL>. + +=head1 RETURN VALUE + +The size in bytes. + +=head1 SEE ALSO + +L<rsa(3)|rsa(3)> + +=head1 HISTORY + +RSA_size() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/blowfish.pod b/lib/libssl/src/doc/crypto/blowfish.pod new file mode 100644 index 00000000000..e8c7114311b --- /dev/null +++ b/lib/libssl/src/doc/crypto/blowfish.pod @@ -0,0 +1,106 @@ +=pod + +=head1 NAME + +blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, +BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption + +=head1 SYNOPSIS + + #include <openssl/blowfish.h> + + void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + + void BF_encrypt(BF_LONG *data,const BF_KEY *key); + void BF_decrypt(BF_LONG *data,const BF_KEY *key); + + void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + BF_KEY *key, int enc); + void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, BF_KEY *schedule, unsigned char *ivec, int enc); + void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, BF_KEY *schedule, unsigned char *ivec, int *num, + int enc); + void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, BF_KEY *schedule, unsigned char *ivec, int *num); + const char *BF_options(void); + +=head1 DESCRIPTION + +This library implements the Blowfish cipher, which is invented and described +by Counterpane (see http://www.counterpane.com/blowfish/ ). + +Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +a considered good for strong encryption. Blowfish can be used in the same +modes as DES (see L<des_modes(7)|des_modes(7)>). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than DES, and much +faster than IDEA or RC2. + +Blowfish consists of a key setup phase and the actual encryption or decryption +phase. + +BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key +at B<data>. + +BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +B<data>, using the key B<key>. These functions should not be used unless you +implement 'modes' of Blowfish. + +BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of B<in> using the key B<key>, +putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) +or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by +B<in> and B<out> must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored. + +The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() +all operate on variable length data. They all take an initialisation vector +B<ivec> which must be initially filled with zeros, but then just need to be +passed along into the next call of the same function for the same message. +BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while +BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter B<num>, which is a pointer to an integer where the current +offset in B<ivec> is stored between calls. This integer must be initialised +to zero when B<ivec> is filled with zeros. + +BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>, +putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or +decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte +long initialisation vector, which must be initially filled with zeros. + +BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in B<in> using the key B<schedule>, +putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) +or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an +8 byte long initialisation vector, which must be initially filled with zeros. +B<num> must point at an integer which must be initially zero. + +BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. +It uses the same parameters as BF_cfb64_encrypt(), which must be initialised +the same way. + +=head1 RETURN VALUES + +None of the functions presented here return any value. + +=head1 NOTE + +Applications should use the higher level functions +L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling the +blowfish functions directly. + +=head1 SEE ALSO + +L<des_modes(7)|des_modes(7)> + +=head1 HISTORY + +The Blowfish functions are available in all versions of SSLeay and OpenSSL. + +=cut + diff --git a/lib/libssl/src/doc/crypto/bn.pod b/lib/libssl/src/doc/crypto/bn.pod new file mode 100644 index 00000000000..1504a1c92df --- /dev/null +++ b/lib/libssl/src/doc/crypto/bn.pod @@ -0,0 +1,148 @@ +=pod + +=head1 NAME + +bn - multiprecision integer arithmetics + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BIGNUM *BN_new(void); + void BN_free(BIGNUM *a); + void BN_init(BIGNUM *); + void BN_clear(BIGNUM *a); + void BN_clear_free(BIGNUM *a); + + BN_CTX *BN_CTX_new(void); + void BN_CTX_init(BN_CTX *c); + void BN_CTX_free(BN_CTX *c); + + BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); + BIGNUM *BN_dup(const BIGNUM *a); + + int BN_num_bytes(const BIGNUM *a); + int BN_num_bits(const BIGNUM *a); + int BN_num_bits_word(BN_ULONG w); + + int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); + int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); + int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, + BN_CTX *ctx); + int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); + int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); + int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + + int BN_add_word(BIGNUM *a, BN_ULONG w); + int BN_sub_word(BIGNUM *a, BN_ULONG w); + int BN_mul_word(BIGNUM *a, BN_ULONG w); + BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); + + int BN_cmp(BIGNUM *a, BIGNUM *b); + int BN_ucmp(BIGNUM *a, BIGNUM *b); + int BN_is_zero(BIGNUM *a); + int BN_is_one(BIGNUM *a); + int BN_is_word(BIGNUM *a, BN_ULONG w); + int BN_is_odd(BIGNUM *a); + + int BN_zero(BIGNUM *a); + int BN_one(BIGNUM *a); + BIGNUM *BN_value_one(void); + int BN_set_word(BIGNUM *a, unsigned long w); + unsigned long BN_get_word(BIGNUM *a); + + int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); + + BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, + BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); + int BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); + + int BN_set_bit(BIGNUM *a, int n); + int BN_clear_bit(BIGNUM *a, int n); + int BN_is_bit_set(const BIGNUM *a, int n); + int BN_mask_bits(BIGNUM *a, int n); + int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); + int BN_lshift1(BIGNUM *r, BIGNUM *a); + int BN_rshift(BIGNUM *r, BIGNUM *a, int n); + int BN_rshift1(BIGNUM *r, BIGNUM *a); + + int BN_bn2bin(const BIGNUM *a, unsigned char *to); + BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); + char *BN_bn2hex(const BIGNUM *a); + char *BN_bn2dec(const BIGNUM *a); + int BN_hex2bn(BIGNUM **a, const char *str); + int BN_dec2bn(BIGNUM **a, const char *str); + int BN_print(BIO *fp, const BIGNUM *a); + int BN_print_fp(FILE *fp, const BIGNUM *a); + int BN_bn2mpi(const BIGNUM *a, unsigned char *to); + BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); + + BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx); + + BN_RECP_CTX *BN_RECP_CTX_new(void); + void BN_RECP_CTX_init(BN_RECP_CTX *recp); + void BN_RECP_CTX_free(BN_RECP_CTX *recp); + int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, + BN_RECP_CTX *recp, BN_CTX *ctx); + + BN_MONT_CTX *BN_MONT_CTX_new(void); + void BN_MONT_CTX_init(BN_MONT_CTX *ctx); + void BN_MONT_CTX_free(BN_MONT_CTX *mont); + int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); + BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); + int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); + int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); + int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); + + +=head1 DESCRIPTION + +This library performs arithmetic operations on integers of arbitrary +size. It was written for use in public key cryptography, such as RSA +and Diffie-Hellman. + +It uses dynamic memory allocation for storing its data structures. +That means that there is no limit on the size of the numbers +manipulated by these functions, but return values must always be +checked in case a memory allocation error has occurred. + +The basic object in this library is a B<BIGNUM>. It is used to hold a +single large integer. This type should be considered opaque and fields +should not be modified or accessed directly. + +The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>; +L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations. +Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)> +describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of +random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime +numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion +of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>. + +=head1 SEE ALSO + +L<bn_internal(3)|bn_internal(3)>, +L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, +L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, +L<BN_copy(3)|BN_copy(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, +L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, +L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>, +L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, +L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>, +L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>, +L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/bn_internal.pod b/lib/libssl/src/doc/crypto/bn_internal.pod new file mode 100644 index 00000000000..5af0c791c84 --- /dev/null +++ b/lib/libssl/src/doc/crypto/bn_internal.pod @@ -0,0 +1,225 @@ +=pod + +=head1 NAME + +bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, +bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8, +bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal, +bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive, +bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive, +bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top, +bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM +library internal functions + +=head1 SYNOPSIS + + BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); + BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, + BN_ULONG w); + void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); + BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); + BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, + int num); + BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, + int num); + + void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a); + void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a); + + int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n); + + void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, + int nb); + void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); + void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + BN_ULONG *tmp); + void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, + int tn, int n, BN_ULONG *tmp); + void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, + int n2, BN_ULONG *tmp); + void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, + int n2, BN_ULONG *tmp); + + void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); + void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp); + + void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); + void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); + void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a); + + BIGNUM *bn_expand(BIGNUM *a, int bits); + BIGNUM *bn_wexpand(BIGNUM *a, int n); + BIGNUM *bn_expand2(BIGNUM *a, int n); + void bn_fix_top(BIGNUM *a); + + void bn_check_top(BIGNUM *a); + void bn_print(BIGNUM *a); + void bn_dump(BN_ULONG *d, int n); + void bn_set_max(BIGNUM *a); + void bn_set_high(BIGNUM *r, BIGNUM *a, int n); + void bn_set_low(BIGNUM *r, BIGNUM *a, int n); + +=head1 DESCRIPTION + +This page documents the internal functions used by the OpenSSL +B<BIGNUM> implementation. They are described here to facilitate +debugging and extending the library. They are I<not> to be used by +applications. + +=head2 The BIGNUM structure + + typedef struct bignum_st + { + int top; /* index of last used d (most significant word) */ + BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ + int max; /* size of the d array */ + int neg; /* sign */ + } BIGNUM; + +The big number is stored in B<d>, a malloc()ed array of B<BN_ULONG>s, +least significant first. A B<BN_ULONG> can be either 16, 32 or 64 bits +in size (B<BITS2>), depending on the 'number of bits' specified in +C<openssl/bn.h>. + +B<max> is the size of the B<d> array that has been allocated. B<top> +is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and +bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is +B<0>, the B<d> field can be B<NULL> and B<top> == B<0>. + +Various routines in this library require the use of temporary +B<BIGNUM> variables during their execution. Since dynamic memory +allocation to create B<BIGNUM>s is rather expensive when used in +conjunction with repeated subroutine calls, the B<BN_CTX> structure is +used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see +L<BN_CTX_start(3)|BN_CTX_start(3)>. + +=head2 Low-level arithmetic operations + +These functions are implemented in C and for several platforms in +assembly language: + +bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word +arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result +in B<rp>, and returns the high word (carry). + +bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> +word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places +the result in B<rp>, and returns the high word (carry). + +bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array +B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap> +word-wise, and places the low and high bytes of the result in B<rp>. + +bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>) +by B<d> and returns the result. + +bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word +arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the +result in B<rp>, and returns the high word (carry). + +bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word +arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the +result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0 +otherwise). + +bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and +B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the +result in B<r>. + +bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and +B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the +result in B<r>. + +bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and +B<b> and the 8 word array B<r>. + +bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and +B<b> and the 16 word array B<r>. + +The following functions are implemented in C: + +bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a> +and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and +less than B<b>. + +bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na> +word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word +array B<r>. It computes B<a>*B<b> and places the result in B<r>. + +bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word +arrays B<r>, B<a> und B<b>. It computes the B<n> low words of +B<a>*B<b> and places the result in B<r>. + +bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<t>) operates on the B<n2> +word arrays B<a> and B<b> and the 2*B<n2> word arrays B<r> and B<t>. +B<n2> must be a power of 2. It computes B<a>*B<b> and places the +result in B<r>. + +bn_mul_part_recursive(B<r>, B<a>, B<b>, B<tn>, B<n>, B<tmp>) operates +on the