summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2000-03-19 11:13:50 +0000
committerBob Beck <beck@cvs.openbsd.org>2000-03-19 11:13:50 +0000
commit93b7b796de511cb25f87ddebb2285e54bef8a5cb (patch)
tree49beb0cc317de4e25b3e8649b4ef19d9db90c345 /lib
parent0b5fe3d0a31a6addf3bafe0f4b549475f8b6a021 (diff)
import openssl-0.9.7-beta1
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/src/FAQ130
-rw-r--r--lib/libssl/src/INSTALL.MacOS72
-rw-r--r--lib/libssl/src/MacOS/GUSI_Init.cpp62
-rw-r--r--lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp2753
-rw-r--r--lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp104
-rw-r--r--lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp170
-rw-r--r--lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp147
-rw-r--r--lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp215
-rw-r--r--lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp1607
-rw-r--r--lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h103
-rw-r--r--lib/libssl/src/MacOS/OpenSSL.mcp.hqx4880
-rw-r--r--lib/libssl/src/MacOS/TODO18
-rw-r--r--lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h9
-rw-r--r--lib/libssl/src/MacOS/_MWERKS_prefix.h9
-rw-r--r--lib/libssl/src/MacOS/buildinf.h5
-rw-r--r--lib/libssl/src/MacOS/mklinks.as.hqx820
-rw-r--r--lib/libssl/src/MacOS/opensslconf.h116
-rw-r--r--lib/libssl/src/VMS/test-includes.com28
-rw-r--r--lib/libssl/src/apps/CA.pl.in162
-rw-r--r--lib/libssl/src/apps/app_rand.c211
-rw-r--r--lib/libssl/src/apps/dhparam.c368
-rw-r--r--lib/libssl/src/apps/passwd.c475
-rw-r--r--lib/libssl/src/apps/smime.c646
-rw-r--r--lib/libssl/src/apps/spkac.c274
-rw-r--r--lib/libssl/src/crypto/asn1/a_mbstr.c390
-rw-r--r--lib/libssl/src/crypto/asn1/a_strnid.c247
-rw-r--r--lib/libssl/src/crypto/asn1/p8_key.c131
-rw-r--r--lib/libssl/src/crypto/asn1/t_bitst.c99
-rw-r--r--lib/libssl/src/crypto/asn1/t_spki.c116
-rw-r--r--lib/libssl/src/crypto/asn1/t_x509a.c102
-rw-r--r--lib/libssl/src/crypto/asn1/x_x509a.c200
-rw-r--r--lib/libssl/src/crypto/bn/bn_ctx.c144
-rw-r--r--lib/libssl/src/crypto/bn/divtest.c41
-rw-r--r--lib/libssl/src/crypto/dsa/dsa_ossl.c321
-rw-r--r--lib/libssl/src/crypto/ebcdic.c217
-rw-r--r--lib/libssl/src/crypto/evp/c_allc.c149
-rw-r--r--lib/libssl/src/crypto/evp/c_alld.c100
-rw-r--r--lib/libssl/src/crypto/mem_dbg.c703
-rw-r--r--lib/libssl/src/crypto/pkcs12/p12_npas.c212
-rw-r--r--lib/libssl/src/crypto/pkcs7/pk7_attr.c85
-rw-r--r--lib/libssl/src/crypto/pkcs7/pk7_mime.c673
-rw-r--r--lib/libssl/src/crypto/pkcs7/pk7_smime.c427
-rw-r--r--lib/libssl/src/crypto/rand/rand_egd.c110
-rw-r--r--lib/libssl/src/crypto/rand/rand_err.c93
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_null.c149
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_test.c314
-rw-r--r--lib/libssl/src/crypto/threads/README14
-rw-r--r--lib/libssl/src/crypto/threads/profile.sh4
-rw-r--r--lib/libssl/src/crypto/threads/ptest.bat4
-rw-r--r--lib/libssl/src/crypto/threads/pthread.sh9
-rw-r--r--lib/libssl/src/crypto/threads/pthread2.sh7
-rw-r--r--lib/libssl/src/crypto/threads/pthreads-vms.com9
-rw-r--r--lib/libssl/src/crypto/threads/purify.sh4
-rw-r--r--lib/libssl/src/crypto/threads/solaris.sh4
-rw-r--r--lib/libssl/src/crypto/threads/win32.bat4
-rw-r--r--lib/libssl/src/crypto/x509/x509_att.c326
-rw-r--r--lib/libssl/src/crypto/x509/x509_trs.c263
-rw-r--r--lib/libssl/src/crypto/x509/x509spki.c121
-rw-r--r--lib/libssl/src/crypto/x509v3/ext_dat.h97
-rw-r--r--lib/libssl/src/crypto/x509v3/tabtest.c88
-rw-r--r--lib/libssl/src/crypto/x509v3/v3_info.c236
-rw-r--r--lib/libssl/src/crypto/x509v3/v3_purp.c456
-rw-r--r--lib/libssl/src/doc/apps/CA.pl.pod138
-rw-r--r--lib/libssl/src/doc/apps/asn1parse.pod129
-rw-r--r--lib/libssl/src/doc/apps/ca.pod479
-rw-r--r--lib/libssl/src/doc/apps/ciphers.pod342
-rw-r--r--lib/libssl/src/doc/apps/config.pod138
-rw-r--r--lib/libssl/src/doc/apps/crl.pod117
-rw-r--r--lib/libssl/src/doc/apps/crl2pkcs7.pod90
-rw-r--r--lib/libssl/src/doc/apps/dgst.pod49
-rw-r--r--lib/libssl/src/doc/apps/dhparam.pod115
-rw-r--r--lib/libssl/src/doc/apps/dsa.pod150
-rw-r--r--lib/libssl/src/doc/apps/dsaparam.pod102
-rw-r--r--lib/libssl/src/doc/apps/enc.pod257
-rw-r--r--lib/libssl/src/doc/apps/gendsa.pod58
-rw-r--r--lib/libssl/src/doc/apps/genrsa.pod85
-rw-r--r--lib/libssl/src/doc/apps/nseq.pod70
-rw-r--r--lib/libssl/src/doc/apps/openssl.pod298
-rw-r--r--lib/libssl/src/doc/apps/passwd.pod69
-rw-r--r--lib/libssl/src/doc/apps/pkcs12.pod310
-rw-r--r--lib/libssl/src/doc/apps/pkcs7.pod97
-rw-r--r--lib/libssl/src/doc/apps/pkcs8.pod235
-rw-r--r--lib/libssl/src/doc/apps/req.pod528
-rw-r--r--lib/libssl/src/doc/apps/rsa.pod156
-rw-r--r--lib/libssl/src/doc/apps/s_client.pod213
-rw-r--r--lib/libssl/src/doc/apps/s_server.pod265
-rw-r--r--lib/libssl/src/doc/apps/sess_id.pod151
-rw-r--r--lib/libssl/src/doc/apps/smime.pod325
-rw-r--r--lib/libssl/src/doc/apps/speed.pod45
-rw-r--r--lib/libssl/src/doc/apps/spkac.pod127
-rw-r--r--lib/libssl/src/doc/apps/verify.pod273
-rw-r--r--lib/libssl/src/doc/apps/version.pod56
-rw-r--r--lib/libssl/src/doc/apps/x509.pod543
-rw-r--r--lib/libssl/src/doc/crypto/BN_CTX_new.pod53
-rw-r--r--lib/libssl/src/doc/crypto/BN_CTX_start.pod51
-rw-r--r--lib/libssl/src/doc/crypto/BN_add.pod99
-rw-r--r--lib/libssl/src/doc/crypto/BN_add_word.pod57
-rw-r--r--lib/libssl/src/doc/crypto/BN_bn2bin.pod95
-rw-r--r--lib/libssl/src/doc/crypto/BN_cmp.pod48
-rw-r--r--lib/libssl/src/doc/crypto/BN_copy.pod34
-rw-r--r--lib/libssl/src/doc/crypto/BN_generate_prime.pod102
-rw-r--r--lib/libssl/src/doc/crypto/BN_mod_inverse.pod36
-rw-r--r--lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod95
-rw-r--r--lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod81
-rw-r--r--lib/libssl/src/doc/crypto/BN_new.pod53
-rw-r--r--lib/libssl/src/doc/crypto/BN_num_bytes.pod37
-rw-r--r--lib/libssl/src/doc/crypto/BN_rand.pod45
-rw-r--r--lib/libssl/src/doc/crypto/BN_set_bit.pod66
-rw-r--r--lib/libssl/src/doc/crypto/BN_zero.pod55
-rw-r--r--lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod51
-rw-r--r--lib/libssl/src/doc/crypto/DH_generate_key.pod50
-rw-r--r--lib/libssl/src/doc/crypto/DH_generate_parameters.pod72
-rw-r--r--lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod36
-rw-r--r--lib/libssl/src/doc/crypto/DH_new.pod40
-rw-r--r--lib/libssl/src/doc/crypto/DH_set_method.pod99
-rw-r--r--lib/libssl/src/doc/crypto/DH_size.pod33
-rw-r--r--lib/libssl/src/doc/crypto/DSA_SIG_new.pod39
-rw-r--r--lib/libssl/src/doc/crypto/DSA_do_sign.pod47
-rw-r--r--lib/libssl/src/doc/crypto/DSA_dup_DH.pod36
-rw-r--r--lib/libssl/src/doc/crypto/DSA_generate_key.pod33
-rw-r--r--lib/libssl/src/doc/crypto/DSA_generate_parameters.pod105
-rw-r--r--lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod36
-rw-r--r--lib/libssl/src/doc/crypto/DSA_new.pod41
-rw-r--r--lib/libssl/src/doc/crypto/DSA_set_method.pod111
-rw-r--r--lib/libssl/src/doc/crypto/DSA_sign.pod66
-rw-r--r--lib/libssl/src/doc/crypto/DSA_size.pod33
-rw-r--r--lib/libssl/src/doc/crypto/ERR_GET_LIB.pod51
-rw-r--r--lib/libssl/src/doc/crypto/ERR_clear_error.pod29
-rw-r--r--lib/libssl/src/doc/crypto/ERR_error_string.pod65
-rw-r--r--lib/libssl/src/doc/crypto/ERR_get_error.pod62
-rw-r--r--lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod46
-rw-r--r--lib/libssl/src/doc/crypto/ERR_load_strings.pod54
-rw-r--r--lib/libssl/src/doc/crypto/ERR_print_errors.pod51
-rw-r--r--lib/libssl/src/doc/crypto/ERR_put_error.pod44
-rw-r--r--lib/libssl/src/doc/crypto/ERR_remove_state.pod34
-rw-r--r--lib/libssl/src/doc/crypto/EVP_DigestInit.pod197
-rw-r--r--lib/libssl/src/doc/crypto/EVP_EncryptInit.pod224
-rw-r--r--lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod46
-rw-r--r--lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod65
-rw-r--r--lib/libssl/src/doc/crypto/RAND_add.pod68
-rw-r--r--lib/libssl/src/doc/crypto/RAND_bytes.pod46
-rw-r--r--lib/libssl/src/doc/crypto/RAND_cleanup.pod29
-rw-r--r--lib/libssl/src/doc/crypto/RAND_egd.pod38
-rw-r--r--lib/libssl/src/doc/crypto/RAND_load_file.pod53
-rw-r--r--lib/libssl/src/doc/crypto/RAND_set_rand_method.pod57
-rw-r--r--lib/libssl/src/doc/crypto/RSA_blinding_on.pod43
-rw-r--r--lib/libssl/src/doc/crypto/RSA_check_key.pod39
-rw-r--r--lib/libssl/src/doc/crypto/RSA_generate_key.pod68
-rw-r--r--lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod122
-rw-r--r--lib/libssl/src/doc/crypto/RSA_new.pod38
-rw-r--r--lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod124
-rw-r--r--lib/libssl/src/doc/crypto/RSA_print.pod48
-rw-r--r--lib/libssl/src/doc/crypto/RSA_private_encrypt.pod69
-rw-r--r--lib/libssl/src/doc/crypto/RSA_public_encrypt.pod86
-rw-r--r--lib/libssl/src/doc/crypto/RSA_set_method.pod153
-rw-r--r--lib/libssl/src/doc/crypto/RSA_sign.pod62
-rw-r--r--lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod59
-rw-r--r--lib/libssl/src/doc/crypto/RSA_size.pod33
-rw-r--r--lib/libssl/src/doc/crypto/blowfish.pod106
-rw-r--r--lib/libssl/src/doc/crypto/bn.pod148
-rw-r--r--lib/libssl/src/doc/crypto/bn_internal.pod225
-rw-r--r--lib/libssl/src/doc/crypto/buffer.pod73
-rw-r--r--lib/libssl/src/doc/crypto/crypto.pod67
-rw-r--r--lib/libssl/src/doc/crypto/d2i_DHparams.pod30
-rw-r--r--lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod39
-rw-r--r--lib/libssl/src/doc/crypto/des_modes.pod250
-rw-r--r--lib/libssl/src/doc/crypto/dh.pod68
-rw-r--r--lib/libssl/src/doc/crypto/dsa.pod104
-rw-r--r--lib/libssl/src/doc/crypto/err.pod187
-rw-r--r--lib/libssl/src/doc/crypto/hmac.pod75
-rw-r--r--lib/libssl/src/doc/crypto/lh_stats.pod60
-rw-r--r--lib/libssl/src/doc/crypto/lhash.pod155
-rw-r--r--lib/libssl/src/doc/crypto/md5.pod85
-rw-r--r--lib/libssl/src/doc/crypto/mdc2.pod64
-rw-r--r--lib/libssl/src/doc/crypto/rand.pod158
-rw-r--r--lib/libssl/src/doc/crypto/rc4.pod62
-rw-r--r--lib/libssl/src/doc/crypto/ripemd.pod66
-rw-r--r--lib/libssl/src/doc/crypto/rsa.pod115
-rw-r--r--lib/libssl/src/doc/crypto/sha.pod70
-rw-r--r--lib/libssl/src/doc/crypto/threads.pod70
-rw-r--r--lib/libssl/src/doc/ssl/SSL_get_error.pod91
-rw-r--r--lib/libssl/src/doc/ssl/ssl.pod634
-rw-r--r--lib/libssl/src/util/pod2man.pl1181
-rw-r--r--lib/libssl/src/util/selftest.pl174
184 files changed, 34558 insertions, 0 deletions
diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ
new file mode 100644
index 00000000000..ab84a3f9e84
--- /dev/null
+++ b/lib/libssl/src/FAQ
@@ -0,0 +1,130 @@
+OpenSSL - Frequently Asked Questions
+--------------------------------------
+
+* Which is the current version of OpenSSL?
+* Where is the documentation?
+* How can I contact the OpenSSL developers?
+* Do I need patent licenses to use OpenSSL?
+* Is OpenSSL thread-safe?
+* Why do I get a "PRNG not seeded" error message?
+* Why does the linker complain about undefined symbols?
+* Where can I get a compiled version of OpenSSL?
+
+
+* Which is the current version of OpenSSL?
+
+The current version is available from <URL: http://www.openssl.org>.
+OpenSSL 0.9.5 was released on February 28th, 2000.
+
+In addition to the current stable release, you can also access daily
+snapshots of the OpenSSL development version at <URL:
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+
+
+* Where is the documentation?
+
+OpenSSL is a library that provides cryptographic functionality to
+applications such as secure web servers. Be sure to read the
+documentation of the application you want to use. The INSTALL file
+explains how to install this library.
+
+OpenSSL includes a command line utility that can be used to perform a
+variety of cryptographic functions. It is described in the openssl(1)
+manpage. Documentation for developers is currently being written. A
+few manual pages already are available; overviews over libcrypto and
+libssl are given in the crypto(3) and ssl(3) manpages.
+
+The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
+different directory if you specified one as described in INSTALL).
+In addition, you can read the most current versions at
+<URL: http://www.openssl.org/docs/>.
+
+For information on parts of libcrypto that are not yet documented, you
+might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
+predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
+of this still applies to OpenSSL.
+
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
+The original SSLeay documentation is included in OpenSSL as
+doc/ssleay.txt. It may be useful when none of the other resources
+help, but please note that it reflects the obsolete version SSLeay
+0.6.6.
+
+
+* How can I contact the OpenSSL developers?
+
+The README file describes how to submit bug reports and patches to
+OpenSSL. Information on the OpenSSL mailing lists is available from
+<URL: http://www.openssl.org>.
+
+
+* Do I need patent licenses to use OpenSSL?
+
+The patents section of the README file lists patents that may apply to
+you if you want to use OpenSSL. For information on intellectual
+property rights, please consult a lawyer. The OpenSSL team does not
+offer legal advice.
+
+You can configure OpenSSL so as not to use RC5 and IDEA by using
+ ./config no-rc5 no-idea
+
+Until the RSA patent expires, U.S. users may want to use
+ ./config no-rc5 no-idea no-rsa
+
+Please note that you will *not* be able to communicate with most of
+the popular web browsers without RSA support.
+
+
+* Is OpenSSL thread-safe?
+
+Yes. On Windows and many Unix systems, OpenSSL automatically uses the
+multi-threaded versions of the standard libraries. If your platform
+is not one of these, consult the INSTALL file.
+
+Multi-threaded applications must provide two callback functions to
+OpenSSL. This is described in the threads(3) manpage.
+
+
+* Why do I get a "PRNG not seeded" error message?
+
+Cryptographic software needs a source of unpredictable data to work
+correctly. Many open source operating systems provide a "randomness
+device" that serves this purpose. On other systems, applications have
+to call the RAND_add() or RAND_seed() function with appropriate data
+before generating keys or performing public key encryption.
+
+Some broken applications do not do this. As of version 0.9.5, the
+OpenSSL functions that need randomness report an error if the random
+number generator has not been seeded with at least 128 bits of
+randomness. If this error occurs, please contact the author of the
+application you are using. It is likely that it never worked
+correctly. OpenSSL 0.9.5 makes the error visible by refusing to
+perform potentially insecure encryption.
+
+
+* Why does the linker complain about undefined symbols?
+
+Maybe the compilation was interrupted, and make doesn't notice that
+something is missing. Run "make clean; make".
+
+If you used ./Configure instead of ./config, make sure that you
+selected the right target. File formats may differ slightly between
+OS versions (for example sparcv8/sparcv9, or a.out/elf).
+
+If that doesn't help, you may want to try using the current snapshot.
+If the problem persists, please submit a bug report.
+
+
+* Where can I get a compiled version of OpenSSL?
+
+Some applications that use OpenSSL are distributed in binary form.
+When using such an application, you don't need to install OpenSSL
+yourself; the application will include the required parts (e.g. DLLs).
+
+If you want to install OpenSSL on a Windows system and you don't have
+a C compiler, read the "Mingw32" section of INSTALL.W32 for information
+on how to obtain and install the free GNU C compiler.
+
+A number of Linux and *BSD distributions include OpenSSL.
diff --git a/lib/libssl/src/INSTALL.MacOS b/lib/libssl/src/INSTALL.MacOS
new file mode 100644
index 00000000000..a8c4f7f1dac
--- /dev/null
+++ b/lib/libssl/src/INSTALL.MacOS
@@ -0,0 +1,72 @@
+OpenSSL - Port To The Macintosh
+===============================
+
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
+X) is now provided. "Initial" means that unlike other platforms where you
+get an SDK and a "swiss army" openssl application, on Macintosh you only
+get one sample application which fetches a page over HTTPS(*) and dumps it
+in a window. We don't even build the test applications so that we can't
+guarantee that all algorithms are operational.
+
+Required software:
+
+- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
+- Scriptable Finder;
+- CodeWarrior Pro 5;
+
+Installation procedure:
+
+- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
+ did, huh?)
+- unpack the .tar.gz file:
+ - if you have StuffIt Expander then just drag it over it;
+ - otherwise uncompress it with MacGzip and then unpack with SUNtar;
+- locate MacOS folder in OpenSSL source tree and open it;
+- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
+ "in-place", i.e. unpacked files should end-up in the very same folder;
+- execute mklinks.as;
+- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
+- that's it for now;
+
+(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
+ to 42, change appropriately.
+(**) If you use SUNtar, then it might have already unbinhexed the files
+ in question.
+(***) The project file was saved with CW Pro 5.3. If you have earlier
+ version and it refuses to open it, then download
+ http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
+ overwriting the original OpenSSL.mcp.
+(****) Other targets are work in progress. If you feel like giving 'em a
+ shot, then you should know that OpenSSL* and Lib* targets are
+ supposed to be built with the GUSI, MacOS library which mimics
+ BSD sockets and some other POSIX APIs. The GUSI distribution is
+ expected to be found in the same directory as openssl source tree,
+ i.e. in the parent directory to the one where this very file,
+ namely INSTALL.MacOS. For more informations about GUSI, see
+ http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
+
+Finally some essential comments from our generous contributor:-)
+
+"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
+hack, but it works for what I'm doing. If you don't like the way I've done
+it, then feel free to change what I've done. I freely admit that I've done
+some less-than-ideal things in my port, and if you don't like the way I've
+done something, then feel free to change it-- I won't be offended!
+
+... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
+library I wrote. My MacSocket library is a wrapper around OpenTransport,
+handling stuff like endpoint creation, reading, writing, etc. It is not
+designed as a high-performance package such as you'd use in a webserver,
+but is fine for lots of other applications. MacSocket also uses some other
+code libraries I've written to deal with string manipulations and error
+handling. Feel free to use these things in your own code, but give me
+credit and/or send me free stuff in appreciation! :-)
+
+...
+
+If you have any questions, feel free to email me as the following:
+
+roy@centricsystems.ca
+
+-Roy Wood"
+
diff --git a/lib/libssl/src/MacOS/GUSI_Init.cpp b/lib/libssl/src/MacOS/GUSI_Init.cpp
new file mode 100644
index 00000000000..d8223dba2cd
--- /dev/null
+++ b/lib/libssl/src/MacOS/GUSI_Init.cpp
@@ -0,0 +1,62 @@
+/**************** BEGIN GUSI CONFIGURATION ****************************
+ *
+ * GUSI Configuration section generated by GUSI Configurator
+ * last modified: Wed Jan 5 20:33:51 2000
+ *
+ * This section will be overwritten by the next run of Configurator.
+ */
+
+#define GUSI_SOURCE
+#include <GUSIConfig.h>
+#include <sys/cdefs.h>
+
+/* Declarations of Socket Factories */
+
+__BEGIN_DECLS
+void GUSIwithInetSockets();
+void GUSIwithLocalSockets();
+void GUSIwithMTInetSockets();
+void GUSIwithMTTcpSockets();
+void GUSIwithMTUdpSockets();
+void GUSIwithOTInetSockets();
+void GUSIwithOTTcpSockets();
+void GUSIwithOTUdpSockets();
+void GUSIwithPPCSockets();
+void GUSISetupFactories();
+__END_DECLS
+
+/* Configure Socket Factories */
+
+void GUSISetupFactories()
+{
+#ifdef GUSISetupFactories_BeginHook
+ GUSISetupFactories_BeginHook
+#endif
+ GUSIwithInetSockets();
+#ifdef GUSISetupFactories_EndHook
+ GUSISetupFactories_EndHook
+#endif
+}
+
+/* Declarations of File Devices */
+
+__BEGIN_DECLS
+void GUSIwithDConSockets();
+void GUSIwithNullSockets();
+void GUSISetupDevices();
+__END_DECLS
+
+/* Configure File Devices */
+
+void GUSISetupDevices()
+{
+#ifdef GUSISetupDevices_BeginHook
+ GUSISetupDevices_BeginHook
+#endif
+ GUSIwithNullSockets();
+#ifdef GUSISetupDevices_EndHook
+ GUSISetupDevices_EndHook
+#endif
+}
+
+/**************** END GUSI CONFIGURATION *************************/
diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp
new file mode 100644
index 00000000000..617aae2c706
--- /dev/null
+++ b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp
@@ -0,0 +1,2753 @@
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+
+ #include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+
+
+
+#define kNumberFormatString "\p########0.00#######;-########0.00#######"
+
+
+
+// Useful utility functions which could be optimized a whole lot
+
+
+void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength)
+{
+int i,numPChars;
+
+
+ if (thePStr != nil && theCStr != nil && maxCStrLength > 0)
+ {
+ numPChars = thePStr[0];
+
+ for (i = 0;;i++)
+ {
+ if (i >= numPChars || i >= maxCStrLength - 1)
+ {
+ theCStr[i] = 0;
+
+ break;
+ }
+
+ else
+ {
+ theCStr[i] = thePStr[i + 1];
+ }
+ }
+ }
+}
+
+
+void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int theMaxDstStrLength;
+
+
+ theMaxDstStrLength = maxDstStrLength;
+
+
+ if (theDstPStr != nil && theSrcPStr != nil && theMaxDstStrLength > 0)
+ {
+ if (theMaxDstStrLength > 255)
+ {
+ theMaxDstStrLength = 255;
+ }
+
+
+ if (theMaxDstStrLength - 1 < theSrcPStr[0])
+ {
+ BlockMove(theSrcPStr + 1,theDstPStr + 1,theMaxDstStrLength - 1);
+
+ theDstPStr[0] = theMaxDstStrLength - 1;
+ }
+
+ else
+ {
+ BlockMove(theSrcPStr,theDstPStr,theSrcPStr[0] + 1);
+ }
+ }
+}
+
+
+void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength)
+{
+int i;
+
+
+ if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0)
+ {
+ for (i = 0;;i++)
+ {
+ if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1)
+ {
+ theDstCStr[i] = 0;
+
+ break;
+ }
+
+ else
+ {
+ theDstCStr[i] = theSrcCStr[i];
+ }
+ }
+ }
+}
+
+
+
+void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength)
+{
+int i;
+
+
+ if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0)
+ {
+ for (i = 0;;i++)
+ {
+ if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1 || i >= maxCharsToCopy)
+ {
+ theDstCStr[i] = 0;
+
+ break;
+ }
+
+ else
+ {
+ theDstCStr[i] = theSrcCStr[i];
+ }
+ }
+ }
+}
+
+
+
+void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int i;
+int theMaxDstStrLength;
+
+
+ theMaxDstStrLength = maxDstStrLength;
+
+ if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
+ {
+ if (theMaxDstStrLength > 255)
+ {
+ theMaxDstStrLength = 255;
+ }
+
+
+ for (i = 0;;i++)
+ {
+ if (theSrcCStr[i] == 0 || i >= theMaxDstStrLength - 1 || i >= maxCharsToCopy)
+ {
+ theDstPStr[0] = i;
+
+ break;
+ }
+
+ else
+ {
+ theDstPStr[i + 1] = theSrcCStr[i];
+ }
+ }
+ }
+}
+
+
+
+void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int i;
+int theMaxDstStrLength;
+
+
+ theMaxDstStrLength = maxDstStrLength;
+
+ if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
+ {
+ if (theMaxDstStrLength > 255)
+ {
+ theMaxDstStrLength = 255;
+ }
+
+
+ for (i = 0;;i++)
+ {
+ if (i >= theMaxDstStrLength - 1 || theSrcCStr[i] == 0)
+ {
+ theDstPStr[0] = i;
+
+ break;
+ }
+
+ else
+ {
+ theDstPStr[i + 1] = theSrcCStr[i];
+ }
+ }
+ }
+}
+
+
+void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength)
+{
+int i,numPChars,cStrLength;
+
+
+ if (thePStr != nil && theCStr != nil && maxCStrLength > 0)
+ {
+ for (cStrLength = 0;theCStr[cStrLength] != 0;cStrLength++)
+ {
+
+ }
+
+
+ numPChars = thePStr[0];
+
+
+ for (i = 0;;i++)
+ {
+ if (i >= numPChars || cStrLength >= maxCStrLength - 1)
+ {
+ theCStr[cStrLength++] = 0;
+
+ break;
+ }
+
+ else
+ {
+ theCStr[cStrLength++] = thePStr[i + 1];
+ }
+ }
+ }
+}
+
+
+
+void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int theMaxDstStrLength;
+
+
+ theMaxDstStrLength = maxDstStrLength;
+
+ if (theSrcPStr != nil && theDstPStr != nil && theMaxDstStrLength > 0)
+ {
+ if (theMaxDstStrLength > 255)
+ {
+ theMaxDstStrLength = 255;
+ }
+
+
+ if (theMaxDstStrLength - theDstPStr[0] - 1 < theSrcPStr[0])
+ {
+ BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theMaxDstStrLength - 1 - theDstPStr[0]);
+
+ theDstPStr[0] = theMaxDstStrLength - 1;
+ }
+
+ else
+ {
+ BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theSrcPStr[0]);
+
+ theDstPStr[0] += theSrcPStr[0];
+ }
+ }
+}
+
+
+
+void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int i,thePStrLength;
+int theMaxDstStrLength;
+
+
+ theMaxDstStrLength = maxDstStrLength;
+
+ if (theSrcCStr != nil && theDstPStr != nil && theMaxDstStrLength > 0)
+ {
+ if (theMaxDstStrLength > 255)
+ {
+ theMaxDstStrLength = 255;
+ }
+
+
+ thePStrLength = theDstPStr[0];
+
+ for (i = 0;;i++)
+ {
+ if (theSrcCStr[i] == 0 || thePStrLength >= theMaxDstStrLength - 1)
+ {
+ theDstPStr[0] = thePStrLength;
+
+ break;
+ }
+
+ else
+ {
+ theDstPStr[thePStrLength + 1] = theSrcCStr[i];
+
+ thePStrLength++;
+ }
+ }
+ }
+}
+
+
+
+void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength)
+{
+int cStrLength;
+
+
+ if (theSrcCStr != nil && theDstCStr != nil && maxCStrLength > 0)
+ {
+ for (cStrLength = 0;theDstCStr[cStrLength] != 0;cStrLength++)
+ {
+
+ }
+
+
+ for (;;)
+ {
+ if (*theSrcCStr == 0 || cStrLength >= maxCStrLength - 1)
+ {
+ theDstCStr[cStrLength++] = 0;
+
+ break;
+ }
+
+ else
+ {
+ theDstCStr[cStrLength++] = *theSrcCStr++;
+ }
+ }
+ }
+}
+
+
+
+void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength)
+{
+int cStrLength;
+
+
+ if (theDstCStr != nil && maxCStrLength > 0)
+ {
+ cStrLength = CStrLength(theDstCStr);
+
+ if (cStrLength < maxCStrLength - 1)
+ {
+ theDstCStr[cStrLength++] = theChar;
+ theDstCStr[cStrLength++] = '\0';
+ }
+ }
+}
+
+
+
+void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength)
+{
+int pStrLength;
+
+
+ if (theDstPStr != nil && maxPStrLength > 0)
+ {
+ pStrLength = PStrLength(theDstPStr);
+
+ if (pStrLength < maxPStrLength - 1 && pStrLength < 255)
+ {
+ theDstPStr[pStrLength + 1] = theChar;
+ theDstPStr[0] += 1;
+ }
+ }
+}
+
+
+
+
+int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase)
+{
+int returnValue;
+char firstChar,secondChar;
+
+
+ returnValue = 0;
+
+
+ if (theFirstCStr != nil && theSecondCStr != nil)
+ {
+ for (;;)
+ {
+ firstChar = *theFirstCStr;
+ secondChar = *theSecondCStr;
+
+ if (ignoreCase == true)
+ {
+ if (firstChar >= 'A' && firstChar <= 'Z')
+ {
+ firstChar = 'a' + (firstChar - 'A');
+ }
+
+ if (secondChar >= 'A' && secondChar <= 'Z')
+ {
+ secondChar = 'a' + (secondChar - 'A');
+ }
+ }
+
+
+ if (firstChar == 0 && secondChar != 0)
+ {
+ returnValue = -1;
+
+ break;
+ }
+
+ else if (firstChar != 0 && secondChar == 0)
+ {
+ returnValue = 1;
+
+ break;
+ }
+
+ else if (firstChar == 0 && secondChar == 0)
+ {
+ returnValue = 0;
+
+ break;
+ }
+
+ else if (firstChar < secondChar)
+ {
+ returnValue = -1;
+
+ break;
+ }
+
+ else if (firstChar > secondChar)
+ {
+ returnValue = 1;
+
+ break;
+ }
+
+ theFirstCStr++;
+ theSecondCStr++;
+ }
+ }
+
+
+ return(returnValue);
+}
+
+
+
+Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase)
+{
+ if (CompareCStrs(theFirstCStr,theSecondCStr,ignoreCase) == 0)
+ {
+ return true;
+ }
+
+ else
+ {
+ return false;
+ }
+}
+
+
+Boolean PStrsAreEqual(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase)
+{
+ if (ComparePStrs(theFirstPStr,theSecondPStr,ignoreCase) == 0)
+ {
+ return true;
+ }
+
+ else
+ {
+ return false;
+ }
+}
+
+
+
+int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase)
+{
+int i,returnValue;
+char firstChar,secondChar;
+
+
+ returnValue = 0;
+
+
+ if (theFirstPStr != nil && theSecondPStr != nil)
+ {
+ for (i = 1;;i++)
+ {
+ firstChar = theFirstPStr[i];
+ secondChar = theSecondPStr[i];
+
+ if (ignoreCase == true)
+ {
+ if (firstChar >= 'A' && firstChar <= 'Z')
+ {
+ firstChar = 'a' + (firstChar - 'A');
+ }
+
+ if (secondChar >= 'A' && secondChar <= 'Z')
+ {
+ secondChar = 'a' + (secondChar - 'A');
+ }
+ }
+
+
+ if (theFirstPStr[0] < i && theSecondPStr[0] >= i)
+ {
+ returnValue = -1;
+
+ break;
+ }
+
+ else if (theFirstPStr[0] >= i && theSecondPStr[0] < i)
+ {
+ returnValue = 1;
+
+ break;
+ }
+
+ else if (theFirstPStr[0] < i && theSecondPStr[0] < i)
+ {
+ returnValue = 0;
+
+ break;
+ }
+
+ else if (firstChar < secondChar)
+ {
+ returnValue = -1;
+
+ break;
+ }
+
+ else if (firstChar > secondChar)
+ {
+ returnValue = 1;
+
+ break;
+ }
+ }
+ }
+
+
+ return(returnValue);
+}
+
+
+
+int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase)
+{
+int returnValue;
+char tempString[256];
+
+
+ returnValue = 0;
+
+ if (theCStr != nil && thePStr != nil)
+ {
+ CopyPStrToCStr(thePStr,tempString,sizeof(tempString));
+
+ returnValue = CompareCStrs(theCStr,tempString,ignoreCase);
+ }
+
+
+ return(returnValue);
+}
+
+
+
+void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits)
+{
+Str255 theStr255;
+
+
+ NumToString(theNum,theStr255);
+
+
+ if (numDigits > 0)
+ {
+ int charsToInsert;
+
+
+ charsToInsert = numDigits - PStrLength(theStr255);
+
+ if (charsToInsert > 0)
+ {
+ char tempString[256];
+
+ CopyCStrToCStr("",tempString,sizeof(tempString));
+
+ for (;charsToInsert > 0;charsToInsert--)
+ {
+ ConcatCStrToCStr("0",tempString,sizeof(tempString));
+ }
+
+ ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
+
+ CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
+ }
+ }
+
+
+ ConcatPStrToCStr(theStr255,theCStr,maxCStrLength);
+}
+
+
+
+
+void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits)
+{
+Str255 theStr255;
+
+
+ NumToString(theNum,theStr255);
+
+
+ if (numDigits > 0)
+ {
+ int charsToInsert;
+
+
+ charsToInsert = numDigits - PStrLength(theStr255);
+
+ if (charsToInsert > 0)
+ {
+ char tempString[256];
+
+ CopyCStrToCStr("",tempString,sizeof(tempString));
+
+ for (;charsToInsert > 0;charsToInsert--)
+ {
+ ConcatCStrToCStr("0",tempString,sizeof(tempString));
+ }
+
+ ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
+
+ CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
+ }
+ }
+
+
+ ConcatPStrToPStr(theStr255,thePStr,maxPStrLength);
+}
+
+
+
+void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
+{
+ CopyCStrToCStr(theSrcCStr,theDstCStr,maxDstStrLength);
+
+ ConcatLongIntToCStr(theNum,theDstCStr,maxDstStrLength);
+}
+
+
+
+void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits)
+{
+Str255 theStr255;
+
+
+ NumToString(theNum,theStr255);
+
+
+ if (numDigits > 0)
+ {
+ int charsToInsert;
+
+
+ charsToInsert = numDigits - PStrLength(theStr255);
+
+ if (charsToInsert > 0)
+ {
+ char tempString[256];
+
+ CopyCStrToCStr("",tempString,sizeof(tempString));
+
+ for (;charsToInsert > 0;charsToInsert--)
+ {
+ ConcatCStrToCStr("0",tempString,sizeof(tempString));
+ }
+
+ ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
+
+ CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
+ }
+ }
+
+
+ CopyPStrToCStr(theStr255,theCStr,maxCStrLength);
+}
+
+
+
+
+
+void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength)
+{
+char tempString[256];
+int srcCharIndex,dstCharIndex;
+unsigned long tempNum,quotient,remainder;
+
+
+ if (theNum == 0)
+ {
+ CopyCStrToCStr("0",theCStr,maxCStrLength);
+ }
+
+ else
+ {
+ srcCharIndex = 0;
+
+ tempNum = theNum;
+
+ for (;;)
+ {
+ if (srcCharIndex >= sizeof(tempString) - 1 || tempNum == 0)
+ {
+ for (dstCharIndex = 0;;)
+ {
+ if (dstCharIndex >= maxCStrLength - 1 || srcCharIndex <= 0)
+ {
+ theCStr[dstCharIndex] = 0;
+
+ break;
+ }
+
+ theCStr[dstCharIndex++] = tempString[--srcCharIndex];
+ }
+
+ break;
+ }
+
+
+ quotient = tempNum / 10;
+
+ remainder = tempNum - (quotient * 10);
+
+ tempString[srcCharIndex] = '0' + remainder;
+
+ srcCharIndex++;
+
+ tempNum = quotient;
+ }
+ }
+}
+
+
+
+
+void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits)
+{
+char tempString[256];
+
+
+ CopyLongIntToCStr(theNum,tempString,sizeof(tempString),numDigits);
+
+ CopyCStrToPStr(tempString,thePStr,maxPStrLength);
+}
+
+
+
+OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle)
+{
+OSErr errCode = noErr;
+char tempString[32];
+
+
+ CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
+
+ errCode = CopyCStrToNewHandle(tempString,theHandle);
+
+ return(errCode);
+}
+
+
+OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle)
+{
+OSErr errCode = noErr;
+char tempString[32];
+
+
+ CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
+
+ errCode = CopyCStrToExistingHandle(tempString,theHandle);
+
+ return(errCode);
+}
+
+
+
+
+OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle)
+{
+OSErr errCode = noErr;
+long stringLength;
+
+
+ if (theCString == nil)
+ {
+ SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theCString == nil"));
+ }
+
+ if (theHandle == nil)
+ {
+ SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theHandle == nil"));
+ }
+
+ if (*theHandle == nil)
+ {
+ SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, *theHandle == nil"));
+ }
+
+
+
+ stringLength = CStrLength(theCString) + 1;
+
+ SetHandleSize(theHandle,stringLength);
+
+ if (GetHandleSize(theHandle) < stringLength)
+ {
+ SetErrorMessageAndLongIntAndBail("CopyCStrToExistingHandle: Can't set Handle size, MemError() = ",MemError());
+ }
+
+
+ ::BlockMove(theCString,*theHandle,stringLength);
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+
+
+OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle)
+{
+OSErr errCode = noErr;
+long stringLength;
+
+
+ if (theCString == nil)
+ {
+ SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theCString == nil"));
+ }
+
+ if (theHandle == nil)
+ {
+ SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theHandle == nil"));
+ }
+
+
+
+ stringLength = CStrLength(theCString) + 1;
+
+ *theHandle = NewHandle(stringLength);
+
+ if (*theHandle == nil)
+ {
+ SetErrorMessageAndLongIntAndBail("CopyCStrToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+ }
+
+
+ ::BlockMove(theCString,**theHandle,stringLength);
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle)
+{
+OSErr errCode = noErr;
+long stringLength;
+
+
+ if (thePString == nil)
+ {
+ SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, thePString == nil"));
+ }
+
+ if (theHandle == nil)
+ {
+ SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, theHandle == nil"));
+ }
+
+
+
+ stringLength = PStrLength(thePString) + 1;
+
+ *theHandle = NewHandle(stringLength);
+
+ if (*theHandle == nil)
+ {
+ SetErrorMessageAndLongIntAndBail("CopyPStrToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+ }
+
+
+ if (stringLength > 1)
+ {
+ BlockMove(thePString + 1,**theHandle,stringLength - 1);
+ }
+
+ (**theHandle)[stringLength - 1] = 0;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength)
+{
+OSErr errCode = noErr;
+char tempString[256];
+
+
+ CopyPStrToCStr(thePString,tempString,sizeof(tempString));
+
+ errCode = AppendCStrToHandle(tempString,theHandle,currentLength);
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength,long *maxLength)
+{
+OSErr errCode = noErr;
+long handleMaxLength,handleCurrentLength,stringLength,byteCount;
+
+
+ if (theCString == nil)
+ {
+ SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theCString == nil"));
+ }
+
+ if (theHandle == nil)
+ {
+ SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theHandle == nil"));
+ }
+
+
+ if (maxLength != nil)
+ {
+ handleMaxLength = *maxLength;
+ }
+
+ else
+ {
+ handleMaxLength = GetHandleSize(theHandle);
+ }
+
+
+ if (currentLength != nil && *currentLength >= 0)
+ {
+ handleCurrentLength = *currentLength;
+ }
+
+ else
+ {
+ handleCurrentLength = CStrLength(*theHandle);
+ }
+
+
+ stringLength = CStrLength(theCString);
+
+ byteCount = handleCurrentLength + stringLength + 1;
+
+ if (byteCount > handleMaxLength)
+ {
+ SetHandleSize(theHandle,handleCurrentLength + stringLength + 1);
+
+ if (maxLength != nil)
+ {
+ *maxLength = GetHandleSize(theHandle);
+
+ handleMaxLength = *maxLength;
+ }
+
+ else
+ {
+ handleMaxLength = GetHandleSize(theHandle);
+ }
+
+ if (byteCount > handleMaxLength)
+ {
+ SetErrorMessageAndLongIntAndBail("AppendCStrToHandle: Can't increase Handle allocation, MemError() = ",MemError());
+ }
+ }
+
+
+ BlockMove(theCString,*theHandle + handleCurrentLength,stringLength + 1);
+
+
+ if (currentLength != nil)
+ {
+ *currentLength += stringLength;
+ }
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength,long *maxLength)
+{
+OSErr errCode = noErr;
+long handleMaxLength,handleCurrentLength,byteCount;
+
+
+ if (theChars == nil)
+ {
+ SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theChars == nil"));
+ }
+
+ if (theHandle == nil)
+ {
+ SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theHandle == nil"));
+ }
+
+
+ if (maxLength != nil)
+ {
+ handleMaxLength = *maxLength;
+ }
+
+ else
+ {
+ handleMaxLength = GetHandleSize(theHandle);
+ }
+
+
+ if (currentLength != nil && *currentLength >= 0)
+ {
+ handleCurrentLength = *currentLength;
+ }
+
+ else
+ {
+ handleCurrentLength = CStrLength(*theHandle);
+ }
+
+
+ byteCount = handleCurrentLength + numChars + 1;
+
+ if (byteCount > handleMaxLength)
+ {
+ SetHandleSize(theHandle,handleCurrentLength + numChars + 1);
+
+ if (maxLength != nil)
+ {
+ *maxLength = GetHandleSize(theHandle);
+
+ handleMaxLength = *maxLength;
+ }
+
+ else
+ {
+ handleMaxLength = GetHandleSize(theHandle);
+ }
+
+ if (byteCount > handleMaxLength)
+ {
+ SetErrorMessageAndLongIntAndBail("AppendCharsToHandle: Can't increase Handle allocation, MemError() = ",MemError());
+ }
+ }
+
+
+ BlockMove(theChars,*theHandle + handleCurrentLength,numChars);
+
+ (*theHandle)[handleCurrentLength + numChars] = '\0';
+
+ if (currentLength != nil)
+ {
+ *currentLength += numChars;
+ }
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength)
+{
+OSErr errCode = noErr;
+char tempString[32];
+
+
+ CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
+
+ errCode = AppendCStrToHandle(tempString,theHandle,currentLength);
+
+ return(errCode);
+}
+
+
+
+
+long CStrLength(const char *theCString)
+{
+long cStrLength = 0;
+
+
+ if (theCString != nil)
+ {
+ for (cStrLength = 0;theCString[cStrLength] != 0;cStrLength++)
+ {
+
+ }
+ }
+
+
+ return(cStrLength);
+}
+
+
+
+long PStrLength(const unsigned char *thePString)
+{
+long pStrLength = 0;
+
+
+ if (thePString != nil)
+ {
+ pStrLength = thePString[0];
+ }
+
+
+ return(pStrLength);
+}
+
+
+
+
+
+void ZeroMem(void *theMemPtr,const unsigned long numBytes)
+{
+unsigned char *theBytePtr;
+unsigned long *theLongPtr;
+unsigned long numSingleBytes;
+unsigned long theNumBytes;
+
+
+ theNumBytes = numBytes;
+
+ if (theMemPtr != nil && theNumBytes > 0)
+ {
+ theBytePtr = (unsigned char *) theMemPtr;
+
+ numSingleBytes = (unsigned long) theBytePtr & 0x0003;
+
+ while (numSingleBytes > 0)
+ {
+ *theBytePtr++ = 0;
+
+ theNumBytes--;
+ numSingleBytes--;
+ }
+
+
+ theLongPtr = (unsigned long *) theBytePtr;
+
+ while (theNumBytes >= 4)
+ {
+ *theLongPtr++ = 0;
+
+ theNumBytes -= 4;
+ }
+
+
+ theBytePtr = (unsigned char *) theLongPtr;
+
+ while (theNumBytes > 0)
+ {
+ *theBytePtr++ = 0;
+
+ theNumBytes--;
+ }
+ }
+}
+
+
+
+
+char *FindCharInCStr(const char theChar,const char *theCString)
+{
+char *theStringSearchPtr;
+
+
+ theStringSearchPtr = (char *) theCString;
+
+ if (theStringSearchPtr != nil)
+ {
+ while (*theStringSearchPtr != '\0' && *theStringSearchPtr != theChar)
+ {
+ theStringSearchPtr++;
+ }
+
+ if (*theStringSearchPtr == '\0')
+ {
+ theStringSearchPtr = nil;
+ }
+ }
+
+ return(theStringSearchPtr);
+}
+
+
+
+long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase)
+{
+long theOffset = -1;
+
+
+ if (theCString != nil)
+ {
+ theOffset = 0;
+
+
+ if (inIgnoreCase)
+ {
+ char searchChar = theChar;
+
+ if (searchChar >= 'a' && searchChar <= 'z')
+ {
+ searchChar = searchChar - 'a' + 'A';
+ }
+
+
+ while (*theCString != 0)
+ {
+ char currentChar = *theCString;
+
+ if (currentChar >= 'a' && currentChar <= 'z')
+ {
+ currentChar = currentChar - 'a' + 'A';
+ }
+
+ if (currentChar == searchChar)
+ {
+ break;
+ }
+
+ theCString++;
+ theOffset++;
+ }
+ }
+
+ else
+ {
+ while (*theCString != 0 && *theCString != theChar)
+ {
+ theCString++;
+ theOffset++;
+ }
+ }
+
+ if (*theCString == 0)
+ {
+ theOffset = -1;
+ }
+ }
+
+ return(theOffset);
+}
+
+
+long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase)
+{
+long theOffset = -1;
+
+
+ if (theCSubstring != nil && theCString != nil)
+ {
+ for (theOffset = 0;;theOffset++)
+ {
+ if (theCString[theOffset] == 0)
+ {
+ theOffset = -1;
+
+ goto EXITPOINT;
+ }
+
+
+ for (const char *tempSubstringPtr = theCSubstring,*tempCStringPtr = theCString + theOffset;;tempSubstringPtr++,tempCStringPtr++)
+ {
+ if (*tempSubstringPtr == 0)
+ {
+ goto EXITPOINT;
+ }
+
+ else if (*tempCStringPtr == 0)
+ {
+ break;
+ }
+
+ char searchChar = *tempSubstringPtr;
+ char currentChar = *tempCStringPtr;
+
+ if (inIgnoreCase && searchChar >= 'a' && searchChar <= 'z')
+ {
+ searchChar = searchChar - 'a' + 'A';
+ }
+
+ if (inIgnoreCase && currentChar >= 'a' && currentChar <= 'z')
+ {
+ currentChar = currentChar - 'a' + 'A';
+ }
+
+ if (currentChar != searchChar)
+ {
+ break;
+ }
+ }
+ }
+
+ theOffset = -1;
+ }
+
+
+EXITPOINT:
+
+ return(theOffset);
+}
+
+
+
+void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength)
+{
+int currentLength;
+int insertLength;
+int numCharsToInsert;
+int numCharsToShift;
+
+
+ if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1)
+ {
+ currentLength = CStrLength(theDstCStr);
+
+ insertLength = CStrLength(theSrcCStr);
+
+
+ if (theInsertionOffset + insertLength < maxDstStrLength - 1)
+ {
+ numCharsToInsert = insertLength;
+ }
+
+ else
+ {
+ numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset;
+ }
+
+
+ if (numCharsToInsert + currentLength < maxDstStrLength - 1)
+ {
+ numCharsToShift = currentLength - theInsertionOffset;
+ }
+
+ else
+ {
+ numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert;
+ }
+
+
+ if (numCharsToShift > 0)
+ {
+ BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift);
+ }
+
+ if (numCharsToInsert > 0)
+ {
+ BlockMove(theSrcCStr,theDstCStr + theInsertionOffset,numCharsToInsert);
+ }
+
+ theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0;
+ }
+}
+
+
+
+void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength)
+{
+int currentLength;
+int insertLength;
+int numCharsToInsert;
+int numCharsToShift;
+
+
+ if (theDstCStr != nil && theSrcPStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1)
+ {
+ currentLength = CStrLength(theDstCStr);
+
+ insertLength = PStrLength(theSrcPStr);
+
+
+ if (theInsertionOffset + insertLength < maxDstStrLength - 1)
+ {
+ numCharsToInsert = insertLength;
+ }
+
+ else
+ {
+ numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset;
+ }
+
+
+ if (numCharsToInsert + currentLength < maxDstStrLength - 1)
+ {
+ numCharsToShift = currentLength - theInsertionOffset;
+ }
+
+ else
+ {
+ numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert;
+ }
+
+
+ if (numCharsToShift > 0)
+ {
+ BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift);
+ }
+
+ if (numCharsToInsert > 0)
+ {
+ BlockMove(theSrcPStr + 1,theDstCStr + theInsertionOffset,numCharsToInsert);
+ }
+
+ theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0;
+ }
+}
+
+
+
+OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset)
+{
+OSErr errCode;
+int currentLength;
+int insertLength;
+
+
+ SetErrorMessageAndBailIfNil(theCString,"InsertCStrIntoHandle: Bad parameter, theCString == nil");
+
+ SetErrorMessageAndBailIfNil(theHandle,"InsertCStrIntoHandle: Bad parameter, theHandle == nil");
+
+ currentLength = CStrLength(*theHandle);
+
+ if (currentLength + 1 > ::GetHandleSize(theHandle))
+ {
+ SetErrorMessageAndBail("InsertCStrIntoHandle: Handle has been overflowed");
+ }
+
+ if (inInsertOffset > currentLength)
+ {
+ SetErrorMessageAndBail("InsertCStrIntoHandle: Insertion offset is greater than string length");
+ }
+
+ insertLength = CStrLength(theCString);
+
+ ::SetHandleSize(theHandle,currentLength + 1 + insertLength);
+
+ if (::GetHandleSize(theHandle) < currentLength + 1 + insertLength)
+ {
+ SetErrorMessageAndLongIntAndBail("InsertCStrIntoHandle: Can't expand storage for Handle, MemError() = ",MemError());
+ }
+
+ ::BlockMove(*theHandle + inInsertOffset,*theHandle + inInsertOffset + insertLength,currentLength - inInsertOffset + 1);
+
+ ::BlockMove(theCString,*theHandle + inInsertOffset,insertLength);
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+
+void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
+{
+ CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,nil,theNum,theDstCStr,maxDstStrLength);
+}
+
+
+void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength)
+{
+const long theLongInts[] = { long1,long2 };
+
+ CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength);
+}
+
+
+void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength)
+{
+const long theLongInts[] = { long1,long2,long3 };
+
+ CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength);
+}
+
+
+void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength)
+{
+const char *theCStrs[2] = { theInsertCStr,nil };
+
+ CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,nil,theDstCStr,maxDstStrLength);
+}
+
+
+
+void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
+{
+const char *theCStrs[2] = { theInsertCStr,nil };
+const long theLongInts[1] = { theNum };
+
+ CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,theLongInts,theDstCStr,maxDstStrLength);
+}
+
+
+
+void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength)
+{
+int dstCharIndex,srcCharIndex,theMaxDstStrLength;
+int theCStrIndex = 0;
+int theLongIntIndex = 0;
+
+
+ theMaxDstStrLength = maxDstStrLength;
+
+ if (theDstCStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
+ {
+ dstCharIndex = 0;
+
+ srcCharIndex = 0;
+
+
+ // Allow room for NULL at end of string
+
+ theMaxDstStrLength--;
+
+
+ for (;;)
+ {
+ // Hit end of buffer?