B<n>+B<tn> word arrays B<a> and B<b> and the 4*B<n> word arrays +B<r> and B<tmp>. + +bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the +B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a> +and B<b>. + +bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the +B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word +array B<tmp>. + +BN_mul() calls bn_mul_normal(), or an optimized implementation if the +factors have the same size: bn_mul_comba8() is used if they are 8 +words long, bn_mul_recursive() if they are larger than +B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word +size, and bn_mul_part_recursive() for others that are larger than +B<BN_MULL_SIZE_NORMAL>. + +bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array +B<a> and the 2*B<n> word arrays B<tmp> and B<r>. + +The implementations use the following macros which, depending on the +architecture, may use "long long" C operations or inline assembler. +They are defined in C<bn_lcl.h>. + +mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the +low word of the result in B<r> and the high word in B<c>. + +mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and +places the low word of the result in B<r> and the high word in B<c>. + +sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word +of the result in B<r0> and the high word in B<r1>. + +=head2 Size changes + +bn_expand() ensures that B<b> has enough space for a B<bits> bit +number. bn_wexpand() ensures that B<b> has enough space for an +B<n> word number. If the number has to be expanded, both macros +call bn_expand2(), which allocates a new B<d> array and copies the +data. They return B<NULL> on error, B<b> otherwise. + +The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most +significant non-zero word when B<a> has shrunk. + +=head2 Debugging + +bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top +E<lt>= (a)-E<gt>max)>. A violation will cause the program to abort. + +bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d> +(in reverse order, i.e. most significant word first) to stderr. + +bn_set_max() makes B<a> a static number with a B<max> of its current size. +This is used by bn_set_low() and bn_set_high() to make B<r> a read-only +B<BIGNUM> that contains the B<n> low or high words of B<a>. + +If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump() +and bn_set_max() are defined as empty macros. + +=head1 SEE ALSO + +L<bn(3)|bn(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/buffer.pod b/lib/libssl/src/doc/crypto/buffer.pod new file mode 100644 index 00000000000..7088f51bc43 --- /dev/null +++ b/lib/libssl/src/doc/crypto/buffer.pod @@ -0,0 +1,73 @@ +=pod + +=head1 NAME + +BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple +character arrays structure + +=head1 SYNOPSIS + + #include <openssl/buffer.h> + + BUF_MEM *BUF_MEM_new(void); + + void BUF_MEM_free(BUF_MEM *a); + + int BUF_MEM_grow(BUF_MEM *str, int len); + + char * BUF_strdup(const char *str); + +=head1 DESCRIPTION + +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. + +The library uses the BUF_MEM structure defined in buffer.h: + + typedef struct buf_mem_st + { + int length; /* current number of bytes */ + char *data; + int max; /* size of buffer */ + } BUF_MEM; + +B<length> is the current size of the buffer in bytes, B<max> is the amount of +memory allocated to the buffer. There are three functions which handle these +and one "miscellaneous" function. + +BUF_MEM_new() allocates a new buffer of zero size. + +BUF_MEM_free() frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data. + +BUF_MEM_grow() changes the size of an already existing buffer to +B<len>. Any data already in the buffer is preserved if it increases in +size. + +BUF_strdup() copies a null terminated string into a block of allocated +memory and returns a pointer to the allocated block. +Unlike the standard C library strdup() this function uses Malloc() and so +should be used in preference to the standard library strdup() because it can +be used for memory leak checking or replacing the malloc() function. + +The memory allocated from BUF_strdup() should be freed up using the Free() +function. + +=head1 RETURN VALUES + +BUF_MEM_new() returns the buffer or NULL on error. + +BUF_MEM_free() has no return value. + +BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>). + +=head1 SEE ALSO + +L<bio(3)|bio(3)> + +=head1 HISTORY + +BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all +versions of SSLeay and OpenSSL. BUF_strdup() was addded in SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/crypto.pod b/lib/libssl/src/doc/crypto/crypto.pod new file mode 100644 index 00000000000..4b9ceacd912 --- /dev/null +++ b/lib/libssl/src/doc/crypto/crypto.pod @@ -0,0 +1,67 @@ +=pod + +=head1 NAME + +crypto - OpenSSL cryptographic library + +=head1 SYNOPSIS + +=head1 DESCRIPTION + +The OpenSSL B<crypto> library implements a wide range of cryptographic +algorithms used in various Internet standards. The services provided +by this library are used by the OpenSSL implementations of SSL, TLS +and S/MIME, and they have also been used to implement SSH, OpenPGP, and +other cryptographic standards. + +=head1 OVERVIEW + +B<libcrypto> consists of a number of sub-libraries that implement the +individual algorithms. + +The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions and a cryptographic pseudo-random number generator. + +=over 4 + +=item SYMMETRIC CIPHERS + +L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>, +L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)> + +=item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT + +L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rsa(3)|rsa(3)> + +=item CERTIFICATES + +L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)> + +=item AUTHENTICATION CODES, HASH FUNCTIONS + +L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, +L<ripemd(3)|ripemd(3)>, L<sha(3)|sha(3)> + +=item AUXILIARY FUNCTIONS + +L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)> + +=item INPUT/OUTPUT, DATA ENCODING + +L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>, +L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)> + +=item INTERNAL FUNCTIONS + +L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>, +L<objects(3)|objects(3)>, L<stack(3)|stack(3)>, +L<txt_db(3)|txt_db(3)> + +=back + +=head1 SEE ALSO + +L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/d2i_DHparams.pod b/lib/libssl/src/doc/crypto/d2i_DHparams.pod new file mode 100644 index 00000000000..a6d1743d39a --- /dev/null +++ b/lib/libssl/src/doc/crypto/d2i_DHparams.pod @@ -0,0 +1,30 @@ +=pod + +=head1 NAME + +d2i_DHparams, i2d_DHparams - ... + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + DH *d2i_DHparams(DH **a, unsigned char **pp, long length); + int i2d_DHparams(DH *a, unsigned char **pp); + +=head1 DESCRIPTION + +... + +=head1 RETURN VALUES + +... + +=head1 SEE ALSO + +... + +=head1 HISTORY + +... + +=cut diff --git a/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod b/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod new file mode 100644 index 00000000000..ff4d0d57dbf --- /dev/null +++ b/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ... + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); + + int i2d_RSAPublicKey(RSA *a, unsigned char **pp); + + RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); + + int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); + + int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); + + RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); + +=head1 DESCRIPTION + +... + +=head1 RETURN VALUES + +... + +=head1 SEE ALSO + +... + +=head1 HISTORY + +... + +=cut diff --git a/lib/libssl/src/doc/crypto/des_modes.pod b/lib/libssl/src/doc/crypto/des_modes.pod new file mode 100644 index 00000000000..d8148c86fc8 --- /dev/null +++ b/lib/libssl/src/doc/crypto/des_modes.pod @@ -0,0 +1,250 @@ +=pod + +=head1 NAME + +Modes of DES - the variants of DES and other crypto algorithms of OpenSSL + +=head1 DESCRIPTION + +Several crypto algorithms fo OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things. + +=head1 OVERVIEW + +=head2 Electronic Codebook Mode (ECB) + +Normally, this is found as the function I<algorithm>_ecb_encrypt(). + +=over 2 + +=item * + +64 bits are enciphered at a time. + +=item * + +The order of the blocks can be rearranged without detection. + +=item * + +The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'. + +=item * + +An error will only affect one ciphertext block. + +=back + +=head2 Cipher Block Chaining Mode (CBC) + +Normally, this is found as the function I<algorithm>_cbc_encrypt(). +Be aware that des_cbc_encrypt() is not really DES CBC (it does +not update the IV); use des_ncbc_encrypt() instead. + +=over 2 + +=item * + +a multiple of 64 bits are enciphered at a time. + +=item * + +The CBC mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. + +=item * + +The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged. + +=item * + +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. + +=item * + +An error will affect the current and the following ciphertext blocks. + +=back + +=head2 Cipher Feedback Mode (CFB) + +Normally, this is found as the function I<algorithm>_cfb_encrypt(). + +=over 2 + +=item * + +a number of bits (j) <= 64 are enciphered at a time. + +=item * + +The CFB mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. + +=item * + +The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j-bit variables are +chained together and can not be rearranged. + +=item * + +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. + +=item * + +The strength of the CFB mode depends on the size of k (maximal if +j == k). In my implementation this is always the case. + +=item * + +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. + +=item * + +Only multiples of j bits can be enciphered. + +=item * + +An error will affect the current and the following ciphertext variables. + +=back + +=head2 Output Feedback Mode (OFB) + +Normally, this is found as the function I<algorithm>_ofb_encrypt(). + +=over 2 + + +=item * + +a number of bits (j) <= 64 are enciphered at a time. + +=item * + +The OFB mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the OFB mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key. + +=item * + +The absence of chaining makes the OFB more vulnerable to specific attacks. + +=item * + +The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams. + +=item * + +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. + +=item * + +Only multiples of j bits can be enciphered. + +=item * + +OFB mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext. + +=item * + +OFB mode is not self-synchronising. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialised. + +=item * + +Each re-initialisation should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack. + +=back + +=head2 Triple ECB Mode + +Normally, this is found as the function I<algorithm>_ecb3_encrypt(). + +=over 2 + +=item * + +Encrypt with key1, decrypt with key2 and encrypt with key3 again. + +=item * + +As for ECB encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the NSA. + +=item * + +If both keys are the same it is equivalent to encrypting once with +just one key. + +=item * + +If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the key space to 55 bit's but it +requires 2^56 blocks of memory. + +=item * + +If all 3 keys are the same, this is effectively the same as normal +ecb mode. + +=back + +=head2 Triple CBC Mode + +Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt(). + +=over 2 + + +=item * + +Encrypt with key1, decrypt with key2 and then encrypt with key3. + +=item * + +As for CBC encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode. + +=back + +=head1 NOTES + +This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to: + + AS 2805.5.2 + Australian Standard + Electronic funds transfer - Requirements for interfaces, + Part 5.2: Modes of operation for an n-bit block cipher algorithm + Appendix A + +=head1 SEE ALSO + +L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>, +L<rc2(3)|rc2(3)> diff --git a/lib/libssl/src/doc/crypto/dh.pod b/lib/libssl/src/doc/crypto/dh.pod new file mode 100644 index 00000000000..0a9b7c03a20 --- /dev/null +++ b/lib/libssl/src/doc/crypto/dh.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +dh - Diffie-Hellman key agreement + +=head1 SYNOPSIS + + #include <openssl/dh.h> + + DH * DH_new(void); + void DH_free(DH *dh); + + int DH_size(DH *dh); + + DH * DH_generate_parameters(int prime_len, int generator, + void (*callback)(int, int, void *), void *cb_arg); + int DH_check(DH *dh, int *codes); + + int DH_generate_key(DH *dh); + int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); + + void DH_set_default_method(DH_METHOD *meth); + DH_METHOD *DH_get_default_method(void); + DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); + DH *DH_new_method(DH_METHOD *meth); + DH_METHOD *DH_OpenSSL(void); + + int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), + int (*dup_func)(), void (*free_func)()); + int DH_set_ex_data(DH *d, int idx, char *arg); + char *DH_get_ex_data(DH *d, int idx); + + DH * d2i_DHparams(DH **a, unsigned char **pp, long length); + int i2d_DHparams(DH *a, unsigned char **pp); + + int DHparams_print_fp(FILE *fp, DH *x); + int DHparams_print(BIO *bp, DH *x); + +=head1 DESCRIPTION + +These functions implement the Diffie-Hellman key agreement protocol. +The generation of shared DH parameters is described in +L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how +to perform a key agreement. + +The B<DH> structure consists of several BIGNUM components. + + struct + { + BIGNUM *p; // prime number (shared) + BIGNUM *g; // generator of Z_p (shared) + BIGNUM *priv_key; // private DH value x + BIGNUM *pub_key; // public DH value g^x + // ... + }; + DH + +=head1 SEE ALSO + +L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, +L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>, +L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, +L<DH_generate_parameters(3)|DH_generate_parameters(3)>, +L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>, +L<RSA_print(3)|RSA_print(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/dsa.pod b/lib/libssl/src/doc/crypto/dsa.pod new file mode 100644 index 00000000000..2c092448990 --- /dev/null +++ b/lib/libssl/src/doc/crypto/dsa.pod @@ -0,0 +1,104 @@ +=pod + +=head1 NAME + +dsa - Digital Signature Algorithm + +=head1 SYNOPSIS + + #include <openssl/dsa.h> + + DSA * DSA_new(void); + void DSA_free(DSA *dsa); + + int DSA_size(DSA *dsa); + + DSA * DSA_generate_parameters(int bits, unsigned char *seed, + int seed_len, int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), void *cb_arg); + + DH * DSA_dup_DH(DSA *r); + + int DSA_generate_key(DSA *dsa); + + int DSA_sign(int dummy, const unsigned char *dgst, int len, + unsigned char *sigret, unsigned int *siglen, DSA *dsa); + int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, + BIGNUM **rp); + int DSA_verify(int dummy, const unsigned char *dgst, int len, + unsigned char *sigbuf, int siglen, DSA *dsa); + + void DSA_set_default_method(DSA_METHOD *meth); + DSA_METHOD *DSA_get_default_method(void); + DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); + DSA *DSA_new_method(DSA_METHOD *meth); + DSA_METHOD *DSA_OpenSSL(void); + + int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), + int (*dup_func)(), void (*free_func)()); + int DSA_set_ex_data(DSA *d, int idx, char *arg); + char *DSA_get_ex_data(DSA *d, int idx); + + DSA_SIG *DSA_SIG_new(void); + void DSA_SIG_free(DSA_SIG *a); + int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); + DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); + + DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); + int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + + DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); + DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); + DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); + int i2d_DSAPublicKey(DSA *a, unsigned char **pp); + int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); + int i2d_DSAparams(DSA *a,unsigned char **pp); + + int DSAparams_print(BIO *bp, DSA *x); + int DSAparams_print_fp(FILE *fp, DSA *x); + int DSA_print(BIO *bp, DSA *x, int off); + int DSA_print_fp(FILE *bp, DSA *x, int off); + +=head1 DESCRIPTION + +These functions implement the Digital Signature Algorithm (DSA). The +generation of shared DSA parameters is described in +L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>; +L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to +generate a signature key. Signature generation and verification are +described in L<DSA_sign(3)|DSA_sign(3)>. + +The B<DSA> structure consists of several BIGNUM components. + + struct + { + BIGNUM *p; // prime number (public) + BIGNUM *q; // 160-bit subprime, q | p-1 (public) + BIGNUM *g; // generator of subgroup (public) + BIGNUM *priv_key; // private key x + BIGNUM *pub_key; // public key y = g^x + // ... + } + DSA; + +In public keys, B<priv_key> is NULL. + +=head1 CONFORMING TO + +US Federal Information Processing Standard FIPS 186 (Digital Signature +Standard, DSS), ANSI X9.30 + +=head1 SEE ALSO + +L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, +L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>, +L<DSA_size(3)|DSA_size(3)>, +L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, +L<DSA_dup_DH(3)|DSA_dup_DH(3)>, +L<DSA_generate_key(3)|DSA_generate_key(3)>, +L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>, +L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>, +L<RSA_print(3)|RSA_print(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/err.pod b/lib/libssl/src/doc/crypto/err.pod new file mode 100644 index 00000000000..b824c92b57c --- /dev/null +++ b/lib/libssl/src/doc/crypto/err.pod @@ -0,0 +1,187 @@ +=pod + +=head1 NAME + +err - error codes + +=head1 SYNOPSIS + + #include <openssl/err.h> + + unsigned long ERR_get_error(void); + unsigned long ERR_peek_error(void); + unsigned long ERR_get_error_line(const char **file, int *line); + unsigned long ERR_peek_error_line(const char **file, int *line); + unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); + unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); + + int ERR_GET_LIB(unsigned long e); + int ERR_GET_FUNC(unsigned long e); + int ERR_GET_REASON(unsigned long e); + + void ERR_clear_error(void); + + char *ERR_error_string(unsigned long e, char *buf); + const char *ERR_lib_error_string(unsigned long e); + const char *ERR_func_error_string(unsigned long e); + const char *ERR_reason_error_string(unsigned long e); + + void ERR_print_errors(BIO *bp); + void ERR_print_errors_fp(FILE *fp); + + void ERR_load_crypto_strings(void); + void ERR_free_strings(void); + + void ERR_remove_state(unsigned long pid); + + void ERR_put_error(int lib, int func, int reason, const char *file, + int line); + void ERR_add_error_data(int num, ...); + + void ERR_load_strings(int lib,ERR_STRING_DATA str[]); + unsigned long ERR_PACK(int lib, int func, int reason); + int ERR_get_next_error_library(void); + +=head1 DESCRIPTION + +When a call to the OpenSSL library fails, this is usually signalled +by the return value, and an error code is stored in an error queue +associated with the current thread. The B<err> library provides +functions to obtain these error codes and textual error messages. + +The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to +access error codes. + +Error codes contain information about where the error occurred, and +what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to +extract this information. A method to obtain human-readable error +messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. + +L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the +error queue. + +Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to +avoid memory leaks when threads are terminated. + +=head1 ADDING NEW ERROR CODES TO OPENSSL + +See L<ERR_put_error(3)> if you want to record error codes in the +OpenSSL error system from within your application. + +The remainder of this section is of interest only if you want to add +new error codes to OpenSSL or add error codes from external libraries. + +=head2 Reporting errors + +Each sub-library has a specific macro XXXerr() that is used to report +errors. Its first argument is a function code B<XXX_F_...>, the second +argument is a reason code B<XXX_R_...>. Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function ssl23_read() reports a +"handshake failure" as follows: + + SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); + +Function and reason codes should consist of upper case characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as "SSL23_READ" in the above example. + +The trailing section of a reason code (after the "_R_") is translated +into lower case and underscores changed to spaces. + +When you are using new function or reason codes, run B<make errors>. +The necessary B<#define>s will then automatically be added to the +sub-library's header file. + +Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include ASN1 code which must use +the ASN1err() macro. + +=head2 Adding new libraries + +When adding a new sub-library to OpenSSL, assign it a library number +B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its +name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add +C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function +(in B<crypto/err/err_all.c>). Finally, add an entry + + L XXX xxx.h xxx_err.c + +to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. +Running B<make errors> will then generate a file B<xxx_err.c>, and +add all error codes used in the library to B<xxx.h>. + +Additionally the library include file must have a certain form. +Typically it will initially look like this: + + #ifndef HEADER_XXX_H + #define HEADER_XXX_H + + #ifdef __cplusplus + extern "C" { + #endif + + /* Include files */ + + #include <openssl/bio.h> + #include <openssl/x509.h> + + /* Macros, structures and function prototypes */ + + + /* BEGIN ERROR CODES */ + +The B<BEGIN ERROR CODES> sequence is used by the error code +generation script as the point to place new error codes, any text +after this point will be overwritten when B<make errors> is run. +The closing #endif etc will be automatically added by the script. + +The generated C error code file B<xxx_err.c> will load the header +files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the +header file must load any additional header files containg any +definitions it uses. + +=head1 USING ERROR CODES IN EXTERNAL LIBRARIES + +It is also possible to use OpenSSL's error code scheme in external +libraries. The library needs to load its own codes and call the OpenSSL +error code insertion script B<mkerr.pl> explicitly to add codes to +the header file and generate the C error code file. This will normally +be done if the external library needs to generate new ASN1 structures +but it can also be used to add more general purpose error code handling. + +TBA more details + +=head1 INTERNALS + +The error queues are stored in a hash table with one B<ERR_STATE> +entry for each pid. ERR_get_state() returns the current thread's +B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error +codes. When more error codes are added, the old ones are overwritten, +on the assumption that the most recent errors are most important. + +Error strings are also stored in hash table. The hash tables can +be obtained by calling ERR_get_err_state_table(void) and +ERR_get_string_table(void) respectively. + +=head1 SEE ALSO + +L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, +L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>, +L<ERR_get_error(3)|ERR_get_error(3)>, +L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, +L<ERR_clear_error(3)|ERR_clear_error(3)>, +L<ERR_error_string(3)|ERR_error_string(3)>, +L<ERR_print_errors(3)|ERR_print_errors(3)>, +L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, +L<ERR_remove_state(3)|ERR_remove_state(3)>, +L<ERR_put_error(3)|ERR_put_error(3)>, +L<ERR_load_strings(3)|ERR_load_strings(3)>, +L<SSL_get_error(3)|SSL_get_error(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/hmac.pod b/lib/libssl/src/doc/crypto/hmac.pod new file mode 100644 index 00000000000..45b6108c393 --- /dev/null +++ b/lib/libssl/src/doc/crypto/hmac.pod @@ -0,0 +1,75 @@ +=pod + +=head1 NAME + +HMAC, HMAC_Init, HMAC_Update, HMAC_Final - HMAC message authentication code + +=head1 SYNOPSIS + + #include <openssl/hmac.h> + + unsigned char *HMAC(const EVP_MD *evp_md, const void *key, + int key_len, const unsigned char *d, int n, + unsigned char *md, unsigned int *md_len); + + void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, + const EVP_MD *md); + void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); + void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); + + void HMAC_cleanup(HMAC_CTX *ctx); + +=head1 DESCRIPTION + +HMAC is a MAC (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. + +HMAC() computes the message authentication code of the B<n> bytes at +B<d> using the hash function B<evp_md> and the key B<key> which is +B<key_len> bytes long. + +It places the result in B<md> (which must have space for the output of +the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes). +If B<md> is NULL, the digest is placed in a static array. The size of +the output is placed in B<md_len>, unless it is B<NULL>. + +B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc. +B<key> and B<evp_md> may be B<NULL> if a key and hash function have +been set in a previous call to HMAC_Init() for that B<HMAC_CTX>. + +HMAC_cleanup() erases the key and other data from the B<HMAC_CTX>. + +The following functions may be used if the message is not completely +stored in memory: + +HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash +function B<evp_md> and the key B<key> which is B<key_len> bytes long. + +HMAC_Update() can be called repeatedly with chunks of the message to +be authenticated (B<len> bytes at B<data>). + +HMAC_Final() places the message authentication code in B<md>, which +must have space for the hash function output. + +=head1 RETURN VALUES + +HMAC() returns a pointer to the message authentication code. + +HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() do not +return values. + +=head1 CONFORMING TO + +RFC 2104 + +=head1 SEE ALSO + +L<sha(3)|sha(3)>, L<evp(3)|evp(3)> + +=head1 HISTORY + +HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() +are available since SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/lh_stats.pod b/lib/libssl/src/doc/crypto/lh_stats.pod new file mode 100644 index 00000000000..3eeaa72e525 --- /dev/null +++ b/lib/libssl/src/doc/crypto/lh_stats.pod @@ -0,0 +1,60 @@ +=pod + +=head1 NAME + +lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio, +lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics + +=head1 SYNOPSIS + + #include <openssl/lhash.h> + + void lh_stats(LHASH *table, FILE *out); + void lh_node_stats(LHASH *table, FILE *out); + void lh_node_usage_stats(LHASH *table, FILE *out); + + void lh_stats_bio(LHASH *table, BIO *out); + void lh_node_stats_bio(LHASH *table, BIO *out); + void lh_node_usage_stats_bio(LHASH *table, BIO *out); + +=head1 DESCRIPTION + +The B<LHASH> structure records statistics about most aspects of +accessing the hash table. This is mostly a legacy of Eric Young +writing this library for the reasons of implementing what looked like +a nice algorithm rather than for a particular software product. + +lh_stats() prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library. + +lh_node_stats() prints the number of entries for each 'bucket' in the +hash table. + +lh_node_usage_stats() prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss. + +lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio() +are the same as the above, except that the output goes to a B<BIO>. + +=head1 RETURN VALUES + +These functions do not return values. + +=head1 SEE ALSO + +L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)> + +=head1 HISTORY + +These functions are available in all versions of SSLeay and OpenSSL. + +This manpage is derived from the SSLeay documentation. + +=cut diff --git a/lib/libssl/src/doc/crypto/lhash.pod b/lib/libssl/src/doc/crypto/lhash.pod new file mode 100644 index 00000000000..af2c9a7102d --- /dev/null +++ b/lib/libssl/src/doc/crypto/lhash.pod @@ -0,0 +1,155 @@ +=pod + +=head1 NAME + +lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, +lh_doall_arg, lh_error - dynamic hash table + +=head1 SYNOPSIS + + #include <openssl/lhash.h> + + LHASH *lh_new(unsigned long (*hash)(/*void *a*/), + int (*compare)(/*void *a,void *b*/)); + void lh_free(LHASH *table); + + void *lh_insert(LHASH *table, void *data); + void *lh_delete(LHASH *table, void *data); + void *lh_retrieve(LHASH *table, void *data); + + void lh_doall(LHASH *table, void (*func)(/*void *b*/)); + void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/), + void *arg); + + int lh_error(LHASH *table); + +=head1 DESCRIPTION + +This library implements dynamic hash tables. The hash table entries +can be arbitrary structures. Usually they consist of key and value +fields. + +lh_new() creates a new B<LHASH> structure. B<hash> takes a pointer to +the structure and returns an unsigned long hash value of its key +field. The hash value is normally truncated to a power of 2, so make +sure that your hash function returns well mixed low order +bits. B<compare> takes two arguments, and returns 0 if their keys are +equal, non-zero otherwise. + +lh_free() frees the B<LHASH> structure B<table>. Allocated hash table +entries will not be freed; consider using lh_doall() to deallocate any +remaining entries in the hash table. + +lh_insert() inserts the structure pointed to by B<data> into B<table>. +If there already is an entry with the same key, the old value is +replaced. Note that lh_insert() stores pointers, the data are not +copied. + +lh_delete() deletes an entry from B<table>. + +lh_retrieve() looks up an entry in B<table>. Normally, B<data> is +a structure with the key field(s) set; the function will return a +pointer to a fully populated structure. + +lh_doall() will, for every entry in the hash table, call B<func> with +the data item as parameters. +This function can be quite useful when used as follows: + void cleanup(STUFF *a) + { STUFF_free(a); } + lh_doall(hash,cleanup); + lh_free(hash); +This can be used to free all the entries. lh_free() then cleans up the +'buckets' that point to nothing. When doing this, be careful if you +delete entries from the hash table in