+
+ if (dstCharIndex >= theMaxDstStrLength)
+ {
+ theDstCStr[dstCharIndex++] = 0;
+
+ goto EXITPOINT;
+ }
+
+ // End of source string?
+
+ else if (theSrcCStr[srcCharIndex] == 0)
+ {
+ theDstCStr[dstCharIndex++] = 0;
+
+ goto EXITPOINT;
+ }
+
+ // Did we find a '%s'?
+
+ else if (theInsertCStrs != nil && theInsertCStrs[theCStrIndex] != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 's')
+ {
+ // Skip over the '%s'
+
+ srcCharIndex += 2;
+
+
+ // Terminate the dest string and then concat the string
+
+ theDstCStr[dstCharIndex] = 0;
+
+ ConcatCStrToCStr(theInsertCStrs[theCStrIndex],theDstCStr,theMaxDstStrLength);
+
+ dstCharIndex = CStrLength(theDstCStr);
+
+ theCStrIndex++;
+ }
+
+ // Did we find a '%ld'?
+
+ else if (theLongInts != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 'l' && theSrcCStr[srcCharIndex + 2] == 'd')
+ {
+ // Skip over the '%ld'
+
+ srcCharIndex += 3;
+
+
+ // Terminate the dest string and then concat the number
+
+ theDstCStr[dstCharIndex] = 0;
+
+ ConcatLongIntToCStr(theLongInts[theLongIntIndex],theDstCStr,theMaxDstStrLength);
+
+ theLongIntIndex++;
+
+ dstCharIndex = CStrLength(theDstCStr);
+ }
+
+ else
+ {
+ theDstCStr[dstCharIndex++] = theSrcCStr[srcCharIndex++];
+ }
+ }
+ }
+
+
+
+EXITPOINT:
+
+ return;
+}
+
+
+
+
+
+OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle)
+{
+OSErr errCode;
+long byteCount;
+
+
+ if (theHandle != nil)
+ {
+ byteCount = CStrLength(theSrcCStr) + CStrLength(theInsertCStr) + 32;
+
+ *theHandle = NewHandle(byteCount);
+
+ if (*theHandle == nil)
+ {
+ SetErrorMessageAndLongIntAndBail("CopyCStrAndInsertCStrLongIntIntoHandle: Can't allocate Handle, MemError() = ",MemError());
+ }
+
+
+ HLock(*theHandle);
+
+ CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,theInsertCStr,theNum,**theHandle,byteCount);
+
+ HUnlock(*theHandle);
+ }
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+
+
+OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength)
+{
+OSErr errCode;
+char *srcCharPtr,*dstCharPtr;
+int wordCount;
+int byteCount;
+
+
+ if (theSrcCStr == nil)
+ {
+ SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theSrcCStr == nil"));
+ }
+
+ if (theDstCStr == nil)
+ {
+ SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theDstCStr == nil"));
+ }
+
+ if (whichWord < 0)
+ {
+ SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, whichWord < 0"));
+ }
+
+ if (maxDstCStrLength <= 0)
+ {
+ SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, maxDstCStrLength <= 0"));
+ }
+
+
+ *theDstCStr = '\0';
+
+ srcCharPtr = theSrcCStr;
+
+ while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+ {
+ srcCharPtr++;
+ }
+
+
+ for (wordCount = 0;wordCount < whichWord;wordCount++)
+ {
+ while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0')
+ {
+ srcCharPtr++;
+ }
+
+ if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+ {
+ errCode = noErr;
+
+ goto EXITPOINT;
+ }
+
+ while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+ {
+ srcCharPtr++;
+ }
+
+ if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+ {
+ errCode = noErr;
+
+ goto EXITPOINT;
+ }
+ }
+
+
+ dstCharPtr = theDstCStr;
+ byteCount = 0;
+
+
+ for(;;)
+ {
+ if (byteCount >= maxDstCStrLength - 1 || *srcCharPtr == '\0' || *srcCharPtr == ' ' || *srcCharPtr == '\t' || *srcCharPtr == '\r' || *srcCharPtr == '\n')
+ {
+ *dstCharPtr = '\0';
+ break;
+ }
+
+ *dstCharPtr++ = *srcCharPtr++;
+
+ byteCount++;
+ }
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+
+
+OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle)
+{
+OSErr errCode;
+char *srcCharPtr;
+int wordCount;
+int byteCount;
+
+
+ if (theSrcCStr == nil)
+ {
+ SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, theSrcCStr == nil"));
+ }
+
+ if (outTheHandle == nil)
+ {
+ SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, outTheHandle == nil"));
+ }
+
+ if (whichWord < 0)
+ {
+ SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, whichWord < 0"));
+ }
+
+
+ *outTheHandle = nil;
+
+
+ srcCharPtr = theSrcCStr;
+
+ while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+ {
+ srcCharPtr++;
+ }
+
+
+ for (wordCount = 0;wordCount < whichWord;wordCount++)
+ {
+ while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0')
+ {
+ srcCharPtr++;
+ }
+
+ if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+ {
+ break;
+ }
+
+ while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+ {
+ srcCharPtr++;
+ }
+
+ if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+ {
+ break;
+ }
+ }
+
+
+ for (byteCount = 0;;byteCount++)
+ {
+ if (srcCharPtr[byteCount] == ' ' || srcCharPtr[byteCount] == '\t' || srcCharPtr[byteCount] == '\r' || srcCharPtr[byteCount] == '\n' || srcCharPtr[byteCount] == '\0')
+ {
+ break;
+ }
+ }
+
+
+ *outTheHandle = NewHandle(byteCount + 1);
+
+ if (*outTheHandle == nil)
+ {
+ SetErrorMessageAndLongIntAndBail("CopyIndexedWordToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+ }
+
+
+ ::BlockMove(srcCharPtr,**outTheHandle,byteCount);
+
+ (**outTheHandle)[byteCount] = '\0';
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength)
+{
+OSErr errCode;
+int theCurrentLine;
+int theCurrentLineOffset;
+int theEOSOffset;
+
+
+ if (theSrcCStr == nil)
+ {
+ SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theSrcCStr == nil"));
+ }
+
+ if (theDstCStr == nil)
+ {
+ SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theDstCStr == nil"));
+ }
+
+ if (inWhichLine < 0)
+ {
+ SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, inWhichLine < 0"));
+ }
+
+ if (maxDstCStrLength <= 0)
+ {
+ SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, maxDstCStrLength <= 0"));
+ }
+
+
+ if (gotLastLine != nil)
+ {
+ *gotLastLine = false;
+ }
+
+
+ *theDstCStr = 0;
+
+ theCurrentLineOffset = 0;
+
+ theCurrentLine = 0;
+
+
+ while (theCurrentLine < inWhichLine)
+ {
+ while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != 0)
+ {
+ theCurrentLineOffset++;
+ }
+
+ if (theSrcCStr[theCurrentLineOffset] == 0)
+ {
+ break;
+ }
+
+ theCurrentLineOffset++;
+ theCurrentLine++;
+ }
+
+ if (theSrcCStr[theCurrentLineOffset] == 0)
+ {
+ SetErrorMessageAndLongIntAndBail("CopyIndexedLineToCStr: Too few lines in source text, can't get line ",inWhichLine);
+ }
+
+
+ theEOSOffset = FindCharOffsetInCStr('\r',theSrcCStr + theCurrentLineOffset);
+
+ if (theEOSOffset >= 0)
+ {
+ CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength);
+
+ if (gotLastLine != nil)
+ {
+ *gotLastLine = false;
+ }
+
+ if (lineEndIndex != nil)
+ {
+ *lineEndIndex = theEOSOffset;
+ }
+ }
+
+ else
+ {
+ theEOSOffset = CStrLength(theSrcCStr + theCurrentLineOffset);
+
+ CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength);
+
+ if (gotLastLine != nil)
+ {
+ *gotLastLine = true;
+ }
+
+ if (lineEndIndex != nil)
+ {
+ *lineEndIndex = theEOSOffset;
+ }
+ }
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle)
+{
+OSErr errCode;
+int theCurrentLine;
+int theCurrentLineOffset;
+int byteCount;
+
+
+ SetErrorMessageAndBailIfNil(theSrcCStr,"CopyIndexedLineToNewHandle: Bad parameter, theSrcCStr == nil");
+ SetErrorMessageAndBailIfNil(outNewHandle,"CopyIndexedLineToNewHandle: Bad parameter, outNewHandle == nil");
+
+ if (inWhichLine < 0)
+ {
+ SetErrorMessageAndBail(("CopyIndexedLineToNewHandle: Bad parameter, inWhichLine < 0"));
+ }
+
+
+ theCurrentLineOffset = 0;
+
+ theCurrentLine = 0;
+
+
+ while (theCurrentLine < inWhichLine)
+ {
+ while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != '\0')
+ {
+ theCurrentLineOffset++;
+ }
+
+ if (theSrcCStr[theCurrentLineOffset] == '\0')
+ {
+ break;
+ }
+
+ theCurrentLineOffset++;
+ theCurrentLine++;
+ }
+
+ if (theSrcCStr[theCurrentLineOffset] == '\0')
+ {
+ SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Too few lines in source text, can't get line #",inWhichLine);
+ }
+
+
+ byteCount = 0;
+
+ while (theSrcCStr[theCurrentLineOffset + byteCount] != '\r' && theSrcCStr[theCurrentLineOffset + byteCount] != '\0')
+ {
+ byteCount++;
+ }
+
+
+ *outNewHandle = NewHandle(byteCount + 1);
+
+ if (*outNewHandle == nil)
+ {
+ SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+ }
+
+ ::BlockMove(theSrcCStr + theCurrentLineOffset,**outNewHandle,byteCount);
+
+ (**outNewHandle)[byteCount] = '\0';
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+
+OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits)
+{
+OSErr errCode = noErr;
+int numIntDigits = 0;
+int numFractDigits = 0;
+int digitIndex = 0;
+
+
+ SetErrorMessageAndBailIfNil(inCStr,"CountDigits: Bad parameter, theSrcCStr == nil");
+ SetErrorMessageAndBailIfNil(outNumIntegerDigits,"CountDigits: Bad parameter, outNumIntegerDigits == nil");
+ SetErrorMessageAndBailIfNil(outNumFractDigits,"CountDigits: Bad parameter, outNumFractDigits == nil");
+
+ digitIndex = 0;
+
+ while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9')
+ {
+ digitIndex++;
+ numIntDigits++;
+ }
+
+ if (inCStr[digitIndex] == '.')
+ {
+ digitIndex++;
+
+ while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9')
+ {
+ digitIndex++;
+ numFractDigits++;
+ }
+ }
+
+ *outNumIntegerDigits = numIntDigits;
+
+ *outNumFractDigits = numFractDigits;
+
+ errCode = noErr;
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces)
+{
+OSErr errCode;
+int theCharIndex;
+
+
+ if (theSrcCStr == nil)
+ {
+ SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr == nil"));
+ }
+
+ if (outInt == nil)
+ {
+ SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, outInt == nil"));
+ }
+
+
+ *outInt = 0;
+
+ theCharIndex = 0;
+
+ if (skipLeadingSpaces == true)
+ {
+ while (theSrcCStr[theCharIndex] == ' ')
+ {
+ theCharIndex++;
+ }
+ }
+
+ if (theSrcCStr[theCharIndex] < '0' || theSrcCStr[theCharIndex] > '9')
+ {
+ SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr contains a bogus numeric representation"));
+ }
+
+
+ while (theSrcCStr[theCharIndex] >= '0' && theSrcCStr[theCharIndex] <= '9')
+ {
+ *outInt = (*outInt * 10) + (theSrcCStr[theCharIndex] - '0');
+
+ theCharIndex++;
+ }
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces)
+{
+OSErr errCode;
+char theCStr[256];
+
+
+ if (theSrcPStr == nil)
+ {
+ SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, theSrcPStr == nil"));
+ }
+
+ if (outInt == nil)
+ {
+ SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, outInt == nil"));
+ }
+
+
+ CopyPStrToCStr(theSrcPStr,theCStr,sizeof(theCStr));
+
+
+ errCode = ExtractIntFromCStr(theCStr,outInt,skipLeadingSpaces);
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr)
+{
+int theSrcCharIndex;
+int numOccurrences = -1;
+
+
+ if (inSrcCStr != nil && inChar != '\0')
+ {
+ numOccurrences = 0;
+
+ for (theSrcCharIndex = 0;inSrcCStr[theSrcCharIndex] != '\0';theSrcCharIndex++)
+ {
+ if (inSrcCStr[theSrcCharIndex] == inChar)
+ {
+ numOccurrences++;
+ }
+ }
+ }
+
+ return(numOccurrences);
+}
+
+
+int CountWordsInCStr(const char *inSrcCStr)
+{
+int numWords = -1;
+
+
+ if (inSrcCStr != nil)
+ {
+ numWords = 0;
+
+ // Skip lead spaces
+
+ while (*inSrcCStr == ' ')
+ {
+ inSrcCStr++;
+ }
+
+ while (*inSrcCStr != '\0')
+ {
+ numWords++;
+
+ while (*inSrcCStr != ' ' && *inSrcCStr != '\0')
+ {
+ inSrcCStr++;
+ }
+
+ while (*inSrcCStr == ' ')
+ {
+ inSrcCStr++;
+ }
+ }
+ }
+
+ return(numWords);
+}
+
+
+
+
+void ConvertCStrToUpperCase(char *theSrcCStr)
+{
+char *theCharPtr;
+
+
+ if (theSrcCStr != nil)
+ {
+ theCharPtr = theSrcCStr;
+
+ while (*theCharPtr != 0)
+ {
+ if (*theCharPtr >= 'a' && *theCharPtr <= 'z')
+ {
+ *theCharPtr = *theCharPtr - 'a' + 'A';
+ }
+
+ theCharPtr++;
+ }
+ }
+}
+
+
+
+
+
+
+
+void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim)
+{
+int theItem;
+int theSrcCharIndex;
+int theDstCharIndex;
+
+
+ if (foundItem != nil)
+ {
+ *foundItem = false;
+ }
+
+
+ if (outDstCharPtr != nil && inDstCharPtrMaxLength > 0 && inItemNumber >= 0 && inItemDelimiter != 0)
+ {
+ *outDstCharPtr = 0;
+
+
+ theSrcCharIndex = 0;
+
+ for (theItem = 0;theItem < inItemNumber;theItem++)
+ {
+ while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0')
+ {
+ theSrcCharIndex++;
+ }
+
+ if (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+ {
+ theSrcCharIndex++;
+
+ if (inTreatMultipleDelimsAsSingleDelim)
+ {
+ while (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+ {
+ theSrcCharIndex++;
+ }
+ }
+ }
+
+
+ if (inSrcCStr[theSrcCharIndex] == '\0')
+ {
+ goto EXITPOINT;
+ }
+ }
+
+
+ if (foundItem != nil)
+ {
+ *foundItem = true;
+ }
+
+
+ theDstCharIndex = 0;
+
+ for (;;)
+ {
+ if (inSrcCStr[theSrcCharIndex] == 0 || inSrcCStr[theSrcCharIndex] == inItemDelimiter || theDstCharIndex >= inDstCharPtrMaxLength - 1)
+ {
+ outDstCharPtr[theDstCharIndex] = 0;
+
+ break;
+ }
+
+ outDstCharPtr[theDstCharIndex++] = inSrcCStr[theSrcCharIndex++];
+ }
+ }
+
+
+EXITPOINT:
+
+ return;
+}
+
+
+
+OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim)
+{
+OSErr errCode;
+int theItem;
+int theSrcCharIndex;
+int theItemLength;
+
+
+ if (inSrcCStr == nil)
+ {
+ SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inSrcCStr == nil");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (outNewHandle == nil)
+ {
+ SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, outNewHandle == nil");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (foundItem == nil)
+ {
+ SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, foundItem == nil");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (inItemNumber < 0)
+ {
+ SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemNumber < 0");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (inItemDelimiter == 0)
+ {
+ SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemDelimiter == 0");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+ *foundItem = false;
+
+ theSrcCharIndex = 0;
+
+ for (theItem = 0;theItem < inItemNumber;theItem++)
+ {
+ while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0')
+ {
+ theSrcCharIndex++;
+ }
+
+ if (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+ {
+ theSrcCharIndex++;
+
+ if (inTreatMultipleDelimsAsSingleDelim)
+ {
+ while (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+ {
+ theSrcCharIndex++;
+ }
+ }
+ }
+
+
+ if (inSrcCStr[theSrcCharIndex] == '\0')
+ {
+ errCode = noErr;
+
+ goto EXITPOINT;
+ }
+ }
+
+
+ *foundItem = true;
+
+
+ for (theItemLength = 0;;theItemLength++)
+ {
+ if (inSrcCStr[theSrcCharIndex + theItemLength] == 0 || inSrcCStr[theSrcCharIndex + theItemLength] == inItemDelimiter)
+ {
+ break;
+ }
+ }
+
+
+ *outNewHandle = NewHandle(theItemLength + 1);
+
+ if (*outNewHandle == nil)
+ {
+ SetErrorMessageAndLongIntAndBail("ExtractCStrItemFromCStrIntoNewHandle: Can't allocate Handle, MemError() = ",MemError());
+ }
+
+
+ BlockMove(inSrcCStr + theSrcCharIndex,**outNewHandle,theItemLength);
+
+ (**outNewHandle)[theItemLength] = 0;
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+
+
+
+OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat)
+{
+OSErr errCode;
+Str255 theStr255;
+Handle theNumberPartsTableHandle = nil;
+long theNumberPartsOffset,theNumberPartsLength;
+FormatResultType theFormatResultType;
+NumberParts theNumberPartsTable;
+NumFormatStringRec theNumFormatStringRec;
+
+
+ if (inCString == nil)
+ {
+ SetErrorMessage("ExtractFloatFromCStr: Bad parameter, inCString == nil");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (outFloat == nil)
+ {
+ SetErrorMessage("ExtractFloatFromCStr: Bad parameter, outFloat == nil");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+// GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
+
+ GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
+
+ if (theNumberPartsTableHandle == nil)
+ {
+ SetErrorMessage("ExtractFloatFromCStr: Can't get number parts table for converting string representations to/from numeric representations");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (theNumberPartsLength > sizeof(theNumberPartsTable))
+ {
+ SetErrorMessage("ExtractFloatFromCStr: Number parts table has bad length");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+ BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength);
+
+
+ theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec);
+
+ if (theFormatResultType != fFormatOK)
+ {
+ SetErrorMessage("ExtractFloatFromCStr: StringToFormatRec() != fFormatOK");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+ CopyCStrToPStr(inCString,theStr255,sizeof(theStr255));
+
+
+ theFormatResultType = (FormatResultType) StringToExtended(theStr255,&theNumFormatStringRec,&theNumberPartsTable,outFloat);
+
+ if (theFormatResultType != fFormatOK && theFormatResultType != fBestGuess)
+ {
+ SetErrorMessageAndLongIntAndBail("ExtractFloatFromCStr: StringToExtended() = ",theFormatResultType);
+ }
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits,const int inMaxNumFractDigits)
+{
+OSErr errCode;
+Str255 theStr255;
+Handle theNumberPartsTableHandle = nil;
+long theNumberPartsOffset,theNumberPartsLength;
+FormatResultType theFormatResultType;
+NumberParts theNumberPartsTable;
+NumFormatStringRec theNumFormatStringRec;
+
+
+ if (theCStr == nil)
+ {
+ SetErrorMessage("CopyFloatToCStr: Bad parameter, theCStr == nil");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (theFloat == nil)
+ {
+ SetErrorMessage("CopyFloatToCStr: Bad parameter, theFloat == nil");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+// GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
+
+ GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
+
+ if (theNumberPartsTableHandle == nil)
+ {
+ SetErrorMessage("CopyFloatToCStr: Can't get number parts table for converting string representations to/from numeric representations");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+ if (theNumberPartsLength > sizeof(theNumberPartsTable))
+ {
+ SetErrorMessage("CopyFloatToCStr: Number parts table has bad length");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+ BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength);
+
+
+ if (inMaxNumIntDigits >= 0 || inMaxNumFractDigits >= 0)
+ {
+ char numberFormat[64];
+ int numberFormatLength = 0;
+
+ for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+ {
+ numberFormat[numberFormatLength++] = '0';
+ }
+
+ if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1)
+ {
+ numberFormat[numberFormatLength++] = '.';
+
+ for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+ {
+ numberFormat[numberFormatLength++] = '0';
+ }
+ }
+
+
+ if (numberFormatLength < sizeof(numberFormat) - 1)
+ {
+ numberFormat[numberFormatLength++] = ';';
+ }
+
+ if (numberFormatLength < sizeof(numberFormat) - 1)
+ {
+ numberFormat[numberFormatLength++] = '-';
+ }
+
+
+ for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+ {
+ numberFormat[numberFormatLength++] = '0';
+ }
+
+ if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1)
+ {
+ numberFormat[numberFormatLength++] = '.';
+
+ for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+ {
+ numberFormat[numberFormatLength++] = '0';
+ }
+ }
+
+ numberFormat[numberFormatLength] = '\0';
+
+
+ Str255 tempStr255;
+
+ CopyCStrToPStr(numberFormat,tempStr255,sizeof(tempStr255));
+
+ theFormatResultType = (FormatResultType) StringToFormatRec(tempStr255,&theNumberPartsTable,&theNumFormatStringRec);
+ }
+
+ else
+ {
+ theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec);
+ }
+
+ if (theFormatResultType != fFormatOK)
+ {
+ SetErrorMessage("CopyFloatToCStr: StringToFormatRec() != fFormatOK");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+ theFormatResultType = (FormatResultType) ExtendedToString(theFloat,&theNumFormatStringRec,&theNumberPartsTable,theStr255);
+
+ if (theFormatResultType != fFormatOK)
+ {
+ SetErrorMessage("CopyFloatToCStr: ExtendedToString() != fFormatOK");
+ errCode = kGenericError;
+ goto EXITPOINT;
+ }
+
+
+ CopyPStrToCStr(theStr255,theCStr,maxCStrLength);
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ return(errCode);
+}
+
+
+
+
+
+void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL)
+{
+ if (ioSrcCharPtr != nil && *ioSrcCharPtr != nil)
+ {
+ if (inStopAtEOL)
+ {
+ while ((**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t') && **ioSrcCharPtr != '\r' && **ioSrcCharPtr != '\n')
+ {
+ *ioSrcCharPtr++;
+ }
+ }
+
+ else
+ {
+ while (**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t')
+ {
+ *ioSrcCharPtr++;
+ }
+ }
+ }
+}
diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp
new file mode 100644
index 00000000000..5045c41019c
--- /dev/null
+++ b/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp
@@ -0,0 +1,104 @@
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
+
+void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
+void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
+
+int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
+int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
+
+Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
+
+void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
+void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+
+void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+
+long CStrLength(const char *theCString);
+long PStrLength(const unsigned char *thePString);
+
+OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
+OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
+
+OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
+OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
+OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
+
+OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
+OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
+
+void ZeroMem(void *theMemPtr,const unsigned long numBytes);
+
+char *FindCharInCStr(const char theChar,const char *theCString);
+long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
+long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
+
+void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
+void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
+
+void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
+
+void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
+
+
+OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
+OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
+
+OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
+OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
+
+OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
+OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
+
+
+void ConvertCStrToUpperCase(char *theSrcCStr);
+
+
+int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
+int CountWordsInCStr(const char *inSrcCStr);
+
+OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
+
+void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+
+
+OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
+OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
+
+void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
+
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp
new file mode 100644
index 00000000000..80b6a675f44
--- /dev/null
+++ b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp
@@ -0,0 +1,170 @@
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+
+ #include "ErrorHandling.hpp"
+#include "CPStringUtils.hpp"
+
+#ifdef __EXCEPTIONS_ENABLED__
+ #include "CMyException.hpp"
+#endif
+
+
+static char gErrorMessageBuffer[512];
+
+char *gErrorMessage = gErrorMessageBuffer;
+int gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
+
+
+
+void SetErrorMessage(const char *theErrorMessage)
+{
+ if (theErrorMessage != nil)
+ {
+ CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+ }
+}
+
+
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
+{
+ if (theErrorMessage != nil)
+ {
+ CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+ }
+}
+
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
+{
+ if (theErrorMessage != nil)
+ {
+ CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+ }
+
+}
+
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
+{
+ if (theErrorMessage != nil)
+ {
+ CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
+ }
+}
+
+
+void AppendCStrToErrorMessage(const char *theErrorMessage)
+{
+ if (theErrorMessage != nil)
+ {
+ ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+ }
+}
+
+
+void AppendLongIntToErrorMessage(const long theLongInt)
+{
+ ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
+}
+
+
+
+char *GetErrorMessage(void)
+{
+ return gErrorMessage;
+}
+
+
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
+{
+OSErr errCode;
+
+
+ errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
+
+ return(errCode);
+}
+
+
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
+{
+OSErr errCode;
+
+
+ errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
+
+ return(errCode);
+}
+
+
+
+OSErr AppendErrorMessageToHandle(Handle inoutHandle)
+{
+OSErr errCode;
+
+
+ errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
+
+ return(errCode);
+}
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+
+void ThrowErrorMessageException(void)
+{
+ ThrowDescriptiveException(gErrorMessage);
+}
+
+#endif
diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp
new file mode 100644
index 00000000000..3036df7ee0b
--- /dev/null
+++ b/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp
@@ -0,0 +1,147 @@
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef kGenericError
+ #define kGenericError -1
+#endif
+
+extern char *gErrorMessage;
+
+
+void SetErrorMessage(const char *theErrorMessage);
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
+void AppendCStrToErrorMessage(const char *theErrorMessage);
+void AppendLongIntToErrorMessage(const long theLongInt);
+
+
+char *GetErrorMessage(void);
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
+OSErr AppendErrorMessageToHandle(Handle inoutHandle);
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+ void ThrowErrorMessageException(void);
+#endif
+
+
+
+// A bunch of evil macros that would be uneccessary if I were always using C++ !
+
+#define SetErrorMessageAndBailIfNil(theArg,theMessage) \
+{ \
+ if (theArg == nil) \
+ { \
+ SetErrorMessage(theMessage); \
+ errCode = kGenericError; \
+ goto EXITPOINT; \
+ } \
+}
+
+
+#define SetErrorMessageAndBail(theMessage) \
+{ \
+ SetErrorMessage(theMessage); \
+ errCode = kGenericError; \
+ goto EXITPOINT; \
+}
+
+
+#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt) \
+{ \
+ SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
+ errCode = kGenericError; \
+ goto EXITPOINT; \
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt) \
+{ \
+ if (theErrCode != noErr) \
+ { \
+ SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
+ errCode = theErrCode; \
+ goto EXITPOINT; \
+ } \
+}
+
+
+#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt) \
+{ \
+ if (theErrCode != noErr) \
+ { \
+ SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt); \
+ errCode = theErrCode; \
+ goto EXITPOINT; \
+ } \
+}
+
+
+#define SetErrorMessageAndCStrAndBail(theMessage,theCStr) \
+{ \
+ SetErrorMessageAndCStr(theMessage,theCStr); \
+ errCode = kGenericError; \
+ goto EXITPOINT; \
+}
+
+
+#define SetErrorMessageAndBailIfError(theErrCode,theMessage) \
+{ \
+ if (theErrCode != noErr) \
+ { \
+ SetErrorMessage(theMessage); \
+ errCode = theErrCode; \
+ goto EXITPOINT; \
+ } \
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt) \
+{ \
+ if (theArg == nil) \
+ { \
+ SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
+ errCode = kGenericError; \
+ goto EXITPOINT; \
+ } \
+}
+
+
+#define BailIfError(theErrCode) \
+{ \
+ if ((theErrCode) != noErr) \
+ { \
+ goto EXITPOINT; \
+ } \
+}
+
+
+#define SetErrCodeAndBail(theErrCode) \
+{ \
+ errCode = theErrCode; \
+ \
+ goto EXITPOINT; \
+}
+
+
+#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage) \
+{ \
+ SetErrorMessage(theMessage); \
+ errCode = theErrCode; \
+ goto EXITPOINT; \
+}
+
+
+#define BailNow() \
+{ \
+ errCode = kGenericError; \
+ goto EXITPOINT; \
+}
+
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp
new file mode 100644
index 00000000000..ed8e1cc962f
--- /dev/null
+++ b/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -0,0 +1,215 @@
+/*
+ * An demo illustrating how to retrieve a URI from a secure HTTP server.
+ *
+ * Author: Roy Wood
+ * Date: September 7, 1999
+ * Comments: This relies heavily on my MacSockets library.
+ * This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
+ * to live in a folder called "OpenSSL-0.9.4" in this project's parent folder. For example:
+ *
+ * Macintosh HD:
+ * Development:
+ * OpenSSL-0.9.4:
+ * (OpenSSL sources here)
+ * OpenSSL Example:
+ * (OpenSSL example junk here)
+ *
+ *
+ * Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl"
+ * are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
+ */
+/* modified to seed the PRNG */
+
+
+// Include some funky libs I've developed over time
+
+#include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+#include "MacSocket.h"
+
+
+// We use the OpenSSL implementation of SSL....
+// This was a lot of work to finally get going, though you wouldn't know it by the results!
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#include <timer.h>
+
+// Let's try grabbing some data from here:
+
+#define kHTTPS_DNS "www.apache-ssl.org"
+#define kHTTPS_Port 443
+#define kHTTPS_URI "/"
+
+
+// Forward-declare this
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
+
+
+
+
+
+// My idle-wait callback. Doesn't do much, does it? Silly cooperative multitasking.
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
+{
+#pragma unused(inUserRefPtr)
+
+EventRecord theEvent;
+
+ ::EventAvail(everyEvent,&theEvent);
+
+ return(noErr);
+}
+
+
+
+// Finally!
+
+void main(void)
+{
+OSErr errCode;
+int theSocket = -1;
+int theTimeout = 30;
+
+SSL_CTX *ssl_ctx = nil;
+SSL *ssl = nil;
+
+char tempString[256];
+UnsignedWide microTickCount;
+
+#warning -- USE A TRUE RANDOM SEED, AND ADD ENTROPY WHENEVER POSSIBLE. --
+const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*"; // Just gobbledygook
+
+ printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
+
+ BailIfError(errCode = MacSocket_Startup());
+
+
+
+ // Create a socket-like object
+
+ BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,nil));
+
+
+ // Set up the connect string and try to connect
+
+ CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
+
+ printf("Connecting to %s....\n",tempString);
+
+ BailIfError(errCode = MacSocket_connect(theSocket,tempString));
+
+
+ // Init SSL stuff
+
+ SSL_load_error_strings();
+
+ SSLeay_add_ssl_algorithms();
+
+
+ // Pick the SSL method
+
+// ssl_ctx = SSL_CTX_new(SSLv2_client_method());
+ ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+// ssl_ctx = SSL_CTX_new(SSLv3_client_method());
+
+
+ RAND_seed (seed, sizeof (seed));
+ Microseconds (&microTickCount);
+ RAND_add (&microTickCount, sizeof (microTickCount), 0); // Entropy is actually > 0, needs an estimate
+
+ // Create an SSL thingey and try to negotiate the connection
+
+ ssl = SSL_new(ssl_ctx);
+
+ SSL_set_fd(ssl,theSocket);
+
+ errCode = SSL_connect(ssl);
+
+ if (errCode < 0)
+ {
+ SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
+ }
+
+ // Request the URI from the host
+
+ CopyCStrToCStr("GET ",tempString,sizeof(tempString));
+ ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
+ ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
+
+
+ errCode = SSL_write(ssl,tempString,CStrLength(tempString));
+
+ if (errCode < 0)
+ {
+ SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
+ }
+
+
+ for (;;)
+ {
+ char tempString[256];
+ int bytesRead;
+
+
+ // Read some bytes and dump them to the console
+
+ bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
+
+ if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
+ {
+ break;
+ }
+
+ else if (bytesRead < 0)
+ {
+ SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
+ }
+
+
+ tempString[bytesRead] = '\0';
+
+ printf(tempString);
+ }
+
+ printf("\n\n\n");
+
+ // All done!
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ // Clean up and go home
+
+ if (theSocket >= 0)
+ {
+ MacSocket_close(theSocket);
+ }
+
+ if (ssl != nil)
+ {
+ SSL_free(ssl);
+ }
+
+ if (ssl_ctx != nil)
+ {
+ SSL_CTX_free(ssl_ctx);
+ }
+
+
+ if (errCode != noErr)
+ {
+ printf("An error occurred:\n");
+
+ printf(GetErrorMessage());
+ }
+
+
+ MacSocket_Shutdown();
+}
diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp
new file mode 100644
index 00000000000..aaf2a68ca9e
--- /dev/null
+++ b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp
@@ -0,0 +1,1607 @@
+/*
+ * A simple socket-like package.
+ * This could undoubtedly be improved, since it does polling and busy-waiting.
+ * At least it uses asynch I/O and implements timeouts!
+ *
+ * Other funkiness includes the use of my own (possibly brain-damaged) error-handling infrastructure.
+ *
+ * -Roy Wood (roy@centricsystems.ca)
+ *
+ */
+
+
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+
+
+
+#include "MacSocket.h"
+
+#include <Threads.h>
+
+#include <OpenTransport.h>
+#include <OpenTpTInternet.h>
+#include <OpenTptClient.h>
+
+
+
+#include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+
+
+// #define MACSOCKET_DEBUG 1
+
+#ifdef MACSOCKET_DEBUG
+ #include <stdio.h>
+#endif
+
+
+
+extern int errno;
+
+
+#define kMaxNumSockets 4
+
+
+struct SocketStruct
+{
+ Boolean mIsInUse;
+
+ Boolean mEndpointIsBound;
+
+ Boolean mLocalEndIsConnected;
+ Boolean mRemoteEndIsConnected;
+
+ Boolean mReceivedTOpenComplete;
+ Boolean mReceivedTBindComplete;
+ Boolean mReceivedTConnect;
+ Boolean mReceivedTListen;
+ Boolean mReceivedTPassCon;
+ Boolean mReceivedTDisconnect;
+ Boolean mReceivedTOrdRel;
+ Boolean mReceivedTDisconnectComplete;
+
+ long mTimeoutTicks;
+ long mOperationStartTicks;
+
+ MacSocket_IdleWaitCallback mIdleWaitCallback;
+ void *mUserRefPtr;
+
+ OTEventCode mExpectedCode;
+ OTResult mAsyncOperationResult;
+
+ EndpointRef mEndPointRef;
+ TBind *mBindRequestedAddrInfo;
+ TBind *mAssignedAddrInfo;
+ TCall *mRemoteAddrInfo;
+
+ Boolean mReadyToReadData;
+ Boolean mReadyToWriteData;
+
+ Ptr mReadBuffer;
+ Ptr mWriteBuffer;
+
+ int mLastError;
+ char mErrMessage[256];
+};
+
+typedef struct SocketStruct SocketStruct;
+
+
+static SocketStruct sSockets[kMaxNumSockets];
+static Boolean sSocketsSetup = false;
+
+
+
+
+static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag);
+
+static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie);
+
+static Boolean SocketIndexIsValid(const int inSocketNum);
+
+static void InitSocket(SocketStruct *ioSocket);
+
+static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode);
+
+static Boolean TimeoutElapsed(const SocketStruct *inSocket);
+
+static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP);
+
+
+
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength)
+{
+ if (outSocketErrCode != nil)
+ {
+ *outSocketErrCode = -1;
+ }
+
+ if (outSocketErrString != nil)
+ {
+ CopyCStrToCStr("",outSocketErrString,inSocketErrStringMaxLength);
+ }
+
+
+ if (SocketIndexIsValid(inSocketNum))
+ {
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+
+ if (outSocketErrCode != nil)
+ {
+ *outSocketErrCode = theSocketStruct->mLastError;
+ }
+
+ if (outSocketErrString != nil)
+ {
+ CopyCStrToCStr(theSocketStruct->mErrMessage,outSocketErrString,inSocketErrStringMaxLength);
+ }
+ }
+}
+
+
+void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr)
+{
+ if (SocketIndexIsValid(inSocketNum))
+ {
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+ theSocketStruct->mUserRefPtr = inNewRefPtr;
+ }
+}
+
+
+
+void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength)
+{
+ if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum))
+ {
+ char tempString[256];
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+
+ CopyCStrToCStr("",tempString,sizeof(tempString));
+
+ if (theSocketStruct->mAssignedAddrInfo != nil)
+ {
+ InetAddress *theInetAddress = (InetAddress *) theSocketStruct->mAssignedAddrInfo->addr.buf;
+ InetHost theInetHost = theInetAddress->fHost;
+
+ if (theInetHost == 0)
+ {
+ InetInterfaceInfo theInetInterfaceInfo;
+
+ if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr)
+ {
+ theInetHost = theInetInterfaceInfo.fAddress;
+ }
+ }
+
+ ::OTInetHostToString(theInetHost,tempString);
+
+ ConcatCStrToCStr(":",tempString,sizeof(tempString));
+ ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString));
+ }
+
+ CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength);
+ }
+}
+
+
+
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength)
+{
+ if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum))
+ {
+ char tempString[256];
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+
+ CopyCStrToCStr("",tempString,sizeof(tempString));
+
+ if (theSocketStruct->mRemoteAddrInfo != nil)
+ {
+ InetAddress *theInetAddress = (InetAddress *) theSocketStruct->mRemoteAddrInfo->addr.buf;
+ InetHost theInetHost = theInetAddress->fHost;
+
+ if (theInetHost == 0)
+ {
+ InetInterfaceInfo theInetInterfaceInfo;
+
+ if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr)
+ {
+ theInetHost = theInetInterfaceInfo.fAddress;
+ }
+ }
+
+ ::OTInetHostToString(theInetHost,tempString);
+
+ ConcatCStrToCStr(":",tempString,sizeof(tempString));
+ ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString));
+ }
+
+ CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength);
+ }
+}
+
+
+
+Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum)
+{
+Boolean theResult = false;
+
+ if (SocketIndexIsValid(inSocketNum))
+ {
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+ theResult = theSocketStruct->mReceivedTOrdRel;
+ }
+
+ return(theResult);
+}
+
+
+
+Boolean MacSocket_ListenCompleted(const int inSocketNum)
+{
+Boolean theResult = false;
+
+ if (SocketIndexIsValid(inSocketNum))
+ {
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+ theResult = theSocketStruct->mReceivedTPassCon;
+ }
+
+ return(theResult);
+}
+
+
+
+Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum)
+{
+ if (SocketIndexIsValid(inSocketNum))
+ {
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+ return(theSocketStruct->mRemoteEndIsConnected);
+ }
+
+ else
+ {
+ return(false);
+ }
+}
+
+
+
+Boolean MacSocket_LocalEndIsOpen(const int inSocketNum)
+{
+ if (SocketIndexIsValid(inSocketNum))
+ {
+ SocketStruct *theSocketStruct = &(sSockets[inSocketNum]);
+
+ return(theSocketStruct->mLocalEndIsConnected);
+ }
+
+ else
+ {
+ return(false);
+ }
+}
+
+
+
+static Boolean TimeoutElapsed(const SocketStruct *inSocket)
+{
+Boolean timeIsUp = false;
+
+ if (inSocket != nil && inSocket->mTimeoutTicks > 0 && ::TickCount() > inSocket->mOperationStartTicks + inSocket->mTimeoutTicks)
+ {
+ timeIsUp = true;
+ }
+
+
+ return(timeIsUp);
+}
+
+
+
+static Boolean SocketIndexIsValid(const int inSocketNum)
+{
+ if (inSocketNum >= 0 && inSocketNum < kMaxNumSockets && sSockets[inSocketNum].mEndPointRef != kOTInvalidEndpointRef)
+ {
+ return(true);
+ }
+
+ else
+ {
+ return(false);
+ }
+}
+
+
+
+static void InitSocket(SocketStruct *ioSocket)
+{
+ ioSocket->mIsInUse = false;
+
+ ioSocket->mEndpointIsBound = false;
+
+ ioSocket->mLocalEndIsConnected = false;
+ ioSocket->mRemoteEndIsConnected = false;
+
+ ioSocket->mReceivedTOpenComplete = false;
+ ioSocket->mReceivedTBindComplete = false;
+ ioSocket->mReceivedTConnect = false;
+ ioSocket->mReceivedTListen = false;
+ ioSocket->mReceivedTPassCon = false;
+ ioSocket->mReceivedTDisconnect = false;
+ ioSocket->mReceivedTOrdRel = false;
+ ioSocket->mReceivedTDisconnectComplete = false;
+
+ ioSocket->mTimeoutTicks = 30 * 60;
+ ioSocket->mOperationStartTicks = -1;
+
+ ioSocket->mIdleWaitCallback = nil;
+ ioSocket->mUserRefPtr = nil;
+
+ ioSocket->mExpectedCode = 0;
+ ioSocket->mAsyncOperationResult = noErr;
+
+ ioSocket->mEndPointRef = kOTInvalidEndpointRef;
+
+ ioSocket->mBindRequestedAddrInfo = nil;
+ ioSocket->mAssignedAddrInfo = nil;
+ ioSocket->mRemoteAddrInfo = nil;
+
+ ioSocket->mReadyToReadData = false;
+ ioSocket->mReadyToWriteData = true;
+
+ ioSocket->mReadBuffer = nil;
+ ioSocket->mWriteBuffer = nil;
+
+ ioSocket->mLastError = noErr;
+ CopyCStrToCStr("",ioSocket->mErrMessage,sizeof(ioSocket->mErrMessage));
+}
+
+
+
+static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode)
+{
+ ioSocket->mOperationStartTicks = ::TickCount();
+
+ ioSocket->mAsyncOperationResult = noErr;
+
+ ioSocket->mExpectedCode = inExpectedCode;
+}
+
+
+// The wait function....
+
+static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag)
+{
+OSErr errCode = noErr;
+OTResult theOTResult = noErr;
+
+
+ SetErrorMessageAndBailIfNil(ioSocket,"MyBusyWait: Bad parameter, ioSocket = nil");
+ SetErrorMessageAndBailIfNil(inAsyncOperationCompleteFlag,"MyBusyWait: Bad parameter, inAsyncOperationCompleteFlag = nil");
+
+ for (;;)
+ {
+ if (*inAsyncOperationCompleteFlag)
+ {
+ theOTResult = ioSocket->mAsyncOperationResult;
+
+ break;
+ }
+
+ if (ioSocket->mIdleWaitCallback != nil)
+ {
+ theOTResult = (*(ioSocket->mIdleWaitCallback))(ioSocket->mUserRefPtr);
+
+ if (theOTResult != noErr && returnImmediatelyOnError)
+ {
+ break;
+ }
+ }
+
+ if (TimeoutElapsed(ioSocket))
+ {
+ theOTResult = kMacSocket_TimeoutErr;
+
+ break;
+ }
+ }
+
+
+EXITPOINT:
+
+ if (outOTResult != nil)
+ {
+ *outOTResult = theOTResult;
+ }
+
+ return(errCode);
+}
+
+
+
+// I used to do thread switching, but stopped. It could easily be rolled back in though....
+
+static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie)
+{
+SocketStruct *theSocketStruct = (SocketStruct *) contextPtr;
+
+ if (theSocketStruct != nil)
+ {
+ if (theSocketStruct->mExpectedCode != 0 && code == theSocketStruct->mExpectedCode)
+ {
+ theSocketStruct->mAsyncOperationResult = result;
+
+ theSocketStruct->mExpectedCode = 0;
+ }
+
+
+ switch (code)
+ {
+ case T_OPENCOMPLETE:
+ {
+ theSocketStruct->mReceivedTOpenComplete = true;
+
+ theSocketStruct->mEndPointRef = (EndpointRef) cookie;
+
+ break;
+ }
+
+
+ case T_BINDCOMPLETE:
+ {
+ theSocketStruct->mReceivedTBindComplete = true;
+
+ break;
+ }
+
+
+ case T_CONNECT:
+ {
+ theSocketStruct->mReceivedTConnect = true;
+
+ theSocketStruct->mLocalEndIsConnected = true;
+
+ theSocketStruct->mRemoteEndIsConnected = true;
+
+ break;
+ }
+
+
+ case T_LISTEN:
+ {
+ theSocketStruct->mReceivedTListen = true;
+
+ break;
+ }
+
+
+ case T_PASSCON:
+ {
+ theSocketStruct->mReceivedTPassCon = true;
+
+ theSocketStruct->mLocalEndIsConnected = true;
+
+ theSocketStruct->mRemoteEndIsConnected = true;
+
+ break;
+ }
+
+
+ case T_DATA:
+ {
+ theSocketStruct->mReadyToReadData = true;
+
+ break;
+ }
+
+ case T_GODATA:
+ {
+ theSocketStruct->mReadyToWriteData = true;
+
+ break;
+ }
+
+ case T_DISCONNECT:
+ {
+ theSocketStruct->mReceivedTDisconnect = true;
+
+ theSocketStruct->mRemoteEndIsConnected = false;
+
+ theSocketStruct->mLocalEndIsConnected = false;
+
+ ::OTRcvDisconnect(theSocketStruct->mEndPointRef,nil);
+
+ break;
+ }
+
+ case T_ORDREL:
+ {
+ theSocketStruct->mReceivedTOrdRel = true;
+
+ // We can still write data, so don't clear mRemoteEndIsConnected
+
+ ::OTRcvOrderlyDisconnect(theSocketStruct->mEndPointRef);
+
+ break;
+ }
+
+ case T_DISCONNECTCOMPLETE:
+ {
+ theSocketStruct->mReceivedTDisconnectComplete = true;
+
+ theSocketStruct->mRemoteEndIsConnected = false;
+
+ theSocketStruct->mLocalEndIsConnected = false;
+
+ break;
+ }
+ }
+ }
+/*
+T_LISTEN OTListen
+T_CONNECT OTRcvConnect
+T_DATA OTRcv, OTRcvUData
+T_DISCONNECT OTRcvDisconnect
+T_ORDREL OTRcvOrderlyDisconnect
+T_GODATA OTSnd, OTSndUData, OTLook
+T_PASSCON none
+
+T_EXDATA OTRcv
+T_GOEXDATA OTSnd, OTLook
+T_UDERR OTRcvUDErr
+*/
+}
+
+
+
+// Initialize the main socket data structure
+
+OSErr MacSocket_Startup(void)
+{
+ if (!sSocketsSetup)
+ {
+ for (int i = 0;i < kMaxNumSockets;i++)
+ {
+ InitSocket(&(sSockets[i]));
+ }
+
+ ::InitOpenTransport();
+
+ sSocketsSetup = true;
+ }
+
+
+ return(noErr);
+}
+
+
+
+// Cleanup before exiting
+
+OSErr MacSocket_Shutdown(void)
+{
+ if (sSocketsSetup)
+ {
+ for (int i = 0;i < kMaxNumSockets;i++)
+ {
+ SocketStruct *theSocketStruct = &(sSockets[i]);
+
+ if (theSocketStruct->mIsInUse)
+ {
+ if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef)
+ {
+ OTResult theOTResult;
+
+
+ // Since we're killing the endpoint, I don't bother to send the disconnect (sorry!)
+
+/*
+ if (theSocketStruct->mLocalEndIsConnected)
+ {
+ // This is an abortive action, so we do a hard disconnect instead of an OTSndOrderlyDisconnect
+
+ theOTResult = ::OTSndDisconnect(theSocketStruct->mEndPointRef, nil);
+
+ // Now we have to watch for T_DISCONNECTCOMPLETE event
+
+ theSocketStruct->mLocalEndIsConnected = false;
+ }
+*/
+
+ theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef);
+
+
+ theSocketStruct->mEndPointRef = kOTInvalidEndpointRef;
+ }
+
+ if (theSocketStruct->mBindRequestedAddrInfo != nil)
+ {
+ ::OTFree((void *) theSocketStruct->mBindRequestedAddrInfo,T_BIND);
+
+ theSocketStruct->mBindRequestedAddrInfo = nil;
+ }
+
+ if (theSocketStruct->mAssignedAddrInfo != nil)
+ {
+ ::OTFree((void *) theSocketStruct->mAssignedAddrInfo,T_BIND);
+
+ theSocketStruct->mAssignedAddrInfo = nil;
+ }
+
+ if (theSocketStruct->mRemoteAddrInfo != nil)
+ {
+ ::OTFree((void *) theSocketStruct->mRemoteAddrInfo,T_CALL);
+
+ theSocketStruct->mRemoteAddrInfo = nil;
+ }
+
+
+ }
+ }
+
+ ::CloseOpenTransport();
+
+ sSocketsSetup = false;
+ }
+
+ return(noErr);
+}
+
+
+
+
+
+
+// Allocate a socket
+
+OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr)
+{
+// Gotta roll support back in for threads eventually.....
+
+#pragma unused(inDoThreadSwitching)
+
+
+OSErr errCode = noErr;
+
+
+ SetErrorMessageAndBailIfNil(outSocketNum,"MacSocket_socket: Bad parameter, outSocketNum == nil");
+
+ *outSocketNum = -1;
+
+
+ // Find an unused socket
+
+ for (int i = 0;i < kMaxNumSockets;i++)
+ {
+ if (sSockets[i].mIsInUse == false)
+ {
+ OTResult theOTResult;
+ SocketStruct *theSocketStruct = &(sSockets[i]);
+
+
+ InitSocket(theSocketStruct);
+
+ theSocketStruct->mIdleWaitCallback = inIdleWaitCallback;
+ theSocketStruct->mUserRefPtr = inUserRefPtr;
+
+ theSocketStruct->mTimeoutTicks = inTimeoutTicks;
+
+
+ // Set up OT endpoint
+
+ PrepareForAsyncOperation(theSocketStruct,T_OPENCOMPLETE);
+
+ theOTResult = ::OTAsyncOpenEndpoint(OTCreateConfiguration(kTCPName),0,nil,OTNonYieldingNotifier,(void *) theSocketStruct);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult);
+
+ BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOpenComplete)));
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult);
+
+
+ *outSocketNum = i;
+
+ errCode = noErr;
+
+ theSocketStruct->mIsInUse = true;
+
+ break;
+ }
+
+ else if (i == kMaxNumSockets - 1)
+ {
+ SetErrorMessageAndBail("MacSocket_socket: No sockets available");
+ }
+ }
+
+
+EXITPOINT:
+
+ errno = errCode;
+
+ return(errCode);
+}
+
+
+
+
+OSErr MacSocket_listen(const int inSocketNum,const int inPortNum)
+{
+OSErr errCode = noErr;
+SocketStruct *theSocketStruct = nil;
+
+
+ if (!SocketIndexIsValid(inSocketNum))
+ {
+ SetErrorMessageAndBail("MacSocket_listen: Invalid socket number specified");
+ }
+
+
+ theSocketStruct = &(sSockets[inSocketNum]);
+
+
+OTResult theOTResult;
+
+
+ if (theSocketStruct->mBindRequestedAddrInfo == nil)
+ {
+ theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+ SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+ }
+
+ if (theSocketStruct->mAssignedAddrInfo == nil)
+ {
+ theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+ SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+ }
+
+ if (theSocketStruct->mRemoteAddrInfo == nil)
+ {
+ theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult);
+ SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() returned nil");
+ }
+
+
+ if (!theSocketStruct->mEndpointIsBound)
+ {
+ InetInterfaceInfo theInetInterfaceInfo;
+
+ theOTResult = ::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't determine OT interface info, OTInetGetInterfaceInfo() = ",theOTResult);
+
+
+ InetAddress *theInetAddress = (InetAddress *) theSocketStruct->mBindRequestedAddrInfo->addr.buf;
+
+// theInetAddress->fAddressType = AF_INET;
+// theInetAddress->fPort = inPortNum;
+// theInetAddress->fHost = theInetInterfaceInfo.fAddress;
+
+ ::OTInitInetAddress(theInetAddress,inPortNum,theInetInterfaceInfo.fAddress);
+
+ theSocketStruct->mBindRequestedAddrInfo->addr.len = sizeof(InetAddress);
+
+ theSocketStruct->mBindRequestedAddrInfo->qlen = 1;
+
+
+ theOTResult = ::OTSetSynchronous(theSocketStruct->mEndPointRef);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetSynchronous() = ",theOTResult);
+
+ theOTResult = NegotiateIPReuseAddrOption(theSocketStruct->mEndPointRef,true);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT IP address reuse flag, NegotiateIPReuseAddrOption() = ",theOTResult);
+
+ theOTResult = ::OTSetAsynchronous(theSocketStruct->mEndPointRef);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetAsynchronous() = ",theOTResult);
+
+
+ PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE);
+
+ theOTResult = ::OTBind(theSocketStruct->mEndPointRef,theSocketStruct->mBindRequestedAddrInfo,theSocketStruct->mAssignedAddrInfo);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult);
+
+ BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete)));
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult);
+
+
+ theSocketStruct->mEndpointIsBound = true;
+ }
+
+
+ PrepareForAsyncOperation(theSocketStruct,T_LISTEN);
+
+ theOTResult = ::OTListen(theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo);
+
+ if (theOTResult == noErr)
+ {
+ PrepareForAsyncOperation(theSocketStruct,T_PASSCON);
+
+ theOTResult = ::OTAccept(theSocketStruct->mEndPointRef,theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't begin OT accept, OTAccept() = ",theOTResult);
+
+ BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTPassCon)));
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't accept OT connection, OTAccept() = ",theOTResult);
+ }
+
+ else if (theOTResult == kOTNoDataErr)
+ {
+ theOTResult = noErr;
+ }
+
+ else
+ {
+ SetErrorMessageAndLongIntAndBail("MacSocket_listen: Can't begin OT listen, OTListen() = ",theOTResult);
+ }
+
+
+ errCode = noErr;
+
+
+EXITPOINT:
+
+ if (theSocketStruct != nil)
+ {
+ theSocketStruct->mLastError = noErr;
+
+ CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+ if (errCode != noErr)
+ {
+ theSocketStruct->mLastError = errCode;
+
+ CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+ }
+ }
+
+ errno = errCode;
+
+ return(errCode);
+}
+
+
+
+
+OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort)
+{
+OSErr errCode = noErr;
+SocketStruct *theSocketStruct = nil;
+
+
+ if (!SocketIndexIsValid(inSocketNum))
+ {
+ SetErrorMessageAndBail("MacSocket_connect: Invalid socket number specified");
+ }
+
+ theSocketStruct = &(sSockets[inSocketNum]);
+
+ if (theSocketStruct->mEndpointIsBound)
+ {
+ SetErrorMessageAndBail("MacSocket_connect: Socket previously bound");
+ }
+
+
+OTResult theOTResult;
+
+ theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+ SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+
+
+ theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+ SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+
+
+ theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult);
+ SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() returned nil");
+
+
+ PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE);
+
+ theOTResult = ::OTBind(theSocketStruct->mEndPointRef,nil,theSocketStruct->mAssignedAddrInfo);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult);
+
+ BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete)));
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult);
+
+ theSocketStruct->mEndpointIsBound = true;
+
+
+TCall sndCall;
+DNSAddress hostDNSAddress;
+
+ // Set up target address
+
+ sndCall.addr.buf = (UInt8 *) &hostDNSAddress;
+ sndCall.addr.len = ::OTInitDNSAddress(&hostDNSAddress,inTargetAddressAndPort);
+ sndCall.opt.buf = nil;
+ sndCall.opt.len = 0;
+ sndCall.udata.buf = nil;
+ sndCall.udata.len = 0;
+ sndCall.sequence = 0;
+
+ // Connect!
+
+ PrepareForAsyncOperation(theSocketStruct,T_CONNECT);
+
+ theOTResult = ::OTConnect(theSocketStruct->mEndPointRef,&sndCall,nil);
+
+ if (theOTResult == kOTNoDataErr)
+ {
+ theOTResult = noErr;
+ }
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult);
+
+ BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTConnect)));
+
+ if (theOTResult == kMacSocket_TimeoutErr)
+ {
+ SetErrorMessageAndBail("MacSocket_connect: Can't connect OT endpoint, OTConnect() = kMacSocket_TimeoutErr");
+ }
+
+ else
+ {
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult);
+ }
+
+ theOTResult = ::OTRcvConnect(theSocketStruct->mEndPointRef,nil);
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't complete connect on OT endpoint, OTRcvConnect() = ",theOTResult);
+
+
+ errCode = noErr;
+
+
+#ifdef MACSOCKET_DEBUG
+ printf("MacSocket_connect: connect completed\n");
+#endif
+
+EXITPOINT:
+
+ if (theSocketStruct != nil)
+ {
+ theSocketStruct->mLastError = noErr;
+
+ CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+ if (errCode != noErr)
+ {
+ theSocketStruct->mLastError = errCode;
+
+ CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+ }
+ }
+
+ errno = errCode;
+
+ return(errCode);
+}
+
+
+
+
+// Close a connection
+
+OSErr MacSocket_close(const int inSocketNum)
+{
+OSErr errCode = noErr;
+SocketStruct *theSocketStruct = nil;
+
+
+ if (!SocketIndexIsValid(inSocketNum))
+ {
+ SetErrorMessageAndBail("MacSocket_close: Invalid socket number specified");
+ }
+
+
+ theSocketStruct = &(sSockets[inSocketNum]);
+
+ if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef)
+ {
+ OTResult theOTResult = noErr;
+
+ // Try to play nice
+
+ if (theSocketStruct->mReceivedTOrdRel)
+ {
+ // Already did an OTRcvOrderlyDisconnect() in the notifier
+
+ if (theSocketStruct->mLocalEndIsConnected)
+ {
+ theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef);
+
+ theSocketStruct->mLocalEndIsConnected = false;
+ }
+ }
+
+ else if (theSocketStruct->mLocalEndIsConnected)
+ {
+ theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef);
+
+ theSocketStruct->mLocalEndIsConnected = false;
+
+ // Wait for other end to hang up too!
+
+// PrepareForAsyncOperation(theSocketStruct,T_ORDREL);
+//
+// errCode = MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOrdRel));
+ }
+
+
+ if (theOTResult != noErr)
+ {
+ ::OTCloseProvider(theSocketStruct->mEndPointRef);
+ }
+
+ else
+ {
+ theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef);
+ }
+
+ theSocketStruct->mEndPointRef = kOTInvalidEndpointRef;
+
+ errCode = theOTResult;
+ }
+
+
+ theSocketStruct->mIsInUse = false;
+
+
+EXITPOINT:
+
+ if (theSocketStruct != nil)
+ {
+ theSocketStruct->mLastError = noErr;
+
+ CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+ if (errCode != noErr)
+ {
+ theSocketStruct->mLastError = errCode;
+
+ CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+ }
+ }
+
+ errno = errCode;
+
+ return(errCode);
+}
+
+
+
+
+// Receive some bytes
+
+int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock)
+{
+OSErr errCode = noErr;
+int totalBytesRead = 0;
+SocketStruct *theSocketStruct = nil;
+
+
+ SetErrorMessageAndBailIfNil(outBuff,"MacSocket_recv: Bad parameter, outBuff = nil");
+
+ if (outBuffLength <= 0)
+ {
+ SetErrorMessageAndBail("MacSocket_recv: Bad parameter, outBuffLength <= 0");
+ }
+
+ if (!SocketIndexIsValid(inSocketNum))
+ {
+ SetErrorMessageAndBail("MacSocket_recv: Invalid socket number specified");
+ }
+
+ theSocketStruct = &(sSockets[inSocketNum]);
+
+ if (!theSocketStruct->mLocalEndIsConnected)
+ {
+ SetErrorMessageAndBail("MacSocket_recv: Socket not connected");
+ }
+
+ if (theSocketStruct->mReceivedTOrdRel)
+ {
+ totalBytesRead = 0;
+
+ goto EXITPOINT;
+ }
+
+
+ PrepareForAsyncOperation(theSocketStruct,0);
+
+ for (;;)
+ {
+ int bytesRead;
+ OTResult theOTResult;
+
+
+ theOTResult = ::OTRcv(theSocketStruct->mEndPointRef,(void *) ((unsigned long) outBuff + (unsigned long) totalBytesRead),outBuffLength - totalBytesRead,nil);
+
+ if (theOTResult >= 0)
+ {
+ bytesRead = theOTResult;
+
+#ifdef MACSOCKET_DEBUG
+ printf("MacSocket_recv: read %d bytes in part\n",bytesRead);
+#endif
+ }
+
+ else if (theOTResult == kOTNoDataErr)
+ {
+ bytesRead = 0;
+ }
+
+ else
+ {
+ SetErrorMessageAndLongIntAndBail("MacSocket_recv: Can't receive OT data, OTRcv() = ",theOTResult);
+ }
+
+
+ totalBytesRead += bytesRead;
+
+
+ if (totalBytesRead <= 0)
+ {
+ if (theSocketStruct->mReceivedTOrdRel)
+ {
+ break;
+ }
+
+ // This seems pretty stupid to me now. Maybe I'll delete this blocking garbage.
+
+ if (inBlock)
+ {
+ if (TimeoutElapsed(theSocketStruct))
+ {
+ SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_recv: Receive operation timed-out");
+ }
+
+ if (theSocketStruct->mIdleWaitCallback != nil)
+ {
+ theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr);
+
+ SetErrorMessageAndBailIfError(theOTResult,"MacSocket_recv: User cancelled operation");
+ }
+
+ continue;
+ }
+ }
+
+
+ break;
+ }
+
+ errCode = noErr;
+
+
+#ifdef MACSOCKET_DEBUG
+ printf("MacSocket_recv: read %d bytes in total\n",totalBytesRead);
+#endif
+
+
+EXITPOINT:
+
+ if (theSocketStruct != nil)
+ {
+ theSocketStruct->mLastError = noErr;
+
+ CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+ if (errCode != noErr)
+ {
+ theSocketStruct->mLastError = errCode;
+
+ CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+ }
+ }
+
+ errno = errCode;
+
+ return(totalBytesRead);
+}
+
+
+
+// Send some bytes
+
+int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength)
+{
+OSErr errCode = noErr;
+int bytesSent = 0;
+SocketStruct *theSocketStruct = nil;
+
+
+ SetErrorMessageAndBailIfNil(inBuff,"MacSocket_send: Bad parameter, inBuff = nil");
+
+ if (inBuffLength <= 0)
+ {
+ SetErrorMessageAndBail("MacSocket_send: Bad parameter, inBuffLength <= 0");
+ }
+
+ if (!SocketIndexIsValid(inSocketNum))
+ {
+ SetErrorMessageAndBail("MacSocket_send: Invalid socket number specified");
+ }
+
+
+ theSocketStruct = &(sSockets[inSocketNum]);
+
+ if (!theSocketStruct->mLocalEndIsConnected)
+ {
+ SetErrorMessageAndBail("MacSocket_send: Socket not connected");
+ }
+
+
+OTResult theOTResult;
+
+
+ PrepareForAsyncOperation(theSocketStruct,0);
+
+ while (bytesSent < inBuffLength)
+ {
+ if (theSocketStruct->mIdleWaitCallback != nil)
+ {
+ theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr);
+
+ SetErrorMessageAndBailIfError(theOTResult,"MacSocket_send: User cancelled");
+ }
+
+
+ theOTResult = ::OTSnd(theSocketStruct->mEndPointRef,(void *) ((unsigned long) inBuff + bytesSent),inBuffLength - bytesSent,0);
+
+ if (theOTResult >= 0)
+ {
+ bytesSent += theOTResult;
+
+ theOTResult = noErr;
+
+ // Reset timer....
+
+ PrepareForAsyncOperation(theSocketStruct,0);
+ }
+
+ if (theOTResult == kOTFlowErr)
+ {
+ if (TimeoutElapsed(theSocketStruct))
+ {
+ SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_send: Send timed-out")
+ }
+
+ theOTResult = noErr;
+ }
+
+ SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_send: Can't send OT data, OTSnd() = ",theOTResult);
+ }
+
+
+ errCode = noErr;
+
+#ifdef MACSOCKET_DEBUG
+ printf("MacSocket_send: sent %d bytes\n",bytesSent);
+#endif
+
+
+EXITPOINT:
+
+ if (theSocketStruct != nil)
+ {
+ theSocketStruct->mLastError = noErr;
+
+ CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+ if (errCode != noErr)
+ {
+ theSocketStruct->mLastError = errCode;
+
+ CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+ }
+ }
+
+ if (errCode != noErr)
+ {
+ ::SysBeep(1);
+ }
+
+ errno = errCode;
+
+ return(bytesSent);
+}
+
+
+
+
+
+static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP)
+{
+OSStatus errCode;
+UInt8 buf[kOTFourByteOptionSize];
+TOption* theOTOption;
+TOptMgmt theOTRequest;
+TOptMgmt theOTResult;
+
+
+ if (!OTIsSynchronous(inEndpoint))
+ {
+ SetErrorMessageAndBail("NegotiateIPReuseAddrOption: Open Transport endpoint is not synchronous");
+ }
+
+ theOTRequest.opt.buf = buf;
+ theOTRequest.opt.len = sizeof(buf);
+ theOTRequest.flags = T_NEGOTIATE;
+
+ theOTResult.opt.buf = buf;
+ theOTResult.opt.maxlen = kOTFourByteOptionSize;
+
+
+ theOTOption = (TOption *) buf;
+
+ theOTOption->level = INET_IP;
+ theOTOption->name = IP_REUSEADDR;
+ theOTOption->len = kOTFourByteOptionSize;
+ theOTOption->status = 0;
+ *((UInt32 *) (theOTOption->value)) = inEnableReuseIP;
+
+ errCode = ::OTOptionManagement(inEndpoint,&theOTRequest,&theOTResult);
+
+ if (errCode == kOTNoError)
+ {
+ if (theOTOption->status != T_SUCCESS)
+ {
+ errCode = theOTOption->status;
+ }
+
+ else
+ {
+ errCode = kOTNoError;
+ }
+ }
+
+
+EXITPOINT:
+
+ errno = errCode;
+
+ return(errCode);
+}
+
+
+
+
+
+// Some rough notes....
+
+
+
+// OTAckSends(ep);
+// OTAckSends(ep) // enable AckSend option
+// ......
+// buf = OTAllocMem( nbytes); // Allocate nbytes of memory from OT
+// OTSnd(ep, buf, nbytes, 0); // send a packet
+// ......
+// NotifyProc( .... void* theParam) // Notifier Proc
+// case T_MEMORYRELEASED: // process event
+// OTFreeMem( theParam); // free up memory
+// break;
+
+
+
+/*
+struct InetInterfaceInfo
+{
+ InetHost fAddress;
+ InetHost fNetmask;
+ InetHost fBroadcastAddr;
+ InetHost fDefaultGatewayAddr;
+ InetHost fDNSAddr;
+ UInt16 fVersion;
+ UInt16 fHWAddrLen;
+ UInt8* fHWAddr;
+ UInt32 fIfMTU;
+ UInt8* fReservedPtrs[2];
+ InetDomainName fDomainName;
+ UInt32 fIPSecondaryCount;
+ UInt8 fReserved[252];
+};
+typedef struct InetInterfaceInfo InetInterfaceInfo;
+
+
+
+((InetAddress *) addr.buf)->fHost
+
+struct TBind
+{
+ TNetbuf addr;
+ OTQLen qlen;
+};
+
+typedef struct TBind TBind;
+
+struct TNetbuf
+{
+ size_t maxlen;
+ size_t len;
+ UInt8* buf;
+};
+
+typedef struct TNetbuf TNetbuf;
+
+
+ struct InetAddress
+{
+ OTAddressType fAddressType; // always AF_INET
+ InetPort fPort; // Port number
+ InetHost fHost; // Host address in net byte order
+ UInt8 fUnused[8]; // Traditional unused bytes
+};
+typedef struct InetAddress InetAddress;
+*/
+
+
+
+/*
+static pascal void Notifier(void* context, OTEventCode event, OTResult result, void* cookie)
+{
+EPInfo* epi = (EPInfo*) context;
+
+ switch (event)
+ {
+ case T_LISTEN:
+ {
+ DoListenAccept();
+ return;
+ }
+
+ case T_ACCEPTCOMPLETE:
+ {
+ if (result != kOTNoError)
+ DBAlert1("Notifier: T_ACCEPTCOMPLETE - result %d",result);
+ return;
+ }
+
+ case T_PASSCON:
+ {
+ if (result != kOTNoError)
+ {
+ DBAlert1("Notifier: T_PASSCON result %d", result);
+ return;
+ }
+
+ OTAtomicAdd32(1, &gCntrConnections);
+ OTAtomicAdd32(1, &gCntrTotalConnections);
+ OTAtomicAdd32(1, &gCntrIntervalConnects);
+
+ if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 )
+ {
+ ReadData(epi);
+ }
+
+ return;
+ }
+
+ case T_DATA:
+ {
+ if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 )
+ {
+ ReadData(epi);
+ }
+
+ return;
+ }
+
+ case T_GODATA:
+ {
+ SendData(epi);
+ return;
+ }
+
+ case T_DISCONNECT:
+ {
+ DoRcvDisconnect(epi);
+ return;
+ }
+
+ case T_DISCONNECTCOMPLETE:
+ {
+ if (result != kOTNoError)
+ DBAlert1("Notifier: T_DISCONNECT_COMPLETE result %d",result);
+
+ return;
+ }
+
+ case T_MEMORYRELEASED:
+ {
+ OTAtomicAdd32(-1, &epi->outstandingSends);
+ return;
+ }
+
+ default:
+ {
+ DBAlert1("Notifier: unknown event <%x>", event);
+ return;
+ }
+ }
+}
+*/
diff --git a/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h
new file mode 100644
index 00000000000..6e90a5bb447
--- /dev/null
+++ b/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h
@@ -0,0 +1,103 @@
+#pragma once
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+
+enum
+{
+ kMacSocket_TimeoutErr = -2
+};
+
+
+// Since MacSocket does busy waiting, I do a callback while waiting
+
+typedef OSErr (*MacSocket_IdleWaitCallback)(void *);
+
+
+// Call this before anything else!
+
+OSErr MacSocket_Startup(void);
+
+
+// Call this to cleanup before quitting
+
+OSErr MacSocket_Shutdown(void);
+
+
+// Call this to allocate a "socket" (reference number is returned in outSocketNum)
+// Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
+// The inTimeoutTicks parameter is applied during reads/writes of data
+// The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
+// The inUserRefPtr parameter is passed back to the idle-wait callback
+
+OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr);
+
+
+// Call this to connect to an IP/DNS address
+// Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123
+
+OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort);
+
+
+// Call this to listen on a port
+// Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen
+
+OSErr MacSocket_listen(const int inSocketNum,const int inPortNum);
+
+
+// Call this to close a socket
+
+OSErr MacSocket_close(const int inSocketNum);
+
+
+// Call this to receive data on a socket
+// Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
+
+int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
+
+
+// Call this to send data on a socket
+
+int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength);
+
+
+// If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
+// This function will let you check whether that's true or not
+
+Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
+
+
+// Call this to see if the listen has completed after a call to MacSocket_listen()
+
+Boolean MacSocket_ListenCompleted(const int inSocketNum);
+
+
+// These really aren't very useful anymore
+
+Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
+Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
+
+
+// You may wish to change the userRefPtr for a socket callback-- use this to do it
+
+void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr);
+
+
+// Call these to get the socket's IP:port descriptor
+
+void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+
+
+// Call this to get error info from a socket
+
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength);
+
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/lib/libssl/src/MacOS/OpenSSL.mcp.hqx b/lib/libssl/src/MacOS/OpenSSL.mcp.hqx
new file mode 100644
index 00000000000..2efa49ac014
--- /dev/null
+++ b/lib/libssl/src/MacOS/OpenSSL.mcp.hqx
@@ -0,0 +1,4880 @@
+(This file must be converted with BinHex 4.0)
+
+:#dp`C@j68d`ZE@0`!%e08(*$9dP&!!!!!j)H!!!!!)X-Bfp[E!!!!!-!!!%S!!0
+ipJ!$HKi!!"J!!!!"!!%#!3!!!!!!!!!!!%0[C'9ABA*bD@pb)&"bEfTPBh3!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(CA4)9&4
+38b"38%-k4'9LG@GRCA)J8R9ZG'PYC3"(CA4)9&438b"38%-k8fpeFQ0P)&4bC@9
+c!%GPG%K89&"6)&"33cT$GA0dEfdJ5f9jGfpbC(-!4f9d5&488&-J8&"$1N&MBf9
+cFb"3BA4SF`"(CA4)9&438b"38%-k9'&bCf9d)&0PG(4TEQGc!%GPG%K89&"6)&"
+33cT'D@aP)%eKF("TEQGc!%GPG%K89&"6)&"33cT#G@PXC#"&H(4bBA-!4f9d5&4
+88&-J8&"$1N4PBR9RCf9b)&4KFQGPG!"(CA4)9&438b"38%-k0MK,)%0[C'9(C@i
+!4f9d5&488&-J8&"$1MBi5b"%DA0KFh0PE@*XCA)!4f9d5&488&-J8&"$1MBi5b"
+(E'pLB@`J6h"dD@eTHQ9b!%GPG%K89&"6)&"33cSf1%XJ6'PZDf9b!%GPG%K89&"
+6)&"33cSf1%XJ8(*[DQ9MG!"(CA4)9&438b"38%-k3bp$+bXJ3fpYF'PXCA)!4f9
+d5&488&-J8&"$1N-[3bXV)&GKFQjTEQGc!%GPG%K89&"6)&"33cT$4Ndf1%X!4f9
+d5&488&-J8&"$1NeKBdp6)%ePFQGP)&"KEQ9X!%GPG%K89&"6)&"33cT38%-J3fp
+NC8GPEJ"(CA4)9&438b"38%-k8&"$)%4TFf&cFf9YBQaPFJ"(CA4)9&438b"38%-
+k8&"$)%GXEf*KE#"2F(4TE@PkCA)!4f9d5&488&-J8&"$1P"33b"-D@jVCA)!4f9
+d5&488&-J8&"$1P"33b"348B!4f9d5&488&-J8&"$1P"33b"3FQpUC@0d!%GPG%K
+89&"6)&"33cT38%0"FfdJ8'&ZC@`!4f9d5&488&-J8&"$1P*PHL"$Efe`D@aPFJ"
+2F'9Z8e0-)&"33cT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J8&"$1P0[GA*MC5"
+8FQ9PF`"2F'9Z8e0-)&"33cT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#"38%-k3@0
+MCA0c)&"KG'Kc!%p`C@j68d`J8&"$1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)&"
+33cT'D@aP)%eKF("TEQGc!%p`C@j68d`J8&"$1N*eD@aN)%9iG(*KF`"2F'9Z8e0
+-)&"33cT%C@*eCfGPFL"8BA*RCA3!6h"PEP066#"38%-k0MK,)%0[C'9(C@i!6h"
+PEP066#"38%-k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)&"33cSf1%XJ4fa[BQ&
+X)%p`G'PYDATPFJ"2F'9Z8e0-)&"33cSf1%XJ6'PZDf9b!%p`C@j68d`J8&"$1MB
+i5b"3FQpUC@0d!%p`C@j68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J8&"
+$1N-[3bXV)&GKFQjTEQGc!%p`C@j68d`J8&"$1N0'66Bi5`"2F'9Z8e0-)&"33cT
+0B@028b"0CA*RC5"3B@jPE!"2F'9Z8e0-)&"33cT38%-J3fpNC8GPEJ"2F'9Z8e0
+-)&"33cT38%-J4'PcBA0cC@eLE'9b!%p`C@j68d`J8&"$1P"33b"(E'pLB@`J6h"
+dD@eTHQ9b!%p`C@j68d`J8&"$1P"33b"-D@jVCA)!6h"PEP066#"38%-k8&"$)&"
+&4J"2F'9Z8e0-)&"33cT38%-J8(*[DQ9MG!"2F'9Z8e0-)&"33cT38%0"FfdJ8'&
+ZC@`!6h"PEP066#"38%-k8Q9k)%0[EA"TE'9b!%GPG%K89&"6)$Bi5cT%C@*eCfG
+PFL"5G@jdD@eP!%GPG%K89&"6)$Bi5cT6Eh9bBf8J9(*PCA-!4f9d5&488&-J0MK
+,1N0eFh4[E5",CAPhEh*NF`"(CA4)9&438b!f1%Xk3@0MCA0c)&"KG'Kc!%GPG%K
+89&"6)$Bi5cT8BA*RCA3J8f9dG'PZCh-!4f9d5&488&-J0MK,1NCTE'8J6@&`F'P
+ZCh-!4f9d5&488&-J0MK,1N*eD@aN)%9iG(*KF`"(CA4)9&438b!f1%Xk4'9LG@G
+RCA)J9'&bCf9d!%GPG%K89&"6)$Bi5cSf1%XJ3fpNC8GPEJ"(CA4)9&438b!f1%X
+k0MK,)%4TFf&cFf9YBQaPFJ"(CA4)9&438b!f1%Xk0MK,)%GXEf*KE#"2F(4TE@P
+kCA)!4f9d5&488&-J0MK,1MBi5b"-D@jVCA)!4f9d5&488&-J0MK,1MBi5b"3FQp
+UC@0d!%GPG%K89&"6)$Bi5cT$,d-V+b"$Efe`D@aPFJ"(CA4)9&438b!f1%Xk3bp
+$+bXJ9f&bEQPZCh-!4f9d5&488&-J0MK,1N0'66Bi5`"(CA4)9&438b!f1%Xk6@&
+M6e-J6@9bCf8J8'&ZC@`!4f9d5&488&-J0MK,1P"33b"$Ef4P4f9Z!%GPG%K89&"
+6)$Bi5cT38%-J4'PcBA0cC@eLE'9b!%GPG%K89&"6)$Bi5cT38%-J4fa[BQ&X)%p
+`G'PYDATPFJ"(CA4)9&438b!f1%Xk8&"$)%aTEQYPFJ"(CA4)9&438b!f1%Xk8&"
+$)&"&4J"(CA4)9&438b!f1%Xk8&"$)&"bEfTPBh3!4f9d5&488&-J0MK,1P"33d&
+cE5"3B@jPE!"(CA4)9&438b!f1%Xk8Q9k)%0[EA"TE'9b!%aTBP066#!f1%Xk4'9
+LG@GRCA)J8R9ZG'PYC3"-D@*68d`J0MK,1P0[GA*MC5"8FQ9PF`"-D@*68d`J0MK
+,1N0eFh4[E5",CAPhEh*NF`"-D@*68d`J0MK,1N&MBf9cFb"3BA4SF`"-D@*68d`
+J0MK,1P4KFQGPG#"6CA4dD@jRF`"-D@*68d`J0MK,1NCTE'8J6@&`F'PZCh-!6'P
+L8e0-)$Bi5cT#G@PXC#"&H(4bBA-!6'PL8e0-)$Bi5cT%C@*eCfGPFL"8BA*RCA3
+!6'PL8e0-)$Bi5cSf1%XJ3fpNC8GPEJ"-D@*68d`J0MK,1MBi5b"%DA0KFh0PE@*
+XCA)!6'PL8e0-)$Bi5cSf1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J0MK,1MB
+i5b"-D@jVCA)!6'PL8e0-)$Bi5cSf1%XJ8(*[DQ9MG!"-D@*68d`J0MK,1N-[3bX
+V)%0[EA"TE'9b!%aTBP066#!f1%Xk3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)$Bi5cT
+$4Ndf1%X!6'PL8e0-)$Bi5cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J0MK,1P"
+33b"$Ef4P4f9Z!%aTBP066#!f1%Xk8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J0MK
+,1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%aTBP066#!f1%Xk8&"$)%aTEQYPFJ"-D@*
+68d`J0MK,1P"33b"348B!6'PL8e0-)$Bi5cT38%-J8(*[DQ9MG!"-D@*68d`J0MK
+,1P"33d&cE5"3B@jPE!"-D@*68d`J0MK,1P*PHL"$Efe`D@aPFJ"2F'9Z8e0-)$B
+iDcT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J0MKV1P0[GA*MC5"8FQ9PF`"2F'9
+Z8e0-)$BiDcT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#!f1'Xk3@0MCA0c)&"KG'K
+c!%p`C@j68d`J0MKV1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)$BiDcT'D@aP)%e
+KF("TEQGc!%p`C@j68d`J0MKV1N*eD@aN)%9iG(*KF`"2F'9Z8e0-)$BiDcT%C@*
+eCfGPFL"8BA*RCA3!6h"PEP066#!f1'Xk0MK,)%0[C'9(C@i!6h"PEP066#!f1'X
+k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)$BiDcSf1%XJ4fa[BQ&X)%p`G'PYDAT
+PFJ"2F'9Z8e0-)$BiDcSf1%XJ6'PZDf9b!%p`C@j68d`J0MKV1MBi5b"3FQpUC@0
+d!%p`C@j68d`J0MKV1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J0MKV1N-[3bXV)&G
+KFQjTEQGc!%p`C@j68d`J0MKV1N0'66Bi5`"2F'9Z8e0-)$BiDcT0B@028b"0CA*
+RC5"3B@jPE!"2F'9Z8e0-)$BiDcT38%-J3fpNC8GPEJ"2F'9Z8e0-)$BiDcT38%-
+J4'PcBA0cC@eLE'9b!%p`C@j68d`J0MKV1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%p
+`C@j68d`J0MKV1P"33b"-D@jVCA)!6h"PEP066#!f1'Xk8&"$)&"&4J"2F'9Z8e0
+-)$BiDcT38%-J8(*[DQ9MG!"2F'9Z8e0-)$BiDcT38%0"FfdJ8'&ZC@`!6h"PEP0
+66#!f1'Xk8Q9k)%0[EA"TE'9b!%aTBP066#"38%-k4'9LG@GRCA)J8R9ZG'PYC3"
+-D@*68d`J8&"$1P0[GA*MC5"8FQ9PF`"-D@*68d`J8&"$1N0eFh4[E5",CAPhEh*
+NF`"-D@*68d`J8&"$1N&MBf9cFb"3BA4SF`"-D@*68d`J8&"$1P4KFQGPG#"6CA4
+dD@jRF`"-D@*68d`J8&"$1NCTE'8J6@&`F'PZCh-!6'PL8e0-)&"33cT#G@PXC#"
+&H(4bBA-!6'PL8e0-)&"33cT%C@*eCfGPFL"8BA*RCA3!6'PL8e0-)&"33cSf1%X
+J3fpNC8GPEJ"-D@*68d`J8&"$1MBi5b"%DA0KFh0PE@*XCA)!6'PL8e0-)&"33cS
+f1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J8&"$1MBi5b"-D@jVCA)!6'PL8e0
+-)&"33cSf1%XJ8(*[DQ9MG!"-D@*68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%aTBP0
+66#"38%-k3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)&"33cT$4Ndf1%X!6'PL8e0-)&"
+33cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J8&"$1P"33b"$Ef4P4f9Z!%aTBP0
+66#"38%-k8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J8&"$1P"33b"(E'pLB@`J6h"
+dD@eTHQ9b!%aTBP066#"38%-k8&"$)%aTEQYPFJ"-D@*68d`J8&"$1P"33b"348B
+!6'PL8e0-)&"33cT38%-J8(*[DQ9MG!"-D@*68d`J8&"$1P"33d&cE5"3B@jPE!"
+-D@*68d`J8&"$1P*PHL"$Efe`D@aPFJ"-D@*$FRP`G'mJ8&"$1N4PBR9RCf9b)&*
+eER4TE@8!6'PL3h*jF(4[)&"33cT6Eh9bBf8J9(*PCA-!6'PL3h*jF(4[)&"33cT
+$GA0dEfdJ5f9jGfpbC(-!6'PL3h*jF(4[)&"33cT"Bf0PFh-J8'&dD(-!6'PL3h*
+jF(4[)&"33cT8BA*RCA3J8f9dG'PZCh-!6'PL3h*jF(4[)&"33cT'D@aP)%eKF("
+TEQGc!%aTBN0bHA"dEb"38%-k3R9TE'3J4AKdFQ&c!%aTBN0bHA"dEb"38%-k4'9
+LG@GRCA)J9'&bCf9d!%aTBN0bHA"dEb"38%-k0MK,)%0[C'9(C@i!6'PL3h*jF(4
+[)&"33cSf1%XJ4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb"38%-k0MK,)%GXEf*KE#"
+2F(4TE@PkCA)!6'PL3h*jF(4[)&"33cSf1%XJ6'PZDf9b!%aTBN0bHA"dEb"38%-
+k0MK,)&"bEfTPBh3!6'PL3h*jF(4[)&"33cT$,d-V+b"$Efe`D@aPFJ"-D@*$FRP
+`G'mJ8&"$1N-[3bXV)&GKFQjTEQGc!%aTBN0bHA"dEb"38%-k3dC00MK,!%aTBN0
+bHA"dEb"38%-k6@&M6e-J6@9bCf8J8'&ZC@`!6'PL3h*jF(4[)&"33cT38%-J3fp
+NC8GPEJ"-D@*$FRP`G'mJ8&"$1P"33b"%DA0KFh0PE@*XCA)!6'PL3h*jF(4[)&"
+33cT38%-J4fa[BQ&X)%p`G'PYDATPFJ"-D@*$FRP`G'mJ8&"$1P"33b"-D@jVCA)
+!6'PL3h*jF(4[)&"33cT38%-J8%9'!%aTBN0bHA"dEb"38%-k8&"$)&"bEfTPBh3
+!6'PL3h*jF(4[)&"33cT38%0"FfdJ8'&ZC@`!6'PL3h*jF(4[)&"33cT5CASJ3fp
+YF'PXCA)!6'PL3h*jF(4[)$Bi5cT%C@*eCfGPFL"5G@jdD@eP!%aTBN0bHA"dEb!
+f1%Xk8fpeFQ0P)&4bC@9c!%aTBN0bHA"dEb!f1%Xk3h9cG'pY)%YPHAG[FQ4c!%a
+TBN0bHA"dEb!f1%Xk3@0MCA0c)&"KG'Kc!%aTBN0bHA"dEb!f1%Xk9'&bCf9d)&0
+PG(4TEQGc!%aTBN0bHA"dEb!f1%Xk4QPXC5"0BA"`D@jRF`"-D@*$FRP`G'mJ0MK
+,1N*eD@aN)%9iG(*KF`"-D@*$FRP`G'mJ0MK,1N4PBR9RCf9b)&4KFQGPG!"-D@*
+$FRP`G'mJ0MK,1MBi5b"$Ef4P4f9Z!%aTBN0bHA"dEb!f1%Xk0MK,)%4TFf&cFf9
+YBQaPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"(E'pLB@`J6h"dD@eTHQ9b!%aTBN0bHA"
+dEb!f1%Xk0MK,)%aTEQYPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"3FQpUC@0d!%aTBN0
+bHA"dEb!f1%Xk3bp$+bXJ3fpYF'PXCA)!6'PL3h*jF(4[)$Bi5cT$,d-V+b"ABA*
+ZD@jRF`"-D@*$FRP`G'mJ0MK,1N0'66Bi5`"-D@*$FRP`G'mJ0MK,1NeKBdp6)%e
+PFQGP)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8&"$)%0[C'9(C@i!6'PL3h*jF(4[)$B
+i5cT38%-J4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb!f1%Xk8&"$)%GXEf*KE#"2F(4
+TE@PkCA)!6'PL3h*jF(4[)$Bi5cT38%-J6'PZDf9b!%aTBN0bHA"dEb!f1%Xk8&"
+$)&"&4J"-D@*$FRP`G'mJ0MK,1P"33b"3FQpUC@0d!%aTBN0bHA"dEb!f1%Xk8&"
+$3A0Y)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8Q9k)%0[EA"TE'9b!&"bEfTPBh3J4QP
+XC5"-DA0d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!3!!!!!!!!!H!!!!!J!!!!!!!!!i!!!!!`!!!!!!!!"9!!!!"!!!!!!!!!"[!!!
+!"3!!!!!!!!#-!!!!"J!!!!!!!!#R!!!!"`!!!!!!!!$"!!!!#!!!!!!!!!$H!!!
+!#3!!!!!!!!$h!!!!#J!!!!!!!!%9!!!!#`!!!!!!!!%h!!!!$!!!!!!!!!&2!!!
+!$3!!!!!!!!&S!!!!$J!!!!!!!!'%!!!!$`!!!!!!!!'J!!!!%!!!!!!!!!'d!!!
+!%3!!!!!!!!(6!!!!%J!!!!!!!!(X!!!!%`!!!!!!!!)+!!!!&!!!!!!!!!)X!!!
+!&3!!!!!!!!*%!!!!&J!!!!!!!!*C!!!!&`!!!!!!!!*b!!!!'!!!!!!!!!+-!!!
+!'3!!!!!!!!+Q!!!!'J!!!!!!!!,$!!!!'`!!!!!!!!,F!!!!(!!!!!!!!!,i!!!
+!(3!!!!!!!!-4!!!!(J!!!!!!!!-Y!!!!(`!!!!!!!!0(!!!!)!!!!!!!!!0J!!!
+!)3!!!!!!!!0m!!!!)J!!!!!!!!18!!!!)`!!!!!!!!1a!!!!*!!!!!!!!!25!!!
+!*3!!!!!!!!2T!!!!*J!!!!!!!!3"!!!!*`!!!!!!!!3F!!!!+!!!!!!!!!3h!!!
+!+3!!!!!!!!4+!!!!+J!!!!!!!!4S!!!!+`!!!!!!!!5!!!!!,!!!!!!!!!5G!!!
+!,3!!!!!!!!5q!!!!,J!!!!!!!!69!!!!,`!!!!!!!!6T!!!!-!!!!!!!!!8"!!!
+!-3!!!!!!!!8D!!!!-J!!!!!!!!8c!!!!-`!!!!!!!!94!!!!0!!!!!!!!!9V!!!
+!03!!!!!!!!@)!!!!0J!!!!!!!!@L!!!!0`!!!!!!!!@r!!!!1!!!!!!!!!AD!!!
+!13!!!!!!!!Ad!!!!1J!!!!!!!!B4!!!!1`!!!!!!!!BU!!!!2!!!!!!!!!C)!!!
+!23!!!!!!!!CU!!!!2J!!!!!!!!D#!!!!2`!!!!!!!!DE!!!!3!!!!!!!!!Dh!!!
+!33!!!!!!!!E6!!!!3J!!!!!!!!ER!!!!3`!!!!!!!!F'!!!!4!!!!!!!!!FI!!!
+!43!!!!!!!!Fp!!!!4J!!!!!!!!GI!!!!4`!!!!!!!!Gh!!!!5!!!!!!!!!H-!!!
+!53!!!!!!!!HP!!!!5J!!!!!!!!Hr!!!!5`!!!!!!!!IC!!!!6!!!!!!!!!Ie!!!
+!63!!!!!!!!J0!!!!6J!!!!!!!!JS!!!!6`!!!!!!!!K!!!!!8!!!!!!!!!KE!!!
+!83!!!!!!!!Kd!!!!8J!!!!!!!!L-!!!!8`!!!!!!!!LR!!!!9!!!!!!!!!Lq!!!
+!93!!!!!!!!MD!!!!9J!!!!!!!!Mk!!!!9`!!!!!!!!N3!!!!@!!!!!!!!!NR!!!
+!@3!!!!!!!!P"!!!!@J!!!!!!!!PE!!!!@`!!!!!!!!PY!!!!A!!!!!!!!!Q+!!!
+!A3!!!!!!!!QK!!!!AJ!!!!!!!!Qp!!!!A`!!!!!!!!RG!!!!B!!!!!!!!!Rc!!!
+!B3!!!!!!!!S'!!!!BJ!!!!!!!!SG!!!!B`!!!!!!!!Se!!!!C!!!!!!!!!T0!!!
+!C3!!!!!!!!TU!!!!CJ!!!!!!!!U$!!!!C`!!!!!!!!UI!!!!D!!!!!!!!!Ui!!!
+!D3!!!!!!!!V8!!!!DJ!!!!!!!!VZ!!!!D`!!!!!!!!X(!!!!E!!!!!!!!!XM!!!
+!E3!!!!!!!!Xl!!!!EJ!!!!!!!!YB!!!!E`!!!!!!!!Yj!!!!F!!!!!!!!!Z3!!!
+!!(%!!!!!!!!,U!!!!()!!!!!!!!,``!!!(-!!!!!!!!,hJ!!!(3!!!!!!!!,m3!
+!!(8!!!!!!!!-$`!!!(B!!!!!!!!-*`!!!(F!!!!!!!!-4!!!!(J!!!!!!!!-C3!
+!!(N!!!!!!!!-I!!!!(S!!!!!!!!-N!!!!!"l!!!!!!!!$+J!!!"m!!!!!!!!$-%
+!!!"p!!!!!!!!$0S!!!"q!!!!!!!!$2B!!!"r!!!!!!!!$3i!!!#!!!!!!!!!$5N
+!!!#"!!!!!!!!$8%!!!##!!!!!!!!$9`!!!#$!!!!!!!!$A8!!!#%!!!!!!!!$Bd
+!!!#&!!!!!!!!$DJ!!!#'!!!!!!!!$Em!!!#(!!!!!!!!$GX!!!#)!!!!!!!!$IX
+!!!#*!!!!!!!!$K%!!!#+!!!!!!!!$LJ!!!#,!!!!!!!!$N)!!!#-!!!!!!!!$P`
+!!!#0!!!!!!!!$Qi!!!#1!!!!!!!!$SX!!!#2!!!!!!!!$U)!!!#3!!!!!!!!!!k
+q!!!!N3!!!!!!!!lH!!!!NJ!!!!!!!!ld!!!!N`!!!!!!!!m(!!!!P!!!!!!!!!m
+H!!!!P3!!!!!!!!mf!!!!PJ!!!!!!!!p1!!!!P`!!!!!!!!pY!!!!Q!!!!!!!!!q
+)!!!!Q3!!!!!!!!qQ!!!!QJ!!!!!!!!r"!!!!Q`!!!!!!!!rI!!!!R!!!!!!!!!r
+l!!!!R3!!!!!!!"!@!!!!RJ!!!!!!!"!d!!!!R`!!!!!!!""1!!!!S!!!!!!!!""
+Y!!!!S3!!!!!!!"#3!!!!!+)!!!!!!!!3U3!!!+-!!!!!!!!3``!!!+3!!!!!!!!
+3i!!!!+8!!!!!!!!3r3!!!+B!!!!!!!!4%J!!!+F!!!!!!!!4-J!!!+J!!!!!!!!
+46!!!!+N!!!!!!!!4D`!!!+S!!!!!!!!4MJ!!!+X!!!!!!!!4T`!!!+`!!!!!!!!
+4[3!!!+d!!!!!!!!4e`!!!+i!!!!!!!!4mJ!!!+m!!!!!!!!5$3!!!,!!!!!!!!!
+5,!!!!,%!!!!!!!!54`!!!,)!!!!!!!!5C3!!!,-!!!!!!!!5J!!!!,3!!!!!!!!
+5RJ!!!,8!!!!!!!!5ZJ!!!,B!!!!!!!!5e3!!!,F!!!!!!!!5m`!!!,J!!!!!!!!
+6$3!!!,N!!!!!!!!6,!!!!,S!!!!!!!!66`!!!,X!!!!!!!!6D!!!!,`!!!!!!!!
+6JJ!!!,d!!!!!!!!6R`!!!,i!!!!!!!!6[!!!!,m!!!!!!!!6d3!!!-!!!!!!!!!
+6m3!!!-%!!!!!!!!8#`!!!-)!!!!!!!!8+J!!!--!!!!!!!!863!!!-3!!!!!!!!
+8CJ!!!-8!!!!!!!!8I!!!!-B!!!!!!!!8PJ!!!-F!!!!!!!!8X3!!!-J!!!!!!!!
+8c!!!!-N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!1J!!!$X!!!!m!!!!23!!!$i!!!!e!!!!1!!!!$m!!!"!!!!!33!!!$3!!!!b!!!
+!13!!!$F!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!!c!!!
+!0J!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!!`!!!!B!!!!0!!!!$J!!!!m!!!!#!!!
+!!!!!!!F!!!!&!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!
+!!3!!!!3!!!#h!!!!Z!!!!,N!!!#k!!!!Z`!!!,)!!!#e!!!![!!!!,d!!!#q!!!
+!X3!!!+m!!!#f!!!!Y!!!!,m!!!$!!!!!`3!!!-)!!!$$!!!!a!!!!-8!!!$'!!!
+!a`!!!,!!!!#c!!!!RJ!!!*m!!!#J!!!!S3!!!+)!!!#C!!!!R!!!!+-!!!#N!!!
+!T3!!!*J!!!#@!!!!R3!!!*X!!!#Q!!!!T`!!!+J!!!#T!!!!UJ!!!+X!!!#X!!!
+!V3!!!+i!!!#A!!!!QJ!!!&-!!!"8!!!!93!!!&B!!!"A!!!!6J!!!&%!!!"B!!!
+!@3!!!&S!!!"0!!!!5`!!!&)!!!"3!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!
+!B3!!!')!!!"M!!!!6!!!!%m!!!#&!!!!KJ!!!)F!!!#)!!!!L3!!!)!!!!#$!!!
+!LJ!!!)X!!!#-!!!!I`!!!(d!!!#%!!!!JJ!!!)d!!!#1!!!!M`!!!*!!!!!!N3!
+!!*)!!!#6!!!!P!!!!*8!!!"q!!!!J3!!!'`!!!"Y!!!!EJ!!!'m!!!"`!!!!C`!
+!!'S!!!"a!!!!FJ!!!(-!!!"Q!!!!C!!!!'X!!!"T!!!!G!!!!(8!!!"f!!!!G`!
+!!(J!!!"j!!!!HJ!!!(X!!!"m!!!!C3!!!'J!!!!K!!!!)J!!!#-!!!!N!!!!*3!
+!!"`!!!!I!!!!*J!!!#F!!!!S!!!!'`!!!"N!!!!J!!!!(J!!!#N!!!!U!!!!+`!