B<func>: the table may decrease +in size, moving item that you are currently on down lower in the hash +table. This could cause some entries to be skipped. The best +solution to this problem is to set hash-E<gt>down_load=0 before you +start. This will stop the hash table ever being decreased in size. + +lh_doall_arg() is the same as lh_doall() except that B<func> will +be called with B<arg> as the second argument. + +lh_error() can be used to determine if an error occurred in the last +operation. lh_error() is a macro. + +=head1 RETURN VALUES + +lh_new() returns B<NULL> on error, otherwise a pointer to the new +B<LHASH> structure. + +When a hash table entry is replaced, lh_insert() returns the value +being replaced. B<NULL> is returned on normal operation and on error. + +lh_delete() returns the entry being deleted. B<NULL> is returned if +there is no such value in the hash table. + +lh_retrieve() returns the hash table entry if it has been found, +B<NULL> otherwise. + +lh_error() returns 1 if an error occurred in the last operation, 0 +otherwise. + +lh_free(), lh_doall() and lh_doall_arg() return no values. + +=head1 BUGS + +lh_insert() returns B<NULL> both for success and error. + +=head1 INTERNALS + +The following description is based on the SSLeay documentation: + +The B<lhash> library implements a hash table described in the +I<Communications of the ACM> in 1991. What makes this hash table +different is that as the table fills, the hash table is increased (or +decreased) in size via Realloc(). When a 'resize' is done, instead of +all hashes being redistributed over twice as many 'buckets', one +bucket is split. So when an 'expand' is done, there is only a minimal +cost to redistribute some values. Subsequent inserts will cause more +single 'bucket' redistributions but there will never be a sudden large +cost due to redistributing all the 'buckets'. + +The state for a particular hash table is kept in the B<LHASH> structure. +The decision to increase or decrease the hash table size is made +depending on the 'load' of the hash table. The load is the number of +items in the hash table divided by the size of the hash table. The +default values are as follows. If (hash->up_load E<lt> load) =E<gt> +expand. if (hash-E<gt>down_load E<gt> load) =E<gt> contract. The +B<up_load> has a default value of 1 and B<down_load> has a default value +of 2. These numbers can be modified by the application by just +playing with the B<up_load> and B<down_load> variables. The 'load' is +kept in a form which is multiplied by 256. So +hash-E<gt>up_load=8*256; will cause a load of 8 to be set. + +If you are interested in performance the field to watch is +num_comp_calls. The hash library keeps track of the 'hash' value for +each item so when a lookup is done, the 'hashes' are compared, if +there is a match, then a full compare is done, and +hash-E<gt>num_comp_calls is incremented. If num_comp_calls is not equal +to num_delete plus num_retrieve it means that your hash function is +generating hashes that are the same for different values. It is +probably worth changing your hash function if this is the case because +even if your hash table has 10 items in a 'bucket', it can be searched +with 10 B<unsigned long> compares and 10 linked list traverses. This +will be much less expensive that 10 calls to you compare function. + +lh_strhash() is a demo string hashing function: + + unsigned long lh_strhash(const char *c); + +Since the B<LHASH> routines would normally be passed structures, this +routine would not normally be passed to lh_new(), rather it would be +used in the function passed to lh_new(). + +=head1 SEE ALSO + +L<lh_stats(3)|lh_stats(3)> + +=head1 HISTORY + +The B<lhash> library is available in all versions of SSLeay and OpenSSL. +lh_error() was added in SSLeay 0.9.1b. + +This manpage is derived from the SSLeay documentation. + +=cut diff --git a/lib/libssl/src/doc/crypto/md5.pod b/lib/libssl/src/doc/crypto/md5.pod new file mode 100644 index 00000000000..d7c120023da --- /dev/null +++ b/lib/libssl/src/doc/crypto/md5.pod @@ -0,0 +1,85 @@ +=pod + +=head1 NAME + +MD2, MD5, MD2_Init, MD2_Update, MD2_Final, MD5_Init, MD5_Update, +MD5_Final - MD2 and MD5 hash functions + +=head1 SYNOPSIS + + #include <openssl/md2.h> + + unsigned char *MD2(const unsigned char *d, unsigned long n, + unsigned char *md); + + void MD2_Init(MD2_CTX *c); + void MD2_Update(MD2_CTX *c, const unsigned char *data, + unsigned long len); + void MD2_Final(unsigned char *md, MD2_CTX *c); + + + #include <openssl/md5.h> + + unsigned char *MD5(const unsigned char *d, unsigned long n, + unsigned char *md); + + void MD5_Init(MD5_CTX *c); + void MD5_Update(MD5_CTX *c, const void *data, + unsigned long len); + void MD5_Final(unsigned char *md, MD5_CTX *c); + +=head1 DESCRIPTION + +MD2 and MD5 are cryptographic hash functions with a 128 bit output. + +MD2() and MD5() compute the MD2 and MD5 message digest of the B<n> +bytes at B<d> and place it in B<md> (which must have space for +MD2_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If +B<md> is NULL, the digest is placed in a static array. + +The following functions may be used if the message is not completely +stored in memory: + +MD2_Init() initializes a B<MD2_CTX> structure. + +MD2_Update() can be called repeatedly with chunks of the message to +be hashed (B<len> bytes at B<data>). + +MD2_Final() places the message digest in B<md>, which must have space +for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>. + +MD5_Init(), MD5_Update() and MD5_Final() are analogous using an +B<MD5_CTX> structure. + +Applications should use the higher level functions +L<EVP_DigestInit(3)|EVP_DigestInit(3)> +etc. instead of calling the hash functions directly. + +=head1 NOTE + +MD2 and MD5 are recommended only for compatibility with existing +applications. In new applications, SHA-1 or RIPEMD-160 should be +preferred. + +=head1 RETURN VALUES + +MD2() and MD5() return pointers to the hash value. + +MD2_Init(), MD2_Update() MD2_Final(), MD5_Init(), MD5_Update() and +MD5_Final() do not return values. + +=head1 CONFORMING TO + +RFC 1319, RFC 1321 + +=head1 SEE ALSO + +L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)> + +=head1 HISTORY + +MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(), +MD5_Update() and MD5_Final() are available in all versions of SSLeay +and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/mdc2.pod b/lib/libssl/src/doc/crypto/mdc2.pod new file mode 100644 index 00000000000..11dc303e04f --- /dev/null +++ b/lib/libssl/src/doc/crypto/mdc2.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + +MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function + +=head1 SYNOPSIS + + #include <openssl/mdc2.h> + + unsigned char *MDC2(const unsigned char *d, unsigned long n, + unsigned char *md); + + void MDC2_Init(MDC2_CTX *c); + void MDC2_Update(MDC2_CTX *c, const unsigned char *data, + unsigned long len); + void MDC2_Final(unsigned char *md, MDC2_CTX *c); + +=head1 DESCRIPTION + +MDC2 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of MDC2 with +DES. + +MDC2() computes the MDC2 message digest of the B<n> +bytes at B<d> and places it in B<md> (which must have space for +MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest +is placed in a static array. + +The following functions may be used if the message is not completely +stored in memory: + +MDC2_Init() initializes a B<MDC2_CTX> structure. + +MDC2_Update() can be called repeatedly with chunks of the message to +be hashed (B<len> bytes at B<data>). + +MDC2_Final() places the message digest in B<md>, which must have space +for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>. + +Applications should use the higher level functions +L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the +hash functions directly. + +=head1 RETURN VALUES + +MDC2() returns a pointer to the hash value. + +MDC2_Init(), MDC2_Update() and MDC2_Final() do not return values. + +=head1 CONFORMING TO + +ISO/IEC 10118-2, with DES + +=head1 SEE ALSO + +L<sha(3)|sha(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)> + +=head1 HISTORY + +MDC2(), MDC2_Init(), MDC2_Update() and MDC2_Final() are available since +SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/crypto/rand.pod b/lib/libssl/src/doc/crypto/rand.pod new file mode 100644 index 00000000000..295b6810505 --- /dev/null +++ b/lib/libssl/src/doc/crypto/rand.pod @@ -0,0 +1,158 @@ +=pod + +=head1 NAME + +rand - pseudo-random number generator + +=head1 SYNOPSIS + + #include <openssl/rand.h> + + int RAND_bytes(unsigned char *buf,int num); + int RAND_pseudo_bytes(unsigned char *buf,int num); + + void RAND_seed(const void *buf,int num); + void RAND_add(const void *buf,int num,int entropy); + int RAND_status(void); + void RAND_screen(void); + + int RAND_load_file(const char *file,long max_bytes); + int RAND_write_file(const char *file); + const char *RAND_file_name(char *file,int num); + + int RAND_egd(const char *path); + + void RAND_set_rand_method(RAND_METHOD *meth); + RAND_METHOD *RAND_get_rand_method(void); + RAND_METHOD *RAND_SSLeay(void); + + void RAND_cleanup(void); + +=head1 DESCRIPTION + +These functions implement a cryptographically secure pseudo-random +number generator (PRNG). It is used by other library functions for +example to generate random keys, and applications can use it when they +need randomness. + +A cryptographic PRNG must be seeded with unpredictable data such as +mouse movements or keys pressed at random by the user. This is +described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file +(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the +seeding process whenever the application is started. + +L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the +PRNG. + +=head1 INTERNALS + +The RAND_SSLeay() method implements a PRNG based on a cryptographic +hash function. + +The following description of its design is based on the SSLeay +documentation: + +First up I will state the things I believe I need for a good RNG. + +=over 4 + +=item 1 + +A good hashing algorithm to mix things up and to convert the RNG 'state' +to random numbers. + +=item 2 + +An initial source of random 'state'. + +=item 3 + +The state should be very large. If the RNG is being used to generate +4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). +If your RNG state only has 128 bits, you are obviously limiting the +search space to 128 bits, not 2048. I'm probably getting a little +carried away on this last point but it does indicate that it may not be +a bad idea to keep quite a lot of RNG state. It should be easier to +break a cipher than guess the RNG seed data. + +=item 4 + +Any RNG seed data should influence all subsequent random numbers +generated. This implies that any random seed data entered will have +an influence on all subsequent random numbers generated. + +=item 5 + +When using data to seed the RNG state, the data used should not be +extractable from the RNG state. I believe this should be a +requirement because one possible source of 'secret' semi random +data would be a private key or a password. This data must +not be disclosed by either subsequent random numbers or a +'core' dump left by a program crash. + +=item 6 + +Given the same initial 'state', 2 systems should deviate in their RNG state +(and hence the random numbers generated) over time if at all possible. + +=item 7 + +Given the random number output stream, it should not be possible to determine +the RNG state or the next random number. + +=back + +The algorithm is as follows. + +There is global state made up of a 1023 byte buffer (the 'state'), a +working hash value ('md'), and a counter ('count'). + +Whenever seed data is added, it is inserted into the 'state' as +follows. + +The input is chopped up into units of 20 bytes (or less for +the last block). Each of these blocks is run through the hash +function as follows: The data passed to the hash function +is the current 'md', the same number of bytes from the 'state' +(the location determined by in incremented looping index) as +the current 'block', the new key data 'block', and 'count' +(which is incremented after each use). +The result of this is kept in 'md' and also xored into the +'state' at the same locations that were used as input into the +hash function. I +believe this system addresses points 1 (hash function; currently +SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash +function and xor). + +When bytes are extracted from the RNG, the following process is used. +For each group of 10 bytes (or less), we do the following: + +Input into the hash function the top 10 bytes from the local 'md' +(which is initialized from the global 'md' before any bytes are +generated), the bytes that are to be overwritten by the random bytes, +and bytes from the 'state' (incrementing looping index). From this +digest output (which is kept in 'md'), the top (up to) 10 bytes are +returned to the caller and the bottom (up to) 10 bytes are xored into +the 'state'. + +Finally, after we have finished 'num' random bytes for the caller, +'count' (which is incremented) and the local and global 'md' are fed +into the hash function and the results are kept in the global 'md'. + +I believe the above addressed points 1 (use of SHA-1), 6 (by hashing +into the 'state' the 'old' data from the caller that is about to be +overwritten) and 7 (by not using the 10 bytes given to the caller to +update the 'state', but they are used to update 'md'). + +So of the points raised, only 2 is not addressed (but see +L<RAND_add(3)|RAND_add(3)>). + +=head1 SEE ALSO + +L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, +L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, +L<RAND_bytes(3)|RAND_bytes(3)>, +L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, +L<RAND_cleanup(3)|RAND_cleanup(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/rc4.pod b/lib/libssl/src/doc/crypto/rc4.pod new file mode 100644 index 00000000000..b6d3a4342ca --- /dev/null +++ b/lib/libssl/src/doc/crypto/rc4.pod @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + +RC4_set_key, RC4 - RC4 encryption + +=head1 SYNOPSIS + + #include <openssl/rc4.h> + + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); + + void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, + unsigned char *outdata); + +=head1 DESCRIPTION + +This library implements the Alleged RC4 cipher, which is described for +example in I<Applied Cryptography>. It is believed to be compatible +with RC4[TM], a proprietary cipher of RSA Security Inc. + +RC4 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions. + +RC4 consists of a key setup phase and the actual encryption or +decryption phase. + +RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long +key at B<data>. + +RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using +B<key> and places the result at B<outdata>. Repeated RC4() calls with +the same B<key> yield a continuous key stream. + +Since RC4 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. + +Applications should use the higher level functions +L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> +etc. instead of calling the RC4 functions directly. + +=head1 RETURN VALUES + +RC4_set_key() and RC4() do not return values. + +=head1 NOTE + +Certain conditions have to be observed to securely use stream ciphers. +It is not permissible to perform multiple encryptions using the same +key stream. + +=head1 SEE ALSO + +L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<rc2(3)|rc2(3)> + +=head1 HISTORY + +RC4_set_key() and RC4() are available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/ripemd.pod b/lib/libssl/src/doc/crypto/ripemd.pod new file mode 100644 index 00000000000..31054b6a8cc --- /dev/null +++ b/lib/libssl/src/doc/crypto/ripemd.