+!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!"S!!!!G!!!!b!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!690-)%-Z8&"$,NaTBJ"*ER4
+PFQCKBf9-D@)!6@&dD%aTBJ"08d`J8R9ZG'PYC9"33bj-D@)!6h"PEP4`G%PZCA4
+38%-ZE`"2F'9Z9("d5@jdCA*ZCA4-D@)!6h"PEP4bB@jcF'pbG%9iG'j38%-ZE`"
+2F'9Z9(*KER0`Eh*d6'PL!&4SFQ9KC(0-D@)!BQP[Ah0cE#jM!(-b-epME'jd,Q-
+!Fc)cAfaTBLjM!(-b-epYCA4S,Q-!Fc)cAh"VG#jM!(-b-epcFRCb,Q-!Fc*IBfa
+ZG#jM!(-bAf9ZBbjM!(-bAfaTBLjM!(-bAfePG'JZB`"c-Pp`Dh3ZB`"c-PpcFRC
+b,Q-!Fc0IBQpdD#jM!(-cAf0XER3ZB`"c-epPEQ-ZB`"c-epXD@)ZB`"c-epYCA4
+S,Q-!Fc0IF'Yd,Q-!Fc0IFh*fFLjM!(0cE&pKE'Gc,Q-!Fh0XAf&cEM%ZB`"cFfa
+IBf9bG#jM!(0cE&pMDA"S,Q-!Fh0XAf9bFLjM!(0cE&pPFR)b,Q-!Fh0XAfaTBLj
+M!(0cE&pbFf%ZB`"cFfaIFf9cFbjM!(0cE&pcG'&d,Q-!Fh0XAh4iG#jM!(3aAf0
+XER3ZB`"d-9pPEQ-ZB`"d-9pXD@)ZB`"d-9pYCA4S,Q-!G$&IFh*fFLjM!'&cEM&
+ICA*b,Q-!BA0Z-9pXD@)ZB`"KFfiaAh"KFLjM!'&cEPp`B@0V,Q-!B9pLDA4cG()
+ZB`"KAf*YF#jM!'&IBQp[E#jM!'&IBRPdCA-ZB`"KAf3bD9pQF#jM!'&IC'PRCA0
+d,Q-!B9pNGA!ZB`"KAf9ZG@dZB`"KAfGPER4Y,Q-!B9pSC()ZB`"KAfNbC&pQF#j
+M!'&ID@jd,Q-!B9pYCA4S,Q-!B9p[BQTPBh3ZB`"KAfpMG'9d,Q-!B9p`FQPZG#j
+M!'&IFf9d,Q-!B9pcD@GZ,Q-!B9pdD@eP,Q-!B9pdHA"P,Q-!B9peG'0dE5jM!'&
+IGA4Q1#jM!'&IGQ9bD@Cj,Q-!B9pfDA-ZB`"N-QPIC'K`,Q-!C$*TAf4cBA!ZB`"
+N-QPIF()ZB`"N-QPIF(8ZB`"N-QPIFPp`FLjM!'3bD9pbAh"e,Q-!C$*TAh0IF()
+ZB`"N-QPIFep`G5jM!'9fF&pKFfia,Q-!CPpPER9Y,Q-!CPpTER3ZB`"QAh0dFQP
+ZCbjM!'NbC&pND(!ZB`"T-Q4IC(0KF#jM!'NbC&p`FLjM!'NbC&p`G5jM!'NbC&p
+bAh"b,Q-!D6*NAh*IF(8ZB`"T-Q4IFep`FLjM!'NbC&pcAh"e,Q-!ER0cCA%ZB`"
+ZAh"VCANZB`"`09p`BQ8ZB`"`09p`BQ9f-LjM!(!hAf4RFh3ZB`"`0epPEQ-ZB`"
+`0epPEQ0IBbjM!(!hAf9fF#jM!(!hAfPIFbjM!(!hAfaTBLjM!(!hAh*PBfP`,Q-
+!F$GIFfPREQ3ZB`"`0epcD@GZD5jM!(!hAh0IC5jM!(!iAh"VCANZB`"dAf0bE#j
+M!(4IF'YPH5jM!(4IFQ9a,Q-!G&pi06!j,Q-!H&pKE'G[FLjM!(KIBA4dFQPL,Q-
+!H&pMD@jQ,Q-!H&pMFQ`ZB`"iAf9iG'9Z,Q-!H&pTEQC[,Q-!H&pZB@eP,Q-!H&p
+`Df9j,Q-!H&p`G@*VCANZB`"iAh*PF5jM!(KIFfPR,Q-!H&pcF'YT,Q-!H&pfB@`
+ZB`"iAhJe-$NZB`"LCPpMCQ)f0#jM!'*QAf9MBLjM!'*QAf9ZBbjM!'*QAfpQBMB
+d,Q-!BQCIFfYPH5jM!'*TEepPFR)ZB`"LD@pIE'PL,Q-!BR0cAh0[BfXZB`"LEPp
+KC'3ZB`"LEPpKFfdZB`"LEPpLE'PZC#jM!'*ZAf4TGLjM!'*ZAf9bFLjM!'*ZAf9
+iF#jM!'*ZAf9iF$)ZB`"LEPpRBf3ZB`"LEPpXD@)ZB`"LEPpYEfjd,Q-!BQjIEA"
+T,Q-!BQjIEA9X,Q-!BQjIF(*TE@8ZB`"LEPp`FQPZG#jM!'*ZAh*KEQ3ZB`"LEPp
+bC@0`,Q-!BQjIFfKTCR3ZB`"LEPpcFA)ZB`"LEPphEh*N,Q-!BR9QCQ9b,Q-!BR9
+QAf9bFLjM!'0IBfCL0M3ZB`"MAf9MBLjM!'0IC@jM,Q-!Bep[CQ)f0#jM!'0IFfY
+PH5jM!'0[EA"IE'PL,Q-!BepbE'8ZB`"MAhTXD@)ZB`"MEfjQ,Q-!BfpZCPpPFR)
+ZB`"MBQ0IBfYcE5jM!'0LBepPEQ-ZB`"MCQ)f0'9NC5jM!'0QBMBdC@jM,Q-!BfC
+LAf9ZBbjM!'4PFepPEQ-ZB`"PBf)cAf9ZBbjM!'9MBPpPEQ-ZB`"PC'9IBf*ME9p
+PEQ-ZB`"PEQ0IFQ9KC#jM!'CMFRP`G#jM!'CMFRP`G&pL,Q-!EfCL0M4PC'8ZB`"
+[CQ)f0'9ZBbjM!'pQBPpPEQ-ZB`"`Bf*MAf9ZBbjM!(&eC&pMDh0Y,Q-!FQ&ZC&p
+VCANZB`"bC@&N-R"hC#jM!(*PB@4IF(GN,Q-!FR"MAf9ZBbjM!(0PG&pVCANZB`"
+cG()bDf9j,Q-!Fh9`F#jM!(KMBQ0IC@jM,Q-!C'KIBfKPBfXZB`"ND&pPFR)ZB`"
+ND&pRC@iZB`"ND&pVCANZB`"ND&pXD@)ZB`"NFf&IBA0Z-5jM!'4cB9pPFR)ZB`"
+NFf&ICf9Z,Q-!C(0KAfYPH5jM!'4cB9pXD@)ZB`"NFf&IFfPRELjM!'4cB9pfFQB
+ZB`"PFR)ZB`"PFR*IB@aX,Q-!CA*bAh"bELjM!'*TEepL0M3ZB`"LD@pIC@jM,Q-
+!BQP[AfeN,Q-!BQP[AfpV,Q-!BepKE'`ZB`"ND@GPFh3ZB`"PEQ0[C'8ZB`"PGR"
+IC@jM,Q-!CAC`Af9bFLjM!'9fF&pVCANZB`"PGR"IE'PL,Q-!CAC`Ah"LC5jM!'9
+fF&p`Df9j,Q-!C9pMBQ0I-f3ZB`"PAf0LBepLCLjM!'9IBf*MAf-ZB`"PAf0LBep
+N,Q-!C9pMBQ0ID5jM!'9IBf*MAh)b,Q-!C9pMBQ0IFM8ZB`"PAf0QBPmcC#jM!'9
+IBfCLAf*Q,Q-!C9pMCQ*IBbjM!'9IBfCLAf3ZB`"PAf0QBPpT,Q-!C9pMCQ*IFM)
+ZB`"PAf0QBPpb05jM!'9IC@0LAc0N,Q-!C9pPBf*IBQBZB`"PAf9MBPpM,Q-!C9p
+PBf*IC#jM!'9IC@0LAfNZB`"PAf9MBPpb-LjM!'9IC@0LAh)e,Q-!C9pZG@aX,Q-
+!C9p[CQ*I-f3ZB`"PAfpQBPpLCLjM!'9IEfCLAf-ZB`"PAfpQBPpN,Q-!C9p[CQ*
+ID5jM!'9IEfCLAh)b,Q-!C9p[CQ*IFM8ZB`"PAh*M0#jM!'9IH'0LBepN,Q-!E9p
+NFh-ZB`"YAf4cFc%ZB`"YAfeN-LjM!'eIE@3e,Q-!E9pYC'-b,Q-!E9pZG@aX,Q-
+!E9pbDA"PE@3ZB`"YAh0SB5jM!'eIFfKK-5jM!'jKE@9c,Q-!F&pNC@-ZB`"`Af9
+ZBbjM!("IE'PL,Q-!F&p[F'9Z,Q-!F&pcC@&X,Q-!F&pcD@GZ,Q-!F&pfCA*TCRN
+ZB`"SE@&M,Q-!D9pMBQ-ZB`"TAf0QBMBd,Q-!D9pPBf)ZB`"TAfpQBMBd,Q-!D9p
+cDf9j,Q-!E'KKFfJZB`"XD&pcG'&dFbjM!'eN-PpNCh0d,Q-!E@3bAfpZC5jM!'e
+N09pNCh0d,Q-!E@3eAfpZC5jM!'eNBc*NCh0d,Q-!E@4M-Pp[EQ8ZB`"[BQTIC'&
+d,Q-!Ef*UAf9bFLjM!'pLDPpXD@)ZB`"[AfjKE@9c,Q-!F'9YAf&XE#jM!("PE9p
+PFR)ZB`"`C@eID@jQEbjM!("PE9pXD@)ZB`"`C@eIFf9KE#jM!("PE9pcD@GZ,Q-
+!F$%bAf&NC#jM!(!a-PpKG(4b,Q-!F$%bAf*KCh-ZB`"`-6*IBh*`G#jM!(!a-Pp
+MFR3ZB`"`-6*IC'9MFLjM!(!a-PpTEQPd,Q-!F$%bAfYPH5jM!(!a-PpVDA0c,Q-
+!F$%bAfaTBLjM!(!a-PpYB@-ZB`"`-6*IEA9dE#jM!(!a-PpcBQ&R,Q-!F$%bAh9
+dE#jM!("V-6*PFR)ZB`"`DcGIC'pTG#jM!("V0epXD@)ZB`"`Df0c0f9bFLjM!'e
+NAh*KEQ3ZB`"bB@jNCQPXC5jM!(*KEQ4IE'PL,Q-!FQ-bBfCL0M3ZB`"bBc*[CQ)
+f0#jM!(*M-PpMBQ-ZB`"bBc*IC@0L,Q-!FQ-bAh0VCANZB`"bBc4IC@jM,Q-!FQ-
+dAh0VCANZB`"bBc9MCQ)f0#jM!(*M0@pQBMBd,Q-!FQ-eAf9MBLjM!(*M09pPEQ-
+ZB`"bBc9IFfYPH5jM!(*YC&pNCh0d,Q-!FQeNAfpZC5jM!(*cB9pPBANZB`"bFf&
+ICA*b,Q-!FR0KAfGPELjM!(*cB9pXD@)ZB`"bFf&IEQpZC5jM!(*cB9p[B@9`,Q-
+!FR0KAh"V-5jM!(*cB9pcB@pc,Q-!FR0KAh0TCfiZB`"bFf&IFh0X,Q-!FfKK-@4
+RFh3ZB`"cD'%aAfpZC5jM!(0SB9pNCh0d,Q-!FfKKAfpZC5jM!(0dB@0V,Q-!G(K
+dAf4L,Q-!BRPIC'Pb,Q-!BRPICQPXC5jM!(Je-$PZB@eP,Q-!H$8`1A*cCA3ZB`"
+i06!jG(P`C5jM!(Je-$PIBfe`,Q-!H$8`19pN-LjM!(Je-$PIC'9Q,Q-!H$8`19p
+PFR)ZB`"i06!jAf9iG#jM!(Je-$PIE(8ZB`"i06!jAfpLDLjM!(Je-$PIFM*i,Q-
+!H$8`19pbCA%ZB`"i06!jAh0PG#jM!(Je-$PIG(Kd,Q-!H$8`19pf-bjM!(Je-$P
+IGQCj,Q-!H&pKE'`ZB`"f-f9bFLjM!(BcAf&VCANZB`"f-epKE(3ZB`"f-epLBfp
+ZFbjM!(BcAf*TG(0d,Q-!GM0IBfpZCLjM!(BcAf0`Efac,Q-!GM0IBh*XC#jM!(B
+cAf9ZG@dZB`"f-epPH(4VG5jM!(BcAfGPEQiZB`"f-epTB68ZB`"f-epTER3ZB`"
+f-epXD@)ZB`"f-ep`Dh8ZB`"f-ep`FQiZB`"f-epcDf9j,Q-!GM0IFhKZCA3ZB`"
+f-epeG'`ZB`"MF(4ICA*b,Q-!Bh*jF(4XD@)ZB`"PH&pNBA4K,Q-!E@9Y,Q-!690
+-)&0*6e9B,P"33bj-D@)!BQCIBR9QCLjM!(KIH$8`1@%ZB`"NFf&IEh0cE#jM!(J
+e-$PcF'YT,Q-!H$8`19pdFR-ZB`"f-ep`GA*`,Q-!GM0ID@jQEbjM!'*IF(*TER3
+ZB`"KAfeLFh4b,Q-!G&pcF'YT,Q-!G&pi06!jB5jM!(4IBQPdFh3ZB`"KAh0dFQj
+TC#jM!'*TEepMBLjM!'*cFepYC@dZB`"LFh0ICQ3ZB`"LFh0ICQPXC5jM!'*cFep
+ZG@aX,Q-!BQCIER9XE#jM!'*QAfjLD@mZB`"LFh0IBQP[,Q-!BPpNG@e`,Q-!C@j
+MAhGbDA3ZB`"`09pMFR"d,Q-!F$9IBh*`G$)ZB`"`-6*IER"KFbjM!("V0epKG(4
+b,Q-!F'XhAfeTE@8ZB`"`DcGIFfeTE@8ZB`"bFf&IBfKV,Q-!FR0KAfjeE'`ZB`"
+MGQ9bFfP[ELjM!%038h4bD@jR9A4TE(-ZBh"`!%9bFQpb5'&ZC'aTEQFZBh"`!%G
+PG%K89&"6,Q0`F!"0B@06Ef0VCA3ZBh"`!'ePE9pNBQFZB`"36&0dFQPZCdCeEQ0
+c8&"$,QaTBJ"LEPpMG(JZB`"bB@jNAf9bFLjM!(J!BA"`FbjM!'&`F&pbB@jN,Q-
+!BA0Z-A"KFR-ZB`"MB5jM!'0TF'KPFR-ZB`"MFQ`ZB`"MFQ`bF$FZB`"NCh0d,Q-
+!C'JZB`"NFf%ZB`"NFf&`BA*KE5jM!'9ZBbjM!'9bFR0dFLjM!'GPEQ4S,Q-!Cf9
+ZC(0K,Q-!Cf9ZFR0K,Q-!ER0PF5jM!'p`C@jcFf`ZB`"`Df0c-6)ZB`"`Df0c0bj
+M!("VBh-i,Q-!FQ9a,Q-!FR0K,Q-!Ff9cFepTC#jM!(0YD@eP,Q-!Fh"PC@3ZB`"
+cF'YKBbjM!(0IBf)ZB`"cAf0XD@9ZG#jM!(0IFf9bGQ9b,Q-!FepcEf0VCA3ZB`"
+fCA*TCRNZB`"fCA*cD@pZ,Q-!H$8`15jM!(0IG'PYC5jM!%G98dPI5@jTG#jMF(!
+!4e9659p$Eh*P,P"33bj-D@)!4e9659p08d`Z8&"$,NaTBJ"(990*Ae0*6e9B,P"
+33bj-D@)!6'PL8e0-,P"33bj-D@)!6'PL3h*jF(4[,P"33bj-D@)!6@&M6e-ZE'P
+L!%e66#"5G@jdD@eP0MK,,NaTBJ"2F'9Z9("d5@jPG#j[!%p`C@j8FQ&ZFh"[FR3
+ZE`"2F'9Z9(*KER0`Eh*d3A"`,Qm!690-)&0*6e9B,MBi5bj-D@)!690-)%-Z0MK
+,)%CK+$4TAcKN+5j-D@)!6@&dD%aTBMBi5b"'B5JdD9miC#NZ6'PL!%CTFR0d)&0
+PCfePER3!4e9659p$Eh*P,MBi5bj-D@)!4e9659p08d`Z0MK,,NaTBJ"(990*Ae0
+*6e9B,MBi5bj-D@)!6'PL3h*jF(4[,MBiDb"'B5JdD9miC#NZ6'PL!%aTBP066#i
+f1%XJ4Q%S0'PI1'3T,NaTBJ"(CA4)9&438b"38%-!6h"PEP066#"38%-!4f9d5&4
+88&-J0MK,!%aTBP066#!f1%X!6h"PEP066#!f1'X!6'PL8e0-)&"33`"-D@*$FRP
+`G'mJ8&"$!%aTBN0bHA"dEb!f1%X!1NGPG%K89&"6+&"33bN!6'PL)%PYF'pbG#"
+38%-!3Q&XE'p[EL")C@a`!%eA)%-[3bXV)&"33`"(B@eP3fpNC5"$EfjfCA*dCA)
+!4QaPH#"3FQ9`FQpMCA0cEh)!69FJ8'&cBf&X)&"33`"5CAS!8&"$3A0Y!%*TFfp
+Z)&"bCA"bEf0PFh0[FJ"B3dp'4L"*EA"[FR3J8&"$!&"&4L"*EA"[FR3J8&"$!$T
+2F'9Z8e0-!$T(CA4)9&438bJf1%XT!%aTBL"*EA"[FR3J0MK,!%e39b"*EA"[FR3
+J0MK,!%eA)%-[3bXV)$Bi5`"09b"3BA0MB@`J0MK,!&"&4L"*EA"[FR3J0MK,!$T
+-D@*68d`Z0MK,)%CK+$4TAcKN+5j-D@)!1Np`C@j68d`S0MKV+3!k6'PL8e0-,P"
+33bj-D@)!1NaTBN0bHA"dEbj38%-Z6'PL!$T-D@*$FRP`G'mZ0MKV)%CK+$4TAcK
+N+5j-D@)!6@&M6e-J8&"$)%aTEQYPFJ"0B@028b!f1%XJ6'PZDf9b!&0[GA*MC5"
+8FQ9PF`"$GA0dEfdJ5f9jGfpbC(-!3@0MCA0c)&"KG'Kc!&4KFQGPG#"6CA4dD@j
+RF`"'D@aP)%eKF("TEQGc!%*eD@aN)%9iG(*KF`"%C@*eCfGPFL"5G@jdD@eP!%4
+PBR9RCf9b)&4KFQGPG!"$,d-V+b"$Efe`D@aPFJ"$,d-V+b"ABA*ZD@jRF`"38%-
+J3fpNC8GPEJ"38%-J4'PcBA0cC@eLE'9b!&"33b"(E'pLB@`J6h"dD@eTHQ9b!&"
+33b"-D@jVCA)!8&"$)&"&4J"38%-J8(*[DQ9MG!"38%0"FfdJ8'&ZC@`!8Q9k)%0
+[EA"TE'9b!$Bi5b"$Ef4P4f9Z!$Bi5b"%DA0KFh0PE@*XCA)!0MK,)%GXEf*KE#"
+2F(4TE@PkCA)!0MK,)%aTEQYPFJ!f1%XJ8(*[DQ9MG!"$4Ndf1%X!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!!!$J!
+!!!)!!!!!!!!!'`!!!!-!!!!!!!!!)`!!!!3!!!!!!!!!0J!!!!8!!!!!!!!!4`!
+!!!B!!!!!!!!!@J!!!!F!!!!!!!!!F3!!!!J!!!!!!!!!JJ!!!!N!!!!!!!!!M3!
+!!!S!!!!!!!!!P`!!!!X!!!!!!!!!SJ!!!!`!!!!!!!!!V!!!!!d!!!!!!!!!Y`!
+!!!i!!!!!!!!!`3!!!!m!!!!!!!!!c!!!!"!!!!!!!!!!eJ!!!"%!!!!!!!!!h`!
+!!")!!!!!!!!!k!!!!"-!!!!!!!!!mJ!!!"3!!!!!!!!!q`!!!"8!!!!!!!!""3!
+!!"B!!!!!!!!"$`!!!"F!!!!!!!!"'3!!!"J!!!!!!!!")J!!!"N!!!!!!!!"+`!
+!!"S!!!!!!!!"03!!!"X!!!!!!!!"2J!!!"`!!!!!!!!"5!!!!"d!!!!!!!!"8`!
+!!"i!!!!!!!!"AJ!!!"m!!!!!!!!"D3!!!#!!!!!!!!!"G!!!!#%!!!!!!!!"IJ!
+!!#)!!!!!!!!"L3!!!#-!!!!!!!!"N`!!!#3!!!!!!!!"R3!!!#8!!!!!!!!"U!!
+!!#B!!!!!!!!"X`!!!#F!!!!!!!!"[3!!!#J!!!!!!!!"a`!!!#N!!!!!!!!"d!!
+!!#S!!!!!!!!"f3!!!#X!!!!!!!!"i`!!!#`!!!!!!!!"l3!!!#d!!!!!!!!"q!!
+!!#i!!!!!!!!#!`!!!#m!!!!!!!!#$J!!!$!!!!!!!!!#'3!!!$%!!!!!!!!#*!!
+!!$)!!!!!!!!#,!!!!$-!!!!!!!!#03!!!$3!!!!!!!!#2`!!!$8!!!!!!!!#5J!
+!!$B!!!!!!!!#93!!!$F!!!!!!!!#A3!!!$J!!!!!!!!#CJ!!!$N!!!!!!!!#F!!
+!!$S!!!!!!!!#H!!!!$X!!!!!!!!#J`!!!$`!!!!!!!!#L`!!!$d!!!!!!!!#P!!
+!!$i!!!!!!!!#R`!!!$m!!!!!!!!#U3!!!%!!!!!!!!!#X`!!!%%!!!!!!!!#Z`!
+!!%)!!!!!!!!#a!!!!%-!!!!!!!!#c3!!!%3!!!!!!!!#eJ!!!%8!!!!!!!!#i!!
+!!%B!!!!!!!!#k3!!!%F!!!!!!!!#p!!!!%J!!!!!!!!#r!!!!%N!!!!!!!!$"J!
+!!%S!!!!!!!!$%3!!!%X!!!!!!!!$'J!!!%`!!!!!!!!$)`!!!%d!!!!!!!!$,J!
+!!%i!!!!!!!!$13!!!%m!!!!!!!!$4!!!!&!!!!!!!!!$6`!!!&%!!!!!!!!$@J!
+!!&)!!!!!!!!$B`!!!&-!!!!!!!!$D`!!!&3!!!!!!!!$GJ!!!&8!!!!!!!!$J!!
+!!&B!!!!!!!!$L`!!!&F!!!!!!!!$P!!!!&J!!!!!!!!$R3!!!&N!!!!!!!!$U!!
+!!&S!!!!!!!!$X`!!!&X!!!!!!!!$[J!!!&`!!!!!!!!$b3!!!&d!!!!!!!!$d3!
+!!&i!!!!!!!!$fJ!!!&m!!!!!!!!$i`!!!'!!!!!!!!!$lJ!!!'%!!!!!!!!$q!!
+!!')!!!!!!!!%!3!!!'-!!!!!!!!%$!!!!'3!!!!!!!!%&3!!!'8!!!!!!!!%(J!
+!!'B!!!!!!!!%*`!!!'F!!!!!!!!%-J!!!'J!!!!!!!!%23!!!'N!!!!!!!!%5!!
+!!'S!!!!!!!!%83!!!'X!!!!!!!!%@`!!!'`!!!!!!!!%B`!!!'d!!!!!!!!%E!!
+!!'i!!!!!!!!%G!!!!'m!!!!!!!!%I3!!!(!!!!!!!!!%K`!!!(%!!!!!!!!%NJ!
+!!()!!!!!!!!%Q`!!!(-!!!!!!!!%S`!!!(3!!!!!!!!%V3!!!(8!!!!!!!!%YJ!
+!!(B!!!!!!!!%[`!!!(F!!!!!!!!%b!!!!(J!!!!!!!!%d`!!!(N!!!!!!!!%f`!
+!!(S!!!!!!!!%i`!!!(X!!!!!!!!%l!!!!(`!!!!!!!!%p!!!!(d!!!!!!!!%r3!
+!!(i!!!!!!!!&#!!!!(m!!!!!!!!&%3!!!)!!!!!!!!!&'J!!!)%!!!!!!!!&*3!
+!!))!!!!!!!!&,`!!!)-!!!!!!!!&13!!!)3!!!!!!!!&3`!!!)8!!!!!!!!&6J!
+!!)B!!!!!!!!&9`!!!)F!!!!!!!!&B!!!!)J!!!!!!!!&D`!!!)N!!!!!!!!&G!!
+!!)S!!!!!!!!&I3!!!)X!!!!!!!!&KJ!!!)`!!!!!!!!&N!!!!!#0!!!!!!!!"CN
+!!!#1!!!!!!!!"D)!!!#2!!!!!!!!"D`!!!#3!!!!!!!!!!@e!!!!N3!!!!!!!!@
+q!!!!NJ!!!!!!!!A*!!!!N`!!!!!!!!A8!!!!P!!!!!!!!!AH!!!!P3!!!!!!!!A
+S!!!!PJ!!!!!!!!Ac!!!!P`!!!!!!!!Am!!!!Q!!!!!!!!!B'!!!!Q3!!!!!!!!B
+2!!!!QJ!!!!!!!!BC!!!!Q`!!!!!!!!BM!!!!R!!!!!!!!!BV!!!!R3!!!!!!!!B
+c!!!!RJ!!!!!!!!Bp!!!!R`!!!!!!!!C'!!!!S!!!!!!!!!C4!!!!S3!!!!!!!!C
+C!!!!SJ!!!!!!!!CL!!!!S`!!!!!!!!CT!!!!T!!!!!!!!!Cd!!!!T3!!!!!!!!C
+r!!!!TJ!!!!!!!!D*!!!!T`!!!!!!!!D8!!!!U!!!!!!!!!DI!!!!U3!!!!!!!!D
+T!!!!UJ!!!!!!!!Dc!!!!U`!!!!!!!!Dq!!!!V!!!!!!!!!E)!!!!V3!!!!!!!!E
+A!!!!VJ!!!!!!!!EL!!!!V`!!!!!!!!EV!!!!X!!!!!!!!!Ef!!!!X3!!!!!!!!F
+"!!!!XJ!!!!!!!!F-!!!!X`!!!!!!!!F@!!!!Y!!!!!!!!!FK!!!!Y3!!!!!!!!F
+X!!!!YJ!!!!!!!!Fh!!!!Y`!!!!!!!!G#!!!!Z!!!!!!!!!G0!!!!Z3!!!!!!!!G
+A!!!!ZJ!!!!!!!!GK!!!!Z`!!!!!!!!GV!!!![!!!!!!!!!Gb!!!![3!!!!!!!!G
+p!!!![J!!!!!!!!H)!!!![`!!!!!!!!H4!!!!`!!!!!!!!!HD!!!!`3!!!!!!!!H
+M!!!!`J!!!!!!!!HX!!!!``!!!!!!!!Hh!!!!a!!!!!!!!!I"!!!!a3!!!!!!!!I
+,!!!!aJ!!!!!!!!I9!!!!a`!!!!!!!!II!!!!b!!!!!!!!!IU!!!!b3!!!!!!!!I
+d!!!!bJ!!!!!!!!Ik!!!!b`!!!!!!!!J%!!!!c!!!!!!!!!J1!!!!c3!!!!!!!!J
+B!!!!cJ!!!!!!!!JL!!!!c`!!!!!!!!JV!!!!d!!!!!!!!!Jd!!!!d3!!!!!!!!J
+m!!!!dJ!!!!!!!!K&!!!!d`!!!!!!!!K1!!!!e!!!!!!!!!KB!!!!e3!!!!!!!!K
+L!!!!eJ!!!!!!!!KX!!!!e`!!!!!!!!Kf!!!!f!!!!!!!!!L!!!!!f3!!!!!!!!L
+,!!!!fJ!!!!!!!!L@!!!!f`!!!!!!!!LK!!!!h!!!!!!!!!LV!!!!h3!!!!!!!!L
+e!!!!hJ!!!!!!!!Lr!!!!h`!!!!!!!!M+!!!!i!!!!!!!!!M9!!!!i3!!!!!!!!M
+J!!!!iJ!!!!!!!!MV!!!!i`!!!!!!!!Me!!!!j!!!!!!!!!Mr!!!!j3!!!!!!!!N
+*!!!!jJ!!!!!!!!N8!!!!j`!!!!!!!!NI!!!!k!!!!!!!!!NU!!!!k3!!!!!!!!N
+e!!!!kJ!!!!!!!!Nr!!!!k`!!!!!!!!P*!!!!l!!!!!!!!!P6!!!!l3!!!!!!!!P
+H!!!!lJ!!!!!!!!PT!!!!l`!!!!!!!!Pb!!!!m!!!!!!!!!Pp!!!!m3!!!!!!!!Q
+)!!!!mJ!!!!!!!!Q5!!!!m`!!!!!!!!QF!!!!p!!!!!!!!!QQ!!!!p3!!!!!!!!Q
+a!!!!pJ!!!!!!!!Qm!!!!p`!!!!!!!!R%!!!!q!!!!!!!!!R2!!!!q3!!!!!!!!R
+A!!!!qJ!!!!!!!!RJ!!!!q`!!!!!!!!RS!!!!r!!!!!!!!!R`!!!!r3!!!!!!!!R
+j!!!!rJ!!!!!!!!S#!!!!r`!!!!!!!!S0!!!"!!!!!!!!!!S9!!!"!3!!!!!!!!S
+H!!!"!J!!!!!!!!SQ!!!"!`!!!!!!!!SZ!!!""!!!!!!!!!Sf!!!""3!!!!!!!!S
+q!!!""J!!!!!!!!T(!!!""`!!!!!!!!T3!!!"#!!!!!!!!!TC!!!"#3!!!!!!!!T
+N!!!"#J!!!!!!!!TV!!!"#`!!!!!!!!Tc!!!"$!!!!!!!!!Tp!!!"$3!!!!!!!!U
+&!!!"$J!!!!!!!!U2!!!"$`!!!!!!!!UB!!!"%!!!!!!!!!UJ!!!"%3!!!!!!!!U
+V!!!"%J!!!!!!!!Uf!!!"%`!!!!!!!!V!!!!"&!!!!!!!!!V,!!!"&3!!!!!!!!V
+9!!!"&J!!!!!!!!VJ!!!"&`!!!!!!!!VV!!!"'!!!!!!!!!Ve!!!"'3!!!!!!!!V
+r!!!"'J!!!!!!!!X*!!!"'`!!!!!!!!X6!!!"(!!!!!!!!!XG!!!"(3!!!!!!!!X
+R!!!"(J!!!!!!!!Xb!!!"(`!!!!!!!!Xm!!!")!!!!!!!!!Y(!!!")3!!!!!!!!Y
+5!!!")J!!!!!!!!YF!!!")`!!!!!!!!YR!!!"*!!!!!!!!!Yb!!!"*3!!!!!!!!Y
+p!!!"*J!!!!!!!!Z(!!!"*`!!!!!!!!Z5!!!"+!!!!!!!!!ZG!!!"+3!!!!!!!!Z
+R!!!"+J!!!!!!!!Zb!!!"+`!!!!!!!!Zm!!!",!!!!!!!!!['!!!",3!!!!!!!![
+4!!!",J!!!!!!!![F!!!",`!!!!!!!![Q!!!"-!!!!!!!!![`!!!"-3!!!!!!!![
+l!!!"-J!!!!!!!!`&!!!"-`!!!!!!!!`3!!!"0!!!!!!!!!`D!!!"03!!!!!!!!`
+P!!!"0J!!!!!!!!``!!!"0`!!!!!!!!`l!!!"1!!!!!!!!!a'!!!"13!!!!!!!!a
+3!!!"1J!!!!!!!!aD!!!"1`!!!!!!!!aP!!!"2!!!!!!!!!a[!!!"23!!!!!!!!a
+k!!!"2J!!!!!!!!b&!!!"2`!!!!!!!!b3!!!!!8!!!!!!!!!-QJ!!!8%!!!!!!!!
+-T!!!!8)!!!!!!!!-V`!!!8-!!!!!!!!-ZJ!!!83!!!!!!!!-a!!!!88!!!!!!!!
+-cJ!!!8B!!!!!!!!-f!!!!8F!!!!!!!!-iJ!!!8J!!!!!!!!-l!!!!8N!!!!!!!!
+-p`!!!8S!!!!!!!!0!J!!!8X!!!!!!!!0$!!!!8`!!!!!!!!0&`!!!8d!!!!!!!!
+0)J!!!8i!!!!!!!!0,!!!!8m!!!!!!!!00`!!!9!!!!!!!!!03J!!!9%!!!!!!!!
+063!!!9)!!!!!!!!09`!!!9-!!!!!!!!0A`!!!93!!!!!!!!0D!!!!98!!!!!!!!
+0F3!!!9B!!!!!!!!0H`!!!9F!!!!!!!!0KJ!!!9J!!!!!!!!0N3!!!9N!!!!!!!!
+0R!!!!9S!!!!!!!!0T`!!!9X!!!!!!!!0X3!!!9`!!!!!!!!0[!!!!9d!!!!!!!!
+0a`!!!9i!!!!!!!!0dJ!!!9m!!!!!!!!0h!!!!@!!!!!!!!!0j`!!!@%!!!!!!!!
+0mJ!!!@)!!!!!!!!0r3!!!@-!!!!!!!!1#!!!!@3!!!!!!!!1%`!!!@8!!!!!!!!
+1(3!!!@B!!!!!!!!1+!!!!@F!!!!!!!!1-!!!!@J!!!!!!!!11!!!!@N!!!!!!!!
+13J!!!@S!!!!!!!!15`!!!@X!!!!!!!!19J!!!@`!!!!!!!!1B3!!!@d!!!!!!!!
+1D`!!!@i!!!!!!!!1GJ!!!@m!!!!!!!!1J!!!!A!!!!!!!!!1LJ!!!A%!!!!!!!!
+1P3!!!A)!!!!!!!!1R`!!!A-!!!!!!!!1U!!!!A3!!!!!!!!1X3!!!A8!!!!!!!!
+1ZJ!!!AB!!!!!!!!1``!!!AF!!!!!!!!1c!!!!AJ!!!!!!!!1eJ!!!AN!!!!!!!!
+1i3!!!AS!!!!!!!!1kJ!!!AX!!!!!!!!1p!!!!A`!!!!!!!!1r`!!!Ad!!!!!!!!
+2#3!!!Ai!!!!!!!!2$`!!!Am!!!!!!!!2)3!!!B!!!!!!!!!2+`!!!B%!!!!!!!!
+203!!!B)!!!!!!!!23!!!!B-!!!!!!!!25`!!!B3!!!!!!!!29J!!!B8!!!!!!!!
+2B!!!!BB!!!!!!!!2DJ!!!BF!!!!!!!!2G!!!!BJ!!!!!!!!2IJ!!!BN!!!!!!!!
+2K`!!!BS!!!!!!!!2N3!!!BX!!!!!!!!2Q`!!!B`!!!!!!!!2TJ!!!Bd!!!!!!!!
+2V`!!!Bi!!!!!!!!2Z3!!!Bm!!!!!!!!2`J!!!C!!!!!!!!!!$md!!!'4!!!!!!!
+!$pJ!!!'5!!!!!!!!$q)!!!'6!!!!!!!!$q`!!!'8!!!!!!!!$rB!!!'9!!!!!!!
+!$rm!!!'@!!!!!!!!%!S!!!'A!!!!!!!!%"3!!!'B!!!!!!!!%"m!!!'C!!!!!!!
+!%#S!!!'D!!!!!!!!%$8!!!'E!!!!!!!!%%!!!!'F!!!!!!!!%%`!!!'G!!!!!!!
+!%&B!!!'H!!!!!!!!%'%!!!'I!!!!!!!!%'`!!!'J!!!!!!!!%(i!!!'K!!!!!!!
+!%*!!!!!"SJ!!!!!!!"#G!!!"S`!!!!!!!"#V!!!"T!!!!!!!!"#e!!!"T3!!!!!
+!!"$+!!!"TJ!!!!!!!"$6!!!"T`!!!!!!!"$H!!!"U!!!!!!!!"$J!!!"U3!!!!!
+!!"$R!!!"UJ!!!!!!!"$b!!!"U`!!!!!!!"$p!!!"V!!!!!!!!"%#!!!"V3!!!!!
+!!"%-!!!"VJ!!!!!!!"%5!!!"V`!!!!!!!"%E!!!"X!!!!!!!!"%L!!!"X3!!!!!
+!!"%R!!!"XJ!!!!!!!"%Y!!!"X`!!!!!!!"%i!!!"Y!!!!!!!!"%q!!!"Y3!!!!!
+!!"&(!!!"YJ!!!!!!!"&2!!!"Y`!!!!!!!"&B!!!"Z!!!!!!!!"&K!!!"Z3!!!!!
+!!"&S!!!"ZJ!!!!!!!"&b!!!"Z`!!!!!!!"&l!!!"[!!!!!!!!"'$!!!"[3!!!!!
+!!"',!!!"[J!!!!!!!"'4!!!"[`!!!!!!!"'A!!!"`!!!!!!!!"'K!!!"`3!!!!!
+!!"'T!!!"`J!!!!!!!"'a!!!"``!!!!!!!"'j!!!"a!!!!!!!!"(!!!!"a3!!!!!
+!!"(,!!!"aJ!!!!!!!"(@!!!"a`!!!!!!!"(K!!!"b!!!!!!!!"(U!!!"b3!!!!!
+!!"(d!!!"bJ!!!!!!!"(l!!!"b`!!!!!!!")%!!!"c!!!!!!!!")5!!!"c3!!!!!
+!!")N!!!"cJ!!!!!!!")e!!!"c`!!!!!!!"*)!!!"d!!!!!!!!"*A!!!"d3!!!!!
+!!"*T!!!"dJ!!!!!!!"*c!!!"d`!!!!!!!"+'!!!"e!!!!!!!!"+8!!!"e3!!!!!
+!!"+N!!!"eJ!!!!!!!"+h!!!"e`!!!!!!!",*!!!"f!!!!!!!!",K!!!"f3!!!!!
+!!",k!!!"fJ!!!!!!!"-)!!!"f`!!!!!!!"-D!!!"h!!!!!!!!"-V!!!"h3!!!!!
+!!"-q!!!"hJ!!!!!!!"0D!!!"h`!!!!!!!"0c!!!"i!!!!!!!!"1!!!!"i3!!!!!
+!!"1-!!!"iJ!!!!!!!"1C!!!"i`!!!!!!!"1N!!!"j!!!!!!!!"1`!!!"j3!!!!!
+!!"1l!!!"jJ!!!!!!!"2*!!!"j`!!!!!!!"2A!!!"k!!!!!!!!"2Q!!!"k3!!!!!
+!!"2e!!!"kJ!!!!!!!"3#!!!"k`!!!!!!!"32!!!"l!!!!!!!!"3L!!!"l3!!!!!
+!!"3d!!!"lJ!!!!!!!"4#!!!"l`!!!!!!!"4'!!!"m!!!!!!!!"40!!!"m3!!!!!
+!!"4J!!!"mJ!!!!!!!"4a!!!"m`!!!!!!!"5!!!!"p!!!!!!!!"5*!!!"p3!!!!!
+!!"5B!!!"pJ!!!!!!!"5R!!!"p`!!!!!!!"5f!!!"q!!!!!!!!"6$!!!"q3!!!!!
+!!"64!!!"qJ!!!!!!!"6J!!!"q`!!!!!!!"6k!!!"r!!!!!!!!"8)!!!"r3!!!!!
+!!"8B!!!"rJ!!!!!!!"8V!!!"r`!!!!!!!"9)!!!#!!!!!!!!!"9C!!!#!3!!!!!
+!!"9U!!!#!J!!!!!!!"9h!!!#!`!!!!!!!"@(!!!#"!!!!!!!!"@8!!!#"3!!!!!
+!!"@N!!!#"J!!!!!!!"@b!!!#"`!!!!!!!"@r!!!##!!!!!!!!"A3!!!##3!!!!!
+!!"AJ!!!##J!!!!!!!"A[!!!##`!!!!!!!"Aq!!!#$!!!!!!!!"B+!!!#$3!!!!!
+!!"BE!!!#$J!!!!!!!"B`!!!#$`!!!!!!!"Bl!!!#%!!!!!!!!"C$!!!#%3!!!!!
+!!"C2!!!#%J!!!!!!!"CF!!!#%`!!!!!!!"CT!!!#&!!!!!!!!"Ce!!!#&3!!!!!
+!!"D'!!!#&J!!!!!!!"DE!!!#&`!!!!!!!"DQ!!!#'!!!!!!!!"Db!!!#'3!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)
+!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!!!,3!!!!S!!!!,!!!!$!!!!!d
+!!!!1!!!!$`!!!"!!!!!4!!!!%J!!!"-!!!!8!!!!&3!!!"B!!!!A!!!!'!!!!"N
+!!!!D!!!!'`!!!"`!!!!G!!!!(J!!!"m!!!!J!!!!)3!!!#)!!!!M!!!!*!!!!#8
+!!!!Q!!!!*`!!!#J!!!!T!!!!+J!!!#X!!!!X!!!!,J!!!#m!!!!`!!!!-3!!!$)
+!!!!c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!0!!!!%!#!!!!!J!!0!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!!!!B
+!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!!!")
+!!!!@!!!!'`!!!"J!!!!C!!!!'J!!!"`!!!!G!!!!&`!!!"-!!!!8!!!!&3!!!"m
+!!!!H!!!!)!!!!#!&!!!!"3!!)!!!!KN!!!)J!!!@Z3!!'!!!!!)C!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!#!!!#!!!!!J%!!!&P!!!![!!!!'m!!!&Q!!!!F!!!!(%
+!!!"b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!B!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!
+#`NI`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!%!!!
+!"8!!!!B!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!%!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!#!!%k6@&M6e-
+J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!%!!)
+!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr
+rrd!!!!8!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!4f9d5&488&-J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b"38%-J6'PZDf9b!!!
+!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMB`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF(!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jRB`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9b!!!
+!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#jX!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)!!!!
+!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BA-
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`BfJ
+V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#jb!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jj!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfpb!!!
+!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!C'pMG3!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!"!!!
+!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!3%!!3%!!!!!!!%"!!!
+"!3!"!!!"!!%!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!"G0B@028b"8EfpXBQp
+i)%4&3P9()$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!r2cmr39"36!!!!B"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!0!!%!!!!!!""I69G&8NY6Ah"bC@CTH#jS!!!!!!!!!!!!!!!!!!!!!!!
+"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$m
+r2cp"8&"-!!%"!!!%)#!J)!15Jf!$G0pi!`1Yi!!&!J%!!3%!!3%"!!!"!!!!!!!
+!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!e(CA4)9&438bK38%-T!!!!!!!
+!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!!!!!
+!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P$9#F
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!3!
+!!!%#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!)!!!!#!J%!!!!
+!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!"!!!$!!!!!`)"!!!!!!!"!!%$!!!
+!!!!!!!!!!!!!"!!!!!!!!!!!!3!!"!!!!!3#!3!!!!!!!3!"!`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!%!!!8!!!!&!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!'!!!!"J)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"3!!!!!!!!!!!3!!"`!
+!!!F#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!J!!!!)!J%!!!!
+!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!"!!!*!!!!#3)"!!!!!!!"!!%$!!!
+!!!!!!!!!!!!!"3!!!!!!!!!!!3!!#J!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!!X!!!!,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!-!!!!$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!$3!
+!!!d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!i!!!!1!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!2!!!!$`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%!!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!"%!!!!4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!5!!!!%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%`!
+!!"-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"3!!!!8!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!9!!!!&3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!&J!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!"F!!!!A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!B!!!!'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!'3!
+!!"N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"S!!!!D!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!E!!!!'`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(!!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!"d!!!!G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!H!!!!(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(`!
+!!"m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#!!!!!J!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!K!!!!)3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!)J!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!#-!!!!M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!N!!!!*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!*3!
+!!#8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#B!!!!Q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!R!!!!*`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+!!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!#N!!!!T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!U!!!!+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+`!
+!!#X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#`!!!!X!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!Y!!!!,3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!,J!!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!#m!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!`!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!-3!
+!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$)!!!!b!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!c!!!!-`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0!!!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!$8!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!f!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0`!
+!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$J!!!!i!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!j!!!!13)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!1J!!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!$X!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!m!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!23!
+!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$i!!!!q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!r!!!!2`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3!!!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!%%!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"#!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3`!
+!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%3!!!"%!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"&!!!!43)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!4J!!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!%F!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!")!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!53!
+!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%S!!!"+!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!",!!!!5`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6!!!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!%d!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"1!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6`!
+!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&!!!!"3!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"4!!!!83)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!8J!!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!&-!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"8!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!93!
+!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&B!!!"@!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"A!!!!9`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@!!!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!&N!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"D!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@`!
+!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&`!!!"F!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"G!!!!A3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!AJ!!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!&m!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"J!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!B3!
+!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!')!!!"L!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"M!!!!B`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C!!!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!'8!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"Q!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C`!
+!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'J!!!"S!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"T!!!!D3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!DJ!!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!'X!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"X!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!E3!
+!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'i!!!"Z!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"[!!!!E`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F!!!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!(%!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"b!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F`!
+!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(3!!!"d!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"e!!!!G3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!GJ!!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!(F!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"i!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!H3!
+!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(S!!!"k!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"l!!!!H`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I!!!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!(d!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"q!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I`!
+!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)!!!!#!!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#"!!!!J3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!JJ!!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!)-!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!#%!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!K3!
+!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)B!!!#'!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#(!!!!K`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L!!!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!)N!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!#+!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L`!
+!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)`!!!#-!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#0!!!!M3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!MJ!!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!)m!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!#3!!!!!*!!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+4!!!!N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!NJ!!!*)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*-!!!#6!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#8!!!!P!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!P3!!!*8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!*B!!!#@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+A!!!!P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!Q!!!!*J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*N!!!#C!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#D!!!!QJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!Q`!!!*X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!*`!!!#F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+G!!!!R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!RJ!!!*i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*m!!!#I!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#J!!!!S!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!S3!!!+%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!+)!!!#L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+M!!!!S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!T!!!!+3#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+8!!!#P!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#Q!!!!TJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!T`!!!+F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!+J!!!#S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+T!!!!U3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!UJ!!!+S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+X!!!#V!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#X!!!!V!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!V3!!!+d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!+i!!!#Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+[!!!!V`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!X!!!!,!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,%!!!#a!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#b!!!!XJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!X`!!!,-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!,3!!!#d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+e!!!!Y3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!YJ!!!,B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,F!!!#h!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#i!!!!Z!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!Z3!!!,N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!,S!!!#k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+l!!!!Z`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!![!!!!,`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,d!!!#p!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#q!!!![J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!![`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!-!!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+"!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!`J!!!-)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!--!!!$$!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$%!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!a3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!-B!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+(!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!b!!!!-J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-N!!!$*!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$+!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!b`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!-`!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+0!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!cJ!!!-i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-m!!!$2!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$3!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!d3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!0)!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+6!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!e!!!!03#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!08!!!$9!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$@!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!e`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!0J!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+C!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!fJ!!!0S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!0X!!!$E!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$F!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!h3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!0i!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+I!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!i!!!!1!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1%!!!$K!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$L!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!i`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!13!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+P!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!jJ!!!1B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1F!!!$R!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$S!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!k3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!1S!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+V!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!l!!!!1`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1d!!!$Y!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$Z!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!l`!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!2!!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+a!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!mJ!!!2)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2-!!!$c!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$d!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!p3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!2B!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+h!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!q!!!!2J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2N!!!$j!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$k!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!q`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!2`!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+p!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!rJ!!!2i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2m!!!$r!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%!!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"!3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!3)!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+$!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!""!!!!33#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!38!!!%&!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%'!!!""J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!""`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!3J!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+*!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"#J!!!3S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!3X!!!%,!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%-!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"$3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!3i!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+2!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"%!!!!4!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4%!!!%4!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%5!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"%`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!43!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+9!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"&J!!!4B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4F!!!%A!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%B!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"'3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!4S!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+E!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"(!!!!4`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4d!!!%G!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%H!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"(`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!5!!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+K!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!")J!!!5)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5-!!!%M!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%N!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"*3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!5B!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+R!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"+!!!!5J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5N!!!%T!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%U!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"+`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!5`!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+Y!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!",J!!!5i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5m!!!%[!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%`!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"-3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!6)!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+c!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"0!!!!63#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!68!!!%e!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%f!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"0`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!6J!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+j!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"1J!!!6S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!6X!!!%l!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%m!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"23!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!6i!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+r!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"3!!!!8!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8%!!!&"!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&#!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"3`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!83!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+&!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"4J!!!8B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8F!!!&(!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&)!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"53!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!8S!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+,!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"6!!!!8`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8d!!!&0!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&1!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"6`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!9!!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+4!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"8J!!!9)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9-!!!&6!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&8!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"93!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!9B!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+A!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"@!!!!9J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9N!!!&C!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&D!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"@`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!9`!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+G!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"AJ!!!9i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9m!!!&I!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&J!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"B3!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!@)!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+M!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"C!!!!@3#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@8!!!&P!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&Q!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"C`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!@J!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+T!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"DJ!!!@S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@X!!!&V!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&X!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"E3!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!@i!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+[!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"F!!!!A!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!A%!!!&a!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&b!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"F`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!A3!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+e!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"GJ!!!AB#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!AF!!!&h!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&i!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"H3!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!AS!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+l!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"I!!!!A`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Ad!!!&p!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&q!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"I`!!!Am#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!B!!!!'!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
+"!!!"J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"JJ!!!B)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!B-!!!'$!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'%!!!"K!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"K3!!!B8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!BB!!!''!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
+(!!!"K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"L!!!!BJ#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!BN!!!'*!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'+!!!"LJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"L`!!!BX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!B`!!!'-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
+0!!!"M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"MJ!!!Bi#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Bm!!!'2!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'3!!!!!C!!!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'4!!!"N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"NJ!!!C)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!C-!!!'6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'8!!!"P!)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"P3!!!C8#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!CB!!!'@!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'A!!!"P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"Q!!!!CJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!CN!!!'C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'D!!!"QJ)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"Q`!!!CX#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!C`!!!'F!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'G!!!"R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"RJ!!!Ci#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!Cm!!!'I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'J!!!"S!)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"S3!!!D%#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!D)!!!'L!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'M!!!"S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"T!!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!D8!!!'P!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'Q!!!"TJ)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"T`!!!DF#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`!
+!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!
+!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`!
+!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!U!!!!+`!
+!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!f!!!!0`!
+!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"#!!!!3`!
+!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"1!!!!6`!
+!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"D!!!!@`!
+!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"Q!!!!C`!
+!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"b!!!!F`!
+!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"q!!!!I`!
+!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#+!!!!L`!
+!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!!PJ!!!*F
+!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!!SJ!!!+-
+!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m
+!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X
+!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!!aJ!!!-F
+!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!!dJ!!!0-
+!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m
+!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X
+!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F
+!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"!J!!!3-
+!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!"$J!!!3m
+!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!"'J!!!4X
+!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!"*J!!!5F
+!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!"-J!!!6-
+!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!"2J!!!6m
+!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!"5J!!!8X
+!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!"9J!!!9F
+!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!"BJ!!!@-
+!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m
+!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!A8!!!&f!!!"G`!!!AJ!!!&j!!!"HJ!!!AX
+!!!&m!!!"I3!!!Ai!!!&r!!!"J!!!!B%!!!'#!!!"J`!!!B3!!!'&!!!"KJ!!!BF
+!!!')!!!"L3!!!BS!!!',!!!"M!!!!Bd!!!'1!!!"M`!!!C!!!!!"N3!!!C)!!!'
+6!!!"P!!!!C8!!!'@!!!"P`!!!CJ!!!'C!!!"QJ!!!CX!!!'F!!!"R3!!!Ci!!!'
+I!!!"S!!!!D%!!!'L!!!"S`!!!D3!!!'P!!!"TJ!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'R!!!"`!%!!!!"!!'
+R!3!"SJ%!!D-"!!'K!3!"S!%!!!X"!!!-!3!!#J%!!!d"!!!1!3!!$`%!!"!"!!!
+4!3!!%J%!!"-"!!!8!3!!&3%!!"B"!!!A!3!!'!%!!"N"!!!D!3!!'`%!!"`"!!!
+G!3!!(J%!!"m"!!!J!3!!)3%!!#)"!!!M!3!!*!%!!#8"!!!Q!3!!*`%!!#J"!!!
+T!3!!+J%!!#X"!!!X!3!!,3%!!#i"!!![!3!!-!%!!$%"!!!b!3!!-`%!!$3"!!!
+e!3!!0J%!!$F"!!!i!3!!13%!!$S"!!!l!3!!2!%!!$d"!!!q!3!!2`%!!%!"!!"
+"!3!!3J%!!%-"!!"%!3!!43%!!%B"!!"(!3!!5!%!!%N"!!"+!3!!5`%!!%`"!!"
+0!3!!6J%!!%m"!!"3!3!!83%!!&)"!!"6!3!!9!%!!&8"!!"@!3!!9`%!!&J"!!"
+C!3!!@J%!!&X"!!"F!3!!A3%!!&i"!!"I!3!!B!%!!'%"!!"L!3!!B`%!!'3"!!"
+P!3!!CJ%!!'F"!!"S!3!!D3%!!'S"!!"V!3!!E!%!!'d"!!"Z!3!!E`%!!(!"!!"
+a!3!!FJ%!!(-"!!"d!3!!G3%!!(B"!!"h!3!!H!%!!(N"!!"k!3!!H`%!!(`"!!"
+p!3!!IJ%!!(m"!!#!!3!!J3%!!))"!!#$!3!!K!%!!)8"!!#'!3!!K`%!!)J"!!'
+Q!3!!L3%!!)S"!!#,!3!!M!%!!)d"!!#1!3!!M`%!!*!!!3!!N3%!!*)"!!#6!3!
+!P!%!!*8"!!#@!3!!P`%!!*J"!!#C!3!!QJ%!!*X"!!#F!3!!R3%!!*i"!!#I!3!
+!S!%!!+%"!!#L!3!!S`%!!+3"!!#P!3!!TJ%!!+F"!!#S!3!!U3%!!+S"!!#V!3!
+!V!%!!+d"!!#Z!3!!V`%!!,!"!!#a!3!!XJ%!!,-"!!#d!3!!Y3%!!,B"!!#h!3!
+!Z!%!!,N"!!#k!3!!Z`%!!,`"!!#p!3!![J%!!,m"!!$!!3!!`3%!!-)"!!$$!3!
+!a!%!!-8"!!$'!3!!a`%!!-J"!!$*!3!!bJ%!!-X"!!$-!3!!c3%!!-i"!!$2!3!
+!d!%!!0%"!!$5!3!!d`%!!03"!!$9!3!!eJ%!!0F"!!$B!3!!f3%!!0S"!!$E!3!
+!h!%!!0d"!!$H!3!!h`%!!1!"!!$K!3!!iJ%!!1-"!!$N!3!!j3%!!1B"!!$R!3!
+!k!%!!1N"!!$U!3!!k`%!!1`"!!$Y!3!!lJ%!!1m"!!$`!3!!m3%!!2)"!!$c!3!
+!p!%!!28"!!$f!3!!p`%!!2J"!!$j!3!!qJ%!!2X"!!$m!3!!r3%!!2i"!!$r!3!
+"!!%!!3%"!!%#!3!"!`%!!33"!!%&!3!""J%!!3F"!!%)!3!"#3%!!3S"!!%,!3!
+"$!%!!3d"!!%1!3!"$`%!!4!"!!%4!3!"%J%!!4-"!!%8!3!"&3%!!4B"!!%A!3!
+"'!%!!4N"!!%D!3!"'`%!!4`"!!%G!3!"(J%!!4m"!!%J!3!")3%!!5)"!!%M!3!
+"*!%!!58"!!%Q!3!"*`%!!5J"!!%T!3!"+J%!!5X"!!%X!3!",3%!!5i"!!%[!3!
+"-!%!!6%"!!%b!3!"-`%!!63"!!%e!3!"T`%!!6B"!!%h!3!"1!%!!6N"!!%k!3!
+"1`%!!6`"!!%p!3!"2J%!!6m"!!&!!3!"33%!!8)"!!&$!3!"4!%!!88"!!&'!3!
+"4`%!!8J"!!&*!3!"5J%!!8X"!!&-!3!"63%!!8i"!!&2!3!"8!%!!9%"!!&5!3!
+"8`%!!93"!!&9!3!"9J%!!9F"!!&B!3!"@3%!!9S"!!&E!3!"A!%!!9d"!!&H!3!
+"A`%!!@!"!!&K!3!"BJ%!!@-"!!&N!3!"C3%!!@B"!!&R!3!"D!%!!@N"!!&U!3!
+"D`%!!@`"!!&Y!3!"EJ%!!@m"!!&`!3!"F3%!!A)"!!&c!3!"G!%!!A8"!!&f!3!
+"G`%!!AJ"!!&j!3!"HJ%!!AX"!!&m!3!"I3%!!Ai"!!'!!3!"J3%!!B)"!!'$!3!
+"K!%!!B8"!!''!3!"K`%!!BJ"!!'*!3!"LJ%!!BX"!!'-!3!"M3%!!Bi"!!'2!3!
+"N!!"!!'4!3!"NJ%!!C-"!!'8!3!"P3%!!CB"!!'A!3!"Q!%!!CN"!!'D!3!"Q`%
+!!C`"!!'G!3!"RJ%!!Cm"!!'N!3!"I`%!!!%"!!!%!3!!!`%!!!)"!!!*!3!!"3%
+!!!B"!!!(!3!!#!%!!D8!!!'S!!%!+!!!!#!$NFQ3!$mr!!!!!!!!!!!!!!14bC!
+!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6T)HA"PFN0
+KFQ3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!#`NI
+`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!'!!!!"8!
+!!!J!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%
+!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!"!!%k1MT(990*1QP
+ZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!%!!%!!6S
+k1NG98dNkE'PL1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!
+!!!8!!J!"1NeKBdp6)&0eF("[FR3k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%
+!!!$rrrrr3!!!"J!#!!%k690-1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!3!!!2rrrrp!!!!(!!S!!%eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%p`C@j68d`J8&"$!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1J!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!"6@&M6e-
+J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!(N&38%`!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!B!!!!%&`F'`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%e06%)!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%e36%B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA"
+[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA3d3!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!B!!!!&*68N-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&4&@&3ZBQJ!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%*KE'a[EfiJ5'9XF!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&4&@&3ZB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX
+V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBbXV!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&4&@&3ZBf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX
+V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&4&@&3ZBh"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX
+V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCAK`!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&4&@&3ZCf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%GKE@9$Ef4
+P)%0[ERCPFR4PFJ!!!!!!!!!!!!!!!!!!3!!!!&4&@&3ZD!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!
+!%!!!!&4&@&3ZE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%CXCAJJ8(*
+PF(*[Bf9cFfpb!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&4&@&3ZF'&c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0
+KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'0S!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!
+!J!!!!&4&@&3ZF'0S+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bX
+V)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF("e!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!J!!!!&4&@&3ZFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&*PHJ!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF`!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&"33d&cE3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&4&@&3ZH3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%*TFfpZ)&"
+bCA"bEf0PFh0[FJ!!!!!!!!!!!!!!!!!!J!!!!&K$6dB!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&K$6dC')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!
+!!!!!!'4[Bh8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(*cFQ-!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!B!!!!(0SE')!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA"
+[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(0dG@)!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!ZC'pM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!!!!&!3%!!3!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!B!!!!!!3!!!!!&!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!3%!!'eKD@i!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!%!!3!!!!%"!3%
+"!!%"!!!!!!!"!3!!!3%!!3!!!3!"!!!!!!!!!!!!#!%!!3%!!3%!!!!"!!!*!!!
+A6@&M6e-J9'p[E'*[H#"%48*94b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!'!@-!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+r2cmr!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!$3!"!!!!!!!9AdeA49*,8ep(990*Ah"bC@CTH#j
+S!!!!!!!!!!!!!!!!!3!!!3!!!!!!!3!!!!!!!!!!!!!&!3%"!!!"!3!"!!!!!!3
+!!!!!!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%!!!P0CA*
+RC5"2GA3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!r2cmr39"36!!"!3!!"#!J)#!$NS0J!h6IH!-$VH!!"3)"!!%
+"!!%"!3!!!3!!!!!!!!!"!3%"!!%"!!%!!33!!!!!!!!!!!!!"`%"!!%!!!%!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!(6h"PEP0
+66!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"-!!!%!!!!"!!!!!"!!!"
+B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!"2cmr2`!!!!!!!!!#!!!!!J!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!J"3!!%!!3!"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&#G$6d4&*b!
+R4%&835FJ*e"*3e3R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!K-!!!)8!!!#&3!!!KB!!!)A!!!"p!!!!HF!!!(q!!!"r3!!!IS
+!!!(m!!!"m`!!!IX!!!)$!!!"U!!!!DN!!!'U!!!!,!!!!#d!!!!Z!!!!,`!!!$!
+!!!!a!!!!-J!!!$-!!!!d!!!!03!!!$B!!!!h!!!!1!!!!$N!!!!k!!!!1`!!!BF
+!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!',!!!!3J!!!%-!!!"%!!!!43!!!%B
+!!!"(!!!"k3!!!Am!!!"p!!!!IJ!!!(m!!!'5!!!"N3!!!)!!!!#"!!!!c!!!!B`
+!!!$0!!!!JJ!!!)-!!!$1!!!!c`!!!!N!!!(`!!!!K3!!!)B!!!#(!!!"T3!!!)J
+!!!#*!!!!LJ!!!)X!!!#-!!!!M3!!!)i!!!#2!!!!N!!!!!#4!!!!NJ!!!*-!!!#
+8!!!!P3!!!*B!!!#A!!!"N`!!!Bi!!!'2!!!"M3!!!C!!!!!!K!!!!*J!!!#C!!!
+#"J!!!93!!!&9!!!"P!!!!BB!!!)*!!!##J!!!DX!!!#N!!!!T3!!!+B!!!#R!!!
+!U!!!!KJ!!!'X!!!!R`!!!+)!!!#M!!!"R`!!!AS!!!'Y!!!"VJ!!!AX!!!)#!!!
+"RJ!!!0!!!!#D!!!!Q`!!!*`!!!#G!!!!S!!!!*i!!!#K!!!!5!!!!%N!!!"+!!!
+!5`!!!%`!!!"0!!!!6J!!!%m!!!)(!!!##!!!!+N!!!'[!!!"X!!!!,d!!!#q!!!
+![`!!!-!!!!$"!!!!d3!!!E%!!!'b!!!!`J!!!--!!!$%!!!!a3!!!-B!!!'"!!!
+!a`!!!-J!!!#U!!!!U`!!!+`!!!'c!!!!dJ!!!+d!!!'9!!!!b3!!!D!!!!'d!!!
+!bJ!!!-X!!!"3!!!!d`!!!03!!!$9!!!!eJ!!!0F!!!$B!!!"I!!!!0N!!!$D!!!
+!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!
+!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!
+!m`!!!23!!!$e!!!!pJ!!!2F!!!#Z!!!!V`!!!J8!!!(C!!!"l!!!!&%!!!"5!!!
+!8`!!!HX!!!'e!!!"YJ!!!EF!!!(K!!!"h`!!!D%!!!(D!!!"c!!!!FX!!!(E!!!
+"c3!!!G`!!!(1!!!"#3!!!&3!!!"9!!!!9J!!!&F!!!"B!!!!@3!!!&S!!!"E!!!
+!!3!!!3S!!!%,!!!"$!!!!3d!!!%1!!!"$`!!!4!!!!(e!!!"k!!!!HB!!!(P!!!
+"h3!!!G!!!!(L!!!"j!!!!Gi!!!(2!!!#!!!!!Im!!!(4!!!"SJ!!!!)!!!(B!!!
+"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"-`!!!Ad!!!'M!!!"pJ!!!GF!!!!!!!!
+"dJ!!!!-!!!(@!!!"IJ!!!IF!!!(U!!!"q!!!!Hd!!!$i!!!!q3!!!2S!!!$l!!!
+!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"Z!!!!&`!!!"G!!!"&`!!!4J!!!%C!!!
+!X!!!!,%!!!#b!!!"i`!!!H!!!!'j!!!"d`!!!!3!!!!&!!!"e!!!!G8!!!!'!!!
+!"`!!!4S!!!%K!!!")J!!!5-!!!%N!!!"*3!!!5B!!!%R!!!"+!!!!5N!!!%U!!!
+"+`!!!5`!!!'B!!!",3!!!5i!!!'@!!!"P`!!!&i!!!"I!!!!B!!!!'%!!!"L!!!
+!B`!!!'3!!!"P!!!!CJ!!!'F!!!"S!!!!D3!!!'S!!!#c!!!"q3!!!I)!!!%E!!!
+"(!!!!4d!!!%H!!!"(`!!!5!!!!%[!!!"Q3!!!6!!!!%a!!!"QJ!!!CX!!!'k!!!
+"Z`!!!6)!!!'m!!!"T!!!!JX!!!)-!!!#$3!!!Ji!!!)2!!!#%!!!!Hm!!!)4!!!
+"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!,3!!!%d!!!"TJ!!!,8!!!%e!!!
+"0J!!!6F!!!%i!!!"13!!!6S!!!%l!!!"2!!!!6d!!!%q!!!"2`!!!8!!!!&"!!!
+!YJ!!!,F!!!'p!!!"lJ!!!K)!!!&#!!!"3`!!!,J!!!'q!!!"R!!!!83!!!&&!!!
+"4J!!!8F!!!&)!!!"R3!!!8N!!!&+!!!"5`!!!8`!!!&0!!!!#J!!!!X!!!!-!!!
+!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!
+!'3!!!"S!!!!E!!!"[`!!!,N!!!&1!!!"6`!!!9!!!!&4!!!"`!!!!J%!!!("!!!
+"`J!!!"`!!!!G!!!!(J!!!"m!!!!J!!!!)3!!!#)!!!!M!!!!*!!!!#8!!!!Q!!!
+"8J!!!,S!!!#l!!!"``!!!F3!!!(&!!!"aJ!!!FS!!!!R!!!!+!!!!#N!!!!U!!!
+!+`!!!J3!!!!)!!!"8`!!!BS!!!"V!!!!E!!!!'d!!!')!!!!EJ!!!BN!!!&R!!!
+"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3!!!A)!!!'&!!!
+"F`!!!A3!!!&e!!!"GJ!!!B3!!!&h!!!"H!!!!AN!!!((!!!"b!!!!DF!!!(*!!!
+"9J!!!9F!!!'#!!!"@!!!!9N!!!&D!!!"@`!!!9`!!!&G!!!"AJ!!!9m!!!&J!!!
+"B3!!!@)!!!'$!!!"B`!!!@3!!!&P!!!![!!!!I%!!!"[!!!"CJ!!!(!!!!"a!!!
+!FJ!!!(-!!!"d!!!!G3!!!(B!!!"h!!!!H!!!!(N!!!"k!!!!H`!!!(`!!!'!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-!!!!-!!!!!`!!!!bdhb6,!!!
+qh3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!U!!!!+`!!!#`!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!!
+!3!)!!!!#!!!d!J!!(!)!!"d#!!!H!J!!(`)!!#!#!!!K!J!!)J)!!#-#!!!N!J!
+!*3)!!#B#!!!R!J!!+!)!!#N#!!!U!J!!+`)!!#`#!!!Y!J!!#`)!!!`#!!!0!J!
+!$J)!!!m#!!!3!J!!%3)!!")#!!!6!J!!&!)!!"8#!!!@!J!!&`)!!"J#!!!C!J!
+!'J)!!"X#!!!c!J!!0!)!!#m#!!!`!J!!-J)!!$%#!!!+!J!!!3)!!!3#!!!$!J!
+!!J)!!!N#!!!&!J!!"J)!!!F#!!!)!J!!,J!!!DJ!!3!S!!!!)!14bC!!2cm!!!!
+!!!!!!!!!!j(*N!!!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!
+!!!!!!!!"!!,#4r!!!J!!!!!!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!J!!!3!!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`
+!!3!#!!3!!!!&3!!!"J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!3!!!2rrrrm!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!)
+!!6T0B@028b"6GA"`Eh*d1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr
+rrd!!!!3!!J!"1Ne66$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!%!!!$rrrrr3!!!"3!+!!"0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"(CA4)9&438b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)$Bi5b"
+-D@jVCA)!!!!!!!!!!!!!!!!!!!!!!#""8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+"F("X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+08%a'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$B
+i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+23NSJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08&FJ5@e`Eh*d)$B
+i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"36'pL!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+58e*$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"#B@aXEfpZ)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,Q-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,Q0M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,Q0`F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,QGM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$Efj
+fCA*dCA)!!!!!!!!!!!!!!!!!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"
+849K8,Q`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0
+PFh0[FJ!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,R"KF`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"
+849K8,R"MD#XV!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"
+849K8,R)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R0PC`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,RN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQp
+MCA0cEh)!!!!!!!!!!!!!!!!!!)!!!!"NEf0e!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$B
+i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!!!
+!!!!!,R*cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+'!!!!!!%!!!!!"3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!%"!!"YB@PZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J"!3%!!!!"!3%!!!%"!3!
+!!!!!!3%!!!%"!!%!!!%%!!!!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!$8GPG%K
+89&"6+$Bi5bN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!$mr2cp"8&"-!!!#!&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!d!!3!!!!!!%&p09d955e0IF(*PCQPi,QJ!!!!!!!!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!%!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&p
+IFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9
+d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!2cmr2d&38%`!!3%!!!3J)#!J!j+$B!0dhhJ$!khJ!!8#!3!"!3!"!3%
+!!!%!!!!!!!!!!3%"!3!"!3!"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!#%GPG%K89&"6!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr39"36!!!"!!!!!3!!!!!3!!!@-!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6m
+r2cm!!!!!!!!!!J!!!!)!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!)!8!!"!!%!!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%
+R)#G35808*`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!$!!!"!!!!#J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!!J!
+!!!X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!-!!!!-!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!%!!!!$3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!"3!!!!i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!!B!!!!2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!(!!!!%!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!#!!
+!!"%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!N!!!!5!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!+!!!!%`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!#`!!!"3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!!`!!!!9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!0!!!!&J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!$J!
+!!"F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!m!!!!B!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!3!!!!'3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!%3!!!"S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!")!!!!E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!6!!!!(!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!&!!
+!!"d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"8!!!!H!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!@!!!!(`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!&`!!!#!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!"J!!!!K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!C!!!!)J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!'J!
+!!#-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"X!!!!N!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!F!!!!*3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!(3!!!#B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!"i!!!!R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!I!!!!+!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!)!!
+!!#N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#%!!!!U!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!L!!!!+`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!)`!!!#`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!#3!!!!Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!P!!!!,J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!*J!
+!!#m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#F!!!!`!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!S!!!!-3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!+3!!!$)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!#S!!!!c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!V!!!!0!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!,!!
+!!$8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#d!!!!f!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!Z!!!!0`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!,`!!!$J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!$!!!!!j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!a!!!!1J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!-J!
+!!$X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$-!!!!m!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!d!!!!23)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!03!!!$i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!$B!!!!r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!h!!!!3!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!1!!
+!!%%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$N!!!"#!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!k!!!!3`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!1`!!!%3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!$`!!!"&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!!p!!!!4J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!2J!
+!!%F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$m!!!")!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"!!!!!53)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!33!!!%S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!%)!!!",!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"$!!!!6!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!4!!
+!!%d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%8!!!"1!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"'!!!!6`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!4`!!!&!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!%J!!!"4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"*!!!!8J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!5J!
+!!&-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%X!!!"8!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"-!!!!93)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!63!!!&B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!%i!!!"A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"2!!!!@!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!8!!
+!!&N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&%!!!"D!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"5!!!!@`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!8`!!!&`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!&3!!!"G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"9!!!!AJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!9J!
+!!&m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&F!!!"J!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"B!!!!B3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!@3!!!')#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!&S!!!"M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"E!!!!C!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!A!!
+!!'8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&d!!!"Q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"H!!!!C`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!A`!!!'J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!'!!!!"T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"K!!!!DJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!BJ!
+!!'X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'-!!!"X!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"N!!!!E3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!C3!!!'i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!'B!!!"[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"R!!!!F!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!D!!
+!!(%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'N!!!"b!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"U!!!!F`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!D`!!!(3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!'`!!!"e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"Y!!!!GJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!EJ!
+!!(F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'m!!!"i!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"`!!!!H3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!F3!!!(S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!()!!!"l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"c!!!!I!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!G!!
+!!(d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(8!!!"q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"f!!!!I`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!G`!!!)!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!(J!!!#"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"j!!!!JJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!HJ!
+!!)-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(X!!!#%!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"m!!!!K3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!I3!!!)B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!(i!!!#(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!"r!!!!L!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!J!!
+!!)N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)%!!!#+!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!##!!!!L`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!J`!!!)`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!)3!!!#0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#&!!!!MJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!KJ!
+!!)m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)F!!!#3!!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!L!!!!*%#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)N!!!#5!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!$!!#+!!!!N`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!`!!L`!!!*3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)`
+!!!#9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#0!!!!PJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!MJ!!!*F#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)m!!!#B!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!$!!#3!!!!!*N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!*%!!!#D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+5!!!!Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!N`!!!*`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*3!!!#G!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#9!!!!RJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!PJ!!!*m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!*F!!!#J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+B!!!!S3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Q3!!!+)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*S!!!#M!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#E!!!!T!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!R!!!!+8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!*d!!!#Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+H!!!!T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!R`!!!+J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+!!!!#T!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#K!!!!UJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!SJ!!!+X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!+-!!!#X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+N!!!!V3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!T3!!!+i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+B!!!#[!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#R!!!!X!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!U!!!!,%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!+N!!!#b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+U!!!!X`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!U`!!!,3#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+`!!!#e!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#Y!!!!YJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!VJ!!!,F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!+m!!!#i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+`!!!!Z3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!X3!!!,S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,)!!!#l!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#c!!!![!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!Y!!!!,d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!,8!!!#q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+f!!!![`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Y`!!!-!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,J!!!$"!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#j!!!!`J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!ZJ!!!--#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!,X!!!$%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#
+m!!!!a3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!![3!!!-B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,i!!!$(!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#r!!!!b!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!`!!!!-N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!-%!!!$+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+#!!!!b`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!``!!!-`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-3!!!$0!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$&!!!!cJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!aJ!!!-m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!-F!!!$3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+)!!!!d3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!b3!!!0)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-S!!!$6!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$,!!!!e!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!c!!!!08#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!-d!!!$@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+1!!!!e`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!c`!!!0J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0!!!!$C!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$4!!!!fJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!dJ!!!0X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!0-!!!$F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+8!!!!h3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!e3!!!0i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0B!!!$I!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$A!!!!i!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!f!!!!1%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!0N!!!$L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+D!!!!i`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!f`!!!13#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0`!!!$P!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$G!!!!jJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!hJ!!!1F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!0m!!!$S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+J!!!!k3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!i3!!!1S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1)!!!$V!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$M!!!!l!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!j!!!!1d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!18!!!$Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+Q!!!!l`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!j`!!!2!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1J!!!$a!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$T!!!!mJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!kJ!!!2-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!1X!!!$d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+X!!!!p3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!l3!!!2B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1i!!!$h!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$[!!!!q!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!m!!!!2N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!2%!!!$k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+b!!!!q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!m`!!!2`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!23!!!$p!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$e!!!!rJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!pJ!!!2m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!2F!!!%!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+i!!!"!3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!q3!!!3)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2S!!!%$!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$l!!!""!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!!r!!!!38#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!2d!!!%'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$
+q!!!""`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!r`!!!3J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3!!!!%*!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%"!!!"#J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"!J!!!3X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!3-!!!%-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+%!!!"$3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!""3!!!3i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3B!!!%2!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%(!!!"%!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"#!!!!4%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!3N!!!%5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
++!!!"%`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"#`!!!43#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3`!!!%9!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%0!!!"&J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"$J!!!4F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!3m!!!%B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+3!!!"'3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"%3!!!4S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4)!!!%E!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%6!!!"(!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"&!!!!4d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!48!!!%H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+@!!!"(`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"&`!!!5!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4J!!!%K!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%C!!!")J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"'J!!!5-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!4X!!!%N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+F!!!"*3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"(3!!!5B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4i!!!%R!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%I!!!"+!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!")!!!!5N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!5%!!!%U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+L!!!"+`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!")`!!!5`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!53!!!%Y!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%P!!!",J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"*J!!!5m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!5F!!!%`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+S!!!"-3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"+3!!!6)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5S!!!%c!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%V!!!"0!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!",!!!!68#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!5d!!!%f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+Z!!!"0`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!",`!!!6J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6!!!!%j!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%a!!!"1J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"-J!!!6X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!6-!!!%m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+d!!!"23)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"03!!!6i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6B!!!%r!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%h!!!"3!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"1!!!!8%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!6N!!!&#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%
+k!!!"3`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"1`!!!83#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6`!!!&&!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%p!!!"4J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"2J!!!8F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!6m!!!&)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+!!!!"53)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"33!!!8S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8)!!!&,!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&$!!!"6!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"4!!!!8d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!88!!!&1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+'!!!"6`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"4`!!!9!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8J!!!&4!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&*!!!"8J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"5J!!!9-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!8X!!!&8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+-!!!"93)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"63!!!9B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8i!!!&A!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&2!!!"@!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"8!!!!9N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!9%!!!&D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+5!!!"@`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"8`!!!9`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!93!!!&G!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&9!!!"AJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"9J!!!9m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!9F!!!&J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+B!!!"B3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"@3!!!@)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9S!!!&M!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&E!!!"C!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"A!!!!@8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!9d!!!&Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+H!!!"C`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"A`!!!@J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@!!!!&T!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&K!!!"DJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"BJ!!!@X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!@-!!!&X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+N!!!"E3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"C3!!!@i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@B!!!&[!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&R!!!"F!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"D!!!!A%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!@N!!!&b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+U!!!"F`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"D`!!!A3#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@`!!!&e!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&Y!!!"GJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"EJ!!!AF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!@m!!!&i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+`!!!"H3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"F3!!!AS#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!A)!!!&l!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&c!!!"I!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"G!!!!Ad#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!A8!!!&q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+f!!!"J!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"G`!!!B%#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!AJ!!!'#!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&j!!!"J`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"HJ!!!B3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!AX!!!'&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&
+m!!!"KJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"I3!!!BF#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Ai!!!')!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&r!!!"L3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"J!!!!BS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!B%!!!',!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'
+#!!!"M!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"J`!!!Bd#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!B3!!!'1!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'&!!!"M`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"KJ!!!C!!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!$!!'(!!!"N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!
+"L!!!!C)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!BN!!!'6!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'+!!!"P!)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"L`!!!C8#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!-!!B`!!!'@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!$!!'0!!!"P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!
+"MJ!!!CJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Bm!!!'C!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'3!!!!!CS#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!C%!!!'E!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!$!!'5!!!"R!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!`!"N`!!!Cd#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-
+!!C3!!!'H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'9!!!"R`)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"PJ!!!D!#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!CF!!!'K!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!$!!'B!!!"SJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!`!"Q3!!!D-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-
+!!CS!!!(5!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'E!!!"d`)
+"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"R!!!!G3#!3!!!!!!!3!
+"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Cd!!!(9!J%!!!!!!!%!!3-!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!$!!'H!!!"T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!`!"R`!!!GB#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-
+!!D!!!!(A!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'K!!!"f!)
+"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"SJ!!!GN#!3!!!!!!!3!
+"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!D-!!!'Q!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!$!!'N!!!"T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!
+!!!B!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!
+!!")!!!!6!!!!&!!!!"8!!!!@!!!!&`!!!"J!!!!C!!!!'J!!!"X!!!!F!!!!(3!
+!!"i!!!!I!!!!)!!!!#%!!!!L!!!!)`!!!#3!!!!P!!!!*J!!!#F!!!!S!!!!+3!
+!!#S!!!!V!!!!,!!!!#d!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!d!!!!03!
+!!$B!!!!h!!!!1!!!!$N!!!!k!!!!1`!!!$`!!!!p!!!!2J!!!$m!!!"!!!!!33!
+!!%)!!!"$!!!!4!!!!%8!!!"'!!!!4`!!!%J!!!"*!!!!5J!!!%X!!!"-!!!!63!
+!!%i!!!"2!!!!8!!!!&%!!!"5!!!!8`!!!&3!!!"9!!!!9J!!!&F!!!"B!!!!@3!
+!!&S!!!"E!!!!A!!!!&d!!!"H!!!!A`!!!'!!!!"K!!!!BJ!!!'-!!!"N!!!!C3!
+!!'B!!!"R!!!!D!!!!'N!!!"U!!!!D`!!!'`!!!"Y!!!!EJ!!!'m!!!"`!!!!F3!
+!!()!!!"c!!!!G!!!!(8!!!"f!!!!G`!!!(J!!!"j!!!!HJ!!!(X!!!"m!!!!I3!
+!!(i!!!"r!!!!J!!!!)%!!!##!!!!J`!!!)3!!!#&!!!!KJ!!!)F!!!#)!!!!L3!
+!!)S!!!#,!!!!M!!!!)d!!!#1!!!!M`!!!*!!!!!!N3!!!*)!!!#6!!!!P!!!!*8
+!!!#@!!!!P`!!!*J!!!#C!!!!QJ!!!*X!!!#F!!!!R3!!!*i!!!#I!!!!S!!!!+%
+!!!#L!!!!S`!!!+3!!!#P!!!!TJ!!!+F!!!#S!!!!U3!!!+S!!!#V!!!!V!!!!+d
+!!!#Z!!!!V`!!!,!!!!#a!!!!XJ!!!,-!!!#d!!!!Y3!!!,B!!!#h!!!!Z!!!!,N
+!!!#k!!!!Z`!!!,`!!!#p!!!![J!!!,m!!!$!!!!!`3!!!-)!!!$$!!!!a!!!!-8
+!!!$'!!!!a`!!!-J!!!$*!!!!bJ!!!-X!!!$-!!!!c3!!!-i!!!$2!!!!d!!!!0%
+!!!$5!!!!d`!!!03!!!$9!!!!eJ!!!0F!!!$B!!!!f3!!!0S!!!$E!!!!h!!!!0d
+!!!$H!!!!h`!!!1!!!!$K!!!!iJ!!!1-!!!$N!!!!j3!!!1B!!!$R!!!!k!!!!1N
+!!!$U!!!!k`!!!1`!!!$Y!!!!lJ!!!1m!!!$`!!!!m3!!!2)!!!$c!!!!p!!!!28
+!!!$f!!!!p`!!!2J!!!$j!!!!qJ!!!2X!!!$m!!!!r3!!!2i!!!$r!!!"!!!!!3%
+!!!%#!!!"!`!!!33!!!%&!!!""J!!!3F!!!%)!!!"#3!!!3S!!!%,!!!"$!!!!3d
+!!!%1!!!"$`!!!4!!!!%4!!!"%J!!!4-!!!%8!!!"&3!!!4B!!!%A!!!"'!!!!4N
+!!!%D!!!"'`!!!4`!!!%G!!!"(J!!!4m!!!%J!!!")3!!!5)!!!%M!!!"*!!!!58
+!!!%Q!!!"*`!!!5J!!!%T!!!"+J!!!5X!!!%X!!!",3!!!5i!!!%[!!!"-!!!!6%
+!!!%b!!!"-`!!!63!!!%e!!!"0J!!!6F!!!%i!!!"13!!!6S!!!%l!!!"2!!!!6d
+!!!%q!!!"2`!!!8!!!!&"!!!"3J!!!8-!!!&%!!!"43!!!8B!!!&(!!!"5!!!!8N
+!!!&+!!!"5`!!!8`!!!&0!!!"6J!!!8m!!!&3!!!"83!!!9)!!!&6!!!"9!!!!98
+!!!&@!!!"9`!!!9J!!!&C!!!"@J!!!9X!!!&F!!!"A3!!!9i!!!&I!!!"B!!!!@%
+!!!&L!!!"B`!!!@3!!!&P!!!"CJ!!!@F!!!&S!!!"D3!!!@S!!!&V!!!"E!!!!@d
+!!!&Z!!!"E`!!!A!!!!&a!!!"FJ!!!A-!!!&d!!!"G3!!!AB!!!&h!!!"H!!!!AN
+!!!&k!!!"H`!!!A`!!!&p!!!"IJ!!!Am!!!'!!!!"J3!!!B)!!!'$!!!"K!!!!B8
+!!!''!!!"K`!!!BJ!!!'*!!!"LJ!!!BX!!!'-!!!"M3!!!Bi!!!'2!!!"N!!!!!'
+4!!!"NJ!!!C-!!!'8!!!"P3!!!CB!!!'A!!!"Q!!!!Cd!!!'L!!!"S`!!!CN!!!'
+D!!!"Q`!!!C`!!!'H!!!"R`!!!D!!!!'K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!D3!!!(
+!!`!!!!-!!D3!!!(D!!%!(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-!!CJ$!!'
+C!`!"P`-!!CB$!!!#!`!!!`-!!!%$!!!%!`!!"3-!!!B$!!!(!`!!#!-!!!N$!!!
++!`!!#`-!!!`$!!!0!`!!$J-!!!m$!!!3!`!!%3-!!")$!!!6!`!!&!-!!"8$!!!
+@!`!!&`-!!"J$!!!C!`!!'J-!!"X$!!!F!`!!(3-!!"i$!!!I!`!!)!-!!#%$!!!
+L!`!!)`-!!#3$!!!P!`!!*J-!!#F$!!!S!`!!+3-!!#S$!!!V!`!!,!-!!#d$!!!
+Z!`!!,`-!!$!$!!!a!`!!-J-!!$-$!!!d!`!!03-!!$B$!!!h!`!!1!-!!$N$!!!
+k!`!!1`-!!$`$!!!p!`!!2J-!!$m$!!"!!`!!33-!!%)$!!"$!`!!4!-!!%8$!!"
+'!`!!4`-!!%J$!!"*!`!!5J-!!%X$!!"-!`!!63-!!%i$!!"2!`!!8!-!!&%$!!"
+5!`!!8`-!!&3$!!"9!`!!9J-!!&F$!!"B!`!!@3-!!&S$!!"E!`!!A!-!!&d$!!"
+H!`!!A`-!!'!$!!"K!`!!BJ-!!'-$!!"N!`!!C3-!!'B$!!"R!`!!D!-!!'N$!!"
+U!`!!D`-!!'`$!!"Y!`!!EJ-!!'m$!!"`!`!!F3-!!()$!!"c!`!!G!-!!(8$!!"
+f!`!!G`-!!(J$!!"j!`!!HJ-!!(X$!!"m!`!!I3-!!(i$!!"r!`!"S`-!!)!$!!#
+"!`!!JJ-!!)-$!!#%!`!!K3-!!)B$!!#(!`!!L!-!!)N$!!#+!`!!L`-!!)`$!!#
+0!`!!MJ-!!)m$!!#3!!-!!*%$!!#5!`!!N`-!!*3$!!#9!`!!PJ-!!*F$!!#B!`!
+!Q3-!!*S$!!#E!`!!R!-!!*d$!!#H!`!!R`-!!+!$!!#K!`!!SJ-!!+-$!!#N!`!
+!T3-!!+B$!!#R!`!!U!-!!+N$!!#U!`!!U`-!!+`$!!#Y!`!!VJ-!!+m$!!#`!`!
+!X3-!!,)$!!#c!`!!Y!-!!,8$!!#f!`!!Y`-!!,J$!!#j!`!!ZJ-!!,X$!!#m!`!
+![3-!!,i$!!#r!`!!`!-!!-%$!!$#!`!!``-!!-3$!!$&!`!!aJ-!!-F$!!$)!`!
+!b3-!!-S$!!$,!`!!c!-!!-d$!!$1!`!!c`-!!0!$!!$4!`!!dJ-!!0-$!!$8!`!
+!e3-!!0B$!!$A!`!!f!-!!0N$!!$D!`!!f`-!!0`$!!$G!`!!hJ-!!0m$!!$J!`!
+!i3-!!1)$!!$M!`!!j!-!!18$!!$Q!`!!j`-!!1J$!!$T!`!!kJ-!!1X$!!$X!`!
+!l3-!!1i$!!$[!`!!m!-!!2%$!!$b!`!!m`-!!23$!!$e!`!!pJ-!!2F$!!$i!`!
+!q3-!!2S$!!$l!`!!r!-!!2d$!!$q!`!!r`-!!3!$!!%"!`!"!J-!!3-$!!%%!`!
+""3-!!3B$!!%(!`!"#!-!!3N$!!%+!`!"#`-!!3`$!!%0!`!"$J-!!3m$!!%3!`!
+"%3-!!4)$!!%6!`!"&!-!!48$!!%@!`!"&`-!!4J$!!%C!`!"'J-!!4X$!!%F!`!
+"(3-!!4i$!!%I!`!")!-!!5%$!!%L!`!")`-!!53$!!%P!`!"*J-!!5F$!!%S!`!
+"+3-!!5S$!!%V!`!",!-!!D3$!!%Y!`!",J-!!5m$!!%`!`!"-3-!!6)$!!%c!`!
+"0!-!!68$!!%f!`!"0`-!!6J$!!%j!`!"1J-!!6X$!!%m!`!"23-!!6i$!!%r!`!
+"3!-!!8%$!!&#!`!"3`-!!83$!!&&!`!"4J-!!8F$!!&)!`!"53-!!8S$!!&,!`!
+"6!-!!8d$!!&1!`!"6`-!!9!$!!&4!`!"8J-!!9-$!!&8!`!"93-!!9B$!!&A!`!
+"@!-!!9N$!!&D!`!"@`-!!9`$!!&G!`!"AJ-!!9m$!!&J!`!"B3-!!@)$!!&M!`!
+"C!-!!@8$!!&Q!`!"C`-!!@J$!!&T!`!"DJ-!!@X$!!&X!`!"E3-!!@i$!!&[!`!
+"F!-!!A%$!!&b!`!"F`-!!A3$!!&e!`!"GJ-!!AF$!!&i!`!"H3-!!AS$!!&l!`!
+"I!-!!Ad$!!&q!`!"I`-!!B!$!!'"!`!"JJ-!!B-$!!'%!`!"K3-!!BB$!!'(!`!
+"L!-!!BN$!!'+!`!"L`-!!B`$!!'0!`!"MJ-!!Bm$!!'3!!-!!C%$!!'5!`!"N`-
+!!C3$!!'9!`!"RJ-!!D!$!!'K!`!"Q`-!!D)$!!'D!`!"R!-!!Cd$!!'I!!)!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!#`NI`!!)!!!!
+!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!%
+!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!'!!!!"8!!!!J!!3!
+"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrr
+r!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!"!!%k1MT(990*1QPZBfaeC'8
+k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!%!!%!!6Sk1NG98dN
+kE'PL1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!8!!J!
+"1NeKBdp6)&0eF("[FR3k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrr
+r3!!!"J!#!!%k690-1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!3!!!2rrrrp!!!!(!!S!!%eKBdp6)$Bi5b"-D@jVCA)!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%aTBP066#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1J!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!"6@&M6e-J0MK,)%a
+TEQYPFJ!!!!!!!!!!!!!!!!!!!!!!)%&38%`!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%&
+`F'`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%e06%)!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%aTBL"*EA"[FR3J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%e
+36%B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA"[FR3J0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA3d3!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%p
+#5L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%e39b"*EA"[FR3J0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"-Ef)!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&*
+68N-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&4&@&3ZBQJ!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%*KE'a[EfiJ5'9XF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4
+&@&3ZB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBbXV!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4
+&@&3ZBf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4
+&@&3ZBh"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCAK`!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4
+&@&3ZCf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%GKE@9$Ef4P)%0[ERC
+PFR4PFJ!!!!!!!!!!!!!!!!!!3!!!!&4&@&3ZD!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!&4
+&@&3ZE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%CXCAJJ8(*PF(*[Bf9
+cFfpb!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%eA)&"KFf0KE#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4
+&@&3ZF'&c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'0S!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4
+&@&3ZF'0S+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)$Bi5`!
+!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF("e!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%eA)&"KFf0KE#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4
+&@&3ZFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&*PHJ!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZFf9R!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4
+&@&3ZH3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%*TFfpZ)&"bCA"bEf0
+PFh0[FJ!!!!!!!!!!!!!!!!!!J!!!!'4[Bh8!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(*
+cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(0SE')!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!&"&4L"*EA"[FR3J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(0
+dG@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA"[FR3J0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ZC'pM!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!!!!
+!!!!ZFR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!!!&!3%!!3!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B
+!!!!!!3!!!!!&!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!3%!!'eKD@i!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!%"!3!!!!%"!3!!!3%"!!!
+!!!!"!3!!!3%!!3!!!33!!!!!!!!!!!!!#!%!!3%!!3%!!!!"!!!*!!-B6'PL8e0
+-,MBi5b"'B5JdD9miC#NZ6'PL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!2cmr2cmr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!$3!"!!!!!!!9AdeA49*,8ep(990*Ah"bC@CTH#jS!!!!!!!
+!!!!!!!!!!3!!!!!!!!!!!3!!!!!!!!!!!!!&!3%"!!!"!3!"!!!!!!3!!!!!!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Aep
+cG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%!!!P0CA*RC5"2GA3
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!r2cmr39"36!!"!3!!"#!J)#!$NS0J!h6IH!-$VH!!"3)"!!%"!!%"!3!
+!!3!!!!!!!!!"!3%"!!%"!!%!!33!!!!!!!!!!!!!"`%"!!%!!!%!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!)4f9d5&488&-!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"-!!!%!!!!"!!!!!"!!!"B`!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"2cm
+r2`!!!!!!!!!#!!!!!J!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!J"3!!%!!3!"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&#G$6d4&*b!R4%&835F
+J*e"*3e3R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!3!!!%!!!!+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!#!!!
+!#`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!!`!!!!`#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!3!!!!0!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!%!!!&!!!!$J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"!!!"J!!!!m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!3!!!F!!!!3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!)!!!
+!%3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!#3!!!")#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!S!!!!6!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!%!!!,!!!!&!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"!!!$!!!!"8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!3!!!d!!!!@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!1!!!
+!&`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!$`!!!"J#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"!!!!!C!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!%!!!4!!!!'J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"!!!%J!!!"X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!3!!"-!!!!F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!8!!!
+!(3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!&3!!!"i#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"B!!!!I!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!%!!!A!!!!)!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"!!!'!!!!#%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!3!!"N!!!!L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!D!!!
+!)`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!'`!!!#3#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"`!!!!P!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!%!!!G!!!!*J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"!!!(J!!!#F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!3!!"m!!!!S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!J!!!
+!+3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!)3!!!#S#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!#)!!!!V!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!%!!!M!!!!,!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!
+!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!
+!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!
+!(`!!!#!!!!!K!!!!)J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)`!!!%!%!!!!"!!
+!)`!!!GS!!3!F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!"33!!!3%!!!$"!!
+!!J3!!!B%!!!,"!!!#J3!!!N%!!!)"!!!"`3!!!`%!!!5"!!!%33!!"!%!!!2"!!
+!$33!!!i%!!!6"!!!)J3!!#%%!!!J"!!!(`3!!#-%!!!""!!!&!3!!"8%!!!@"!!
+!&`3!!"J%!!!C"!!!'J3!!"X%!!!F"!!!(33!!"i!!J!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!!!!!!!!!!!!!#`MD!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!3!!!!!&!!"rr`!!!!"
+rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!"!!%k!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm!!!!$!!%!!6Sk!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!3
+!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$
+rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9NC6S!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9656TXD@)k!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!#!!%k6@&M6e-J8h9`F'p
+bG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!'!!)!!6T08d`
+k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!F
+!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!6h"PEP066#!f1'X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!!
+!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'P
+L)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!6d*+)!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3Q&
+XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F
+J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMB`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F
+J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF(!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jRB`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9b!!!!!!!!!!!
+!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F
+J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#jX!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)!!!!!!!!!!!!
+!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F
+J8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BA-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F
+J3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`BfJV+`!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!
+!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69F
+J8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#jb!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jj!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfpb!!!!!!!!!!!
+!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9
+')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!!!!#jbFh*M!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!"!!!!!!8!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!3!
+!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!!!"!3%!!!!!!!%"!!!"!3!"!!!
+""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!!a2F'9Z8e0-+$BiDbN!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cm
+r39"36!!!!J"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"
+-!!%"!!!%)#!J)!15Jf!$G0pi!`1Yi!!&!J%!!3%!!3%"!!!"!!!!!!!!!!%"!3%
+!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*
+d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!G2F'9Z8e0-!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!!!!!!!!)!!!!
+#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!&!!!3!
+"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P$9#F!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!3!!!ES#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!)!!!'l!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!$!!!"[!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!"3!!"!!!!Ed#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!8!!!8!!!'q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!
+'!!!"[`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!"`!!!F!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!J!!!("!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!*!!!"`J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!"3!!#J!!!F-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!8!!!X!!!(%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!
+-!!!"a3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!$3!!!FB#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!i!!!((!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!2!!!"b!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!"3!!%!!!!FN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!8!!"%!!!(+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!
+5!!!"b`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!%`!!!F`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"3!!!(E!J%!!!!!!!%!!3-
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!9!!!"h!)"!!!!!!!"!!%$!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!"3!!&J!!!Gd#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!8!!"F!!!(5!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!
+B!!!"f3)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!'3!!!G3#!3!
+!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"S!!!(9!J%!!!!!!!%!!3-
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!E!!!"eJ)"!!!!!!!"!!%$!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!"3!!(!!!!G-#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!8!!"d!!!(A!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!
+H!!!"f!)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!(`!!!Im%!3!
+!!!!!!!!"!`!!!!!!!!!!!!!!!)%!!!!!!!!!!!8!!#!!!!(I!J%!!!!!!!%!!3-
+!!!!!!!!!!!!!!!#"!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!
+'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!
+5!!!!&J!!!"X!!!!B!!!!'3!!!"S!!!!F!!!!(3!!!"F!!!!6!!!!&!!!!"8!!!!
+H!!!!(`!!!#!!!!!J"3!!!!8!!#!!!!(D!!%!(!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!8!!!%&!!!#"3!!!`8!!!3&!!!&"3!!"J8!!!F&!!!)"3!!#38!!!S&!!!
+,"3!!$!8!!!d&!!!1"3!!$`8!!"!&!!!4"3!!%J8!!#!&!!!I"3!!%`8!!"3&!!!
+9"3!!&J8!!"d&!!!H"3!!(!8!!"J&!!!A"3!!'38!!"S&!!!E!!)!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!#`NI`!!)!!!!!!!!!!!!
+!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!%!!!!!"3!
+!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!'!!!!"8!!!!J!!3!"1J!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!!!`!
+"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r
+rrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!"!!%k1MT(990*1QPZBfaeC'8k!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!%!!%!!6Sk1NG98dNkE'PL1J!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!8!!J!"1NeKBdp
+6)&0eF("[FR3k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!!"J!
+#!!%k690-1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r
+rrrp!!!!(!!S!!%eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!%aTBP066#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1J!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!"6@&M6e-J8&"$)%aTEQYPFJ!
+!!!!!!!!!!!!!!!!!!!!!(N&38%`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!%&`F'`!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!B!!!!%e06%)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%aTBL"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%e36%B!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%aTBL"*EA"[FR3J8&"$!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!%eA3d3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!&*68N-!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!B!!!!&4&@&3ZBQJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%*KE'a[EfiJ5'9XF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZB`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBbXV!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBf-
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZBh"
+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCAK`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZCf-
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%GKE@9$Ef4P)%0[ERCPFR4PFJ!
+!!!!!!!!!!!!!!!!!3!!!!&4&@&3ZD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!&4&@&3ZE!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%CXCAJJ8(*PF(*[Bf9cFfpb!!!
+!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'&
+c!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF'0S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF'0
+S+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%eA)%-[3bXV)&"33`!!!!!!!!!
+!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZF("e!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!%eA)&"KFf0KE#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!&4&@&3ZFJ!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&*PHJ!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZF`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&"33d&cE3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&4&@&3ZH3!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%*TFfpZ)&"bCA"bEf0PFh0[FJ!
+!!!!!!!!!!!!!!!!!J!!!!&K$6dB!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&K$6dC')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!'4[Bh8!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!B!!!!(*cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!(0SE')!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&"&4L"*EA"[FR3J8&"$!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!(0dG@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!&"&4L"*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ZC'p
+M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!8!!!!!!&!3%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!!!3!
+!!!!&!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!3%!!'eKD@i!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!%"!3!!!!%"!3!!!3%"!!!!!!!"!3!
+!!3%!!3!!!33!!!!!!!!!!!!!#!%!!3%!!3%!!!!"!!!*!!-B6'PL8e0-,MBi5b"
+'B5JiD9mdC#NZ6'PL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!2cmr2cmr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!$3!"!!!!!!!9AdeA49*,8ep(990*Ah"bC@CTH#jS!!!!!!!!!!!!!!!