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + +RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final - +RIPEMD-160 hash function + +=head1 SYNOPSIS + + #include <openssl/ripemd.h> + + unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, + unsigned char *md); + + void RIPEMD160_Init(RIPEMD160_CTX *c); + void RIPEMD160_Update(RIPEMD_CTX *c, const void *data, + unsigned long len); + void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); + +=head1 DESCRIPTION + +RIPEMD-160 is a cryptographic hash function with a +160 bit output. + +RIPEMD160() computes the RIPEMD-160 message digest of the B<n> +bytes at B<d> and places it in B<md> (which must have space for +RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest +is placed in a static array. + +The following functions may be used if the message is not completely +stored in memory: + +RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure. + +RIPEMD160_Update() can be called repeatedly with chunks of the message to +be hashed (B<len> bytes at B<data>). + +RIPEMD160_Final() places the message digest in B<md>, which must have +space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases +the B<RIPEMD160_CTX>. + +Applications should use the higher level functions +L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the +hash functions directly. + +=head1 RETURN VALUES + +RIPEMD160() returns a pointer to the hash value. + +RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() do not +return values. + +=head1 CONFORMING TO + +ISO/IEC 10118-3 (draft) (??) + +=head1 SEE ALSO + +L<sha(3)|sha(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)> + +=head1 HISTORY + +RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update() and +RIPEMD160_Final() are available since SSLeay 0.9.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/rsa.pod b/lib/libssl/src/doc/crypto/rsa.pod new file mode 100644 index 00000000000..0486c044a68 --- /dev/null +++ b/lib/libssl/src/doc/crypto/rsa.pod @@ -0,0 +1,115 @@ +=pod + +=head1 NAME + +rsa - RSA public key cryptosystem + +=head1 SYNOPSIS + + #include <openssl/rsa.h> + + RSA * RSA_new(void); + void RSA_free(RSA *rsa); + + int RSA_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int RSA_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + int RSA_sign(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); + int RSA_verify(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + + int RSA_size(RSA *rsa); + + RSA *RSA_generate_key(int num, unsigned long e, + void (*callback)(int,int,void *), void *cb_arg); + + int RSA_check_key(RSA *rsa); + + int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); + void RSA_blinding_off(RSA *rsa); + + void RSA_set_default_method(RSA_METHOD *meth); + RSA_METHOD *RSA_get_default_method(void); + RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + RSA_METHOD *RSA_get_method(RSA *rsa); + RSA_METHOD *RSA_PKCS1_SSLeay(void); + RSA_METHOD *RSA_PKCS1_RSAref(void); + RSA_METHOD *RSA_null_method(void); + int RSA_flags(RSA *rsa); + RSA *RSA_new_method(RSA_METHOD *method); + + int RSA_print(BIO *bp, RSA *x, int offset); + int RSA_print_fp(FILE *fp, RSA *x, int offset); + + int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), + int (*dup_func)(), void (*free_func)()); + int RSA_set_ex_data(RSA *r,int idx,char *arg); + char *RSA_get_ex_data(RSA *r, int idx); + + int RSA_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); + int RSA_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); + + int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, + unsigned int m_len, unsigned char *sigret, unsigned int *siglen, + RSA *rsa); + int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, + unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, + RSA *rsa); + +=head1 DESCRIPTION + +These functions implement RSA public key encryption and signatures +as defined in PKCS #1 v2.0 [RFC 2437]. + +The B<RSA> structure consists of several BIGNUM components. It can +contain public as well as private RSA keys: + + struct + { + BIGNUM *n; // public modulus + BIGNUM *e; // public exponent + BIGNUM *d; // private exponent + BIGNUM *p; // secret prime factor + BIGNUM *q; // secret prime factor + BIGNUM *dmp1; // d mod (p-1) + BIGNUM *dmq1; // d mod (q-1) + BIGNUM *iqmp; // q^-1 mod p + // ... + }; + RSA + +In public keys, the private exponent and the related secret values are +B<NULL>. + +B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private keys, but the +RSA operations are much faster when these values are available. + +=head1 CONFORMING TO + +SSL, PKCS #1 v2.0 + +=head1 PATENTS + +RSA is covered by a US patent which expires in September 2000. + +=head1 SEE ALSO + +L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, +L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>, +L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, +L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, +L<RSA_generate_key(3)|RSA_generate_key(3)>, +L<RSA_check_key(3)|RSA_check_key(3)>, +L<RSA_blinding_on(3)|RSA_blinding_on(3)>, +L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>, +L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, +L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>, +L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>, +L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/sha.pod b/lib/libssl/src/doc/crypto/sha.pod new file mode 100644 index 00000000000..0ba315d6d7a --- /dev/null +++ b/lib/libssl/src/doc/crypto/sha.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm + +=head1 SYNOPSIS + + #include <openssl/sha.h> + + unsigned char *SHA1(const unsigned char *d, unsigned long n, + unsigned char *md); + + void SHA1_Init(SHA_CTX *c); + void SHA1_Update(SHA_CTX *c, const void *data, + unsigned long len); + void SHA1_Final(unsigned char *md, SHA_CTX *c); + +=head1 DESCRIPTION + +SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output. + +SHA1() computes the SHA-1 message digest of the B<n> +bytes at B<d> and places it in B<md> (which must have space for +SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest +is placed in a static array. + +The following functions may be used if the message is not completely +stored in memory: + +SHA1_Init() initializes a B<SHA_CTX> structure. + +SHA1_Update() can be called repeatedly with chunks of the message to +be hashed (B<len> bytes at B<data>). + +SHA1_Final() places the message digest in B<md>, which must have space +for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>. + +Applications should use the higher level functions +L<EVP_DigestInit(3)|EVP_DigestInit(3)> +etc. instead of calling the hash functions directly. + +The predecessor of SHA-1, SHA, is also implemented, but it should be +used only when backward compatibility is required. + +=head1 RETURN VALUES + +SHA1() returns a pointer to the hash value. + +SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values. + +=head1 CONFORMING TO + +SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash +Standard), +SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash +Standard), +ANSI X9.30 + +=head1 SEE ALSO + +L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)> + +=head1 HISTORY + +SHA1(), SHA1_Init(), SHA1_Update() and SHA1_Final() are available in all +versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/threads.pod b/lib/libssl/src/doc/crypto/threads.pod new file mode 100644 index 00000000000..5da056f3f82 --- /dev/null +++ b/lib/libssl/src/doc/crypto/threads.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +CRYPTO_set_locking_callback, CRYPTO_set_id_callback - OpenSSL thread support + +=head1 SYNOPSIS + + #include <openssl/crypto.h> + + void CRYPTO_set_locking_callback(void (*locking_function)(int mode, + int n, const char *file, int line)); + + void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); + + int CRYPTO_num_locks(void); + +=head1 DESCRIPTION + +OpenSSL can safely be used in multi-threaded applications provided +that two callback functions are set. + +locking_function(int mode, int n, const char *file, int line) is +needed to perform locking on shared data stuctures. Multi-threaded +applications will crash at random if it is not set. + +locking_function() must be able to handle up to CRYPTO_num_locks() +different mutex locks. It sets the B<n>-th lock if B<mode> & +B<CRYPTO_LOCK>, and releases it otherwise. + +B<file> and B<line> are the file number of the function setting the +lock. They can be useful for debugging. + +id_function(void) is a function that returns a thread ID. It is not +needed on Windows nor on platforms where getpid() returns a different +ID for each thread (most notably Linux). + +=head1 RETURN VALUES + +CRYPTO_num_locks() returns the required number of locks. +The other functions return no values. + +=head1 NOTE + +You can find out if OpenSSL was configured with thread support: + + #define OPENSSL_THREAD_DEFINES + #include <openssl/opensslconf.h> + #if defined(THREADS) + // thread support enabled + #else + // no thread support + #endif + +=head1 EXAMPLES + +B<crypto/threads/mttest.c> shows examples of the callback functions on +Solaris, Irix and Win32. + +=head1 HISTORY + +CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are +available in all versions of SSLeay and OpenSSL. +CRYPTO_num_locks() was added in OpenSSL 0.9.4. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)> + +=cut diff --git a/lib/libssl/src/doc/ssl/SSL_get_error.pod b/lib/libssl/src/doc/ssl/SSL_get_error.pod new file mode 100644 index 00000000000..9cacdedc575 --- /dev/null +++ b/lib/libssl/src/doc/ssl/SSL_get_error.pod @@ -0,0 +1,91 @@ +=pod + +=head1 NAME + +SSL_get_error - obtain result code for SSL I/O operation + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_get_error(SSL *ssl, int ret); + +=head1 DESCRIPTION + +SSL_get_error() returns a result code (suitable for the C "switch" +statement) for a preceding call to SSL_connect(), SSL_accept(), +SSL_read(), or SSL_write() on B<ssl>. The value returned by that +SSL I/O function must be passed to SSL_get_error() in parameter +B<ret>. + +In addition to B<ssl> and B<ret>, SSL_get_error() inspects the +current thread's OpenSSL error queue. Thus, SSL_get_error() must be +used in the same thread that performed the SSL I/O operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the SSL I/O operation is +attempted, or SSL_get_error() will not work reliably. + +=head1 RETURN VALUES + +The following return values can currently occur: + +=over 4 + +=item SSL_ERROR_NONE + +The SSL I/O operation completed. This result code is returned +if and only if B<ret E<gt> 0>. + +=item SSL_ERROR_ZERO_RETURN + +The SSL connection has been closed. If the protocol version is SSL 3.0 +or TLS 1.0, this result code is returned only if a closure +alerts has occurred in the protocol, i.e. if the connection has been +closed cleanly. + +=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE + +The operation did not complete; the same SSL I/O function should be +called again later. There will be protocol progress if, by then, the +underlying B<BIO> has data available for reading (if the result code is +B<SSL_ERROR_WANT_READ>) or allows writing data (B<SSL_ERROR_WANT_WRITE>). +For socket B<BIO>s (e.g. when SSL_set_fd() was used) this means that +select() or poll() on the underlying socket can be used to find out +when the SSL I/O function should be retried. + +Caveat: Any SSL I/O function can lead to either of +B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>, i.e. SSL_read() +may want to write data and SSL_write() may want to read data. + +=item SSL_ERROR_WANT_X509_LOOKUP + +The operation did not complete because an application callback set by +SSL_CTX_set_client_cert_cb() has asked to be called again. +The SSL I/O function should be called again later. +Details depend on the application. + +=item SSL_ERROR_SYSCALL + +Some I/O error occurred. The OpenSSL error queue may contain more +information on the error. If the error queue is empty +(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more +about the error: If B<ret == 0>, an EOF was observed that violates +the protocol. If B<ret == -1>, the underlying B<BIO> reported an +I/O error (for socket I/O on Unix systems, consult B<errno> for details). + +=item SSL_ERROR_SSL + +A failure in the SSL library occurred, usually a protocol error. The +OpenSSL error queue contains more information on the error. + +=back + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<err(3)|err(3)> + +=head1 HISTORY + +SSL_get_error() was added in SSLeay 0.8. + +=cut diff --git a/lib/libssl/src/doc/ssl/ssl.pod b/lib/libssl/src/doc/ssl/ssl.pod new file mode 100644 index 00000000000..e53876654a7 --- /dev/null +++ b/lib/libssl/src/doc/ssl/ssl.pod @@ -0,0 +1,634 @@ + +=pod + +=head1 NAME + +SSL - OpenSSL SSL/TLS library + +=head1 SYNOPSIS + +=head1 DESCRIPTION + +The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and +Transport Layer Security (TLS v1) protocols. It provides a rich API which is +documented here. + +=head1 HEADER FILES + +Currently the OpenSSL B<ssl> library provides the following C header files +containing the prototypes for the data structures and and functions: + +=over 4 + +=item B<ssl.h> + +That's the common header file for the SSL/TLS API. Include it into your +program to make the API of the B<ssl> library available. It internally +includes both more private SSL headers and headers from the B<crypto> library. +Whenever you need hard-core details on the internals of the SSL API, look +inside this header file. + +=item B<ssl2.h> + +That's the sub header file dealing with the SSLv2 protocol only. +I<Usually you don't have to include it explicitly because +it's already included by ssl.h>. + +=item B<ssl3.h> + +That's the sub header file dealing with the SSLv3 protocol only. +I<Usually you don't have to include it explicitly because +it's already included by ssl.h>. + +=item B<ssl23.h> + +That's the sub header file dealing with the combined use of the SSLv2 and +SSLv3 protocols. +I<Usually you don't have to include it explicitly because +it's already included by ssl.h>. + +=item B<tls1.h> + +That's the sub header file dealing with the TLSv1 protocol only. +I<Usually you don't have to include it explicitly because +it's already included by ssl.h>. + +=back + +=head1 DATA STRUCTURES + +Currently the OpenSSL B<ssl> library functions deals with the following data +structures: + +=over 4 + +=item B<SSL_METHOD> (SSL Method) + +That's a dispatch structure describing the internal B<ssl> library +methods/functions which implement the various protocol versions (SSLv1, SSLv2 +and TLSv1). It's needed to create an B<SSL_CTX>. + +=item B<SSL_CIPHER> (SSL Cipher) + +This structure holds the algorithm information for a particular cipher which +are a core part of the SSL/TLS protocol. The available ciphers are configured +on a B<SSL_CTX> basis and the actually used ones