+!!3!!!3!!!!!!!3!!!!!!!!!!!!!&!3%"!!!"!3!"!!!!!!3!!!!!!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!AepcG'&bG!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%!!!P0CA*RC5"2GA3!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+r2cmr39"36!!"!3!!"#!J)#!$NS0J!h6IH!-$VH!!"3)"!!%"!!%"!3!!!3!!!!!
+!!!!"!3%"!!%"!!%!!33!!!!!!!!!!!!!"`%"!!%!!!%!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!AepcG'&bG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!-16'PL8e0-,P"33bj-D@)!!!!
+!!!!!!!!!!!!!!!!!!$mr2cmr2cmr!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"2cmr2`!!!!!
+!!!!#!!!!!J!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!J"3!!%!!3!"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&#G$6d4&*b!R4%&835FJ*e"*3e3
+R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!%
+!!!!+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!#!!!!#`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!!`!!!!`#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!3!!!!0!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!'!!!&!!!!$J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"J!!"J!!!!m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!F
+!!!!3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!)!!!!%3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!#3!!!")#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!S!!!!6!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!'!!!,!!!!&!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"J!!$!!!!"8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!d
+!!!!@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!1!!!!&`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!$`!!!"J#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"!!!!!C!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!'!!!4!!!!'J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"J!!%J!!!"X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"-
+!!!!F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!8!!!!(3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!&3!!!"i#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"B!!!!I!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!'!!!A!!!!)!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"J!!'!!!!#%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"N
+!!!!L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!D!!!!)`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!'`!!!#3#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"`!!!!P!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!'!!!G!!!!*J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"J!!(J!!!#F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"m
+!!!!S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!J!!!!+3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!)3!!!#S#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!#)!!!!V!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!'!!!M!!!!,!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J
+!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3
+!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#!
+!!!!K!!!!)J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)`!!!%!'!!!!"J!!)`B!!!8
+'!!!%"J!!!`B!!!)'!!!'"J!!#`B!!!S'!!!*"J!!#!B!!!F'!!!-"J!!%JB!!"%
+'!!!3"J!!$`B!!!d'!!!1"J!!%`B!!#)'!!!K"J!!)!B!!"m'!!!M"J!!!3B!!"3
+'!!!9"J!!&JB!!"F'!!!B"J!!'3B!!"S'!!!E"J!!(!B!!"d'!!!H!!!"U!!"!#J
+!!!!J!j(*N!!r2`!!!!!!!!!!!!!$NFQ3!!!#!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!!!!!!!!!!!!!,#0S!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!"!!!!!!8!!(rr!!!!!(rr!!!
+!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!%!!6S!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!-!!3!"1MS!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!!"!!"!!%
+k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp
+!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990*1QaTBMS!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!)!!6T0B@028b"6GA"`Eh*d1J!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!B!!J!"1Ne66$S!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!!"`!+!!"
+0B@028b"38%-J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+-D@*$FRP`G'mJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!!!!!!
+!!!!!!"j"8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!""F("X!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e
+`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08%a'!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"58e*$!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#B@aXEfp
+Z)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0M!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`F!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,QGM!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$EfjfCA*dCA)!!!!!!!!!!!!!!!!
+!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"849K8,Q`!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0PFh0[FJ!!!!!!!!!!!!!!!!!
+!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0
+MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"KF`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"MD#XV!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0
+MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R)!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,R-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"38%0"Ffd
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,RN!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQpMCA0cEh)!!!!!!!!!!!!!!!!
+!!)!!!!"B3dp'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"B3dp'4L"
+*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!"NEf0e!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!'!!!!"bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e
+`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!&!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!%!!!!!"3!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%"!!"YB@P
+Z!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%"!3!"!3!!!!!!!3%!!!%"!!%!!!%!!3!
+!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!&deKBdp6)&4[EfaLEhJJ4%9#98FJ0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"
+-!!!"J&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!3!
+!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!!!!!!!!!!!!!%!!!%!!!!!!!%
+!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9d!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!3%
+!!!3J)#!J!j+$B!0dhhJ$!khJ!!8#!3!"!3!"!3%!!!%!!!!!!!!!!3%"!3!"!3!
+"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!"3!$%8aTBN0bHA"dEbj38%-Z6'PL!!!!!!!!!!!!!!!
+!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6mr2cm!!!!!!!!!!J!!!!)!!J!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!8!!"!!%!!3!
+"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%R)#G35808*`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(!!!"!!!!,3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!!J!!!#i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!!-!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!%!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!"3!!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!B!!!!
+b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!(!!!!-`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!#!!!!$3#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!!N!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!+!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!#`!!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!`!!!!
+i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!0!!!!13)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!$J!!!$S#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!!m!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!3!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!%3!!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!")!!!!
+q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!6!!!!2`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!&!!!!%!#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!"8!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!@!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!&`!!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"J!!!"
+%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!C!!!!43)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!'J!!!%B#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!"X!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!F!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!(3!!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"i!!!"
++!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!I!!!!5`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!)!!!!%`#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!#%!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!L!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!)`!!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#3!!!"
+3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!P!!!!83)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!*J!!!&)#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!#F!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!S!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!+3!!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#S!!!"
+@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!V!!!!9`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!,!!!!&J#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!#d!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!Z!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!,`!!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$!!!!"
+F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!a!!!!A3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!-J!!!&i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!$-!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!d!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!03!!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$B!!!"
+L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!h!!!!B`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!1!!!!'3#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!$N!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!k!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!1`!!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$`!!!"
+S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!p!!!!D3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!2J!!!'S#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!$m!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"!!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!33!!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%)!!!"
+Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"$!!!!E`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!4!!!!(!#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!%8!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"'!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!4`!!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%J!!!"
+d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"*!!!!G3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!5J!!!(B#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!%X!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"-!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!63!!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%i!!!"
+k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"2!!!!H`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!8!!!!(`#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!&%!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"5!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!8`!!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&3!!!#
+!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"9!!!!J3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!9J!!!))#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!&F!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"B!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!@3!!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&S!!!#
+'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"E!!!!K`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!A!!!!)J#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!&d!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"H!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!A`!!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'!!!!#
+-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"K!!!!M3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!BJ!!!)i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!'-!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"N!!!!N!!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!'8!!!#4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"Q!!!
+!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!C`!!!*-#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'J!!!#8!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"T!!!!P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!DJ!!!*B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!'X!!!#A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"X!!!
+!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!E3!!!*N#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'i!!!#D!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"[!!!!Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!F!!!!*`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!(%!!!#G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"b!!!
+!RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!F`!!!*m#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(3!!!#J!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"e!!!!S3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!GJ!!!+)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!(F!!!#M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"i!!!
+!T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!H3!!!+8#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(S!!!#Q!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"l!!!!T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!I!!!!+J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!(d!!!#T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"q!!!
+!UJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!I`!!!+X#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)!!!!#X!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!#"!!!!V3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!JJ!!!+i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!)-!!!#[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#%!!!
+!X!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!K3!!!,%#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)B!!!#b!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!#(!!!!X`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!L!!!!,3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!)N!!!#e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#+!!!
+!YJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!L`!!!,F#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)`!!!#i!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!#0!!!!Z3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!MJ!!!,S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!)m!!!#l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#3!!!
+!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*%!!!#p!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#5!!!![J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!N`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!*3!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#9!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!PJ!
+!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*F!!!$$!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#B!!!!a!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Q3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!*S!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#E!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R!!
+!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*d!!!$*!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#H!!!!bJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!+!!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#K!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!SJ!
+!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+-!!!$2!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#N!!!!d!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!T3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!+B!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#R!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U!!
+!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+N!!!$9!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#U!!!!eJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!+`!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#Y!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!VJ!
+!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+m!!!$E!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#`!!!!h!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!X3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!,)!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#c!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y!!
+!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,8!!!$K!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#f!!!!iJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!,J!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#j!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!ZJ!
+!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,X!!!$R!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#m!!!!k!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!![3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!,i!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#r!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!`!!
+!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-%!!!$Y!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$#!!!!lJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!``!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!-3!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$&!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!aJ!
+!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-F!!!$c!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$)!!!!p!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!b3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!-S!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$,!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c!!
+!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-d!!!$j!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$1!!!!qJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!0!!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$4!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!dJ!
+!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0-!!!$r!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$8!!!"!!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!e3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!0B!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$A!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f!!
+!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0N!!!%&!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$D!!!""J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!0`!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$G!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!hJ!
+!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0m!!!%,!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$J!!!"$!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!i3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!1)!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$M!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j!!
+!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!18!!!%4!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$Q!!!"%J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!1J!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$T!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!kJ!
+!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!1X!!!%A!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$X!!!"'!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!l3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!1i!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$[!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m!!
+!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2%!!!%G!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$b!!!"(J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!23!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$e!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!pJ!
+!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2F!!!%M!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$i!!!"*!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!q3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!2S!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$l!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r!!
+!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2d!!!%T!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$q!!!"+J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!3!!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%"!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"!J!
+!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3-!!!%[!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%%!!!"-!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!""3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!3B!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%(!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#!!
+!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3N!!!%e!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%+!!!"0J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!3`!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%0!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"$J!
+!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3m!!!%l!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%3!!!"2!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"%3!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!4)!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%6!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&!!
+!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!48!!!&"!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%@!!!"3J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!4J!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%C!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"'J!
+!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!4X!!!&(!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%F!!!"5!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"(3!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!4i!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%I!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!")!!
+!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5%!!!&0!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%L!!!"6J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!")`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!53!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%P!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"*J!
+!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5F!!!&6!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%S!!!"9!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"+3!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!5S!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%V!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!",!!
+!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5d!!!&C!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%Z!!!"@J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!",`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!6!!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%a!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"-J!
+!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6-!!!&I!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%d!!!"B!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"03!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!6B!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%h!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1!!
+!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6N!!!&P!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%k!!!"CJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!6`!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%p!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"2J!
+!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6m!!!&V!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&!!!!"E!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"33!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!8)!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&$!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4!!
+!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!88!!!&a!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&'!!!"FJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!8J!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&*!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"5J!
+!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!8X!!!&h!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&-!!!"H!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"63!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!8i!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&2!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8!!
+!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9%!!!&p!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&5!!!"IJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8`!!!B!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!93!!!'"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&9!!!"JJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"9J!
+!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9F!!!'%!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&B!!!"K3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"@3!!!BB#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!9S!!!'(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&E!!!"L!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A!!
+!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9d!!!'+!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&H!!!"L`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A`!!!B`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!@!!!!'0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&K!!!"MJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"BJ!
+!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@-!!!'3!!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"C!!!!C%#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@8!!!'5!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!(!!&Q!!!"N`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"`!"C`!!!C3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@J
+!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&T!!!"PJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"DJ!!!CF#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@X!!!'B!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!(!!&X!!!"Q3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"`!"E3!!!CS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@i
+!!!'E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&[!!!"R!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"F!!!!Cd#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A%!!!'H!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!(!!&b!!!"R`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"`!"F`!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A3
+!!!'Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&e!!!"T`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)
+!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i
+!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S
+!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B
+!!!!R!!!!+!!!!#N!!!!U!!!!+`!!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)
+!!!!c!!!!0!!!!$8!!!!f!!!!0`!!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i
+!!!!r!!!!3!!!!%%!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S
+!!!",!!!!6!!!!%d!!!"1!!!!6`!!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B
+!!!"A!!!!@!!!!&N!!!"D!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')
+!!!"M!!!!C!!!!'8!!!"Q!!!!C`!!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i
+!!!"[!!!!F!!!!(%!!!"b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S
+!!!"l!!!!I!!!!(d!!!"q!!!!I`!!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B
+!!!#(!!!!L!!!!)N!!!#+!!!!L`!!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#
+5!!!!N`!!!*3!!!#9!!!!PJ!!!*F!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#
+H!!!!R`!!!+!!!!#K!!!!SJ!!!+-!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#
+U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#
+f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$
+#!!!!``!!!-3!!!$&!!!!aJ!!!-F!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$
+1!!!!c`!!!0!!!!$4!!!!dJ!!!0-!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$
+D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$
+Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$
+b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$
+q!!!!r`!!!3!!!!%"!!!"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%
++!!!"#`!!!3`!!!%0!!!"$J!!!3m!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%
+@!!!"&`!!!4J!!!%C!!!"'J!!!4X!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%
+L!!!")`!!!53!!!%P!!!"*J!!!5F!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%
+Z!!!",`!!!6!!!!%a!!!"-J!!!6-!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%
+k!!!"1`!!!6`!!!%p!!!"2J!!!6m!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&
+'!!!"4`!!!8J!!!&*!!!"5J!!!8X!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&
+5!!!"8`!!!93!!!&9!!!"9J!!!9F!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&
+H!!!"A`!!!@!!!!&K!!!"BJ!!!@-!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&
+U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"G3!!!B!(!!!
+!"`!"G3F!!!%(!!!#"`!!!`F!!!3(!!!&"`!!"JF!!!F(!!!)"`!!#3F!!!S(!!!
+,"`!!$!F!!!d(!!!1"`!!$`F!!"!(!!!4"`!!%JF!!"-(!!!8"`!!&3F!!"B(!!!
+A"`!!'!F!!"N(!!!D"`!!'`F!!"`(!!!G"`!!(JF!!"m(!!!J"`!!)3F!!#)(!!!
+M"`!!*!F!!#8(!!!Q"`!!*`F!!#J(!!!T"`!!+JF!!#X(!!!X"`!!,3F!!#i(!!!
+["`!!-!F!!$%(!!!b"`!!-`F!!$3(!!!e"`!!0JF!!$F(!!!i"`!!13F!!$S(!!!
+l"`!!2!F!!$d(!!!q"`!!2`F!!%!(!!"""`!!3JF!!%-(!!"%"`!!43F!!%B(!!"
+("`!!5!F!!%N(!!"+"`!!5`F!!%`(!!"0"`!!6JF!!%m(!!"3"`!!83F!!&)(!!"
+6"`!!9!F!!&8(!!"@"`!!9`F!!&J(!!"C"`!!@JF!!&X(!!"F"`!"G!F!!&d(!!"
+H"`!!A`F!!'!(!!"K"`!!BJF!!'-(!!"N"`!!C3F!!'B(!!"R"`!!D!F!!'N(!!"
+U"`!!D`F!!'`(!!"Y"`!!EJF!!'m(!!"`"`!!F3F!!()(!!"c"`!!G!F!!(8(!!"
+f"`!!G`F!!(J(!!"j"`!!HJF!!(X(!!"m"`!!I3F!!(i(!!"r"`!!J!F!!)%(!!#
+#"`!!J`F!!)3(!!#&"`!!KJF!!)F(!!#)"`!!L3F!!)S(!!#,"`!!M!F!!)d(!!#
+1"`!!M`F!!*!!"`!!N3F!!*)(!!#6"`!!P!F!!*8(!!#@"`!!P`F!!*J(!!#C"`!
+!QJF!!*X(!!#F"`!!R3F!!*i(!!#I"`!!S!F!!+%(!!#L"`!!S`F!!+3(!!#P"`!
+!TJF!!+F(!!#S"`!!U3F!!+S(!!#V"`!!V!F!!+d(!!#Z"`!!V`F!!,!(!!#a"`!
+!XJF!!,-(!!#d"`!!Y3F!!,B(!!#h"`!!Z!F!!,N(!!#k"`!!Z`F!!,`(!!#p"`!
+![JF!!,m(!!$!"`!!`3F!!-)(!!$$"`!!a!F!!-8(!!$'"`!!a`F!!-J(!!$*"`!
+!bJF!!-X(!!$-"`!!c3F!!-i(!!$2"`!!d!F!!0%(!!$5"`!!d`F!!03(!!$9"`!
+!eJF!!0F(!!$B"`!!f3F!!0S(!!$E"`!!h!F!!0d(!!$H"`!!h`F!!1!(!!$K"`!
+!iJF!!1-(!!$N"`!!j3F!!1B(!!$R"`!!k!F!!1N(!!$U"`!!k`F!!1`(!!$Y"`!
+!lJF!!1m(!!$`"`!!m3F!!2)(!!$c"`!!p!F!!28(!!$f"`!!p`F!!2J(!!$j"`!
+!qJF!!2X(!!$m"`!!r3F!!2i(!!$r"`!"!!F!!3%(!!%#"`!"!`F!!33(!!%&"`!
+""JF!!3F(!!%)"`!"#3F!!A8(!!%+"`!"#`F!!3`(!!%0"`!"$JF!!3m(!!%3"`!
+"%3F!!4)(!!%6"`!"&!F!!48(!!%@"`!"&`F!!4J(!!%C"`!"'JF!!4X(!!%F"`!
+"(3F!!4i(!!%I"`!")!F!!5%(!!%L"`!")`F!!53(!!%P"`!"*JF!!5F(!!%S"`!
+"+3F!!5S(!!%V"`!",!F!!5d(!!%Z"`!",`F!!6!(!!%a"`!"-JF!!6-(!!%d"`!
+"03F!!6B(!!%h"`!"1!F!!6N(!!%k"`!"1`F!!6`(!!%p"`!"2JF!!6m(!!&!"`!
+"33F!!8)(!!&$"`!"4!F!!88(!!&'"`!"4`F!!8J(!!&*"`!"5JF!!8X(!!&-"`!
+"63F!!8i(!!&2"`!"8!F!!9%(!!&5"`!"8`F!!93(!!&9"`!"9JF!!9F(!!&B"`!
+"@3F!!9S(!!&E"`!"A!F!!9d(!!&H"`!"A`F!!@!(!!&K"`!"BJF!!@-(!!&N"`!
+"C3F!!@B(!!&R"`!"D!F!!@N(!!&U"`!"D`F!!@`(!!&Y"`!"EJF!!@m(!!&`"`!
+"F3F!!A)(!!&c!!!"U!!"!#J!!!!J!j(*N!!r2`!!!!!!!!!!!!!$NFQ3!!!#!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!!
+!!!!!!!!!!!,#0S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!
+"!!!!!!8!!(rr!!!!!(rr!!!!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!%
+!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr
+rr`!!!!-!!3!"1MS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!%!!!$rrrrr!!!!"!!"!!%k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!2rrrrp!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4
+P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990
+*1QaTBMS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!)
+!!6T0B@028b"6GA"`Eh*d1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr
+rrd!!!!B!!J!"1Ne66$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!%!!!$rrrrr3!!!"`!+!!"0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"-D@*$FRP`G'mJ0MK,!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)$Bi5b"
+-D@jVCA)!!!!!!!!!!!!!!!!!!!!!!#""8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+"F("X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+08%a'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$B
+i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+23NSJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08&FJ5@e`Eh*d)$B
+i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"36'pL!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+58e*$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"#B@aXEfpZ)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,Q-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,Q0M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,Q0`F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,QGM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$Efj
+fCA*dCA)!!!!!!!!!!!!!!!!!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"
+849K8,Q`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0
+PFh0[FJ!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,R"KF`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"
+849K8,R"MD#XV!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"
+849K8,R)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R0PC`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+849K8,RN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQp
+MCA0cEh)!!!!!!!!!!!!!!!!!!)!!!!"NEf0e!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"
+bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$B
+i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!!!
+!!!!!,R*cFQ-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+'!!!!!!%!!!!!"3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!%"!!"YB@PZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%!!!%"!3!
+!!!!!!3%!!!%"!!%!!!%%!!!!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!$'daTBN0
+bHA"dEbif1'XJ4Q%S0'PI1'3T,NaTBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!$mr2cmr2cmr!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!d!!3!!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!%!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&p
+IFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9
+d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!2cmr2d&38%`!!3%!!!3J)#!J!j+$B!0dhhJ$!khJ!!8#!3!"!3!"!3%
+!!!%!!!!!!!!!!3%"!3!"!3!"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!"dp`C@j68d`!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!r2cmr39"36!!!"!!!!!3!!!!!3!!!@-!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6m
+r2cm!!!!!!!!!!J!!!!)!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!)!8!!"!!%!!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%
+R)#G35808*`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!)!!!"!!!!,3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!!J!
+!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!-!!!![!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!%!!!!-!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!"3!!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!!B!!!!b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!(!!!!-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!#!!
+!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!N!!!!e!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!+!!!!0J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!#`!!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!!`!!!!i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!0!!!!13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!$J!
+!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!m!!!!l!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!3!!!!2!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!%3!!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!")!!!!q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!6!!!!2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!&!!
+!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"8!!!""!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!@!!!!3J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!&`!!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!"J!!!"%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!C!!!!43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!'J!
+!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"X!!!"(!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!F!!!!5!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!(3!!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!"i!!!"+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!I!!!!5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!)!!
+!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#%!!!"0!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!L!!!!6J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!)`!!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!#3!!!"3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!P!!!!83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!*J!
+!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#F!!!"6!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!S!!!!9!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!+3!!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!#S!!!"@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!V!!!!9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!,!!
+!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#d!!!"C!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!Z!!!!@J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!,`!!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!$!!!!"F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!a!!!!A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!-J!
+!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$-!!!"I!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!d!!!!B!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!03!!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!$B!!!"L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!h!!!!B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!1!!
+!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$N!!!"P!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!k!!!!CJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!1`!!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!$`!!!"S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!!p!!!!D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!2J!
+!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$m!!!"V!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"!!!!!E!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!33!!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!%)!!!"Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!"$!!!!E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!4!!
+!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%8!!!"a!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"'!!!!FJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!4`!!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!%J!!!"d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!"*!!!!G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!5J!
+!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%X!!!"h!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"-!!!!H!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!63!!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!%i!!!"k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!"2!!!!H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!8!!
+!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&%!!!"p!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"5!!!!IJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!8`!!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!&3!!!#!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!"9!!!!J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!9J!
+!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&F!!!#$!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"B!!!!K!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!@3!!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!&S!!!#'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!"E!!!!K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!A!!
+!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&d!!!#*!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"H!!!!LJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!A`!!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!'!!!!#-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!"K!!!!M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!BJ!
+!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'-!!!#2!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"N!!!!N!!#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'8!!!#4!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!"Q!!!!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!!C`!!!*-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'J
+!!!#8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"T!!!!P3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!DJ!!!*B#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'X!!!#A!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!"X!!!!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!!E3!!!*N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'i
+!!!#D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"[!!!!Q`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!F!!!!*`#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(%!!!#G!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!"b!!!!RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!!F`!!!*m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(3
+!!!#J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"e!!!!S3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!GJ!!!+)#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(F!!!#M!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!"i!!!!T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!!H3!!!+8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(S
+!!!#Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"l!!!!T`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!I!!!!+J#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(d!!!#T!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!"q!!!!UJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!!I`!!!+X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)!
+!!!#X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#"!!!!V3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!JJ!!!+i#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)-!!!#[!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!#%!!!!X!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!!K3!!!,%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)B
+!!!#b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#(!!!!X`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!L!!!!,3#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)N!!!#e!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!#+!!!!YJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!!L`!!!,F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)`
+!!!#i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#0!!!!Z3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!MJ!!!,S#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)m!!!#l!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!#3!!!!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!*%!!!#p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+5!!!![J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!N`!!!,m#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*3!!!$!!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#9!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!PJ!!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!*F!!!$$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+B!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Q3!!!-8#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*S!!!$'!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#E!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!R!!!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!*d!!!$*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+H!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!R`!!!-X#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+!!!!$-!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#K!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!SJ!!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!+-!!!$2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+N!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!T3!!!0%#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+B!!!$5!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#R!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!U!!!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!+N!!!$9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+U!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!U`!!!0F#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+`!!!$B!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#Y!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!VJ!!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!+m!!!$E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+`!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!X3!!!0d#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,)!!!$H!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#c!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!Y!!!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!,8!!!$K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+f!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Y`!!!1-#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,J!!!$N!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#j!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!ZJ!!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!,X!!!$R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#
+m!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!![3!!!1N#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,i!!!$U!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#r!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!`!!!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!-%!!!$Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+#!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!``!!!1m#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-3!!!$`!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$&!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!aJ!!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!-F!!!$c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+)!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!b3!!!28#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-S!!!$f!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$,!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!c!!!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!-d!!!$j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+1!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!c`!!!2X#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0!!!!$m!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$4!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!dJ!!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!0-!!!$r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+8!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!e3!!!3%#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0B!!!%#!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$A!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!f!!!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!0N!!!%&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+D!!!""J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!f`!!!3F#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0`!!!%)!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$G!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!hJ!!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!0m!!!%,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+J!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!i3!!!3d#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1)!!!%1!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$M!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!j!!!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!18!!!%4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+Q!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!j`!!!4-#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1J!!!%8!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$T!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!kJ!!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!1X!!!%A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+X!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!l3!!!4N#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1i!!!%D!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$[!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!m!!!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!2%!!!%G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+b!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!m`!!!4m#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!23!!!%J!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$e!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!pJ!!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!2F!!!%M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+i!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!q3!!!58#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2S!!!%Q!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$l!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!!r!!!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!2d!!!%T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$
+q!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!r`!!!5X#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3!!!!%X!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%"!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"!J!!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!3-!!!%[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+%!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!""3!!!6%#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3B!!!%b!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%(!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"#!!!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!3N!!!%e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
++!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"#`!!!6F#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3`!!!%i!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%0!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"$J!!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!3m!!!%l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+3!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"%3!!!6d#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4)!!!%q!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%6!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"&!!!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!48!!!&"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+@!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"&`!!!8-#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4J!!!&%!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%C!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"'J!!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!4X!!!&(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+F!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"(3!!!8N#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4i!!!&+!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%I!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!")!!!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!5%!!!&0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+L!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!")`!!!8m#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!53!!!&3!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%P!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"*J!!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!5F!!!&6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+S!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"+3!!!98#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5S!!!&@!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%V!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!",!!!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!5d!!!&C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+Z!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!",`!!!9X#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6!!!!&F!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%a!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"-J!!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!6-!!!&I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+d!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"03!!!@%#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6B!!!&L!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%h!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"1!!!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!6N!!!&P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%
+k!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"1`!!!@F#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6`!!!&S!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%p!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"2J!!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!6m!!!&V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&
+!!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"33!!!@d#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8)!!!&Z!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&$!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"4!!!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!88!!!&a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&
+'!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"4`!!!A-#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8J!!!&d!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&*!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"5J!!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!8X!!!&h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&
+-!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"63!!!AN#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8i!!!&k!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&2!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"8!!!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!9%!!!&p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&
+5!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"8`!!!B!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!93!!!'"!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&9!!!"JJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"9J!!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!9F!!!'%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&
+B!!!"K3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"@3!!!BB#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9S!!!'(!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&E!!!"L!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"A!!!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!9d!!!'+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&
+H!!!"L`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"A`!!!B`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@!!!!'0!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&K!!!"MJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!#!!"BJ!!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!J!!@-!!!'3!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!
+"C!!!!C%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@8!!!'5!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&Q!!!"N`)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"C`!!!C3#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!J!!@J!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!)!!&T!!!"PJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!
+"DJ!!!CF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@X!!!'B!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&X!!!"Q3)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"E3!!!CS#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!J!!@i!!!'E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!)!!&[!!!"R!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!
+"F!!!!Cd#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!A%!!!'H!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&b!!!"R`)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"F`!!!D3#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!J!!A3!!!'Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!)!!&e!!!"T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!!
+!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!
+!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!!
+!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!U!!!!+`!!!#`!!!!Y!!!
+!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!f!!!!0`!!!$J!!!!j!!!
+!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"#!!!!3`!!!%3!!!"&!!!
+!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"1!!!!6`!!!&!!!!"4!!!
+!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"D!!!!@`!!!&`!!!"G!!!
+!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"Q!!!!C`!!!'J!!!"T!!!
+!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"b!!!!F`!!!(3!!!"e!!!
+!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"q!!!!I`!!!)!!!!#"!!!
+!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#+!!!!L`!!!)`!!!#0!!!
+!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!!PJ!!!*F!!!#B!!!!Q3!
+!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!!SJ!!!+-!!!#N!!!!T3!
+!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m!!!#`!!!!X3!
+!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X!!!#m!!!![3!
+!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!!aJ!!!-F!!!$)!!!!b3!
+!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!!dJ!!!0-!!!$8!!!!e3!
+!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3!
+!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3!
+!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!$i!!!!q3!
+!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"!J!!!3-!!!%%!!!""3!
+!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!"$J!!!3m!!!%3!!!"%3!
+!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!"'J!!!4X!!!%F!!!"(3!
+!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!"*J!!!5F!!!%S!!!"+3!
+!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!"-J!!!6-!!!%d!!!"03!
+!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!"2J!!!6m!!!&!!!!"33!
+!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!"5J!!!8X!!!&-!!!"63!
+!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!"9J!!!9F!!!&B!!!"@3!
+!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!"BJ!!!@-!!!&N!!!"C3!
+!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3!
+!!A)!!!&c!!!"G!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!"G3!!!B!)!!!!#!!"G3!!!GS!!3!F!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!#!!!!3J!!!))!!!$#!!!"!J!!!8)!!!'#!!!"`J!!!J)!!!*#!!!#JJ
+!!!X)!!!-#!!!$3J!!!i)!!!2#!!!%!J!!"%)!!!5#!!!%`J!!"3)!!!9#!!!&JJ
+!!"F)!!!B#!!!'3J!!"S)!!!E#!!!(!J!!"d)!!!H#!!!(`J!!#!)!!!K#!!!)JJ
+!!#-)!!!N#!!!*3J!!#B)!!!R#!!!+!J!!#N)!!!U#!!!+`J!!#`)!!!Y#!!!,JJ
+!!#m)!!!`#!!!-3J!!$))!!!c#!!!0!J!!$8)!!!f#!!!0`J!!$J)!!!j#!!!1JJ
+!!$X)!!!m#!!!23J!!$i)!!!r#!!!3!J!!%%)!!"##!!!3`J!!%3)!!"&#!!!4JJ
+!!%F)!!")#!!!53J!!%S)!!",#!!!6!J!!%d)!!"1#!!!6`J!!&!)!!"4#!!!8JJ
+!!&-)!!"8#!!!93J!!&B)!!"A#!!!@!J!!&N)!!"D#!!!@`J!!&`)!!&d#!!!A3J
+!!&i)!!"I#!!!B!J!!'%)!!"L#!!!B`J!!'3)!!"P#!!!CJJ!!'F)!!"S#!!!D3J
+!!'S)!!"V#!!!E!J!!'d)!!"Z#!!!E`J!!(!)!!"a#!!!FJJ!!(-)!!"d#!!!G3J
+!!(B)!!"h#!!!H!J!!(N)!!"k#!!!H`J!!(`)!!"p#!!!IJJ!!(m)!!#!#!!!J3J
+!!)))!!#$#!!!K!J!!)8)!!#'#!!!K`J!!)J)!!#*#!!!LJJ!!)X)!!#-#!!!M3J
+!!)i)!!#2#!!!N!!)!!#4#!!!NJJ!!*-)!!#8#!!!P3J!!*B)!!#A#!!!Q!J!!*N
+)!!#D#!!!Q`J!!*`)!!#G#!!!RJJ!!*m)!!#J#!!!S3J!!+))!!#M#!!!T!J!!+8
+)!!#Q#!!!T`J!!+J)!!#T#!!!UJJ!!+X)!!#X#!!!V3J!!+i)!!#[#!!!X!J!!,%
+)!!#b#!!!X`J!!,3)!!#e#!!!YJJ!!,F)!!#i#!!!Z3J!!,S)!!#l#!!![!J!!,d
+)!!#q#!!![`J!!-!)!!$"#!!!`JJ!!--)!!$%#!!!a3J!!-B)!!$(#!!!b!J!!-N
+)!!$+#!!!b`J!!-`)!!$0#!!!cJJ!!-m)!!$3#!!!d3J!!0))!!$6#!!!e!J!!08
+)!!$@#!!!e`J!!0J)!!$C#!!!fJJ!!0X)!!$F#!!!h3J!!0i)!!$I#!!!i!J!!1%
+)!!$L#!!!i`J!!13)!!$P#!!!jJJ!!1F)!!$S#!!!k3J!!1S)!!$V#!!!l!J!!1d
+)!!$Z#!!!l`J!!2!)!!$a#!!!mJJ!!2-)!!$d#!!!p3J!!2B)!!$h#!!!q!J!!2N
+)!!$k#!!!q`J!!2`)!!$p#!!!rJJ!!2m)!!%!#!!"!3J!!3))!!%$#!!""!J!!38
+)!!%'#!!""`J!!3J)!!%*#!!"G3J!!3S)!!%,#!!"$!J!!3d)!!%1#!!"$`J!!4!
+)!!%4#!!"%JJ!!4-)!!%8#!!"&3J!!4B)!!%A#!!"'!J!!4N)!!%D#!!"'`J!!4`
+)!!%G#!!"(JJ!!4m)!!%J#!!")3J!!5))!!%M#!!"*!J!!58)!!%Q#!!"*`J!!5J
+)!!%T#!!"+JJ!!5X)!!%X#!!",3J!!5i)!!%[#!!"-!J!!6%)!!%b#!!"-`J!!63
+)!!%e#!!"0JJ!!6F)!!%i#!!"13J!!6S)!!%l#!!"2!J!!6d)!!%q#!!"2`J!!8!
+)!!&"#!!"3JJ!!8-)!!&%#!!"43J!!8B)!!&(#!!"5!J!!8N)!!&+#!!"5`J!!8`
+)!!&0#!!"6JJ!!8m)!!&3#!!"83J!!9))!!&6#!!"9!J!!98)!!&@#!!"9`J!!9J
+)!!&C#!!"@JJ!!9X)!!&F#!!"A3J!!9i)!!&I#!!"B!J!!@%)!!&L#!!"B`J!!@3
+)!!&P#!!"CJJ!!@F)!!&S#!!"D3J!!@S)!!&V#!!"E!J!!@d)!!&Z#!!"E`J!!A!
+)!!&a#!!"FJJ!!A-#!!!"!!!!!3)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!J!!!J!!!!)#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!3!!!!!!!!!!!)!!!-
+!!!!$!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!#!!!%!!!!"!)"!!!
+!!!!"!!%$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!"3!!!!8#!3!!!!!!!3!"!`!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!B!!!!'!J%!!!!!!!%!!3-!!!!!!!!!!!!
+!!!!&!!!!!!!!!!!#!!!(!!!!"`)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!#!!!!!J#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!8!!!!!!!!!!!)!!!N
+!!!!*!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!#!!!+!!!"I`)"!!!
+!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!#`!!!DN#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!`!!!'U!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!#!!!0!!!"U`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!$J!!!D`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!m
+!!!'Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!3!!!"VJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!%3!!!Dm#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!")!!!'`!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!#!!!6!!!"X3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!&!!!!E)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"8
+!!!'c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!@!!!"Y!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!&`!!!E8#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"J!!!'f!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!#!!!C!!!"Y`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!'J!!!EJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"X
+!!!'j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!F!!!"ZJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!(3!!!EX#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"i!!!'m!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!#!!!I!!!"[3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!)!!!!Ei#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#%
+!!!'r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!L!!!"`!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!)`!!!F%#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#3!!!(#!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!#!!!P!!!"``)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!*J!!!F3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#F
+!!!(&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!S!!!"aJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!+3!!!FF#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#S!!!()!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!#!!!V!!!"b3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!,!!!!FS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#d
+!!!(,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!Z!!!"T3)"!!!
+!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!,`!!!F`#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!$!!!!(0!J%!!!!!!!%!!3-!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!#!!!a!!!"cJ)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!J!!-J!!!Fm#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!$-
+!!!(p"!%!!!!!!!!!!3-!!!!!!!!!!!!!!!#"!!!!!!!!!!!#!!!d!!!"rJ3"!!!
+!!!!!!!%$!!!!!!!!!!!!!!!!J3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!J)!!J!!!!!#!`!&!!!
+!!!)%!!`!!!!!!J8!#J!!!!!#"J!#!!!!!!)(!!8!!!!!!JJ!!J!!!!!##3!'!!!
+!!!)+!!d!!!!!!JX!"3!!!!!#$!!&!!!!!!)0!!%!!!!!!Ji!!3!!!!!#$`!(!!!
+!!!)3!!J!!!!!!K%!"3!!!!!#%J!#!!!!!!)6!!)!!!!!!K3!#!!!!!!#&3!"!!!
+!!!)@!!%!!!!!!KF!#!!!!!!#'!!*!!!!!!)C!!3!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!"jJF!!!%!!!!!!!!!!!!!!!!!!!!!Y0m2&2rrr[B
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(R#!!!!3!!!!!!!!!!!!!!!!!!!!#
+dh`m8rrr13J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!!"i!!!!!(L!!!
+!!H%!!!!"j!!!!!(P!!!!!H-!!!!"jJ!!!!(R!!%!!!!b8Np29!!!!!!!!!!!!!!
+!!!C(8P93!!!!!!!!!!%18Qpj*h-J4f9d5&488&-!!!!%4NP-43%!!D*'58a&!3!
+"SdC*6%8"!!'K4NP-43%!!D"(8P93!!!!!!!!!!)66h"PEP066#""F("XD@0KG'P
+[EJ!!!#0'58a&!J!!(%C*6%8#!!!U4NP-43)!!!e'58a&!J!!)%C*6%8#!!!54NP
+-43)!!"0'58a&!J!!&NC*6%8#!!!B4NP-43)!!"G'58a&!J!!$NC*6%8#!!!H4NP
+-43)!!"&'58a&!J!!%%C*6%8#!!!K4NP-43)!!"4'58a&!J!!&8C*6%8#!!!X4NP
+-43)!!"T'58a&!J!!'8C*6%8#!!!S4NP-43)!!#G'58a&!J!!*%C*6%8#!!!Y4NP
+-43)!!!Y'58a&!J!!*NC*6%8#!!!T4NP-43)!!!a'58a&!J!!+dC*6%8#!!!L4NP
+-43)!!!p'58a&!J!!'dC*6%8#!!!G4NP-43)!!"p'58a&!J!!*8C*6%8#!!!M4e*
+98!!!!!!!!!!$%8p`C@j68d`J6'PLFQ&bD@9c!!!!"%G599!!!!!!!!!!"!038%-
+!!!!#4NP-43)!!$0'58a&!J!!0%G599!!!!!!!!!!"3-f1'X!!!!#4NP-438!!#"
+'58a&"3!!(dG599!!!!!!!!!!"JCMFRP`G'm!!!!S4NP-43%!!Aa'58a&!3!"INC
+*6%8"!!'N4NP-43%!!Cp'58a&!3!"I8C*6%8"!!&l4e*98!!!!!!!!!!("'&cEM%
+!!!"A4NP-43%!!$j'58a&!3!!-8C*6%8"!!"&4NP-43%!!$P'58a&!3!!3dC*6%8
+"!!!m4NP-43%!!$p'58a&!3!!3%C*6%8"!!"%4NP-43%!!%&'58a&!3!!0dC*6%8
+"!!!e4NP-43%!!$Y'58a&!3!!-NC*6%8"!!!i4NP-43%!!%K'58a&!3!!4NC*6%8
+"!!"#4NP-43%!!$C'58a&!3!!4dC*6%8"!!')4NP-43%!!("'58a&!3!!I%C*6%8
+"!!"i4NP-43%!!(T'58a&!3!!H8C*6%8"!!"a4NP-43%!!(C'58a&!3!!FNC*6%8
+"!!"p4NP-43%!!B&'58a&!3!!FdC*6%8"!!"e4NP-43%!!(Y'58a&!3!!A8C*6%8
+"!!"04NP-43%!!&P'58a&!3!!6NC*6%8"!!"D4NP-43%!!%p'58a&!3!!@dC*6%8
+"!!"34NP-43%!!&a'58a&!3!!5dC*6%8"!!"A4NP-43%!!%a'58a&!3!!@%C*6%8
+"!!"Z4NP-43%!!'p'58a&!3!"LNC*6%8"!!"X4NP-43%!!'e'58a&!3!"L8C*6%8
+"!!',4NP-43%!!'9'58a&!3!!D8C*6%8"!!"S4NP-43%!!'G'58a&!3!!BdC*6%8
+"!!"N4NP-43%!!'&'58a&!3!!DNC*6%8"!!"L4NP-43%!!'C'58a&!3!!8dC*6%8
+"!!"84NP-43%!!&9'58a&!3!!9NC*6%8"!!"*4NP-43%!!%T'58a&!3!!ANC*6%8
+"!!"54NP-43%!!$T'58a&!3!!GdC*6%8"!!!c4NP-43%!!(4'58a&!3!!,dC*6%8
+"!!!Z4NP-43%!!#e'58a&!3!!28C*6%8"!!!d4NP-43%!!Ba'58a&!3!!88C*6%8
+"!!!`4NP-43%!!&p'58a&!3!!B%C*6%8"!!"V4e*98!!!!!!!!!!)!Q*Q!!!!"8C
+*6%8"!!##4NP-43%!!(p'58a&!3!!J%C*6%8"!!"q4NP-43%!!)&(8P93!!!!!!!
+!!!N$BQP[!!!!$NC*6%8"!!#%4NP-43%!!Be'58a&!3!!JdC*6%8"!!'14NP-43%
+!!C&'58a&!3!"MdC*6%8"!!'3!%C*6%8"!!#&4NP-43%!!C*'58a&!3!"J%C*6%8
+"!!'(4NP-43%!!C9'58a&!3!"NdC*6%8"!!'84e*98!!!!!!!!!!+!Q*Z!!!!&%C
+*6%8"!!#'4NP-43%!!)P'58a&!3!!LdC*6%8"!!#14NP-43%!!DC'58a&!3!!N8C
+*6%8"!!#64NP-43%!!*4'58a&!3!!PNC*6%8"!!#B4NP-43%!!)K'58a&!3!!M8C
+*6%8"!!#54NP-43%!!)T'58a&!3!!PdC*6%8"!!#(4NP-43%!!*9'58a&!3!!MdC
+*6%8"!!#3!%C*6%8"!!#-4e*98!!!!!!!!!!,"Q*eCQCPFJ!!!!*'58a&!3!!Q8C
+*6%8"!!#D4e*98!!!!!!!!!!-"'0KFh3!!!!&4NP-43%!!*p'58a&!3!!R%C*6%8
+"!!#G4NP-43%!!*Y'58a&!3!!RNG599!!!!!!!!!!$34MEfe`!!!!!dC*6%8"!!#
+J4NP-43%!!+&'58a&!3!!SNG599!!!!!!!!!!$J4MEfjQ!!!!!NC*6%8"!!#M4NP
+-43%!!+4(8P93!!!!!!!!!!m$C'9c!!!!'NC*6%8"!!#P4NP-43%!!+C'58a&!3!
+!U%C*6%8"!!#T4NP-43%!!+Y'58a&!3!!V%C*6%8"!!#Z4NP-43%!!CC'58a&!3!
+!VdC*6%8"!!#b4NP-43%!!,0'58a&!3!!Y%C*6%8"!!#e4NP-43%!!,C'58a&!3!
+!Z%C*6%8"!!#j4NP-43%!!,T'58a&!3!!UNC*6%8"!!#`4NP-43%!!,G'58a&!3!
+![8C*6%8"!!#l4NP-43%!!+G'58a&!3!!X8C*6%8"!!#m4NP-43%!!+e(8P93!!!
+!!!!!!"!#C'J!!!!&4NP-43%!!-"'58a&!3!!`8C*6%8"!!$#4NP-43%!!,j'58a
+&!3!![dG599!!!!!!!!!!%30NFf%!!!!)4NP-43%!!-9'58a&!3!!aNC*6%8"!!$
+(4NP-43%!!-0'58a&!3!!b8C*6%8"!!$)4NP-43%!!-4'58a&!3!"JNG599!!!!!
+!!!!!%J0PFR)!!!!$4NP-43%!!-T'58a&!3!!bdC*6%8"!!$-4e*98!!!!!!!!!!
+6!f9fF!!!!$p'58a&!3!!ddC*6%8"!!$54NP-43%!!04'58a&!3!!eNC*6%8"!!$
+V4NP-43%!!0e'58a&!3!!j%C*6%8"!!$c4NP-43%!!1a'58a&!3!!hNC*6%8"!!$
+P4NP-43%!!24'58a&!3!!k%C*6%8"!!$D4NP-43%!!2G'58a&!3!"!NC*6%8"!!$
+K4NP-43%!!2"'58a&!3!!q%C*6%8"!!$Y4NP-43%!!0p'58a&!3!!jNC*6%8"!!$
+e4NP-43%!!1P'58a&!3!!fdC*6%8"!!$L4NP-43%!!2&'58a&!3!!kNC*6%8"!!$
+F4NP-43%!!10'58a&!3!!mNC*6%8"!!$Z4NP-43%!!1"'58a&!3!!jdC*6%8"!!$
+f4NP-43%!!2j'58a&!3!!qdC*6%8"!!$m4NP-43%!!3"'58a&!3!"!8C*6%8"!!$
+j4NP-43%!!2T'58a&!3!!r8C*6%8"!!$r4NP-43%!!3C'58a&!3!""dC*6%8"!!%
+)4NP-43%!!3P'58a&!3!""8C*6%8"!!%%4NP-43%!!30'58a&!3!!cdC*6%8"!!$
+04NP-43%!!-j'58a&!3!!e8C*6%8"!!$[4NP-43%!!0&'58a&!3!!edC*6%8"!!$
+34NP-43%!!0P'58a&!3!!f%C*6%8"!!'A4NP-43%!!CK(8P93!!!!!!!!!"3%D'e
+KB`!!!!&'58a&!3!"#NG599!!!!!!!!!!&34TC'9K!!!!"8C*6%8"!!%,4NP-43%
+!!3a'58a&!3!"$NC*6%8"!!%04NP-43%!!3p(8P93!!!!!!!!!"B&E'KKFfJ!!!!
+#4NP-43%!!4"'58a&!3!"%8G599!!!!!!!!!!&`0YC$)!!!!#4NP-43%!!4*'58a
+&!3!"%dG599!!!!!!!!!!'!0YC$8!!!!#4NP-43%!!44'58a&!3!"&8G599!!!!!
+!!!!!'34YC'-b!!!!!NC*6%8"!!%@4NP-43%!!4G(8P93!!!!!!!!!"S(Ef*UC@0
+dF`!!!!4'58a&!3!"'dC*6%8"!!%B4NP-43%!!4T'58a&!3!"'8G599!!!!!!!!!
+!'`0`C@d!!!!'4NP-43%!!5&'58a&!3!")%C*6%8"!!%H4NP-43%!!4p'58a&!3!
+"(%C*6%8"!!%G4e*98!!!!!!!!!!F"R"VBh-a-J!!!""'58a&!3!")NC*6%8"!!%
+M4NP-43%!!54'58a&!3!"*8C*6%8"!!%Q4NP-43%!!5G'58a&!3!"+%C*6%8"!!%
+T4NP-43%!!5T'58a&!3!"+dC*6%8"!!%X4NP-43%!!5e'58a&!3!",NC*6%8"!!%
+[4NP-43%!!CP'58a&!3!"-%G599!!!!!!!!!!(39`Df0c0`!!!!C'58a&!3!"-NC
+*6%8"!!%c4NP-43%!!6&'58a&!3!"R%C*6%8"!!'D4NP-43%!!CY(8P93!!!!!!!
+!!"i%FQ&ZC!!!!!4'58a&!3!"0%C*6%8"!!%e4NP-43%!!6C'58a&!3!"TdG599!
+!!!!!!!!!(`0bBc)!!!!&4NP-43%!!6T'58a&!3!"1dC*6%8"!!%j4NP-43%!!6G
+'58a&!3!"1%G599!!!!!!!!!!)!0bBc3!!!!#4NP-43%!!6e'58a&!3!"2%G599!
+!!!!!!!!!)30bBc8!!!!&4NP-43%!!8*'58a&!3!"3%C*6%8"!!&"4NP-43%!!6j
+'58a&!3!"2dG599!!!!!!!!!!)JCbDA"PE@3!!!!#4NP-43%!!80'58a&!3!"4%G
+599!!!!!!!!!!)`0bFf%!!!!-4NP-43%!!89'58a&!3!"4dC*6%8"!!&)4NP-43%
+!!8e'58a&!3!"6%C*6%8"!!&'4NP-43%!!8Y'58a&!3!"6NC*6%8"!!&*4NP-43%
+!!8T'58a&!3!"R8C*6%8"!!'H4e*98!!!!!!!!!!N!h0SB3!!!!4'58a&!3!"88C
+*6%8"!!&24NP-43%!!9*'58a&!3!"8%G599!!!!!!!!!!*39cG'&MD`!!!!&'58a
+&!3!"8dG599!!!!!!!!!!*JCdH(4IC')!!!!"4NP-43%!!94(8P93!!!!!!!!!#F
+%H$8`13!!!"9'58a&!3!"A%C*6%8"!!&E4NP-43%!!@&'58a&!3!"@NC*6%8"!!&
+J4NP-43%!!@*'58a&!3!"JdC*6%8"!!&Q4NP-43%!!@0'58a&!3!"@%C*6%8"!!&
+G4NP-43%!!9G'58a&!3!"C8C*6%8"!!&H4NP-43%!!9P'58a&!3!"AdC*6%8"!!&
+R4NP-43%!!@4'58a&!3!"K%C*6%8"!!&94NP-43%!!9C(8P93!!!!!!!!!#J'H$8
+`1ABc!!!!&8C*6%8"!!&V4NP-43%!!@a'58a&!3!"E8C*6%8"!!&a4NP-43%!!A0
+'58a&!3!"G8C*6%8"!!&h4NP-43%!!AT'58a&!3!"D%C*6%8"!!&b4NP-43%!!@T
+'58a&!3!"H%C*6%8"!!&T4NP-43%!!AC'58a&!3!"G%C*6%8"!!&`4NP-43%!!AP
+'58a&!3!"ENC*6%8"!!&[4NP-43%!!B9'58a&!3!"KNG599!!!!!!!!!!+30cFf`
+!!!!M4NP-43%!!"0'58a&!3!!&8C*6%8"!!!34NP-43%!!"*'58a&!3!!%8C*6%8
+"!!!84NP-43%!!"T'58a&!3!!(%C*6%8"!!!A4NP-43%!!"P'58a&!3!!'%C*6%8
+"!!!E4NP-43%!!"C'58a&!3!!$8C*6%8"!!!24NP-43%!!!Y'58a&!3!!$%C*6%8
+"!!!14NP-43%!!#Y'58a&!3!!,%C*6%8"!!!S4NP-43%!!#T'58a&!3!!+8C*6%8
+"!!!M4NP-43%!!#*'58a&!3!!(dC*6%8"!!!P4NP-43%!!#"'58a&!3!!*NC*6%8
+"!!!N4NP-43%!!"j'58a&!3!!*dC*6%8"!!!G4NP-43%!!!T'58a&!3!!)8G599!
+!!!!!!!!!+Jj(990*)%aTBR*KFQPPF`!!!!0'58a&!J!!,dG599!!!!!!!!!!+`0
+38%-!!!!$4NP-43)!!$"'58a&!J!!-8C*6%8#!!!b4e*98!!!!!!!!!!X!cBiD`!
+!!!0'58a&"3!!&%C*6%8&!!!94NP-438!!"C(8P93!!!!!!!!!#d138j655"-D@*
+bBA*TCA-!!!!#4e*98!!!!!!!!!!Z!e"33`!!!!*'58a&!3!!!8C*6%8"!!&r4e*
+98!!!!!!!!!![!cBiD`!!!!*'58a&!`!"S%C*6%8$!!'K4e*98!!!!!!!!!!`$8e
+KBb"-D@*bBA*TCA-!!!!#4e*98!!!!!!!!!!a!e"33`!!!!P'58a&!3!!"%C*6%8
+"!!!#4NP-43%!!!0'58a&!3!!#8C*6%8"!!!)4NP-43%!!!G'58a&!3!!"NC*6%8
+"!!!&4NP-43%!!D9(8P93!!!!!!!!!$)$0MKV!!!!"NC*6%8$!!'D4NP-43-!!D*
+'58a&!`!"R%C*6%8$!!'G4NP-43-!!Cp'58a&!`!"Q`!!!!!!!!!!!!!!Y,T3!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!#"J%#!!!c"`%#!!!d!!!!!J3""3!!)!J""3!!(`!!!HF
+!!!)!!!!6e`!!&!!!!!(R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$*!!!!i!!!&0i
+!!"J!!!!!b3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!H!"!!!"!!!!!!!!!!!
+!"!!"!!!"k,6I$a6rrqXL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"i3)!!!%
+!!!!!!!!!!!!%!!%!!!(dY0m2*3!!DlF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!(L!`!!!3!!!!!!!!!!!!3!!3!!!I@dh`m8!!!`R3!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!H-%!!!"!!!!!!!!!!!!"!!"!!!"ql6I$a6rrjeI!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!"j!8!!!%!!!!!!!!!!!!%!!%!!!(mY0m2*IrrcT!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"j3B!!!%!!!!!!!!!!!!%!!%!!!(
+pY0m2&2rrVV8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(Q"`!!!3!!!!!!!!!
+!!!3!!3!!!Ikdh`m8rrrqpJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!HF)!!!
+"!!!!!!!!!!!!"!!"!!!"rl6I$a6rrmj#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!"+!!!'!"YFh4b!!!!!!!!!!!!!!!!!!!C+!!!#S"YFh4X!!!!!!!!!!!!!!!
+!!!!MU!!!!i"YFh4Z!!!!!!!!!!!!!!!!!!!R+!!!'!"YFh4b!!!$k!!!!!!!!!!
+!!!!r+!!!'B"YFh4X!!!$k!!!!!!!!!!!!!%0dJ!!#)"YFh4Z!!!$k!!!!!!!!!!
+!!!"E+!!!"4"`FQ9Q!!jqcJ!!!!%!!!!!!!"J1!!!!!K`FQ9Q!!i,hJ!!!!)!!!!
+!!!"J3!!!!"T`FQ9Q!!i*C!!!!!-!!!!!!!"J@J!!$+"`FQ9Q!!j"B3!!!!3!!!!
+!!!"XqJ!!"K4`FQ9Q!!kHI3!!!!8!!!!!!!"c$J!!#*C`FQ9Q!!j,f`!!!!B!!!!
+!!!"lT!!!!3G`FQ9Q!!ihQJ!!!!F!!!!!!!"mU`!!!b"`FQ9Q!!iT1`!!!!J!!!!
+!!!"rb`!!!"4`FQ9Q!!jZi!!!!!N!!!!!!!"rh`!!!!T`FQ9Q!!jf-!!!!!S!!!!
+!!!"rk3!!!!a`FQ9Q!!k$&3!!!!X!!!!!!!"rp3!!!!j`FQ9Q!!l6V!!!!!`!!!!
+!!!#!!`!!!3C`FQ9Q!!l9e3!!!!d!!!!!!!#"#3!!!$j`FQ9Q!!k(*3!!!!i!!!!
+!!!#"4`!!!!j`FQ9Q!!j"33!!!!m!!!!!!!#"93!!!GT`FQ9Q!!jMQ`!!!"!!!!!
+!!!#$,`!!!'*`FQ9Q!!iIT3!!!"%!!!!!!!#$N3!!!"4`FQ9Q!!i)0`!!!")!!!!
+!!!#$T3!!!!T`FQ9Q!!k[Z3!!!"-!!!!!!!#$V`!!!!a`FQ9Q!!kCE!!!!"3!!!!
+!!!#$Z`!!!-T`FQ9Q!!jHY`!!!"8!!!!!!!#%K3!!!4K`FQ9Q!!kSh!!!!"B!!!!
+!!!#&R3!!!+K`FQ9Q!!j(T3!!!"F!!!!!!!#'43!!!#j`FQ9Q!!i#aJ!!!"J!!!!
+!!!#'F`!!!Ja`FQ9Q!!lpS`!!!"N!!!!!!!#)I`!!4J"YG("X!!!!!3!!!!!!!!!
+!!!$1I`!!"`"YG("c!!!!!3!!!!!!!!!!!!$9I`!!!""YG("T!!!!!3!!!!!!!!!
+!!!$9M`!!"TaYG'a[!!!!!3!!!!!!!!!!!!$F+`!!!#"YG(0X!!!!!3!!!!!!!!!
+!!!$F5`!!"4"`FQ9Q!!klZ`!!!"S!!!!!!!$K@`!!!!K`FQ9Q!!lq$`!!!"X!!!!
+!!!$KB`!!!"T`FQ9Q!!lTR!!!!"`!!!!!!!$KI3!!%0"`FQ9Q!!jkK!!!!"d!!!!
+!!!$b63!!"K4`FQ9Q!!lQ%3!!!"i!!!!!!!$iB3!!#*C`FQ9Q!!l4QJ!!!"m!!!!
+!!!%!p`!!!3G`FQ9Q!!l9lJ!!!#!!!!!!!!%"rJ!!!b"`FQ9Q!!i2K!!!!#%!!!!
+!!!%&(J!!!"4`FQ9Q!!kki3!!!#)!!!!!!!%&-J!!!!T`FQ9Q!!lUEJ!!!#-!!!!
+!!!%&2!!!!!a`FQ9Q!!l+`J!!!#3!!!!!!!%&5!!!!!j`FQ9Q!!j@3J!!!#8!!!!
+!!!%&9J!!!3C`FQ9Q!!kR#`!!!#B!!!!!!!%'A!!!!$j`FQ9Q!!i993!!!#F!!!!
+!!!%'QJ!!!!j`FQ9Q!!km6J!!!#J!!!!!!!%'U!!!!GT`FQ9Q!!kq6J!!!#N!!!!
+!!!%)JJ!!!'*`FQ9Q!!lXDJ!!!#S!!!!!!!%)j!!!!"4`FQ9Q!!lEH!!!!#X!!!!
+!!!%)q!!!!!T`FQ9Q!!i6c`!!!#`!!!!!!!%*!J!!!!a`FQ9Q!!iSA!!!!#d!!!!
+!!!%*$J!!!-T`FQ9Q!!i15!!!!#i!!!!!!!%*f!!!!4K`FQ9Q!!i#2!!!!#m!!!!
+!!!%+m!!!!+K`FQ9Q!!l,'3!!!$!!!!!!!!%,Q!!!!#j`FQ9Q!!l[K3!!!$%!!!!
+!!!%,aJ!!!Ja`FQ9Q!!kqX!!!!$)!!!!!!!0#I!!!#J"YG("X!!!!!J!!!!!!!!!
+!!!"BU!!!!3"YG("c!!!!!J!!!!!!!!!!!!"CU!!!!""YG("T!!!!!J!!!!!!!!!
+!!!%BiJ!!!0"YG'a[!!!!!J!!!!!!!!!!!!%CXJ!!!#"YG(0X!!!!!J!!!!!!!!!
+!!!%CdJ!!"4"`FQ9Q!!lk53!!!$-!!!!!!!%HiJ!!!!K`FQ9Q!!ibfJ!!!$3!!!!
+!!!%HkJ!!!"T`FQ9Q!!j($3!!!$8!!!!!!!%I"!!!$+"`FQ9Q!!ipM3!!!$B!!!!
+!!!%VT!!!"K4`FQ9Q!!kR*3!!!$F!!!!!!!%aZ!!!#5C`FQ9Q!!lqqJ!!!$J!!!!
+!!!%khJ!!!3G`FQ9Q!!j"k!!!!$N!!!!!!!%lj3!!!b"`FQ9Q!!jU8`!!!$S!!!!
+!!!%r"3!!!"4`FQ9Q!!m!0!!!!$X!!!!!!!%r'3!!!!T`FQ9Q!!kBq3!!!$`!!!!
+!!!%r)`!!!!a`FQ9Q!!ia@3!!!$d!!!!!!!%r,`!!!!j`FQ9Q!!kDRJ!!!$i!!!!
+!!!%r23!!!3C`FQ9Q!!i"i`!!!$m!!!!!!!&!3`!!!$j`FQ9Q!!ja`3!!!%!!!!!
+!!!&!J3!!!!j`FQ9Q!!lI4!!!!%%!!!!!!!&!M`!!!GT`FQ9Q!!j[I`!!!%)!!!!
+!!!&#D3!!!'*`FQ9Q!!iXV!!!!%-!!!!!!!&#b`!!!"4`FQ9Q!!i&T`!!!%3!!!!
+!!!&#h`!!!!T`FQ9Q!!lfMJ!!!%8!!!!!!!&#k3!!!!a`FQ9Q!!km-!!!!%B!!!!
+!!!&#p3!!!-T`FQ9Q!!k+c3!!!%F!!!!!!!&$[`!!!4K`FQ9Q!!jBk`!!!%J!!!!
+!!!&%e`!!!+K`FQ9Q!!i30J!!!%N!!!!!!!&&I`!!!#j`FQ9Q!!kMJ3!!!%S!!!!
+!!!&&V3!!!Ja`FQ9Q!!jc,3!!!%X!!!!!!!&(Z3!!4J"YG("X!!!!!`!!!!!!!!!
+!!!'0Z3!!"`"YG("c!!!!!`!!!!!!!!!!!!'8Z3!!!""YG("T!!!!!`!!!!!!!!!
+!!!'8b3!!!#"YG(0X!!!!!`!!!!!!!!!!!!'8k3!!"T!!EA4XE`!!!!-!!!!!!!!
+!!!!"QhN!!!83F(*PCJ!1L,S!!!"-!!!!!!!"S)N!!!!)F(*PCJ!1iN8!!!"0!!!
+!!!!"S*%!!!!DF(*PCJ!1d&S!!!"1!!!!!!!"S+X!!"$3F(*PCJ!1Rh-!!!"2!!!
+!!!!"XAX!!!B8F(*PCJ!1P(-!!!"3!!!!!!!"Yim!!!NQF(*PCJ!1LkB!!!"4!!!
+!!!!"`,8!!!%(F(*PCJ!1VAF!!!"5!!!!!!!"`E`!!!-JF(*PCJ!1ejm!!!"6!!!
+!!!!"a0`!!!!8F(*PCJ!1FbF!!!"8!!!!!!!"a2!!!!!+F(*PCJ!1@,m!!!"9!!!
+!!!!"a2S!!!!-F(*PCJ!1VG`!!!"@!!!!!!!"a3B!!!!1F(*PCJ!1@GJ!!!"A!!!
+!!!!"a43!!!%'F(*PCJ!1G1)!!!"B!!!!!!!"aKS!!!!qF(*PCJ!1CB`!!!"C!!!
+!!!!"aPJ!!!!1F(*PCJ!1*2X!!!"D!!!!!!!"aQB!!!(DF(*PCJ!19#X!!!"E!!!
+!!!!"b%!!!!"LF(*PCJ!1mb!!!!"F!!!!!!!"b+)!!!!8F(*PCJ!1m`8!!!"G!!!
+!!!!"b,B!!!!+F(*PCJ!1fHN!!!"H!!!!!!!"b-!!!!!-F(*PCJ!1$)-!!!"I!!!
+!!!!"b-`!!!$+F(*PCJ!1%CN!!!"J!!!!!!!"bCB!!!%BF(*PCJ!1Y5%!!!"K!!!
+!!!!"bUi!!!#SF(*PCJ!1$e8!!!"L!!!!!!!"beB!!!!ZF(*PCJ!1VXF!!!"M!!!
+!!!!"bi3!!!)-F(*PCJ!1YBi!!!"N!!!!!!!"cC!!!!!+!'edF'`!!!!%!!!!!!!
+!!!!!!GH3!!!!!3"YG("c!!!!"!!!!!!!!!!!!!(BN!!!!!!3EA4`D3!!!!3!!!!
+!!!!!!!!"f+!!!!!JEA4cE!!!!!3!!!!!!!!!!!!"f-!!!!#-EA4XE`!!!!3!!!!
+!!!!!!!!"f8`!!!83F(*PCJ!1C"3!!!"P!!!!!!!"hP`!!!!)F(*PCJ!1MEF!!!"
+Q!!!!!!!"hQ3!!!!DF(*PCJ!1SV`!!!"R!!!!!!!"hRi!!"$3F(*PCJ!1NlJ!!!"
+S!!!!!!!"ldi!!!B8F(*PCJ!1G1B!!!"T!!!!!!!"p@)!!!NQF(*PCJ!1lFS!!!"
+U!!!!!!!"rSJ!!!%(F(*PCJ!1ff%!!!"V!!!!!!!"rim!!!-JF(*PCJ!1r-N!!!"
+X!!!!!!!#!Um!!!!8F(*PCJ!1r(F!!!"Y!!!!!!!#!X-!!!!+F(*PCJ!1%0B!!!"
+Z!!!!!!!#!Xd!!!!-F(*PCJ!11!J!!!"[!!!!!!!#!YN!!!!1F(*PCJ!1Lh%!!!"
+`!!!!!!!#!ZF!!!%'F(*PCJ!1,BX!!!"a!!!!!!!#!qd!!!!qF(*PCJ!1KTd!!!"
+b!!!!!!!#"#X!!!!1F(*PCJ!1%am!!!"c!!!!!!!#"$N!!!(DF(*PCJ!1HE-!!!"
+d!!!!!!!#"K-!!!"LF(*PCJ!1idJ!!!"e!!!!!!!#"R8!!!!8F(*PCJ!1AA!!!!"
+f!!!!!!!#"SN!!!!+F(*PCJ!1j"8!!!"h!!!!!!!#"T-!!!!-F(*PCJ!1Qr-!!!"
+i!!!!!!!#"Tm!!!$+F(*PCJ!1a+%!!!"j!!!!!!!#"fN!!!%BF(*PCJ!1CMm!!!"
+k!!!!!!!##)%!!!#SF(*PCJ!1XB!!!!"l!!!!!!!##5N!!!!ZF(*PCJ!1mR8!!!"
+m!!!!!!!##9F!!!)-F(*PCJ!1Z,`!!!"p!!!!!!!##f-!!!8!EA4`E!!!!!8!!!!
+!!!!!!!!!@EJ!!!#!EA4`F`!!!!8!!!!!!!!!!!!!@MJ!!!!3EA4`D3!!!!8!!!!
+!!!!!!!!#%2-!!!!JEA4cE!!!!!8!!!!!!!!!!!!#%4-!!!#!EA4XE`!!!!8!!!!
+!!!!!!!!#%C-!!!83F(*PCJ!1a$B!!!"q!!!!!!!#&U-!!!!)F(*PCJ!1ppX!!!"
+r!!!!!!!#&UX!!!!DF(*PCJ!1YK%!!!#!!!!!!!!#&X8!!"$3F(*PCJ!1UKi!!!#
+"!!!!!!!#*j8!!!B8F(*PCJ!1!fJ!!!##!!!!!!!#,DN!!!L@F(*PCJ!1bY3!!!#
+$!!!!!!!#0Mm!!!%(F(*PCJ!1D*S!!!#%!!!!!!!#0dB!!!-JF(*PCJ!1Q1)!!!#
+&!!!!!!!#1QB!!!!8F(*PCJ!1DmN!!!#'!!!!!!!#1RS!!!!+F(*PCJ!1B[N!!!#
+(!!!!!!!#1S3!!!!-F(*PCJ!1Y%%!!!#)!!!!!!!#1T!!!!!!$R"bC@B!$Z2!!!!
+!L3!!!!!!!MUH!!!""R"bC@B!$K+Q!!!!LJ!!!!!!!MZN!!!!2R"bC@B!$Y45!!!
+!L`!!!!!!!M[L!!!!$R"bC@B!$ThJ!!!!M!!!!!!!!M[`!!!"fR"bC@B!$L2p!!!
+!M3!!!!!!!Mh+!!!!BR"bC@B!$UH%!!!!MJ!!!!!!!MiX!!!!&("bC@B!$U1Q!!!
+!M`!!!!!!!Mj!!!!!#R"bC@B!$Rrm!!!!N!!!!!!!!!)q5J!!!!a`FQ9Q!!iEh`!
+!!*%!!!!!!!)q9J!!!-T`FQ9Q!!j-XJ!!!*)!!!!!!!)r)!!!!4K`FQ9Q!!jGN3!
+!!*-!!!!!!!*!1!!!!+K`FQ9Q!!i5!3!!!*3!!!!!!!*!i!!!!#j`FQ9Q!!lG5`!
+!!*8!!!!!!!*"$J!!!Ja`FQ9Q!!jL+`!!!*B!!!!!!!*$'J!!#J"YG("X!!!!"J!
+!!!!!!!!!!!*0'J!!!3"YG("c!!!!"J!!!!!!!!!!!!*1'J!!!""YG("T!!!!"J!
+!!!!!!!!!!!*1+J!!!)aYG'a[!!!!"J!!!!!!!!!!!!*1YJ!!!#"YG(0X!!!!"J!
+!!!!!!!!!!!*1eJ!!"4"`FQ9Q!!ke'`!!!*F!!!!!!!*6jJ!!!!K`FQ9Q!!iPYJ!
+!!*J!!!!!!!*6lJ!!!"T`FQ9Q!!k$'`!!!*N!!!!!!!*8#!!!%0"`FQ9Q!!iDS3!
+!!*S!!!!!!!*Nf!!!"K4`FQ9Q!!k8"3!!!*X!!!!!!!*Ul!!!#*C`FQ9Q!!iKFJ!
+!!*`!!!!!!!*cJJ!!!3G`FQ9Q!!iTD3!!!*d!!!!!!!*dL3!!!b"`FQ9Q!!i1j`!
+!!*i!!!!!!!*hU3!!!"4`FQ9Q!!jL[3!!!*m!!!!!!!*h[3!!!!T`FQ9Q!!jXAJ!
+!!+!!!!!!!!*ha`!!!!a`FQ9Q!!jr'`!!!+%!!!!!!!*hd`!!!!j`FQ9Q!!k0TJ!
+!!+)!!!!!!!*hi3!!!3C`FQ9Q!!i0!3!!!+-!!!!!!!*ij`!!!$j`FQ9Q!!j!f3!
+!!+3!!!!!!!*j*3!!!!j`FQ9Q!!k[33!!!+8!!!!!!!*j-`!!!GT`FQ9Q!!iY93!
+!!+B!!!!!!!*l$3!!!'*`FQ9Q!!i`KJ!!!+F!!!!!!!*lE`!!!"4`FQ9Q!!jK6!!
+!!+J!!!!!!!*lJ`!!!!T`FQ9Q!!kKkJ!!!+N!!!!!!!*lM3!!!!a`FQ9Q!!k[X3!
+!!+S!!!!!!!*lQ3!!!-T`FQ9Q!!iUj!!!!+X!!!!!!!*mB`!!!4K`FQ9Q!!iAM3!
+!!+`!!!!!!!*pH`!!!+K`FQ9Q!!jMNJ!!!+d!!!!!!!*q)`!!!#j`FQ9Q!!lid!!
+!!+i!!!!!!!*q83!!!Ja`FQ9Q!!iiI!!!!+m!!!!!!!+!A3!!2!"YG("X!!!!"`!
+!!!!!!!!!!!+mA3!!"J"YG("c!!!!"`!!!!!!!!!!!!,#A3!!!""YG("T!!!!"`!
+!!!!!!!!!!!,#E3!!"G4YG'a[!!!!"`!!!!!!!!!!!!,)33!!!#"YG(0X!!!!"`!
+!!!!!!!!!!!,)B3!!"4"`FQ9Q!!i1N!!!!!#`!!!!!!!#cA%!!!!)F(*PCJ!1PMd
+!!!#a!!!!!!!#cAN!!!!DF(*PCJ!1G*S!!!#b!!!!!!!#cC-!!"$3F(*PCJ!1m28
+!!!#c!!!!!!!#hQ-!!!B8F(*PCJ!18k%!!!#d!!!!!!!#j(F!!!NQF(*PCJ!1&dF
+!!!#e!!!!!!!#lCd!!!%(F(*PCJ!1a"8!!!#f!!!!!!!#lU3!!!-JF(*PCJ!1h-`
+!!!#h!!!!!!!#mF3!!!!8F(*PCJ!1Gj-!!!#i!!!!!!!#mGJ!!!!+F(*PCJ!1c58
+!!!#j!!!!!!!#mH)!!!!-F(*PCJ!1Nd!!!!#k!!!!!!!#mHi!!!!1F(*PCJ!1Kq%
+!!!#l!!!!!!!#mI`!!!%'F(*PCJ!1ebJ!!!#m!!!!!!!#m`)!!!!qF(*PCJ!1C`N
+!!!#p!!!!!!!#md!!!!!1F(*PCJ!1qpm!!!#q!!!!!!!#mdi!!!(DF(*PCJ!1EaJ
+!!!#r!!!!!!!#p5J!!!"LF(*PCJ!1m4i!!!$!!!!!!!!#pBS!!!!8F(*PCJ!1#Td
+!!!$"!!!!!!!#pCi!!!!+F(*PCJ!1d"!!!!$#!!!!!!!#pDJ!!!!-F(*PCJ!1Mb-
+!!!$$!!!!!!!#pE3!!!$+F(*PCJ!1+43!!!$%!!!!!!!#pRi!!!%BF(*PCJ!1BQB
+!!!$&!!!!!!!#pjB!!!#SF(*PCJ!1JbF!!!$'!!!!!!!#q$i!!!!ZF(*PCJ!1jBJ
+!!!$(!!!!!!!#q'`!!!)-F(*PCJ!1EJ)!!!$)!!!!!!!#qRJ!!$`!EA4`E!!!!!J
+!!!!!!!!!!!!$0RJ!!!B!EA4`F`!!!!J!!!!!!!!!!!!$2(J!!!!3EA4`D3!!!!J
+!!!!!!!!!!!!$2)J!!!!JEA4cE!!!!!J!!!!!!!!!!!!$2+J!!!A8EA4XE`!!!!J
+!!!!!!!!!!!!$D9S!!"$%EA4RE!!!!qJ!!!!!!!!!!!!$8d!!!!!XE@pdD3!!!!!
+!!!!!!!!!!!!$8f`!!"1!8%acG!!19TJ!!!$*!!!!!!!"&P)!!!)XEA"cD3!!!qJ
+!!!!!!!!!!!!$D1S!!!!3EA0dF!!!!!)!!!!!!!!!!!!$D2S!!!!3EA0dF!!!!!8
+!!!!!!!!!!!!!@NJ!!!!SEA0dD3!!!qJ!!!!!!!!!!!!$D6)!!!!SEA0dD3!!!!!
+!!!!!!!!!!!!!@R!!!!!-E@&XE!!!!!!!!!!!!!!!!!!$6(`!!!$%E@&`E!!!!!!
+!!!!!!!!!!-eY!!!:
diff --git a/lib/libssl/src/MacOS/TODO b/lib/libssl/src/MacOS/TODO
new file mode 100644
index 00000000000..903eb133de7
--- /dev/null
+++ b/lib/libssl/src/MacOS/TODO
@@ -0,0 +1,18 @@
+-------------------------------------------------------------------
+Verify server certificate
+-------------------------------------------------------------------
+Currently omitted from the project:
+
+ crypto/tmdiff.c
+ crypto/bio/bss_conn.c
+ crypto/bio/b_sock.c
+ crypto/bio/bss_acpt.c
+ crypto/bio/bss_log.h
+
+-------------------------------------------------------------------
+Build libraries to link with...
+-------------------------------------------------------------------
+Port openssl application.
+-------------------------------------------------------------------
+BN optimizations (currently PPC version is compiled with BN_LLONG)
+-------------------------------------------------------------------
diff --git a/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h b/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h
new file mode 100644
index 00000000000..fe6b5387d6d
--- /dev/null
+++ b/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h
@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+#pragma longlong on
+#endif
+#if 1
+#define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH
diff --git a/lib/libssl/src/MacOS/_MWERKS_prefix.h b/lib/libssl/src/MacOS/_MWERKS_prefix.h
new file mode 100644
index 00000000000..2189da753bf
--- /dev/null
+++ b/lib/libssl/src/MacOS/_MWERKS_prefix.h
@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+#pragma longlong on
+#endif
+#if 0
+#define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH
diff --git a/lib/libssl/src/MacOS/buildinf.h b/lib/libssl/src/MacOS/buildinf.h
new file mode 100644
index 00000000000..90875b6e2f4
--- /dev/null
+++ b/lib/libssl/src/MacOS/buildinf.h
@@ -0,0 +1,5 @@
+#ifndef MK1MF_BUILD
+# define CFLAGS "-DB_ENDIAN"
+# define PLATFORM "macos"
+# define DATE "Sun Feb 27 19:44:16 MET 2000"
+#endif
diff --git a/lib/libssl/src/MacOS/mklinks.as.hqx b/lib/libssl/src/MacOS/mklinks.as.hqx
new file mode 100644
index 00000000000..fe3e7d53daf
--- /dev/null
+++ b/lib/libssl/src/MacOS/mklinks.as.hqx
@@ -0,0 +1,820 @@
+(This file must be converted with BinHex 4.0)
+
+:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
+!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
+cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
+%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
+!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
+#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
+#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
+!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
+Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
+X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
+[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
+d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
+dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
+!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
+f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
+KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
+SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
+JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
+J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
+&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
+!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
+J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
+%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
+m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
+rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
+!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
+2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
+-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
+`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
+-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
+!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
+!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
+-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
+-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
+mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
+!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
+13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
+r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
+2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
+`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
+!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
+Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
+TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
+KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
+!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
+`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
+X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
+!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
+%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
+`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
+XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
+N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
+!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
+!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
+!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
+KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
+XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
+!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
+!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
+TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
+!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
+dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
+dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
+!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
+A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
+!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
+NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
+U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
+!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
+`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
+!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
+rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
+Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
+!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
+d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
+q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
++rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
+0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
+Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
+dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
+#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
+!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
+SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
+!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
+NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
+!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
+!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
+P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
+"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
+849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
+K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
+Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
+!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
+0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
+U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
+dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
+!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
+cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
+!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
+UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
+0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
+'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
+!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
+XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
+!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
+!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
+!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
+JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
+mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
+!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
+d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
+!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
+#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
+ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
+0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
+U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
+irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
+(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
+!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
+Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
+!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
+Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
+!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
+KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
+U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
+Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
+#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
+!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
+bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
+!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
+!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
++rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
+!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
+dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
+MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
+[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
+0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
+i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
+Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
+rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
+#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
+#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
+dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
+!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
+#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
+!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
+-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
+!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
+bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
+dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
+6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
+!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
+rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
+"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
+2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
+rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
+%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
+!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
+f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
+"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
+3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
+rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
+rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
+`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
++rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
+rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
+h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
+LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
+rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
+!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
+!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
+!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
+""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
++B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
+MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
+J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
+Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
+C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
+'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
+9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
+r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
+!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
+KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
+bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
+X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
+J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
+PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
+'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
+'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
+#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
+!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
+",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
+!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
+#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
+d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
+r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
+!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
+Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
+"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
+"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
+"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
+2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
+!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
+!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
+8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
+r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
+V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
++CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
+r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
+B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
+l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
++rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
+r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
+%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
+G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
+XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
+!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
+ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
+B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
+#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
+!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
+3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
+"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
+0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
+X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
+XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
+[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
+!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
+"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
+!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
+[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
+"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
+b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
+0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
+PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
+4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
+d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
+!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
+"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
+!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
+dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
+qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
+!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
+b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
+qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
+qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
+S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
++rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
+ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
+[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
+ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
+,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
+$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
+L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
+0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
+p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
+KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
+QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
+0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
+!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
+[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
+"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
+b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
+5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
+"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
+!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
+TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
+qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
++rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
+$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
+!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
+[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
+KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
+%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
+#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
+"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
+q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
+p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
+P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
+0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
+fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
+,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
+$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
+L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
+!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
+#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
++B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
+MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
+J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
+Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
+MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
+!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
+!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
+`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
+j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
+MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
+#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
+#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
+cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
+H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
+D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
+#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
+!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
+#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
+!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
+f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
+!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
+$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
+[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
+66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
+%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
+-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
+"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
+#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
+X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
+!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
+%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
+q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
++rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
+QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
+#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
+#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
+ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
+!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
+!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
+%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
+ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
+`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
+b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
+!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
+!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
+qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
+@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
+`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
+[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
+$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
+!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
+#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
+l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
+PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
+Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
+q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
+"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
+#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
+'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
+!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
+"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
+d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
+!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
+#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
+9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
+YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
+(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
+J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
+[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
+!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
+*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
+!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
+q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
+!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
+H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
+#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
+!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
+#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
+"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
+TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
+X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
+BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
+i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
+&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
+X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
+a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
+!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
+MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
+-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
++!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
+d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
+!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
+#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
+!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
+`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
+!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
+0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
+!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
+')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
+J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
+q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
+!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
+h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
+#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
+[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
+Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
+#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
+&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
+'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
+#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
++rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
+QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
+p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
+`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
+!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
+'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
++!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
+)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
+pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
+e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
++D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
+#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
+!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
+8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
+pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
+l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
+bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
+"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
+!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
+Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
+'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
+$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
+`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
+#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
+'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
+`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
+$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
+b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
+!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
+(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
+3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
+pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
+%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
+pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
+*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
+T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
+!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
+$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
+9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
+$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
+,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
+$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
+`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
+p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
+!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
+!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
+!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
+S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
+ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
+%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
++BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
+KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
+J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
+c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
+%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
+[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
+$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
+!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
+D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
+[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
+ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
+$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
+`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
+S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
+(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
+0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
+$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
+$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
++rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
+pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
+A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
+cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
+!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
+F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
+$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
+%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
+S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
+!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
+-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
+$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
+QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
+pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
+TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
+a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
+$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
+pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
+"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
+pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
+j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
++D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
+#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
+L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
+pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
+R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
+!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
+0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
+6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
+KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
+QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
+0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
+Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
++BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
+!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
+)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
+D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
++r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
+QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
+c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
+)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
+!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
+!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
+dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
+,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
+2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
+$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
+p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
+Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
+eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
+%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
+)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
+Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
+!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
+%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
+,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
+p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
+,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
+%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
+X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
+p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
+@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
+KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
+QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
+0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
+!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
+QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
+b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
+Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
+d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
+!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
+%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
+#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
+[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
+*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
+$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
+%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
+*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
+ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
+P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
+!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
+*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
+%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
+!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
+1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
++r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
+XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
+!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
+P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
++r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
+cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
+p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
+*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
+Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
+mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
+%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
+X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
+NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
+##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
+B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
++DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
+cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
+!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
+3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
+!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
+ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
+U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
+!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
+mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
+N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
++G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
+%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
++r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
+"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
+!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
+meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
+8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
++G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
+%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
+2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
+4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
+%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
+%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
++r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
+ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
+A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
+PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
+Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
+ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
+"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
+!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
+!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
+!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
+0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
+!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
+!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
+Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
+Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
+U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
+!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
+3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
+[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
+jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
+bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
+`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
+SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
+K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
+[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
+#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
+mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
+!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
+q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
+5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
+R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
+Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
+QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
+mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
++BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
+S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
+Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
+H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
+[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
+cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
+U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
+%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
+!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
+k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
+a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
+4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
+Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
+Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
+B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
+K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
+K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
+`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
+Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
+CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
+SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
+2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
+!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
+!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
+!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
+Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
+K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
+-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
+K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
+K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
+K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
+K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
+!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
+9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
+X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
+I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
+K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
+K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
+!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
+K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
+P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
+2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
+[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
+[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
+[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
+UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
+!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
+[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
+!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
+!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
+K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
+K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
+[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
+1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
+%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
+VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
+Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
+XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
+!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
+Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
+cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
+eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
+b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
+!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
+139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
+'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
+%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
+,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
+`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
+!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
+KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
+Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
+cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
+#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
+LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
+UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
+!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
+!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
+!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
+i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
+!*4S:
diff --git a/lib/libssl/src/MacOS/opensslconf.h b/lib/libssl/src/MacOS/opensslconf.h
new file mode 100644
index 00000000000..ad557cc06aa
--- /dev/null
+++ b/lib/libssl/src/MacOS/opensslconf.h
@@ -0,0 +1,116 @@
+/* MacOS/opensslconf.h */
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned char
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#if __option(longlong)
+# define BN_LLONG
+#else
+# undef BN_LLONG
+#endif
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+#endif /* HEADER_DES_LOCL_H */
+
+#ifndef __POWERPC__
+#define MD32_XARRAY
+#endif
diff --git a/lib/libssl/src/VMS/test-includes.com b/lib/libssl/src/VMS/test-includes.com
new file mode 100644
index 00000000000..c1d7ccd0ee8
--- /dev/null
+++ b/lib/libssl/src/VMS/test-includes.com
@@ -0,0 +1,28 @@
+$! Quick script to check how well including individual header files works
+$! on VMS, even when the VMS macro isn't defined.
+$
+$ sav_def = f$env("DEFAULT")
+$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
+$ set default 'here'
+$ set default [-.include.openssl]
+$ define openssl 'f$env("DEFAULT")'
+$ set default [--]
+$
+$ loop:
+$ f = f$search("openssl:*.h")
+$ if f .eqs. "" then goto loop_end
+$ write sys$output "Checking ",f
+$ open/write foo foo.c
+$ write foo "#undef VMS"
+$ write foo "#include <stdio.h>"
+$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
+$ write foo "main()"
+$ write foo "{printf(""foo\n"");}"
+$ close foo
+$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
+$ delete foo.c;
+$ goto loop
+$ loop_end:
+$ set default 'save_def'
+$ exit
+
diff --git a/lib/libssl/src/apps/CA.pl.in b/lib/libssl/src/apps/CA.pl.in
new file mode 100644
index 00000000000..4eef57e6e39
--- /dev/null
+++ b/lib/libssl/src/apps/CA.pl.in
@@ -0,0 +1,162 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+$PKCS12="openssl pkcs12";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+ system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Certificate (and private key) is in newreq.pem\n"
+ } elsif (/^-newreq$/) {
+ # create a certificate request
+ system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newca$/) {
+ # if explicitly asked for or it doesn't exist then setup the
+ # directory structure that Eric likes to manage things
+ $NEW="1";
+ if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+ # create the directory hierarchy
+ mkdir $CATOP, $DIRMODE;
+ mkdir "${CATOP}/certs", $DIRMODE;
+ mkdir "${CATOP}/crl", $DIRMODE ;
+ mkdir "${CATOP}/newcerts", $DIRMODE;
+ mkdir "${CATOP}/private", $DIRMODE;
+ open OUT, ">${CATOP}/serial";
+ print OUT "01\n";
+ close OUT;
+ open OUT, ">${CATOP}/index.txt";
+ close OUT;
+ }
+ if ( ! -f "${CATOP}/private/$CAKEY" ) {
+ print "CA certificate filename (or enter to create)\n";
+ $FILE = <STDIN>;
+
+ chop $FILE;
+
+ # ask user for existing CA certificate
+ if ($FILE) {
+ cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+ cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+ $RET=$?;
+ } else {
+ print "Making CA certificate ...\n";
+ system ("$REQ -new -x509 -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+ $RET=$?;
+ }
+ }
+ } elsif (/^-pkcs12$/) {
+ my $cname = $ARGV[1];
+ $cname = "My Certificate" unless defined $cname;
+ system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+ "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+ "-export -name \"$cname\"");
+ $RET=$?;
+ exit $RET;
+ } elsif (/^-xsign$/) {
+ system ("$CA -policy policy_anything -infiles newreq.pem");
+ $RET=$?;
+ } elsif (/^(-sign|-signreq)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles newreq.pem");
+ $RET=$?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-signcert$/) {
+ system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+ "-out tmp.pem");
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles tmp.pem");
+ $RET = $?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-verify$/) {
+ if (shift) {
+ foreach $j (@ARGV) {
+ system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+ $RET=$? if ($? != 0);
+ }
+ exit $RET;
+ } else {
+ system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+ $RET=$?;
+ exit 0;
+ }
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 1;
+ }
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+ $flag = 1 if (/^-----BEGIN.*$bound/) ;
+ print OUT $_ if ($flag);
+ if (/^-----END.*$bound/) {
+ close IN;
+ close OUT;
+ return;
+ }
+}
+}
+
diff --git a/lib/libssl/src/apps/app_rand.c b/lib/libssl/src/apps/app_rand.c
new file mode 100644
index 00000000000..f7f133831d2
--- /dev/null
+++ b/lib/libssl/src/apps/app_rand.c
@@ -0,0 +1,211 @@
+/* apps/app_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+
+static int seeded = 0;
+static int egdsocket = 0;
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+ {
+ int consider_randfile = (file == NULL);
+ char buffer[200];
+
+#ifdef WINDOWS
+ BIO_printf(bio_e,"Loading 'screen' into random state -");
+ BIO_flush(bio_e);
+ RAND_screen();
+ BIO_printf(bio_e," done\n");
+#endif
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ else if (RAND_egd(file) > 0)
+ {
+ /* we try if the given filename is an EGD socket.
+ if it is, we don't write anything back to the file. */
+ egdsocket = 1;
+ return 1;
+ }
+ if (file == NULL || !RAND_load_file(file, -1))
+ {
+ if (RAND_status() == 0 && !dont_warn)
+ {
+ BIO_printf(bio_e,"unable to load 'random state'\n");
+ BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+ BIO_printf(bio_e,"with much random data.\n");
+ if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+ {
+ BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+ }
+ }
+ return 0;
+ }
+ seeded = 1;
+ return 1;
+ }
+
+long app_RAND_load_files(char *name)
+ {
+ char *p,*n;
+ int last;
+ long tot=0;
+ int egd;
+
+ for (;;)
+ {
+ last=0;
+ for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+ if (*p == '\0') last=1;
+ *p='\0';
+ n=name;
+ name=p+1;
+ if (*n == '\0') break;
+
+ egd=RAND_egd(n);
+ if (egd > 0) tot+=egd;
+ tot+=RAND_load_file(n,1024L*1024L);
+ if (last) break;
+ }
+ if (tot > 512)
+ app_RAND_allow_write_file();
+ return(tot);
+ }
+
+int app_RAND_write_file(const char *file, BIO *bio_e)
+ {
+ char buffer[200];
+
+ if (egdsocket || !seeded)
+ /* If we did not manage to read the seed file,
+ * we should not write a low-entropy seed file back --
+ * it would suppress a crucial warning the next time
+ * we want to use it. */
+ return 0;
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ if (file == NULL || !RAND_write_file(file))
+ {
+ BIO_printf(bio_e,"unable to write 'random state'\n");
+ return 0;
+ }
+ return 1;
+ }
+
+void app_RAND_allow_write_file(void)
+ {
+ seeded = 1;
+ }
diff --git a/lib/libssl/src/apps/dhparam.c b/lib/libssl/src/apps/dhparam.c
new file mode 100644
index 00000000000..293a400d0c5
--- /dev/null
+++ b/lib/libssl/src/apps/dhparam.c
@@ -0,0 +1,368 @@
+/* apps/dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DH
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG dhparam_main
+
+#define DEFBITS 512
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -check - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ DH *dh=NULL;
+ int i,badops=0,text=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,check=0,noout=0,C=0,ret=1;
+ char *infile,*outfile,*prog;
+ char *inrand=NULL;
+ int num = 0, g = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-check") == 0)
+ check=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-C") == 0)
+ C=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-2") == 0)
+ g=2;
+ else if (strcmp(*argv,"-5") == 0)
+ g=5;
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
+ goto bad;
+ argv++;
+ argc--;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -check check the DH parameters\n");
+ BIO_printf(bio_err," -text print a text form of the DH parameters\n");
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
+ BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
+ BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+ BIO_printf(bio_err," -rand file:file:...\n");
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ BIO_printf(bio_err," -noout no output\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ if(g && !num) num = DEFBITS;
+ else if(num && !g) g = 2;
+
+ if(num) {
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+ BIO_printf(bio_err,"This is going to take a long time\n");
+ dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+
+ if (dh == NULL) goto end;
+
+ app_RAND_write_file(NULL, bio_err);
+ } else {
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ dh=d2i_DHparams_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified\n");
+ goto end;
+ }
+ if (dh == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ }
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+
+
+ if (text)
+ {
+ DHparams_print(out,dh);
+ }
+
+ if (check)
+ {
+ if (!DH_check(dh,&i))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+ printf("p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+ printf("p value is not a strong prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ printf("unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ printf("the g value is not a generator\n");
+ if (i == 0)
+ printf("DH parameters appear to be ok.\n");
+ }
+ if (C)
+ {
+ unsigned char *data;
+ int len,l,bits;
+
+ len=BN_num_bytes(dh->p);
+ bits=BN_num_bits(dh->p);
+ data=(unsigned char *)Malloc(len);
+ if (data == NULL)
+ {
+ perror("Malloc");
+ goto end;
+ }
+ l=BN_bn2bin(dh->p,data);
+ printf("static unsigned char dh%d_p[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n");
+
+ l=BN_bn2bin(dh->g,data);
+ printf("static unsigned char dh%d_g[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n\n");
+
+ printf("DH *get_dh%d()\n\t{\n",bits);
+ printf("\tDH *dh;\n\n");
+ printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+ printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+ bits,bits);
+ printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+ bits,bits);
+ printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+ printf("\t\treturn(NULL);\n");
+ printf("\treturn(dh);\n\t}\n");
+ Free(data);
+ }
+
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DHparams_bio(out,dh);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DHparams(out,dh);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (dh != NULL) DH_free(dh);
+ EXIT(ret);
+ }
+
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write((BIO *)arg,&c,1);
+ (void)BIO_flush((BIO *)arg);
+#ifdef LINT
+ p=n;
+#endif
+ }
+
+#endif
diff --git a/lib/libssl/src/apps/passwd.c b/lib/libssl/src/apps/passwd.c
new file mode 100644
index 00000000000..c7e21d2081a
--- /dev/null
+++ b/lib/libssl/src/apps/passwd.c
@@ -0,0 +1,475 @@
+/* apps/passwd.c */
+
+#if defined NO_MD5 || defined CHARSET_EBCDIC
+# define NO_APR1
+#endif
+
+#if !defined(NO_DES) || !defined(NO_APR1)
+
+#include <assert.h>
+#include <string.h>
+
+#include "apps.h"
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#ifndef NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef NO_APR1
+# include <openssl/md5.h>
+#endif
+
+
+#undef PROG
+#define PROG passwd_main
+
+
+static unsigned const char cov_2char[64]={
+ /* from crypto/des/fcrypt.c */
+ 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+ 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+ 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+ 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+ 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+ 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+ 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int useapr1);
+
+/* -crypt - standard Unix password algorithm (default, only choice)
+ * -apr1 - MD5-based password algorithm
+ * -salt string - salt
+ * -in file - read passwords from file
+ * -stdin - read passwords from stdin
+ * -quiet - no warnings
+ * -table - format output as table
+ * -reverse - switch table columns
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int ret = 1;
+ char *infile = NULL;
+ int in_stdin = 0;
+ char *salt = NULL, *passwd = NULL, **passwds = NULL;
+ char *salt_malloc = NULL, *passwd_malloc = NULL;
+ int pw_source_defined = 0;
+ BIO *in = NULL, *out = NULL;
+ int i, badopt, opt_done;
+ int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+ int usecrypt = 0, useapr1 = 0;
+ size_t pw_maxlen = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto err;
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ badopt = 0, opt_done = 0;
+ i = 0;
+ while (!badopt && !opt_done && argv[++i] != NULL)
+ {
+ if (strcmp(argv[i], "-crypt") == 0)
+ usecrypt = 1;
+ else if (strcmp(argv[i], "-apr1") == 0)
+ useapr1 = 1;
+ else if (strcmp(argv[i], "-salt") == 0)
+ {
+ if ((argv[i+1] != NULL) && (salt == NULL))
+ {
+ passed_salt = 1;
+ salt = argv[++i];
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-in") == 0)
+ {
+ if ((argv[i+1] != NULL) && !pw_source_defined)
+ {
+ pw_source_defined = 1;
+ infile = argv[++i];
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-stdin") == 0)
+ {
+ if (!pw_source_defined)
+ {
+ pw_source_defined = 1;
+ in_stdin = 1;
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-quiet") == 0)
+ quiet = 1;
+ else if (strcmp(argv[i], "-table") == 0)
+ table = 1;
+ else if (strcmp(argv[i], "-reverse") == 0)
+ reverse = 1;
+ else if (argv[i][0] == '-')
+ badopt = 1;
+ else if (!pw_source_defined)
+ /* non-option arguments, use as passwords */
+ {
+ pw_source_defined = 1;
+ passwds = &argv[i];
+ opt_done = 1;
+ }
+ else
+ badopt = 1;
+ }
+
+ if (!usecrypt && !useapr1) /* use default */
+ usecrypt = 1;
+ if (usecrypt + useapr1 > 1) /* conflict */
+ badopt = 1;
+
+ /* reject unsupported algorithms */
+#ifdef NO_DES
+ if (usecrypt) badopt = 1;
+#endif
+#ifdef NO_APR1
+ if (useapr1) badopt = 1;
+#endif
+
+ if (badopt)
+ {
+ BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
+ BIO_printf(bio_err, "where options are\n");
+#ifndef NO_DES
+ BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
+#endif
+#ifndef NO_APR1
+ BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n");
+#endif
+ BIO_printf(bio_err, "-salt string use provided salt\n");
+ BIO_printf(bio_err, "-in file read passwords from file\n");
+ BIO_printf(bio_err, "-stdin read passwords from stdin\n");
+ BIO_printf(bio_err, "-quiet no warnings\n");
+ BIO_printf(bio_err, "-table format output as table\n");
+ BIO_printf(bio_err, "-reverse switch table columns\n");
+
+ goto err;
+ }
+
+ if ((infile != NULL) || in_stdin)
+ {
+ in = BIO_new(BIO_s_file());
+ if (in == NULL)
+ goto err;
+ if (infile != NULL)
+ {
+ assert(in_stdin == 0);
+ if (BIO_read_filename(in, infile) <= 0)
+ goto err;
+ }
+ else
+ {
+ assert(in_stdin);
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ }
+ }
+
+ if (usecrypt)
+ pw_maxlen = 8;
+ else if (useapr1)
+ pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
+
+ if (passwds == NULL)
+ {
+ /* no passwords on the command line */
+ passwd = passwd_malloc = Malloc(pw_maxlen + 1);
+ if (passwd_malloc == NULL)
+ goto err;
+ }
+
+ if ((in == NULL) && (passwds == NULL))
+ {
+ /* build a null-terminated list */
+ static char *passwds_static[2] = {NULL, NULL};
+
+ passwds = passwds_static;
+ if (in == NULL)
+ if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
+ goto err;
+ passwds[0] = passwd_malloc;
+ }
+
+ if (in == NULL)
+ {
+ assert(passwds != NULL);
+ assert(*passwds != NULL);
+
+ do /* loop over list of passwords */
+ {
+ passwd = *passwds++;
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
+ goto err;
+ }
+ while (*passwds != NULL);
+ }
+ else
+ /* in != NULL */
+ {
+ int done;
+
+ assert (passwd != NULL);
+ do
+ {
+ int r = BIO_gets(in, passwd, pw_maxlen + 1);
+ if (r > 0)
+ {
+ char *c = (strchr(passwd, '\n')) ;
+ if (c != NULL)
+ *c = 0; /* truncate at newline */
+ else
+ {
+ /* ignore rest of line */
+ char trash[BUFSIZ];
+ do
+ r = BIO_gets(in, trash, sizeof trash);
+ while ((r > 0) && (!strchr(trash, '\n')));
+ }
+
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
+ goto err;
+ }
+ done = (r <= 0);
+ }
+ while (!done);
+ }
+
+err:
+ ERR_print_errors(bio_err);
+ if (salt_malloc)
+ Free(salt_malloc);
+ if (passwd_malloc)
+ Free(passwd_malloc);
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ EXIT(ret);
+ }
+
+
+#ifndef NO_APR1
+/* MD5-based password algorithm compatible to the one found in Apache
+ * (should probably be available as a library function;
+ * then the static buffer would not be acceptable) */
+static char *apr1_crypt(const char *passwd, const char *salt)
+ {
+ static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ char *salt_out;
+ int n, i;
+ MD5_CTX md;
+ size_t passwd_len, salt_len;
+
+ passwd_len = strlen(passwd);
+ strcpy(out_buf, "$apr1$");
+ strncat(out_buf, salt, 8);
+ assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+ salt_out = out_buf + 6;
+ salt_len = strlen(salt_out);
+ assert(salt_len <= 8);
+
+ MD5_Init(&md);
+ MD5_Update(&md, passwd, passwd_len);
+ MD5_Update(&md, "$apr1$", 6);
+ MD5_Update(&md, salt_out, salt_len);
+
+ {
+ MD5_CTX md2;
+
+ MD5_Init(&md2);
+ MD5_Update(&md2, passwd, passwd_len);
+ MD5_Update(&md2, salt_out, salt_len);
+ MD5_Update(&md2, passwd, passwd_len);
+ MD5_Final(buf, &md2);
+ }
+ for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
+ MD5_Update(&md, buf, sizeof buf);
+ MD5_Update(&md, buf, i);
+
+ n = passwd_len;
+ while (n)
+ {
+ MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
+ n >>= 1;
+ }
+ MD5_Final(buf, &md);
+
+ for (i = 0; i < 1000; i++)
+ {
+ MD5_CTX md2;
+
+ MD5_Init(&md2);
+ MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+ (i & 1) ? passwd_len : sizeof buf);
+ if (i % 3)
+ MD5_Update(&md2, salt_out, salt_len);
+ if (i % 7)
+ MD5_Update(&md2, passwd, passwd_len);
+ MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+ (i & 1) ? sizeof buf : passwd_len);
+ MD5_Final(buf, &md2);
+ }
+
+ {
+ /* transform buf into output string */
+
+ unsigned char buf_perm[sizeof buf];
+ int dest, source;
+ char *output;
+
+ /* silly output permutation */
+ for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
+ buf_perm[dest] = buf[source];
+ buf_perm[14] = buf[5];
+ buf_perm[15] = buf[11];
+#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
+ assert(16 == sizeof buf_perm);
+#endif
+
+ output = salt_out + salt_len;
+ assert(output == out_buf + strlen(out_buf));
+
+ *output++ = '$';
+
+ for (i = 0; i < 15; i += 3)
+ {
+ *output++ = cov_2char[buf_perm[i+2] & 0x3f];
+ *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
+ (buf_perm[i+2] >> 6)];
+ *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+ (buf_perm[i+1] >> 4)];
+ *output++ = cov_2char[buf_perm[i] >> 2];
+ }
+ assert(i == 15);
+ *output++ = cov_2char[buf_perm[i] & 0x3f];
+ *output++ = cov_2char[buf_perm[i] >> 6];
+ *output = 0;
+ assert(strlen(out_buf) < sizeof(out_buf));
+ }
+
+ return out_buf;
+ }
+#endif
+
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int useapr1)
+ {
+ char *hash = NULL;
+
+ assert(salt_p != NULL);
+ assert(salt_malloc_p != NULL);
+
+ /* first make sure we have a salt */
+ if (!passed_salt)
+ {
+#ifndef NO_DES
+ if (usecrypt)
+ {
+ if (*salt_malloc_p == NULL)
+ {
+ *salt_p = *salt_malloc_p = Malloc(3);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+ goto err;
+ (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+ (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+ (*salt_p)[2] = 0;
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
+ * back to ASCII */
+#endif
+ }
+#endif /* !NO_DES */
+
+#ifndef NO_APR1
+ if (useapr1)
+ {
+ int i;
+
+ if (*salt_malloc_p == NULL)
+ {
+ *salt_p = *salt_malloc_p = Malloc(9);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+ goto err;
+
+ for (i = 0; i < 8; i++)
+ (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+ (*salt_p)[8] = 0;
+ }
+#endif /* !NO_APR1 */
+ }
+
+ assert(*salt_p != NULL);
+
+ /* truncate password if necessary */
+ if ((strlen(passwd) > pw_maxlen))
+ {
+ if (!quiet)
+ BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen);
+ passwd[pw_maxlen] = 0;
+ }
+ assert(strlen(passwd) <= pw_maxlen);
+
+ /* now compute password hash */
+#ifndef NO_DES
+ if (usecrypt)
+ hash = des_crypt(passwd, *salt_p);
+#endif
+#ifndef NO_APR1
+ if (useapr1)
+ hash = apr1_crypt(passwd, *salt_p);
+#endif
+ assert(hash != NULL);
+
+ if (table && !reverse)
+ BIO_printf(out, "%s\t%s\n", passwd, hash);
+ else if (table && reverse)
+ BIO_printf(out, "%s\t%s\n", hash, passwd);
+ else
+ BIO_printf(out, "%s\n", hash);
+ return 1;
+
+err:
+ return 0;
+ }
+#else
+
+int MAIN(int argc, char **argv)
+ {
+ fputs("Program not available.\n", stderr)
+ EXIT(1);
+ }
+#endif
diff --git a/lib/libssl/src/apps/smime.c b/lib/libssl/src/apps/smime.c
new file mode 100644
index 00000000000..77633cfb600
--- /dev/null
+++ b/lib/libssl/src/apps/smime.c
@@ -0,0 +1,646 @@
+/* smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+#undef PROG
+#define PROG smime_main
+static X509 *load_cert(char *file);
+static EVP_PKEY *load_key(char *file, char *pass);
+static STACK_OF(X509) *load_certs(char *file);
+static X509_STORE *setup_verify(char *CAfile, char *CApath);
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+
+#define SMIME_OP 0x10
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT 2
+#define SMIME_SIGN (3 | SMIME_OP)
+#define SMIME_VERIFY 4
+#define SMIME_PK7OUT 5
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ char *certfile = NULL, *keyfile = NULL;
+ EVP_CIPHER *cipher = NULL;
+ PKCS7 *p7 = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL;
+ int badarg = 0;
+ int flags = PKCS7_DETACHED;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ args = argv + 1;
+
+ ret = 1;
+
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
+ else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
+ else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
+ else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
+ else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
+#ifndef NO_DES
+ else if (!strcmp (*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp (*args, "-des"))
+ cipher = EVP_des_cbc();
+#endif
+#ifndef NO_RC2
+ else if (!strcmp (*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp (*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp (*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+#endif
+ else if (!strcmp (*args, "-text"))
+ flags |= PKCS7_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+ flags |= PKCS7_NOINTERN;
+ else if (!strcmp (*args, "-noverify"))
+ flags |= PKCS7_NOVERIFY;
+ else if (!strcmp (*args, "-nochain"))
+ flags |= PKCS7_NOCHAIN;
+ else if (!strcmp (*args, "-nocerts"))
+ flags |= PKCS7_NOCERTS;
+ else if (!strcmp (*args, "-noattr"))
+ flags |= PKCS7_NOATTR;
+ else if (!strcmp (*args, "-nodetach"))
+ flags &= ~PKCS7_DETACHED;
+ else if (!strcmp (*args, "-binary"))
+ flags |= PKCS7_BINARY;
+ else if (!strcmp (*args, "-nosigs"))
+ flags |= PKCS7_NOSIGS;
+ else if (!strcmp(*args,"-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else badarg = 1;
+ need_rand = 1;
+ } else if (!strcmp(*args,"-passin")) {
+ if (args[1]) {
+ args++;
+ passargin = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-to")) {
+ if (args[1]) {
+ args++;
+ to = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-from")) {
+ if (args[1]) {
+ args++;
+ from = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-subject")) {
+ if (args[1]) {
+ args++;
+ subject = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-signer")) {
+ if (args[1]) {
+ args++;
+ signerfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-recip")) {
+ if (args[1]) {
+ args++;
+ recipfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else badarg = 1;
+ } else badarg = 1;
+ args++;
+ }
+
+ if(operation == SMIME_SIGN) {
+ if(!signerfile) {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ } else if(operation == SMIME_DECRYPT) {
+ if(!recipfile) {
+ BIO_printf(bio_err, "No recipient certificate and key specified\n");
+ badarg = 1;
+ }
+ } else if(operation == SMIME_ENCRYPT) {
+ if(!*args) {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ } else if(!operation) badarg = 1;
+
+ if (badarg) {
+ BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-encrypt encrypt message\n");
+ BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf (bio_err, "-sign sign message\n");
+ BIO_printf (bio_err, "-verify verify signed message\n");
+ BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
+#ifndef NO_DES
+ BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf (bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef NO_RC2
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
+ BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf (bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf (bio_err, "-nodetach use opaque signing\n");
+ BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf (bio_err, "-binary don't translate message to text\n");
+ BIO_printf (bio_err, "-certfile file other certificates file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-to addr to address\n");
+ BIO_printf (bio_err, "-from ad from address\n");
+ BIO_printf (bio_err, "-subject s subject\n");
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err, "-rand file:file:...\n");
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
+
+ if(flags & PKCS7_BINARY) {
+ if(operation & SMIME_OP) inmode = "rb";
+ else outmode = "rb";
+ }
+
+ if(operation == SMIME_ENCRYPT) {
+ if (!cipher) {
+#ifndef NO_RC2
+ cipher = EVP_rc2_40_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("load encryption certificates");
+#endif
+ encerts = sk_X509_new_null();
+ while (*args) {
+ if(!(cert = load_cert(*args))) {
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+ goto end;
+ }
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+ if(signerfile && (operation == SMIME_SIGN)) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("load signer certificate");
+#endif
+ if(!(signer = load_cert(signerfile))) {
+ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+ if(certfile) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("load other certfiles");
+#endif
+ if(!(other = load_certs(certfile))) {
+ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+ if(recipfile && (operation == SMIME_DECRYPT)) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("load recipient certificate");
+#endif
+ if(!(recip = load_cert(recipfile))) {
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+ if(operation == SMIME_DECRYPT) {
+ if(!keyfile) keyfile = recipfile;
+ } else if(operation == SMIME_SIGN) {
+ if(!keyfile) keyfile = signerfile;
+ } else keyfile = NULL;
+
+ if(keyfile) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("load keyfile");
+#endif
+ if(!(key = load_key(keyfile, passin))) {
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("open input files");
+#endif
+ if (infile) {
+ if (!(in = BIO_new_file(infile, inmode))) {
+ BIO_printf (bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("open output files");
+#endif
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, outmode))) {
+ BIO_printf (bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ } else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+
+ if(operation == SMIME_VERIFY) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("setup_verify");
+#endif
+ if(!(store = setup_verify(CAfile, CApath))) goto end;
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+ ret = 3;
+
+ if(operation == SMIME_ENCRYPT) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("PKCS7_encrypt");
+#endif
+ p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ } else if(operation == SMIME_SIGN) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("PKCS7_sign");
+#endif
+ p7 = PKCS7_sign(signer, key, other, in, flags);
+ BIO_reset(in);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ } else {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("SMIME_read_PKCS7");
+#endif
+ if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+ if(!p7) {
+ BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+ goto end;
+ }
+
+ ret = 4;
+ if(operation == SMIME_DECRYPT) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("PKCS7_decrypt");
+#endif
+ if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
+ BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ } else if(operation == SMIME_VERIFY) {
+ STACK_OF(X509) *signers;
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("PKCS7_verify");
+#endif
+ if(PKCS7_verify(p7, other, store, indata, out, flags)) {
+ BIO_printf(bio_err, "Verification Successful\n");
+ } else {
+ BIO_printf(bio_err, "Verification Failure\n");
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("PKCS7_get0_signers");
+#endif
+ signers = PKCS7_get0_signers(p7, other, flags);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("save_certs");
+#endif
+ if(!save_certs(signerfile, signers)) {
+ BIO_printf(bio_err, "Error writing signers to %s\n",
+ signerfile);
+ ret = 5;
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ sk_X509_free(signers);
+ } else if(operation == SMIME_PK7OUT) {
+ PEM_write_bio_PKCS7(out, p7);
+ } else {
+ if(to) BIO_printf(out, "To: %s\n", to);
+ if(from) BIO_printf(out, "From: %s\n", from);
+ if(subject) BIO_printf(out, "Subject: %s\n", subject);
+ SMIME_write_PKCS7(out, p7, in, flags);
+ }
+ ret = 0;
+end:
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_remove_all_info();
+#endif
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ if(ret) ERR_print_errors(bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ PKCS7_free(p7);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free(out);
+ if(passin) Free(passin);
+ return (ret);
+}
+
+static X509 *load_cert(char *file)
+{
+ BIO *in;
+ X509 *cert;
+ if(!(in = BIO_new_file(file, "r"))) return NULL;
+ cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
+ BIO_free(in);
+ return cert;
+}
+
+static EVP_PKEY *load_key(char *file, char *pass)
+{
+ BIO *in;
+ EVP_PKEY *key;
+ if(!(in = BIO_new_file(file, "r"))) return NULL;
+ key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
+ BIO_free(in);
+ return key;
+}
+
+static STACK_OF(X509) *load_certs(char *file)
+{
+ BIO *in;
+ int i;
+ STACK_OF(X509) *othercerts;
+ STACK_OF(X509_INFO) *allcerts;
+ X509_INFO *xi;
+ if(!(in = BIO_new_file(file, "r"))) return NULL;
+ othercerts = sk_X509_new(NULL);
+ if(!othercerts) return NULL;
+ allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+ for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+ xi = sk_X509_INFO_value (allcerts, i);
+ if (xi->x509) {
+ sk_X509_push(othercerts, xi->x509);
+ xi->x509 = NULL;
+ }
+ }
+ sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+ BIO_free(in);
+ return othercerts;
+}
+
+static X509_STORE *setup_verify(char *CAfile, char *CApath)
+{
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("X509_STORE_new");
+#endif
+ if(!(store = X509_STORE_new())) goto end;
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("X509_STORE_add_lookup(...file)");
+#endif
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("X509_LOOKUP_load_file");
+#endif
+ if (CAfile) {
+ if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("X509_STORE_add_lookup(...hash_dir)");
+#endif
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("X509_LOOKUP_add_dir");
+#endif
+ if (CApath) {
+ if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+ int i;
+ BIO *tmp;
+ if(!signerfile) return 1;
+ tmp = BIO_new_file(signerfile, "w");
+ if(!tmp) return 0;
+ for(i = 0; i < sk_X509_num(signers); i++)
+ PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+ BIO_free(tmp);
+ return 1;
+}
+
diff --git a/lib/libssl/src/apps/spkac.c b/lib/libssl/src/apps/spkac.c
new file mode 100644
index 00000000000..b35354a8d79
--- /dev/null
+++ b/lib/libssl/src/apps/spkac.c
@@ -0,0 +1,274 @@
+/* apps/spkac.c */
+
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999. Based on an original idea by Massimiliano Pala
+ * (madwolf@openca.org).