are then part of the +B<SSL_SESSION>. + +=item B<SSL_CTX> (SSL Context) + +That's the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +B<SSL> structures which are later created for the connections. + +=item B<SSL_SESSION> (SSL Session) + +This is a structure containing the current SSL session details for a +connection: B<SSL_CIPHER>s, client and server certificates, keys, etc. + +=item B<SSL> (SSL Connection) + +That's the main SSL/TLS structure which is created by a server or client per +established connection. This actually is the core structure in the SSL API. +Under run-time the application usually deals with this structure which has +links to mostly all other structures. + +=back + +=head1 API FUNCTIONS + +Currently the OpenSSL B<ssl> library exports 214 API functions. +They are documented in the following: + +=head2 DEALING WITH PROTOCOL METHODS + +Here we document the various API functions which deal with the SSL/TLS +protocol methods defined in B<SSL_METHOD> structures. + +=over 4 + +=item SSL_METHOD *B<SSLv2_client_method>(void); + +Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. + +=item SSL_METHOD *B<SSLv2_server_method>(void); + +Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. + +=item SSL_METHOD *B<SSLv2_method>(void); + +Constructor for the SSLv2 SSL_METHOD structure for combined client and server. + +=item SSL_METHOD *B<SSLv3_client_method>(void); + +Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. + +=item SSL_METHOD *B<SSLv3_server_method>(void); + +Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. + +=item SSL_METHOD *B<SSLv3_method>(void); + +Constructor for the SSLv3 SSL_METHOD structure for combined client and server. + +=item SSL_METHOD *B<TLSv1_client_method>(void); + +Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. + +=item SSL_METHOD *B<TLSv1_server_method>(void); + +Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. + +=item SSL_METHOD *B<TLSv1_method>(void); + +Constructor for the TLSv1 SSL_METHOD structure for combined client and server. + +=back + +=head2 DEALING WITH CIPHERS + +Here we document the various API functions which deal with the SSL/TLS +ciphers defined in B<SSL_CIPHER> structures. + +=over 4 + +=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len); + +Write a string to I<buf> (with a maximum size of I<len>) containing a human +readable description of I<cipher>. Returns I<buf>. + +=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits); + +Determine the number of bits in I<cipher>. Because of export crippled ciphers +there are two bits: The bits the algorithm supports in general (stored to +I<alg_bits>) and the bits which are actually used (the return value). + +=item char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); + +Return the internal name of I<cipher> as a string. These are the various +strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> +definitions in the header files. + +=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher); + +Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the +SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined +in the specification the first time). + +=back + +=head2 DEALING WITH PROTOCOL CONTEXTS + +Here we document the various API functions which deal with the SSL/TLS +protocol context defined in the B<SSL_CTX> structure. + +=over 4 + +=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x); + +=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509); + +=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c); + +=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx); + +=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg); + +=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t); + +=item void B<SSL_CTX_free>(SSL_CTX *a); + +=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx); + +=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx); + +=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx); + +=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); + +=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx); + +=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) + +=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret); + +=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx); + +=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx); + +=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx); + +=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); + +=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx); + +=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath); + +=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx); + +=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth); + +=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c); + +=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx); + +=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy); + +=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess); + +=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess); + +=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx); + +=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx); + +=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t); + +=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)); + +=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess)); + +=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)); + +=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx); + +=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx); + +=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg); + +=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs); + +=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg) + +=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str); + +=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list); + +=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); + +=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void)) + +=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m); + +=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx); + +=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg); + +=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret)); + +=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op); + +=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode); + +=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode); + +=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth); + +=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t); + +=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh); + +=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void)); + +=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa); + +=item SSL_CTX_set_tmp_rsa_callback + +C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));> + +Sets the callback which will be called when a temporary private key is +required. The B<C<export>> flag will be set if the reason for needing +a temp key is that an export ciphersuite is in use, in which case, +B<C<keylength>> will contain the required keylength in bits. Generate a key of +appropriate size (using ???) and return it. + +=item SSL_set_tmp_rsa_callback + +long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); + +The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL +session instead of a context. + +=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void)) + +=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey); + +=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len); + +=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type); + +=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa); + +=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len); + +=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type); + +=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x); + +=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d); + +=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type); + +=back + +=head2 DEALING WITH SESSIONS + +Here we document the various API functions which deal with the SSL/TLS +sessions defined in the B<SSL_SESSION> structures. + +=over 4 + +=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b); + +=item void B<SSL_SESSION_free>(SSL_SESSION *ss); + +=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s); + +=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx); + +=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) + +=item long B<SSL_SESSION_get_time>(SSL_SESSION *s); + +=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s); + +=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a); + +=item SSL_SESSION *B<SSL_SESSION_new>(void); + +=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x); + +=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x); + +=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a); + +=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg); + +=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t); + +=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t); + +=back + +=head2 DEALING WITH CONNECTIONS + +Here we document the various API functions which deal with the SSL/TLS +connection defined in the B<SSL> structure. + +=over 4 + +=item int B<SSL_accept>(SSL *ssl); + +=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir); + +=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file); + +=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x); + +=item char *B<SSL_alert_desc_string>(int value); + +=item char *B<SSL_alert_desc_string_long>(int value); + +=item char *B<SSL_alert_type_string>(int value); + +=item char *B<SSL_alert_type_string_long>(int value); + +=item int B<SSL_check_private_key>(SSL *ssl); + +=item void B<SSL_clear>(SSL *ssl); + +=item long B<SSL_clear_num_renegotiations>(SSL *ssl); + +=item int B<SSL_connect>(SSL *ssl); + +=item void B<SSL_copy_session_id>(SSL *t, SSL *f); + +=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg); + +=item int B<SSL_do_handshake>(SSL *ssl); + +=item SSL *B<SSL_dup>(SSL *ssl); + +=item STACK *B<SSL_dup_CA_list>(STACK *sk); + +=item void B<SSL_free>(SSL *ssl); + +=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl); + +=item char *B<SSL_get_app_data>(SSL *ssl); + +=item X509 *B<SSL_get_certificate>(SSL *ssl); + +=item SSL_CIPHER *B<SSL_get_cipher>(SSL *ssl); + +=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits); + +=item char *B<SSL_get_cipher_list>(SSL *ssl, int n); + +=item char *B<SSL_get_cipher_name>(SSL *ssl); + +=item char *B<SSL_get_cipher_version>(SSL *ssl); + +=item STACK *B<SSL_get_ciphers>(SSL *ssl); + +=item STACK *B<SSL_get_client_CA_list>(SSL *ssl); + +=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl); + +=item long B<SSL_get_default_timeout>(SSL *ssl); + +=item int B<SSL_get_error>(SSL *ssl, int i); + +=item char *B<SSL_get_ex_data>(SSL *ssl, int idx); + +=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void); + +=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) + +=item int B<SSL_get_fd>(SSL *ssl); + +=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void) + +=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl); + +=item X509 *B<SSL_get_peer_certificate>(SSL *ssl); + +=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl); + +=item int B<SSL_get_quiet_shutdown>(SSL *ssl); + +=item BIO *B<SSL_get_rbio>(SSL *ssl); + +=item int B<SSL_get_read_ahead>(SSL *ssl); + +=item SSL_SESSION *B<SSL_get_session>(SSL *ssl); + +=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len); + +=item int B<SSL_get_shutdown>(SSL *ssl); + +=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl); + +=item int B<SSL_get_state>(SSL *ssl); + +=item long B<SSL_get_time>(SSL *ssl); + +=item long B<SSL_get_timeout>(SSL *ssl); + +=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void) + +=item int B<SSL_get_verify_mode>(SSL *ssl); + +=item long B<SSL_get_verify_result>(SSL *ssl); + +=item char *B<SSL_get_version>(SSL *ssl); + +=item BIO *B<SSL_get_wbio>(SSL *ssl); + +=item int B<SSL_in_accept_init>(SSL *ssl); + +=item int B<SSL_in_before>(SSL *ssl); + +=item int B<SSL_in_connect_init>(SSL *ssl); + +=item int B<SSL_in_init>(SSL *ssl); + +=item int B<SSL_is_init_finished>(SSL *ssl); + +=item STACK *B<SSL_load_client_CA_file>(char *file); + +=item void B<SSL_load_error_strings>(void); + +=item SSL *B<SSL_new>(SSL_CTX *ctx); + +=item long B<SSL_num_renegotiations>(SSL *ssl); + +=item int B<SSL_peek>(SSL *ssl, char *buf, int num); + +=item int B<SSL_pending>(SSL *ssl); + +=item int B<SSL_read>(SSL *ssl, char *buf, int num); + +=item int B<SSL_renegotiate>(SSL *ssl); + +=item char *B<SSL_rstate_string>(SSL *ssl); + +=item char *B<SSL_rstate_string_long>(SSL *ssl); + +=item long B<SSL_session_reused>(SSL *ssl); + +=item void B<SSL_set_accept_state>(SSL *ssl); + +=item void B<SSL_set_app_data>(SSL *ssl, char *arg); + +=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio); + +=item int B<SSL_set_cipher_list>(SSL *ssl, char *str); + +=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list); + +=item void B<SSL_set_connect_state>(SSL *ssl); + +=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg); + +=item int B<SSL_set_fd>(SSL *ssl, int fd); + +=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void)) + +=item void B<SSL_set_options>(SSL *ssl, unsigned long op); + +=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode); + +=item void B<SSL_set_read_ahead>(SSL *ssl, int yes); + +=item int B<SSL_set_rfd>(SSL *ssl, int fd); + +=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session); + +=item void B<SSL_set_shutdown>(SSL *ssl, int mode); + +=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth); + +=item void B<SSL_set_time>(SSL *ssl, long t); + +=item void B<SSL_set_timeout>(SSL *ssl, long t); + +=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void)) + +=item void B<SSL_set_verify_result>(SSL *ssl, long arg); + +=item int B<SSL_set_wfd>(SSL *ssl, int fd); + +=item int B<SSL_shutdown>(SSL *ssl); + +=item int B<SSL_state>(SSL *ssl); + +=item char *B<SSL_state_string>(SSL *ssl); + +=item char *B<SSL_state_string_long>(SSL *ssl); + +=item long B<SSL_total_renegotiations>(SSL *ssl); + +=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey); + +=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len); + +=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type); + +=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa); + +=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len); + +=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type); + +=item int B<SSL_use_certificate>(SSL *ssl, X509 *x); + +=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d); + +=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type); + +=item int B<SSL_version>(SSL *ssl); + +=item int B<SSL_want>(SSL *ssl); + +=item int B<SSL_want_nothing>(SSL *ssl); + +=item int B<SSL_want_read>(SSL *ssl); + +=item int B<SSL_want_write>(SSL *ssl); + +=item int B<SSL_want_x509_lookup>(s); + +=item int B<SSL_write>(SSL *ssl, char *buf, int num); + +=back + +=head1 SEE ALSO + +L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, +L<SSL_get_error(3)|SSL_get_error(3)> + +=head1 HISTORY + +The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2 + +=cut + diff --git a/lib/libssl/src/util/pod2man.pl b/lib/libssl/src/util/pod2man.pl new file mode 100644 index 00000000000..f5ec0767ed4 --- /dev/null +++ b/lib/libssl/src/util/pod2man.pl @@ -0,0 +1,1181 @@ +: #!/usr/bin/perl-5.005 + eval 'exec /usr/bin/perl -S $0 ${1+"$@"}' + if $running_under_some_shell; + +$DEF_PM_SECTION = '3pm' || '3'; + +=head1 NAME + +pod2man - translate embedded Perl pod directives into man pages + +=head1 SYNOPSIS + +B<pod2man> +[ B<--section=>I<manext> ] +[ B<--release=>I<relpatch> ] +[ B<--center=>I<string> ] +[ B<--date=>I<string> ] +[ B<--fixed=>I<font> ] +[ B<--official> ] +[ B<--lax> ] +I<inputfile> + +=head1 DESCRIPTION + +B<pod2man> converts its input file containing embedded pod directives (see +L<perlpod>) into nroff source suitable for viewing with nroff(1) or +troff(1) using the man(7) macro set. + +Besides the obvious pod conversions, B<pod2man> also takes care of +func(), func(n), and simple variable references like $foo or @bar so +you don't have to use code escapes for them; complex expressions like +C<$fred{'stuff'}> will still need to be escaped, though. Other nagging +little roffish things that it catches include translating the minus in +something like foo-bar, making a long dash--like this--into a real em +dash, fixing up "paired quotes", putting a little space after the +parens in something like func(), making C++ and PI look right, making +double underbars have a little tiny space between them, making ALLCAPS +a teeny bit smaller in troff(1), and escaping backslashes so you don't +have to. + +=head1 OPTIONS + +=over 8 + +=item center + +Set the centered header to a specific string. The default is +"User Contributed Perl Documentation", unless the C<--official> flag is +given, in which case the default is "Perl Programmers Reference Guide". + +=item date + +Set the left-hand footer string to this value. By default, +the modification date of the input file will be used. + +=item fixed + +The fixed font to use for code refs. Defaults to CW. + +=item official + +Set the default header to indicate that this page is of +the standard release in case C<--center> is not given. + +=item release + +Set the centered footer. By default, this is the current +perl release. + +=item section + +Set the section for the C<.TH> macro. The standard conventions on +sections are to use 1 for user commands, 2 for system calls, 3 for +functions, 4 for devices, 5 for file formats, 6 for games, 7 for +miscellaneous information, and 8 for administrator commands. This works +best if you put your Perl man pages in a separate tree, like +F</usr/local/perl/man/>. By default, section 1 will be used +unless the file ends in F<.pm> in which case section 3 will be selected. + +=item lax + +Don't complain when required sections aren't present. + +=back + +=head1 Anatomy of a Proper Man Page + +For those not sure of the proper layout of a man page, here's +an example of the skeleton of a proper man page. Head of the +major headers should be setout as a C<=head1> directive, and +are historically written in the rather startling ALL UPPER CASE +format, although this is not mandatory. +Minor headers may be included using C<=head2>, and are +typically in mixed case. + +=over 10 + +=item NAME + +Mandatory section; should be a comma-separated list of programs or +functions documented by this podpage, such as: + + foo, bar - programs to do something + +=item SYNOPSIS + +A short usage summary for programs and functions, which +may someday be deemed mandatory. + +=item DESCRIPTION + +Long drawn out discussion of the program. It's a good idea to break this +up into subsections using the C<=head2> directives, like + + =head2 A Sample Subection + + =head2 Yet Another Sample Subection + +=item OPTIONS + +Some people make this separate from the description. + +=item RETURN VALUE + +What the program or function returns if successful. + +=item ERRORS + +Exceptions, return codes, exit stati, and errno settings. + +=item EXAMPLES + +Give some example uses of the program. + +=item ENVIRONMENT + +Envariables this program might care about. + +=item FILES + +All files used by the program. You should probably use the FE<lt>E<gt> +for these. + +=item SEE ALSO + +Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8). + +=item NOTES + +Miscellaneous commentary. + +=item CAVEATS + +Things to take special care with; sometimes called WARNINGS. + +=item DIAGNOSTICS + +All possible messages the program can print out--and +what they mean. + +=item BUGS + +Things that are broken or just don't work quite right. + +=item RESTRICTIONS + +Bugs you don't plan to fix :-) + +=item AUTHOR + +Who wrote it (or AUTHORS if multiple). + +=item HISTORY + +Programs derived from other sources sometimes have this, or +you might keep a modification log here. + +=back + +=head1 EXAMPLES + + pod2man program > program.1 + pod2man some_module.pm > /usr/perl/man/man3/some_module.3 + pod2man --section=7 note.pod > note.7 + +=head1 DIAGNOSTICS + +The following diagnostics are generated by B<pod2man>. Items +marked "(W)" are non-fatal, whereas the "(F)" errors will cause +B<pod2man> to immediately exit with a non-zero status. + +=over 4 + +=item bad option in paragraph %d of %s: ``%s'' should be [%s]<%s> + +(W) If you start include an option, you should set it off +as bold, italic, or code. + +=item can't open %s: %s + +(F) The input file wasn't available for the given reason. + +=item Improper man page - no dash in NAME header in paragraph %d of %s + +(W) The NAME header did not have an isolated dash in it. This is +considered important. + +=item Invalid man page - no NAME line in %s + +(F) You did not include a NAME header, which is essential. + +=item roff font should be 1 or 2 chars, not `%s' (F) + +(F) The font specified with the C<--fixed> option was not +a one- or two-digit roff font. + +=item %s is missing required section: %s + +(W) Required sections include NAME, DESCRIPTION, and if you're +using a section starting with a 3, also a SYNOPSIS. Actually, +not having a NAME is a fatal. + +=item Unknown escape: %s in %s + +(W) An unknown HTML entity (probably for an 8-bit character) was given via +a C<EE<lt>E<gt>> directive. Besides amp, lt, gt, and quot, recognized +entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave, +Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute, +Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc, +icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc, +ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig, +THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml, +Yacute, yacute, and yuml. + +=item Unmatched =back + +(W) You have a C<=back> without a corresponding C<=over>. + +=item Unrecognized pod directive: %s + +(W) You specified a pod directive that isn't in the known list of +C<=head1>, C<=head2>, C<=item>, C<=over>, C<=back>, or C<=cut>. + + +=back + +=head1 NOTES + +If you would like to print out a lot of man page continuously, you +probably want to set the C and D registers to set contiguous page +numbering and even/odd paging, at least on some versions of man(7). +Settting the F register will get you some additional experimental +indexing: + + troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ... + +The indexing merely outputs messages via C<.tm> for each +major page, section, subsection, item, and any C<XE<lt>E<gt>> +directives. + + +=head1 RESTRICTIONS + +None at this time. + +=head1 BUGS + +The =over and =back directives don't really work right. They +take absolute positions instead of offsets, don't nest well, and +making people count is suboptimal in any event. + +=head1 AUTHORS + +Original prototype by Larry Wall, but so massively hacked over by +Tom Christiansen such that Larry probably doesn't recognize it anymore. + +=cut + +$/ = ""; +$cutting = 1; +@Indices = (); + +# We try first to get the version number from a local binary, in case we're +# running an installed version of Perl to produce documentation from an +# uninstalled newer version's pod files. +if ($^O ne 'plan9' and $^O ne 'dos' and $^O ne 'os2' and $^O ne 'MSWin32') { + my $perl = (-x './perl' && -f './perl' ) ? + './perl' : + ((-x '../perl' && -f '../perl') ? + '../perl' : + ''); + ($version,$patch) = `$perl -e 'print $]'` =~ /^(\d\.\d{3})(\d{2})?/ if $perl; +} +# No luck; we'll just go with the running Perl's version +($version,$patch) = $] =~ /^(.{5})(\d{2})?/ unless $version; +$DEF_RELEASE = "perl $version"; +$DEF_RELEASE .= ", patch $patch" if $patch; + + +sub makedate { + my $secs = shift; + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs); + my $mname = (qw{Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec})[$mon]; + $year += 1900; + return "$mday/$mname/$year"; +} + +use Getopt::Long; + +$DEF_SECTION = 1; +$DEF_CENTER = "User Contributed Perl Documentation"; +$STD_CENTER = "Perl Programmers Reference Guide"; +$DEF_FIXED = 'CW'; +$DEF_LAX = 0; + +sub usage { + warn "$0: @_\n" if @_; + die <<EOF; +usage: $0 [options] podpage +Options are: + --section=manext (default "$DEF_SECTION") + --release=relpatch (default "$DEF_RELEASE") + --center=string (default "$DEF_CENTER") + --date=string (default "$DEF_DATE") + --fixed=font (default "$DEF_FIXED") + --official (default NOT) + --lax (default NOT) +EOF +} + +$uok = GetOptions( qw( + section=s + release=s + center=s + date=s + fixed=s + official + lax + help)); + +$DEF_DATE = makedate((stat($ARGV[0]))[9] || time()); + +usage("Usage error!") unless $uok; +usage() if $opt_help; +usage("Need one and only one podpage argument") unless @ARGV == 1; + +$section = $opt_section || ($ARGV[0] =~ /\.pm$/ + ? $DEF_PM_SECTION : $DEF_SECTION); +$RP = $opt_release || $DEF_RELEASE; +$center = $opt_center || ($opt_official ? $STD_CENTER : $DEF_CENTER); +$lax = $opt_lax || $DEF_LAX; + +$CFont = $opt_fixed || $DEF_FIXED; + +if (length($CFont) == 2) { + $CFont_embed = "\\f($CFont"; +} +elsif (length($CFont) == 1) { + $CFont_embed = "\\f$CFont"; +} +else { + die "roff font should be 1 or 2 chars, not `$CFont_embed'"; +} + +$date = $opt_date || $DEF_DATE; + +for (qw{NAME DESCRIPTION}) { +# for (qw{NAME DESCRIPTION AUTHOR}) { + $wanna_see{$_}++; +} +$wanna_see{SYNOPSIS}++ if $section =~ /^3/; + + +$name = @ARGV ? $ARGV[0] : "<STDIN>"; +$Filename = $name; +if ($section =~ /^1/) { + require File::Basename; + $name = uc File::Basename::basename($name); +} +$name =~ s/\.(pod|p[lm])$//i; + +# Lose everything up to the first of +# */lib/*perl* standard or site_perl module +# */*perl*/lib from -D prefix=/opt/perl +# */*perl*/ random module hierarchy +# which works. +$name =~ s-//+-/-g; +if ($name =~ s-^.*?/lib/[^/]*perl[^/]*/--i + or $name =~ s-^.*?/[^/]*perl[^/]*/lib/--i + or $name =~ s-^.*?/[^/]*perl[^/]*/--i) { + # Lose ^site(_perl)?/. + $name =~ s-^site(_perl)?/--; + # Lose ^arch/. (XXX should we use Config? Just for archname?) + $name =~ s~^(.*-$^O|$^O-.*)/~~o; + # Lose ^version/. + $name =~ s-^\d+\.\d+/--; +} + +# Translate Getopt/Long to Getopt::Long, etc. +$name =~ s(/)(::)g; + +if ($name ne 'something') { + FCHECK: { + open(F, "< $ARGV[0]") || die "can't open $ARGV[0]: $!"; + while (<F>) { + next unless /^=\b/; + if (/^=head1\s+NAME\s*$/) { # an /m would forgive mistakes + $_ = <F>; + unless (/\s*-+\s+/) { + $oops++; + warn "$0: Improper man page - no dash in NAME header in paragraph $. of $ARGV[0]\n" + } else { + my @n = split /\s+-+\s+/; + if (@n != 2) { + $oops++; + warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n" + } + else { + %namedesc = @n; + } + } + last FCHECK; + } + next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME + next if /^=pod\b/; # It is OK to have =pod before NAME + die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax; + } + die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax; + } + close F; +} + +print <<"END"; +.rn '' }` +''' \$RCSfile\$\$Revision\$\$Date\$ +''' +''' \$Log\$ +''' +.de Sh +.br +.if t .Sp +.ne 5 +.PP +\\fB\\\\\$1\\fR +.PP +.. +.de Sp +.if t .sp .5v +.if n .sp +.. +.de Ip +.br +.ie \\\\n(.\$>=3 .ne \\\\\$3 +.el .ne 3 +.IP "\\\\\$1" \\\\\$2 +.. +.de Vb +.ft $CFont +.nf +.ne \\\\\$1 +.. +.de Ve +.ft R + +.fi +.. +''' +''' +''' Set up \\*(-- to give an unbreakable dash; +''' string Tr holds user defined translation string. +''' Bell System Logo is used as a dummy character. +''' +.tr \\(*W-|\\(bv\\*(Tr +.ie n \\{\\ +.ds -- \\(*W- +.ds PI pi +.if (\\n(.H=4u)&(1m=24u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-12u'-\\" diablo 10 pitch +.if (\\n(.H=4u)&(1m=20u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-8u'-\\" diablo 12 pitch +.ds L" "" +.ds R" "" +''' \\*(M", \\*(S", \\*(N" and \\*(T" are the equivalent of +''' \\*(L" and \\*(R", except that they are used on ".xx" lines, +''' such as .IP and .SH, which do another additional levels of +''' double-quote interpretation +.ds M" """ +.ds S" """ +.ds N" """"" +.ds T" """"" +.ds L' ' +.ds R' ' +.ds M' ' +.ds S' ' +.ds N' ' +.ds T' ' +'br\\} +.el\\{\\ +.ds -- \\(em\\| +.tr \\*(Tr +.ds L" `` +.ds R" '' +.ds M" `` +.ds S" '' +.ds N" `` +.ds T" '' +.ds L' ` +.ds R' ' +.ds M' ` +.ds S' ' +.ds N' ` +.ds T' ' +.ds PI \\(*p +'br\\} +END + +print <<'END'; +.\" If the F register is turned on, we'll generate +.\" index entries out stderr for the following things: +.\" TH Title +.\" SH Header +.\" Sh Subsection +.\" Ip Item +.\" X<> Xref (embedded +.\" Of course, you have to process the output yourself +.\" in some meaninful fashion. +.if \nF \{ +.de IX +.tm Index:\\$1\t\\n%\t"\\$2" +.. +.nr % 0 +.rr F +.\} +END + +print <<"END"; +.TH $name $section "$RP" "$date" "$center" +.UC +END + +push(@Indices, qq{.IX Title "$name $section"}); + +while (($name, $desc) = each %namedesc) { + for ($name, $desc) { s/^\s+//; s/\s+$//; } + push(@Indices, qq(.IX Name "$name - $desc"\n)); +} + +print <<'END'; +.if n .hy 0 +.if n .na +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.de CQ \" put $1 in typewriter font +END +print ".ft $CFont\n"; +print <<'END'; +'if n "\c +'if t \\&\\$1\c +'if n \\&\\$1\c +'if n \&" +\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 +'.ft R +.. +.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 +. \" AM - accent mark definitions +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds ? ? +. ds ! ! +. ds / +. ds q +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' +. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] +.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' +.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' +.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +.ds oe o\h'-(\w'o'u*4/10)'e +.ds Oe O\h'-(\w'O'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds v \h'-1'\o'\(aa\(ga' +. ds _ \h'-1'^ +. ds . \h'-1'. +. ds 3 3 +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +. ds oe oe +. ds Oe OE +.\} +.rm #[ #] #H #V #F C +END + +$indent = 0; + +$begun = ""; + +# Unrolling [^A-Z>]|[A-Z](?!<) gives: // MRE pp 165. +my $nonest = '(?:[^A-Z>]*(?:[A-Z](?!<)[^A-Z>]*)*)'; + +while (<>) { + if ($cutting) { + next unless /^=/; + $cutting = 0; + } + if ($begun) { + if (/^=end\s+$begun/) { + $begun = ""; + } + elsif ($begun =~ /^(roff|man)$/) { + print STDOUT $_; + } + next; + } + chomp; + + # Translate verbatim paragraph + + if (/^\s/) { + @lines = split(/\n/); + for (@lines) { + 1 while s + {^( [^\t]* ) \t ( \t* ) } + { $1 . ' ' x (8 - (length($1)%8) + 8 * (length($2))) }ex; + s/\\/\\e/g; + s/\A/\\&/s; + } + $lines = @lines; + makespace() unless $verbatim++; + print ".Vb $lines\n"; + print join("\n", @lines), "\n"; + print ".Ve\n"; + $needspace = 0; + next; + } + + $verbatim = 0; + + if (/^=for\s+(\S+)\s*/s) { + if ($1 eq "man" or $1 eq "roff") { + print STDOUT $',"\n\n"; + } else { + # ignore unknown for + } + next; + } + elsif (/^=begin\s+(\S+)\s*/s) { + $begun = $1; + if ($1 eq "man" or $1 eq "roff") { + print STDOUT $'."\n\n"; + } + next; + } + + # check for things that'll hosed our noremap scheme; affects $_ + init_noremap(); + + if (!/^=item/) { + + # trofficate backslashes; must do it before what happens below + s/\\/noremap('\\e')/ge; + + # protect leading periods and quotes against *roff + # mistaking them for directives + s/^(?:[A-Z]<)?[.']/\\&$&/gm; + + # first hide the escapes in case we need to + # intuit something and get it wrong due to fmting + + 1 while s/([A-Z]<$nonest>)/noremap($1)/ge; + + # func() is a reference to a perl function + s{ + \b + ( + [:\w]+ \(\) + ) + } {I<$1>}gx; + + # func(n) is a reference to a perl function or a man page + s{ + ([:\w]+) + ( + \( [^\051]+ \) + ) + } {I<$1>\\|$2}gx; + + # convert simple variable references + s/(\s+)([\$\@%][\w:]+)(?!\()/${1}C<$2>/g; + + if (m{ ( + [\-\w]+ + \( + [^\051]*? + [\@\$,] + [^\051]*? + \) + ) + }x && $` !~ /([LCI]<[^<>]*|-)$/ && !/^=\w/) + { + warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [LCI]<$1>\n"; + $oops++; + } + + while (/(-[a-zA-Z])\b/g && $` !~ /[\w\-]$/) { + warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [CB]<$1>\n"; + $oops++; + } + + # put it back so we get the <> processed again; + clear_noremap(0); # 0 means leave the E's + + } else { + # trofficate backslashes + s/\\/noremap('\\e')/ge; + + } + + # need to hide E<> first; they're processed in clear_noremap + s/(E<[^<>]+>)/noremap($1)/ge; + + + $maxnest = 10; + while ($maxnest-- && /[A-Z]</) { + + # can't do C font here + s/([BI])<($nonest)>/font($1) . $2 . font('R')/eg; + + # files and filelike refs in italics + s/F<($nonest)>/I<$1>/g; + + # no break -- usually we want C<> for this + s/S<($nonest)>/nobreak($1)/eg; + + # LREF: a la HREF L<show this text|man/section> + s:L<([^|>]+)\|[^>]+>:$1:g; + + # LREF: a manpage(3f) + s:L<([a-zA-Z][^\s\/]+)(\([^\)]+\))?>:the I<$1>$2 manpage:g; + + # LREF: an =item on another manpage + s{ + L< + ([^/]+) + / + ( + [:\w]+ + (\(\))? + ) + > + } {the C<$2> entry in the I<$1> manpage}gx; + + # LREF: an =item on this manpage + s{ + ((?: + L< + / + ( + [:\w]+ + (\(\))? + ) + > + (,?\s+(and\s+)?)? + )+) + } { internal_lrefs($1) }gex; + + # LREF: a =head2 (head1?), maybe on a manpage, maybe right here + # the "func" can disambiguate + s{ + L< + (?: + ([a-zA-Z]\S+?) / + )? + "?(.*?)"? + > + }{ + do { + $1 # if no $1, assume it means on this page. + ? "the section on I<$2> in the I<$1> manpage" + : "the section on I<$2>" + } + }gesx; # s in case it goes over multiple lines, so . matches \n + + s/Z<>/\\&/g; + + # comes last because not subject to reprocessing + s/C<($nonest)>/noremap("${CFont_embed}${1}\\fR")/eg; + } + + if (s/^=//) { + $needspace = 0; # Assume this. + + s/\n/ /g; + + ($Cmd, $_) = split(' ', $_, 2); + + $dotlevel = 1; + if ($Cmd eq 'head1') { + $dotlevel = 1; + } + elsif ($Cmd eq 'head2') { + $dotlevel = 1; + } + elsif ($Cmd eq 'item') { + $dotlevel = 2; + } + + if (defined $_) { + &escapes($dotlevel); + s/"/""/g; + } + + clear_noremap(1); + + if ($Cmd eq 'cut') { + $cutting = 1; + } + elsif ($Cmd eq 'head1') { + s/\s+$//; + delete $wanna_see{$_} if exists $wanna_see{$_}; + print qq{.SH "$_"\n}; + push(@Indices, qq{.IX Header "$_"\n}); + } + elsif ($Cmd eq 'head2') { + print qq{.Sh "$_"\n}; + push(@Indices, qq{.IX Subsection "$_"\n}); + } + elsif ($Cmd eq 'over') { + push(@indent,$indent); + $indent += ($_ + 0) || 5; + } + elsif ($Cmd eq 'back') { + $indent = pop(@indent); + warn "$0: Unmatched =back in paragraph $. of $ARGV\n" unless defined $indent; + $needspace = 1; + } + elsif ($Cmd eq 'item') { + s/^\*( |$)/\\(bu$1/g; + # if you know how to get ":s please do + s/\\\*\(L"([^"]+?)\\\*\(R"/'$1'/g; + s/\\\*\(L"([^"]+?)""/'$1'/g; + s/[^"]""([^"]+?)""[^"]/'$1'/g; + # here do something about the $" in perlvar? + print STDOUT qq{.Ip "$_" $indent\n}; + push(@Indices, qq{.IX Item "$_"\n}); + } + elsif ($Cmd eq 'pod') { + # this is just a comment + } + else { + warn "$0: Unrecognized pod directive in paragraph $. of $ARGV: $Cmd\n"; + } + } + else { + if ($needspace) { + &makespace; + } + &escapes(0); + clear_noremap(1); + print $_, "\n"; + $needspace = 1; + } +} + +print <<"END"; + +.rn }` '' +END + +if (%wanna_see && !$lax) { + @missing = keys %wanna_see; + warn "$0: $Filename is missing required section" + . (@missing > 1 && "s") + . ": @missing\n"; + $oops++; +} + +foreach (@Indices) { print "$_\n"; } + +exit; +#exit ($oops != 0); + +######################################################################### + +sub nobreak { + my $string = shift; + $string =~ s/ /\\ /g; + $string; +} + +sub escapes { + my $indot = shift; + + s/X<(.*?)>/mkindex($1)/ge; + + # translate the minus in foo-bar into foo\-bar for roff + s/([^0-9a-z-])-([^-])/$1\\-$2/g; + + # make -- into the string version \*(-- (defined above) + s/\b--\b/\\*(--/g; + s/"--([^"])/"\\*(--$1/g; # should be a better way + s/([^"])--"/$1\\*(--"/g; + + # fix up quotes; this is somewhat tricky + my $dotmacroL = 'L'; + my $dotmacroR = 'R'; + if ( $indot == 1 ) { + $dotmacroL = 'M'; + $dotmacroR = 'S'; + } + elsif ( $indot >= 2 ) { + $dotmacroL = 'N'; + $dotmacroR = 'T'; + } + if (!/""/) { + s/(^|\s)(['"])/noremap("$1\\*($dotmacroL$2")/ge; + s/(['"])($|[\-\s,;\\!?.])/noremap("\\*($dotmacroR$1$2")/ge; + } + + #s/(?!")(?:.)--(?!")(?:.)/\\*(--/g; + #s/(?:(?!")(?:.)--(?:"))|(?:(?:")--(?!")(?:.))/\\*(--/g; + + + # make sure that func() keeps a bit a space tween the parens + ### s/\b\(\)/\\|()/g; + ### s/\b\(\)/(\\|)/g; + + # make C++ into \*C+, which is a squinched version (defined above) + s/\bC\+\+/\\*(C+/g; + + # make double underbars have a little tiny space between them + s/__/_\\|_/g; + + # PI goes to \*(PI (defined above) + s/\bPI\b/noremap('\\*(PI')/ge; + + # make all caps a teeny bit smaller, but don't muck with embedded code literals + my $hidCFont = font('C'); + if ($Cmd !~ /^head1/) { # SH already makes smaller + # /g isn't enough; 1 while or we'll be off + +# 1 while s{ +# (?!$hidCFont)(..|^.|^) +# \b +# ( +# [A-Z][\/A-Z+:\-\d_$.]+ +# ) +# (s?) +# \b +# } {$1\\s-1$2\\s0}gmox; + + 1 while s{ + (?!$hidCFont)(..|^.|^) + ( + \b[A-Z]{2,}[\/A-Z+:\-\d_\$]*\b + ) + } { + $1 . noremap( '\\s-1' . $2 . '\\s0' ) + }egmox; + + } +} + +# make troff just be normal, but make small nroff get quoted +# decided to just put the quotes in the text; sigh; +sub ccvt { + local($_,$prev) = @_; + noremap(qq{.CQ "$_" \n\\&}); +} + +sub makespace { + if ($indent) { + print ".Sp\n"; + } + else { + print ".PP\n"; + } +} + +sub mkindex { + my ($entry) = @_; + my @entries = split m:\s*/\s*:, $entry; + push @Indices, ".IX Xref " . join ' ', map {qq("$_")} @entries; + return ''; +} + +sub font { + local($font) = shift; + return '\\f' . noremap($font); +} + +sub noremap { + local($thing_to_hide) = shift; + $thing_to_hide =~ tr/\000-\177/\200-\377/; + return $thing_to_hide; +} + +sub init_noremap { + # escape high bit characters in input stream + s/([\200-\377])/"E<".ord($1).">"/ge; +} + +sub clear_noremap { + my $ready_to_print = $_[0]; + + tr/\200-\377/\000-\177/; + + # trofficate backslashes + # s/(?!\\e)(?:..|^.|^)\\/\\e/g; + + # now for the E<>s, which have been hidden until now + # otherwise the interative \w<> processing would have + # been hosed by the E<gt> + s { + E< + ( + ( \d + ) + | ( [A-Za-z]+ ) + ) + > + } { + do { + defined $2 + ? chr($2) + : + exists $HTML_Escapes{$3} + ? do { $HTML_Escapes{$3} } + : do { + warn "$0: Unknown escape in paragraph $. of $ARGV: ``$&''\n"; + "E<$1>"; + } + } + }egx if $ready_to_print; +} + +sub internal_lrefs { + local($_) = shift; + local $trailing_and = s/and\s+$// ? "and " : ""; + + s{L</([^>]+)>}{$1}g; + my(@items) = split( /(?:,?\s+(?:and\s+)?)/ ); + my $retstr = "the "; + my $i; + for ($i = 0; $i <= $#items; $i++) { + $retstr .= "C<$items[$i]>"; + $retstr .= ", " if @items > 2 && $i != $#items; + $retstr .= " and " if $i+2 == @items; + } + + $retstr .= " entr" . ( @items > 1 ? "ies" : "y" ) + . " elsewhere in this document"; + # terminal space to avoid words running together (pattern used + # strips terminal spaces) + $retstr .= " " if length $trailing_and; + $retstr .= $trailing_and; + + return $retstr; + +} + +BEGIN { +%HTML_Escapes = ( + 'amp' => '&', # ampersand + 'lt' => '<', # left chevron, less-than + 'gt' => '>', # right chevron, greater-than + 'quot' => '"', # double quote + + "Aacute" => "A\\*'", # capital A, acute accent + "aacute" => "a\\*'", # small a, acute accent + "Acirc" => "A\\*^", # capital A, circumflex accent + "acirc" => "a\\*^", # small a, circumflex accent + "AElig" => '\*(AE', # capital AE diphthong (ligature) + "aelig" => '\*(ae', # small ae diphthong (ligature) + "Agrave" => "A\\*`", # capital A, grave accent + "agrave" => "A\\*`", # small a, grave accent + "Aring" => 'A\\*o', # capital A, ring + "aring" => 'a\\*o', # small a, ring + "Atilde" => 'A\\*~', # capital A, tilde + "atilde" => 'a\\*~', # small a, tilde + "Auml" => 'A\\*:', # capital A, dieresis or umlaut mark + "auml" => 'a\\*:', # small a, dieresis or umlaut mark + "Ccedil" => 'C\\*,', # capital C, cedilla + "ccedil" => 'c\\*,', # small c, cedilla + "Eacute" => "E\\*'", # capital E, acute accent + "eacute" => "e\\*'", # small e, acute accent + "Ecirc" => "E\\*^", # capital E, circumflex accent + "ecirc" => "e\\*^", # small e, circumflex accent + "Egrave" => "E\\*`", # capital E, grave accent + "egrave" => "e\\*`", # small e, grave accent + "ETH" => '\\*(D-', # capital Eth, Icelandic + "eth" => '\\*(d-', # small eth, Icelandic + "Euml" => "E\\*:", # capital E, dieresis or umlaut mark + "euml" => "e\\*:", # small e, dieresis or umlaut mark + "Iacute" => "I\\*'", # capital I, acute accent + "iacute" => "i\\*'", # small i, acute accent + "Icirc" => "I\\*^", # capital I, circumflex accent + "icirc" => "i\\*^", # small i, circumflex accent + "Igrave" => "I\\*`", # capital I, grave accent + "igrave" => "i\\*`", # small i, grave accent + "Iuml" => "I\\*:", # capital I, dieresis or umlaut mark + "iuml" => "i\\*:", # small i, dieresis or umlaut mark + "Ntilde" => 'N\*~', # capital N, tilde + "ntilde" => 'n\*~', # small n, tilde + "Oacute" => "O\\*'", # capital O, acute accent + "oacute" => "o\\*'", # small o, acute accent + "Ocirc" => "O\\*^", # capital O, circumflex accent + "ocirc" => "o\\*^", # small o, circumflex accent + "Ograve" => "O\\*`", # capital O, grave accent + "ograve" => "o\\*`", # small o, grave accent + "Oslash" => "O\\*/", # capital O, slash + "oslash" => "o\\*/", # small o, slash + "Otilde" => "O\\*~", # capital O, tilde + "otilde" => "o\\*~", # small o, tilde + "Ouml" => "O\\*:", # capital O, dieresis or umlaut mark + "ouml" => "o\\*:", # small o, dieresis or umlaut mark + "szlig" => '\*8', # small sharp s, German (sz ligature) + "THORN" => '\\*(Th', # capital THORN, Icelandic + "thorn" => '\\*(th',, # small thorn, Icelandic + "Uacute" => "U\\*'", # capital U, acute accent + "uacute" => "u\\*'", # small u, acute accent + "Ucirc" => "U\\*^", # capital U, circumflex accent + "ucirc" => "u\\*^", # small u, circumflex accent + "Ugrave" => "U\\*`", # capital U, grave accent + "ugrave" => "u\\*`", # small u, grave accent + "Uuml" => "U\\*:", # capital U, dieresis or umlaut mark + "uuml" => "u\\*:", # small u, dieresis or umlaut mark + "Yacute" => "Y\\*'", # capital Y, acute accent + "yacute" => "y\\*'", # small y, acute accent + "yuml" => "y\\*:", # small y, dieresis or umlaut mark +); +} + diff --git a/lib/libssl/src/util/selftest.pl b/lib/libssl/src/util/selftest.pl new file mode 100644 index 00000000000..91e962a312c --- /dev/null +++ b/lib/libssl/src/util/selftest.pl @@ -0,0 +1,174 @@ +#!/usr/local/bin/perl -w +# +# Run the test suite and generate a report +# + +if (! -f "Configure") { + print "Please run perl util/selftest.pl in the OpenSSL directory.\n"; + exit 1; +} + +my $report="testlog"; +my $os="??"; +my $version="??"; +my $platform0="??"; +my $platform="??"; +my $options="??"; +my $last="??"; +my $ok=0; +my $cc="cc"; +my $cversion="??"; +my $sep="-----------------------------------------------------------------------------\n"; + +open(OUT,">$report") or die; + +print OUT "OpenSSL self-test report:\n\n"; + +$uname=`uname -a`; +$uname="??" if $uname eq ""; + +$c=`sh config -t`; +foreach $_ (split("\n",$c)) { + $os=$1 if (/Operating system: (.*)$/); + $platform0=$1 if (/Configuring for (.*)$/); +} + +system "sh config" if (! -f "Makefile.ssl"); + +if (open(IN,"<Makefile.ssl")) { + while (<IN>) { + $version=$1 if (/^VERSION=(.*)$/); + $platform=$1 if (/^PLATFORM=(.*)$/); + $options=$1 if (/^OPTIONS=(.*)$/); + $cc=$1 if (/^CC= *(.*)$/); + } + close(IN); +} else { + print OUT "Error running config!\n"; +} + +$cversion=`$cc -v 2>&1`; +$cversion=`$cc -V 2>&1` if $cversion =~ "usage"; +$cversion=`$cc --version` if $cversion eq ""; +$cversion =~ s/Reading specs.*\n//; +$cversion =~ s/usage.*\n//; +chomp $cversion; + +if (open(IN,"<CHANGES")) { + while(<IN>) { + if (/\*\) (.{0,55})/) { + $last=$1; + last; + } + } + close(IN); +} + +print OUT "OpenSSL version: $version\n"; +print OUT "Last change: $last...\n"; +print OUT "Options: $options\n" if $options ne ""; +print OUT "OS (uname): $uname"; +print OUT "OS (config): $os\n"; +print OUT "Target (default): $platform0\n"; +print OUT "Target: $platform\n"; +print OUT "Compiler: $cversion\n"; +print OUT "\n"; + +print "Checking compiler...\n"; +if (open(TEST,">cctest.c")) { + print TEST "#include <stdio.h>\nmain(){printf(\"Hello world\\n\");}\n"; + close(TEST); + system("$cc -o cctest cctest.c"); + if (`./cctest` !~ /Hello world/) { + print OUT "Compiler doesn't work.\n"; + goto err; + } +} else { + print OUT "Can't create cctest.c\n"; +} +if (open(TEST,">cctest.c")) { + print TEST "#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n"; + close(TEST); + system("$cc -o cctest -Iinclude cctest.c"); + $cctest = `./cctest`; + if ($cctest !~ /OpenSSL $version/) { + if ($cctest =~ /OpenSSL/) { + print OUT "#include uses headers from different OpenSSL version!\n"; + } else { + print OUT "Can't compile test program!\n"; + } + goto err; + } +} else { + print OUT "Can't create cctest.c\n"; +} + +print "Running make...\n"; +if (system("make 2>&1 | tee make.log") > 255) { + + print OUT "make failed!\n"; + if (open(IN,"<make.log")) { + print OUT $sep; + while (<IN>) { + print OUT; + } + close(IN); + print OUT $sep; + } else { + print OUT "make.log not found!\n"; + } + goto err; +} + +$_=$options; +s/no-asm//; +if (/no-/) +{ + print OUT "Test skipped.\n"; + goto err; +} + +print "Running make test...\n"; +if (system("make test 2>&1 | tee make.log") > 255) + { + print OUT "make test failed!\n"; +} else { + $ok=1; +} + +if ($ok and open(IN,"<make.log")) { + while (<IN>) { + $ok=2 if /^platform: $platform/; + } + close(IN); +} + +if ($ok != 2) { + print OUT "Failure!\n"; + if (open(IN,"<make.log")) { + print OUT $sep; + while (<IN>) { + print OUT; + } + close(IN); + print OUT $sep; + } else { + print OUT "make.log not found!\n"; + } +} else { + print OUT "Test passed.\n"; +} +err: +close(OUT); + +print "\n"; +open(IN,"<$report") or die; +while (<IN>) { + if (/$sep/) { + print "[...]\n"; + last; + } + print; +} +print "\nTest report in file $report\n"; + |