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG spkac_main
+
+/* -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int i,badops=0, ret = 1;
+ BIO *in = NULL,*out = NULL, *key = NULL;
+ int verify=0,noout=0,pubkey=0;
+ char *infile = NULL,*outfile = NULL,*prog;
+ char *passargin = NULL, *passin = NULL;
+ char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
+ char *challenge = NULL, *keyfile = NULL;
+ LHASH *conf = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ apps_startup();
+
+ if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-challenge") == 0)
+ {
+ if (--argc < 1) goto bad;
+ challenge= *(++argv);
+ }
+ else if (strcmp(*argv,"-spkac") == 0)
+ {
+ if (--argc < 1) goto bad;
+ spkac= *(++argv);
+ }
+ else if (strcmp(*argv,"-spksect") == 0)
+ {
+ if (--argc < 1) goto bad;
+ spksect= *(++argv);
+ }
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-pubkey") == 0)
+ pubkey=1;
+ else if (strcmp(*argv,"-verify") == 0)
+ verify=1;
+ else badops = 1;
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options]\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -key arg create SPKAC using private key\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err," -challenge arg challenge string\n");
+ BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
+ BIO_printf(bio_err," -noout don't print SPKAC\n");
+ BIO_printf(bio_err," -pubkey output public key\n");
+ BIO_printf(bio_err," -verify verify SPKAC signature\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if(keyfile) {
+ if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
+ else key = BIO_new_fp(stdin, BIO_NOCLOSE);
+ if(!key) {
+ BIO_printf(bio_err, "Error opening key file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
+ if(!pkey) {
+ BIO_printf(bio_err, "Error reading private key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ spki = NETSCAPE_SPKI_new();
+ if(challenge) ASN1_STRING_set(spki->spkac->challenge,
+ challenge, strlen(challenge));
+ NETSCAPE_SPKI_set_pubkey(spki, pkey);
+ NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+ spkstr = NETSCAPE_SPKI_b64_encode(spki);
+
+ if (outfile) out = BIO_new_file(outfile, "w");
+ else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ if(!out) {
+ BIO_printf(bio_err, "Error opening output file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(out, "SPKAC=%s\n", spkstr);
+ Free(spkstr);
+ ret = 0;
+ goto end;
+ }
+
+
+
+ if (infile) in = BIO_new_file(infile, "r");
+ else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if(!in) {
+ BIO_printf(bio_err, "Error opening input file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ conf = CONF_load_bio(NULL, in, NULL);
+
+ if(!conf) {
+ BIO_printf(bio_err, "Error parsing config file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ spkstr = CONF_get_string(conf, spksect, spkac);
+
+ if(!spkstr) {
+ BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
+ if(!spki) {
+ BIO_printf(bio_err, "Error loading SPKAC\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile) out = BIO_new_file(outfile, "w");
+ else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ if(!out) {
+ BIO_printf(bio_err, "Error opening output file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if(!noout) NETSCAPE_SPKI_print(out, spki);
+ pkey = NETSCAPE_SPKI_get_pubkey(spki);
+ if(verify) {
+ i = NETSCAPE_SPKI_verify(spki, pkey);
+ if(i) BIO_printf(bio_err, "Signature OK\n");
+ else {
+ BIO_printf(bio_err, "Signature Failure\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
+
+ ret = 0;
+
+end:
+ CONF_free(conf);
+ NETSCAPE_SPKI_free(spki);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(key);
+ EVP_PKEY_free(pkey);
+ if(passin) Free(passin);
+ EXIT(ret);
+ }
diff --git a/lib/libssl/src/crypto/asn1/a_mbstr.c b/lib/libssl/src/crypto/asn1/a_mbstr.c
new file mode 100644
index 00000000000..7a710d54590
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/a_mbstr.c
@@ -0,0 +1,390 @@
+/* a_mbstr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+ int (*rfunc)(unsigned long value, void *in), void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+static int is_printable(unsigned long value);
+
+/* These functions take a string in UTF8, ASCII or multibyte form and
+ * a mask of permissible ASN1 string types. It then works out the minimal
+ * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data.
+ * Yes this is horrible: it has to be :-(
+ * The 'ncopy' form checks minimum and maximum size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask)
+{
+ return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask,
+ long minsize, long maxsize)
+{
+ int str_type;
+ int ret;
+ int outform, outlen;
+ ASN1_STRING *dest;
+ unsigned char *p;
+ int nchar;
+ char strbuf[32];
+ int (*cpyfunc)(unsigned long,void *) = NULL;
+ if(len == -1) len = strlen((const char *)in);
+ if(!mask) mask = DIRSTRING_TYPE;
+
+ /* First do a string check and work out the number of characters */
+ switch(inform) {
+
+ case MBSTRING_BMP:
+ if(len & 1) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+ ASN1_R_INVALID_BMPSTRING_LENGTH);
+ return -1;
+ }
+ nchar = len >> 1;
+ break;
+
+ case MBSTRING_UNIV:
+ if(len & 3) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+ ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+ return -1;
+ }
+ nchar = len >> 2;
+ break;
+
+ case MBSTRING_UTF8:
+ nchar = 0;
+ /* This counts the characters and does utf8 syntax checking */
+ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+ if(ret < 0) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+ ASN1_R_INVALID_UTF8STRING);
+ return -1;
+ }
+ break;
+
+ case MBSTRING_ASC:
+ nchar = len;
+ break;
+
+ default:
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);
+ return -1;
+ }
+
+ if((minsize > 0) && (nchar < minsize)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
+ sprintf(strbuf, "%ld", minsize);
+ ERR_add_error_data(2, "minsize=", strbuf);
+ return -1;
+ }
+
+ if((maxsize > 0) && (nchar > maxsize)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
+ sprintf(strbuf, "%ld", maxsize);
+ ERR_add_error_data(2, "maxsize=", strbuf);
+ return -1;
+ }
+
+ /* Now work out minimal type (if any) */
+ if(traverse_string(in, len, inform, type_str, &mask) < 0) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS);
+ return -1;
+ }
+
+
+ /* Now work out output format and string type */
+ outform = MBSTRING_ASC;
+ if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
+ else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
+ else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
+ else if(mask & B_ASN1_BMPSTRING) {
+ str_type = V_ASN1_BMPSTRING;
+ outform = MBSTRING_BMP;
+ } else if(mask & B_ASN1_UNIVERSALSTRING) {
+ str_type = V_ASN1_UNIVERSALSTRING;
+ outform = MBSTRING_UNIV;
+ } else {
+ str_type = V_ASN1_UTF8STRING;
+ outform = MBSTRING_UTF8;
+ }
+ if(!out) return str_type;
+ if(*out) {
+ dest = *out;
+ if(dest->data) {
+ dest->length = 0;
+ Free(dest->data);
+ dest->data = NULL;
+ }
+ dest->type = str_type;
+ } else {
+ dest = ASN1_STRING_type_new(str_type);
+ if(!dest) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+ ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ *out = dest;
+ }
+ /* If both the same type just copy across */
+ if(inform == outform) {
+ if(!ASN1_STRING_set(dest, in, len)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ return str_type;
+ }
+
+ /* Work out how much space the destination will need */
+ switch(outform) {
+ case MBSTRING_ASC:
+ outlen = nchar;
+ cpyfunc = cpy_asc;
+ break;
+
+ case MBSTRING_BMP:
+ outlen = nchar << 1;
+ cpyfunc = cpy_bmp;
+ break;
+
+ case MBSTRING_UNIV:
+ outlen = nchar << 2;
+ cpyfunc = cpy_univ;
+ break;
+
+ case MBSTRING_UTF8:
+ outlen = 0;
+ traverse_string(in, len, inform, out_utf8, &outlen);
+ cpyfunc = cpy_utf8;
+ break;
+ }
+ if(!(p = Malloc(outlen + 1))) {
+ ASN1_STRING_free(dest);
+ ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dest->length = outlen;
+ dest->data = p;
+ p[outlen] = 0;
+ traverse_string(in, len, inform, cpyfunc, &p);
+ return str_type;
+}
+
+/* This function traverses a string and passes the value of each character
+ * to an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+ int (*rfunc)(unsigned long value, void *in), void *arg)
+{
+ unsigned long value;
+ int ret;
+ while(len) {
+ if(inform == MBSTRING_ASC) {
+ value = *p++;
+ len--;
+ } else if(inform == MBSTRING_BMP) {
+ value = *p++ << 8;
+ value |= *p++;
+ len -= 2;
+ } else if(inform == MBSTRING_UNIV) {
+ value = *p++ << 24;
+ value |= *p++ << 16;
+ value |= *p++ << 8;
+ value |= *p++;
+ len -= 4;
+ } else {
+ ret = UTF8_getc(p, len, &value);
+ if(ret < 0) return -1;
+ len -= ret;
+ p += ret;
+ }
+ if(rfunc) {
+ ret = rfunc(value, arg);
+ if(ret <= 0) return ret;
+ }
+ }
+ return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+ int *nchar;
+ nchar = arg;
+ (*nchar)++;
+ return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+ long *outlen;
+ outlen = arg;
+ *outlen += UTF8_putc(NULL, -1, value);
+ return 1;
+}
+
+/* Determine the "type" of a string: check each character against a
+ * supplied "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+ unsigned long types;
+ types = *((unsigned long *)arg);
+ if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+ types &= ~B_ASN1_PRINTABLESTRING;
+ if((types & B_ASN1_IA5STRING) && (value > 127))
+ types &= ~B_ASN1_IA5STRING;
+ if((types & B_ASN1_T61STRING) && (value > 0xff))
+ types &= ~B_ASN1_T61STRING;
+ if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+ types &= ~B_ASN1_BMPSTRING;
+ if(!types) return -1;
+ *((unsigned long *)arg) = types;
+ return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q = (unsigned char) value;
+ (*p)++;
+ return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q++ = (unsigned char) ((value >> 8) & 0xff);
+ *q = (unsigned char) (value & 0xff);
+ *p += 2;
+ return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q++ = (unsigned char) ((value >> 24) & 0xff);
+ *q++ = (unsigned char) ((value >> 16) & 0xff);
+ *q++ = (unsigned char) ((value >> 8) & 0xff);
+ *q = (unsigned char) (value & 0xff);
+ *p += 4;
+ return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+ unsigned char **p;
+ int ret;
+ p = arg;
+ /* We already know there is enough room so pass 0xff as the length */
+ ret = UTF8_putc(*p, 0xff, value);
+ *p += ret;
+ return 1;
+}
+
+/* Return 1 if the character is permitted in a PrintableString */
+static int is_printable(unsigned long value)
+{
+ int ch;
+ if(value > 0x7f) return 0;
+ ch = (int) value;
+ /* Note: we can't use 'isalnum' because certain accented
+ * characters may count as alphanumeric in some environments.
+ */
+ if((ch >= 'a') && (ch <= 'z')) return 1;
+ if((ch >= 'A') && (ch <= 'Z')) return 1;
+ if((ch >= '0') && (ch <= '9')) return 1;
+ if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
+ return 0;
+}
diff --git a/lib/libssl/src/crypto/asn1/a_strnid.c b/lib/libssl/src/crypto/asn1/a_strnid.c
new file mode 100644
index 00000000000..ab8417ffabc
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/a_strnid.c
@@ -0,0 +1,247 @@
+/* a_strnid.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);
+static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
+
+
+/* This is the global mask for the mbstring functions: this is use to
+ * mask out certain types (such as BMPString and UTF8String) because
+ * certain software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = 0xFFFFFFFFL;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+ global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+ return global_mask;
+}
+
+/* This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default: the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(char *p)
+{
+ unsigned long mask;
+ char *end;
+ if(!strncmp(p, "MASK:", 5)) {
+ if(!p[5]) return 0;
+ mask = strtoul(p + 5, &end, 0);
+ if(*end) return 0;
+ } else if(!strcmp(p, "nombstr"))
+ mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
+ else if(!strcmp(p, "pkix"))
+ mask = ~B_ASN1_T61STRING;
+ else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+ else if(!strcmp(p, "default"))
+ mask = 0xFFFFFFFFL;
+ else return 0;
+ ASN1_STRING_set_default_mask(mask);
+ return 1;
+}
+
+/* The following function generates an ASN1_STRING based on limits in a table.
+ * Frequently the types and length of an ASN1_STRING are restricted by a
+ * corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
+ int inlen, int inform, int nid)
+{
+ ASN1_STRING_TABLE *tbl;
+ ASN1_STRING *str = NULL;
+ unsigned long mask;
+ int ret;
+ if(!out) out = &str;
+ tbl = ASN1_STRING_TABLE_get(nid);
+ if(tbl) {
+ mask = tbl->mask;
+ if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
+ ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
+ tbl->minsize, tbl->maxsize);
+ } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
+ if(ret <= 0) return NULL;
+ return *out;
+}
+
+/* Now the tables and helper functions for the string table:
+ */
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+#define ub_name 32768
+#define ub_common_name 64
+#define ub_locality_name 128
+#define ub_state_name 128
+#define ub_organization_name 64
+#define ub_organization_unit_name 64
+#define ub_title 64
+#define ub_email_address 128
+
+/* This table must be kept in NID order */
+
+static ASN1_STRING_TABLE tbl_standard[] = {
+{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
+{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+};
+
+static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)
+{
+ return (*a)->nid - (*b)->nid;
+}
+
+static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b)
+{
+ return a->nid - b->nid;
+}
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+ int idx;
+ ASN1_STRING_TABLE *ttmp;
+ ASN1_STRING_TABLE fnd;
+ fnd.nid = nid;
+ ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+ (char *)tbl_standard,
+ sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+ sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp);
+ if(ttmp) return ttmp;
+ if(!stable) return NULL;
+ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+ if(idx < 0) return NULL;
+ return sk_ASN1_STRING_TABLE_value(stable, idx);
+}
+
+int ASN1_STRING_TABLE_add(int nid,
+ long minsize, long maxsize, unsigned long mask,
+ unsigned long flags)
+{
+ ASN1_STRING_TABLE *tmp;
+ char new_nid = 0;
+ flags &= ~STABLE_FLAGS_MALLOC;
+ if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+ if(!stable) {
+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
+ tmp = Malloc(sizeof(ASN1_STRING_TABLE));
+ if(!tmp) {
+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ tmp->flags = flags | STABLE_FLAGS_MALLOC;
+ tmp->nid = nid;
+ new_nid = 1;
+ } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
+ if(minsize != -1) tmp->minsize = minsize;
+ if(maxsize != -1) tmp->maxsize = maxsize;
+ tmp->mask = mask;
+ if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
+ return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+ STACK_OF(ASN1_STRING_TABLE) *tmp;
+ tmp = stable;
+ if(!tmp) return;
+ stable = NULL;
+ sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+ if(tbl->flags & STABLE_FLAGS_MALLOC) Free(tbl);
+}
+
+IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
diff --git a/lib/libssl/src/crypto/asn1/p8_key.c b/lib/libssl/src/crypto/asn1/p8_key.c
new file mode 100644
index 00000000000..0b243746279
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/p8_key.c
@@ -0,0 +1,131 @@
+/* crypto/asn1/p8_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF);
+ M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF);
+ M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+
+ M_ASN1_I2D_finish();
+ }
+
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+ {
+ M_ASN1_D2I_vars(a,X509 *,X509_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+ M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+ M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+ }
+
+X509 *X509_KEY_new(void)
+ {
+ X509_KEY *ret=NULL;
+
+ M_ASN1_New_Malloc(ret,X509_KEY);
+ ret->references=1;
+ ret->type=NID
+ M_ASN1_New(ret->cert_info,X509_CINF_new);
+ M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+ M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_X509_NEW);
+ }
+
+void X509_KEY_free(X509 *a)
+ {
+ int i;
+
+ if (a == NULL) return;
+
+ i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+#ifdef REF_PRINT
+ REF_PRINT("X509_KEY",a);
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"X509_KEY_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ X509_CINF_free(a->cert_info);
+ X509_ALGOR_free(a->sig_alg);
+ ASN1_BIT_STRING_free(a->signature);
+ Free(a);
+ }
+
diff --git a/lib/libssl/src/crypto/asn1/t_bitst.c b/lib/libssl/src/crypto/asn1/t_bitst.c
new file mode 100644
index 00000000000..8ee789f0825
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/t_bitst.c
@@ -0,0 +1,99 @@
+/* t_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+ BIT_STRING_BITNAME *tbl, int indent)
+{
+ BIT_STRING_BITNAME *bnam;
+ char first = 1;
+ BIO_printf(out, "%*s", indent, "");
+ for(bnam = tbl; bnam->lname; bnam++) {
+ if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+ if(!first) BIO_puts(out, ", ");
+ BIO_puts(out, bnam->lname);
+ first = 0;
+ }
+ }
+ BIO_puts(out, "\n");
+ return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+ BIT_STRING_BITNAME *tbl)
+{
+ int bitnum;
+ bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+ if(bitnum < 0) return 0;
+ if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value);
+ return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
+{
+ BIT_STRING_BITNAME *bnam;
+ for(bnam = tbl; bnam->lname; bnam++) {
+ if(!strcmp(bnam->sname, name) ||
+ !strcmp(bnam->lname, name) ) return bnam->bitnum;
+ }
+ return -1;
+}
diff --git a/lib/libssl/src/crypto/asn1/t_spki.c b/lib/libssl/src/crypto/asn1/t_spki.c
new file mode 100644
index 00000000000..d708434fcab
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/t_spki.c
@@ -0,0 +1,116 @@
+/* t_spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1_mac.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+ EVP_PKEY *pkey;
+ ASN1_IA5STRING *chal;
+ int i, n;
+ char *s;
+ BIO_printf(out, "Netscape SPKI:\n");
+ i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+ BIO_printf(out," Public Key Algorithm: %s\n",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+ pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+ if(!pkey) BIO_printf(out, " Unable to load public key\n");
+ else {
+#ifndef NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ {
+ BIO_printf(out," RSA Public Key: (%d bit)\n",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(out,pkey->pkey.rsa,2);
+ }
+ else
+#endif
+#ifndef NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ {
+ BIO_printf(out," DSA Public Key:\n");
+ DSA_print(out,pkey->pkey.dsa,2);
+ }
+ else
+#endif
+ BIO_printf(out," Unknown Public Key:\n");
+ EVP_PKEY_free(pkey);
+ }
+ chal = spki->spkac->challenge;
+ if(chal->length)
+ BIO_printf(out, " Challenge String: %s\n", chal->data);
+ i=OBJ_obj2nid(spki->sig_algor->algorithm);
+ BIO_printf(out," Signature Algorithm: %s",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+ n=spki->signature->length;
+ s=(char *)spki->signature->data;
+ for (i=0; i<n; i++)
+ {
+ if ((i%18) == 0) BIO_write(out,"\n ",7);
+ BIO_printf(out,"%02x%s",(unsigned char)s[i],
+ ((i+1) == n)?"":":");
+ }
+ BIO_write(out,"\n",1);
+ return 1;
+}
diff --git a/lib/libssl/src/crypto/asn1/t_x509a.c b/lib/libssl/src/crypto/asn1/t_x509a.c
new file mode 100644
index 00000000000..a18ebb586ce
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/t_x509a.c
@@ -0,0 +1,102 @@
+/* t_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX and string set routines
+ */
+
+int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
+{
+ char oidstr[80], first;
+ int i;
+ if(!aux) return 1;
+ if(aux->trust) {
+ first = 1;
+ BIO_printf(out, "%*sTrusted Uses:\n%*s",
+ indent, "", indent + 2, "");
+ for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
+ if(!first) BIO_puts(out, ", ");
+ else first = 0;
+ OBJ_obj2txt(oidstr, 80,
+ sk_ASN1_OBJECT_value(aux->trust, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+ if(aux->reject) {
+ first = 1;
+ BIO_printf(out, "%*sRejected Uses:\n%*s",
+ indent, "", indent + 2, "");
+ for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
+ if(!first) BIO_puts(out, ", ");
+ else first = 0;
+ OBJ_obj2txt(oidstr, 80,
+ sk_ASN1_OBJECT_value(aux->reject, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+ if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
+ aux->alias->data);
+ return 1;
+}
diff --git a/lib/libssl/src/crypto/asn1/x_x509a.c b/lib/libssl/src/crypto/asn1/x_x509a.c
new file mode 100644
index 00000000000..b9987ea9689
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/x_x509a.c
@@ -0,0 +1,200 @@
+/* a_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX routines. These are used to encode additional
+ * user modifiable data about a certificate. This data is
+ * appended to the X509 encoding when the *_X509_AUX routines
+ * are used. This means that the "traditional" X509 routines
+ * will simply ignore the extra data.
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length)
+{
+ M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+
+ M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust,
+ d2i_ASN1_OBJECT, ASN1_OBJECT_free);
+ M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject,
+ d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0);
+ M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING);
+ M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get_IMP_set_opt_type(X509_ALGOR, ret->other,
+ d2i_X509_ALGOR, X509_ALGOR_free, 1);
+
+ M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX);
+}
+
+X509_CERT_AUX *X509_CERT_AUX_new()
+{
+ X509_CERT_AUX *ret = NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, X509_CERT_AUX);
+ ret->trust = NULL;
+ ret->reject = NULL;
+ ret->alias = NULL;
+ ret->keyid = NULL;
+ ret->other = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW);
+}
+
+void X509_CERT_AUX_free(X509_CERT_AUX *a)
+{
+ if(a == NULL) return;
+ sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free);
+ sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free);
+ ASN1_UTF8STRING_free(a->alias);
+ ASN1_OCTET_STRING_free(a->keyid);
+ sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free);
+ Free(a);
+}
+
+int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp)
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
+
+ M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING);
+ M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
+
+ M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING);
+ M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
+
+ M_ASN1_I2D_finish();
+}
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+ if(!x) return NULL;
+ if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+ return x->aux;
+}
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len)
+{
+ X509_CERT_AUX *aux;
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+ return ASN1_STRING_set(aux->alias, name, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+ if(!x->aux || !x->aux->alias) return NULL;
+ if(len) *len = x->aux->alias->length;
+ return x->aux->alias->data;
+}
+
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+{
+ X509_CERT_AUX *aux;
+ ASN1_OBJECT *objtmp;
+ if(!(objtmp = OBJ_dup(obj))) return 0;
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->trust
+ && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+ return sk_ASN1_OBJECT_push(aux->trust, objtmp);
+}
+
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+{
+ X509_CERT_AUX *aux;
+ ASN1_OBJECT *objtmp;
+ if(!(objtmp = OBJ_dup(obj))) return 0;
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->reject
+ && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+ return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+}
+
+void X509_trust_clear(X509 *x)
+{
+ if(x->aux && x->aux->trust) {
+ sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+ x->aux->trust = NULL;
+ }
+}
+
+void X509_reject_clear(X509 *x)
+{
+ if(x->aux && x->aux->reject) {
+ sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+ x->aux->reject = NULL;
+ }
+}
+
diff --git a/lib/libssl/src/crypto/bn/bn_ctx.c b/lib/libssl/src/crypto/bn/bn_ctx.c
new file mode 100644
index 00000000000..46132fd1806
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/bn_ctx.c
@@ -0,0 +1,144 @@
+/* crypto/bn/bn_ctx.c */
+/* Written by Ulf Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef BN_CTX_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+
+
+BN_CTX *BN_CTX_new(void)
+ {
+ BN_CTX *ret;
+
+ ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
+ if (ret == NULL)
+ {
+ BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+
+ BN_CTX_init(ret);
+ ret->flags=BN_FLG_MALLOCED;
+ return(ret);
+ }
+
+void BN_CTX_init(BN_CTX *ctx)
+ {
+ int i;
+ ctx->tos = 0;
+ ctx->flags = 0;
+ ctx->depth = 0;
+ ctx->too_many = 0;
+ for (i = 0; i < BN_CTX_NUM; i++)
+ BN_init(&(ctx->bn[i]));
+ }
+
+void BN_CTX_free(BN_CTX *ctx)
+ {
+ int i;
+
+ if (ctx == NULL) return;
+ assert(ctx->depth == 0);
+
+ for (i=0; i < BN_CTX_NUM; i++)
+ BN_clear_free(&(ctx->bn[i]));
+ if (ctx->flags & BN_FLG_MALLOCED)
+ Free(ctx);
+ }
+
+void BN_CTX_start(BN_CTX *ctx)
+ {
+ if (ctx->depth < BN_CTX_NUM_POS)
+ ctx->pos[ctx->depth] = ctx->tos;
+ ctx->depth++;
+ }
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+ {
+ if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
+ {
+ if (!ctx->too_many)
+ {
+ BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ /* disable error code until BN_CTX_end is called: */
+ ctx->too_many = 1;
+ }
+ return NULL;
+ }
+ return (&(ctx->bn[ctx->tos++]));
+ }
+
+void BN_CTX_end(BN_CTX *ctx)
+ {
+ if (ctx == NULL) return;
+ assert(ctx->depth > 0);
+ if (ctx->depth == 0)
+ /* should never happen, but we can tolerate it if not in
+ * debug mode (could be a 'goto err' in the calling function
+ * before BN_CTX_start was reached) */
+ BN_CTX_start(ctx);
+
+ ctx->too_many = 0;
+ ctx->depth--;
+ if (ctx->depth < BN_CTX_NUM_POS)
+ ctx->tos = ctx->pos[ctx->depth];
+ }
diff --git a/lib/libssl/src/crypto/bn/divtest.c b/lib/libssl/src/crypto/bn/divtest.c
new file mode 100644
index 00000000000..13ba86e3c4e
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/divtest.c
@@ -0,0 +1,41 @@
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+
+static int rand(n)
+{
+ unsigned char x[2];
+ RAND_pseudo_bytes(x,2);
+ return (x[0] + 2*x[1]);
+}
+
+static void bug(char *m, BIGNUM *a, BIGNUM *b)
+{
+ printf("%s!\na=",m);
+ BN_print_fp(stdout, a);
+ printf("\nb=");
+ BN_print_fp(stdout, b);
+ printf("\n");
+ fflush(stdout);
+}
+
+main()
+{
+ BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
+ *C=BN_new(), *D=BN_new();
+ BN_RECP_CTX *recp=BN_RECP_CTX_new();
+ BN_CTX *ctx=BN_CTX_new();
+
+ for(;;) {
+ BN_pseudo_rand(a,rand(),0,0);
+ BN_pseudo_rand(b,rand(),0,0);
+ if (BN_is_zero(b)) continue;
+
+ BN_RECP_CTX_set(recp,b,ctx);
+ if (BN_div(C,D,a,b,ctx) != 1)
+ bug("BN_div failed",a,b);
+ if (BN_div_recp(c,d,a,recp,ctx) != 1)
+ bug("BN_div_recp failed",a,b);
+ else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
+ bug("mismatch",a,b);
+ }
+}
diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c
new file mode 100644
index 00000000000..b51cf6ad8d4
--- /dev/null
+++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -0,0 +1,321 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+ DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+
+static DSA_METHOD openssl_dsa_meth = {
+"OpenSSL DSA method",
+dsa_do_sign,
+dsa_sign_setup,
+dsa_do_verify,
+dsa_mod_exp,
+dsa_bn_mod_exp,
+dsa_init,
+dsa_finish,
+0,
+NULL
+};
+
+DSA_METHOD *DSA_OpenSSL(void)
+{
+ return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+ {
+ BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+ BIGNUM m;
+ BIGNUM xr;
+ BN_CTX *ctx=NULL;
+ int i,reason=ERR_R_BN_LIB;
+ DSA_SIG *ret=NULL;
+
+ BN_init(&m);
+ BN_init(&xr);
+ s=BN_new();
+ if (s == NULL) goto err;
+
+ i=BN_num_bytes(dsa->q); /* should be 20 */
+ if ((dlen > i) || (dlen > 50))
+ {
+ reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+ goto err;
+ }
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+
+ if ((dsa->kinv == NULL) || (dsa->r == NULL))
+ {
+ if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+ }
+ else
+ {
+ kinv=dsa->kinv;
+ dsa->kinv=NULL;
+ r=dsa->r;
+ dsa->r=NULL;
+ }
+
+ if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+ /* Compute s = inv(k) (m + xr) mod q */
+ if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
+ if (BN_cmp(s,dsa->q) > 0)
+ BN_sub(s,s,dsa->q);
+ if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+ ret=DSA_SIG_new();
+ if (ret == NULL) goto err;
+ ret->r = r;
+ ret->s = s;
+
+err:
+ if (!ret)
+ {
+ DSAerr(DSA_F_DSA_DO_SIGN,reason);
+ BN_free(r);
+ BN_free(s);
+ }
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_clear_free(&m);
+ BN_clear_free(&xr);
+ if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+ BN_clear_free(kinv);
+ return(ret);
+ }
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+ {
+ BN_CTX *ctx;
+ BIGNUM k,*kinv=NULL,*r=NULL;
+ int ret=0;
+
+ if (ctx_in == NULL)
+ {
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ }
+ else
+ ctx=ctx_in;
+
+ BN_init(&k);
+ if ((r=BN_new()) == NULL) goto err;
+ kinv=NULL;
+
+ /* Get random k */
+ for (;;)
+ {
+ if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
+ if (BN_cmp(&k,dsa->q) >= 0)
+ BN_sub(&k,&k,dsa->q);
+ if (!BN_is_zero(&k)) break;
+ }
+
+ if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+ {
+ if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+ if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+ dsa->p,ctx)) goto err;
+ }
+
+ /* Compute r = (g^k mod p) mod q */
+ if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+ if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+
+ if (*kinvp != NULL) BN_clear_free(*kinvp);
+ *kinvp=kinv;
+ kinv=NULL;
+ if (*rp != NULL) BN_clear_free(*rp);
+ *rp=r;
+ ret=1;
+err:
+ if (!ret)
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+ if (kinv != NULL) BN_clear_free(kinv);
+ if (r != NULL) BN_clear_free(r);
+ }
+ if (ctx_in == NULL) BN_CTX_free(ctx);
+ if (kinv != NULL) BN_clear_free(kinv);
+ BN_clear_free(&k);
+ return(ret);
+ }
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+ DSA *dsa)
+ {
+ BN_CTX *ctx;
+ BIGNUM u1,u2,t1;
+ BN_MONT_CTX *mont=NULL;
+ int ret = -1;
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ BN_init(&u1);
+ BN_init(&u2);
+ BN_init(&t1);
+
+ /* Calculate W = inv(S) mod Q
+ * save W in u2 */
+ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+
+ /* save M in u1 */
+ if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+
+ /* u1 = M * w mod q */
+ if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+
+ /* u2 = r * w mod q */
+ if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+ if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+ {
+ if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+ if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+ dsa->p,ctx)) goto err;
+ }
+ mont=(BN_MONT_CTX *)dsa->method_mont_p;
+
+#if 0
+ {
+ BIGNUM t2;
+
+ BN_init(&t2);
+ /* v = ( g^u1 * y^u2 mod p ) mod q */
+ /* let t1 = g ^ u1 mod p */
+ if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+ /* let t2 = y ^ u2 mod p */
+ if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+ /* let u1 = t1 * t2 mod p */
+ if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+ BN_free(&t2);
+ }
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+ {
+ if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+ dsa->p,ctx,mont)) goto err;
+ /* BN_copy(&u1,&t1); */
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+ }
+#endif
+ /* V is now in u1. If the signature is correct, it will be
+ * equal to R. */
+ ret=(BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+ if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_free(&u1);
+ BN_free(&u2);
+ BN_free(&t1);
+ return(ret);
+ }
+
+static int dsa_init(DSA *dsa)
+{
+ dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+ return(1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+ if(dsa->method_mont_p)
+ BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+ return(1);
+}
+
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
diff --git a/lib/libssl/src/crypto/ebcdic.c b/lib/libssl/src/crypto/ebcdic.c
new file mode 100644
index 00000000000..31397b2add7
--- /dev/null
+++ b/lib/libssl/src/crypto/ebcdic.c
@@ -0,0 +1,217 @@
+/* crypto/ebcdic.c */
+
+#ifdef CHARSET_EBCDIC
+#include "ebcdic.h"
+/* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
+ * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De>
+ */
+
+#ifdef _OSD_POSIX
+/*
+ "BS2000 OSD" is a POSIX subsystem on a main frame.
+ It is made by Siemens AG, Germany, for their BS2000 mainframe machines.
+ Within the POSIX subsystem, the same character set was chosen as in
+ "native BS2000", namely EBCDIC. (EDF04)
+
+ The name "ASCII" in these routines is misleading: actually, conversion
+ is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;
+ that means that (western european) national characters are preserved.
+
+ This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.
+*/
+
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+ 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
+/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+ 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
+/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/
+/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+ 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/
+/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+ 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/
+/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+ 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/
+/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+ 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
+/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+ 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/
+/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+ 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/
+/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/
+/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+ 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/
+/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+ 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/
+/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/
+/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+ 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/
+/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+ 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/
+/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /*0123456789.{.}.~*/
+};
+
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+/*00*/ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+ 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
+/*10*/ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+ 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
+/*20*/ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+/*30*/ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /*0123456789:;<=>?*/
+/*40*/ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /*@ABCDEFGHIJKLMNO*/
+/*50*/ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+ 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /*PQRSTUVWXYZ[\]^_*/
+/*60*/ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /*`abcdefghijklmno*/
+/*70*/ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+ 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /*pqrstuvwxyz{|}~.*/
+/*80*/ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /*................*/
+/*90*/ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+ 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /*................*/
+/*a0*/ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+ 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /*................*/
+/*b0*/ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+ 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /*................*/
+/*c0*/ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+ 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /*................*/
+/*d0*/ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+ 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /*................*/
+/*e0*/ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+ 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /*................*/
+/*f0*/ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+ 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /*................*/
+};
+
+#else /*_OSD_POSIX*/
+
+/*
+This code does basic character mapping for IBM's TPF and OS/390 operating systems.
+It is a modified version of the BS2000 table.
+
+Bijective EBCDIC (character set IBM-1047) to US-ASCII table:
+This table is bijective - there are no ambigous or duplicate characters.
+*/
+const unsigned char os_toascii[256] = {
+ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
+ 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */
+ 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */
+ 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */
+ 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */
+ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */
+ 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */
+ 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */
+ 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */
+ 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */
+ 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+ 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */
+ 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+ 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */
+ 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+ 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */
+ 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+ 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */
+ 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+ 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */
+ 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */
+ 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */
+};
+
+
+/*
+The US-ASCII to EBCDIC (character set IBM-1047) table:
+This table is bijective (no ambiguous or duplicate characters)
+*/
+const unsigned char os_toebcdic[256] = {
+ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */
+ 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */
+ 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */
+ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */
+ 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */
+ 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */
+ 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+ 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */
+ 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */
+ 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */
+ 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+ 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */
+ 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */
+ 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */
+ 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */
+ 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */
+ 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */
+ 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+#endif /*_OSD_POSIX*/
+
+/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but
+ * should not overlap. These functions intentionally have an interface
+ * compatible to memcpy(3).
+ */
+
+void *
+ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+ unsigned char *udest = dest;
+ const unsigned char *usrce = srce;
+
+ while (count-- != 0) {
+ *udest++ = os_toascii[*usrce++];
+ }
+
+ return dest;
+}
+
+void *
+ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+ unsigned char *udest = dest;
+ const unsigned char *usrce = srce;
+
+ while (count-- != 0) {
+ *udest++ = os_toebcdic[*usrce++];
+ }
+
+ return dest;
+}
+
+#else /*CHARSET_EBCDIC*/
+#ifdef PEDANTIC
+static void *dummy=&dummy;
+#endif
+#endif
diff --git a/lib/libssl/src/crypto/evp/c_allc.c b/lib/libssl/src/crypto/evp/c_allc.c
new file mode 100644
index 00000000000..f24d3756c90
--- /dev/null
+++ b/lib/libssl/src/crypto/evp/c_allc.c
@@ -0,0 +1,149 @@
+/* crypto/evp/c_allc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void OpenSSL_add_all_ciphers(void)
+ {
+#ifndef NO_DES
+ EVP_add_cipher(EVP_des_cfb());
+ EVP_add_cipher(EVP_des_ede_cfb());
+ EVP_add_cipher(EVP_des_ede3_cfb());
+
+ EVP_add_cipher(EVP_des_ofb());
+ EVP_add_cipher(EVP_des_ede_ofb());
+ EVP_add_cipher(EVP_des_ede3_ofb());
+
+ EVP_add_cipher(EVP_desx_cbc());
+ EVP_add_cipher_alias(SN_desx_cbc,"DESX");
+ EVP_add_cipher_alias(SN_desx_cbc,"desx");
+
+ EVP_add_cipher(EVP_des_cbc());
+ EVP_add_cipher_alias(SN_des_cbc,"DES");
+ EVP_add_cipher_alias(SN_des_cbc,"des");
+ EVP_add_cipher(EVP_des_ede_cbc());
+ EVP_add_cipher(EVP_des_ede3_cbc());
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
+
+ EVP_add_cipher(EVP_des_ecb());
+ EVP_add_cipher(EVP_des_ede());
+ EVP_add_cipher(EVP_des_ede3());
+#endif
+
+#ifndef NO_RC4
+ EVP_add_cipher(EVP_rc4());
+ EVP_add_cipher(EVP_rc4_40());
+#endif
+
+#ifndef NO_IDEA
+ EVP_add_cipher(EVP_idea_ecb());
+ EVP_add_cipher(EVP_idea_cfb());
+ EVP_add_cipher(EVP_idea_ofb());
+ EVP_add_cipher(EVP_idea_cbc());
+ EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
+ EVP_add_cipher_alias(SN_idea_cbc,"idea");
+#endif
+
+#ifndef NO_RC2
+ EVP_add_cipher(EVP_rc2_ecb());
+ EVP_add_cipher(EVP_rc2_cfb());
+ EVP_add_cipher(EVP_rc2_ofb());
+ EVP_add_cipher(EVP_rc2_cbc());
+ EVP_add_cipher(EVP_rc2_40_cbc());
+ EVP_add_cipher(EVP_rc2_64_cbc());
+ EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
+ EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
+#endif
+
+#ifndef NO_BF
+ EVP_add_cipher(EVP_bf_ecb());
+ EVP_add_cipher(EVP_bf_cfb());
+ EVP_add_cipher(EVP_bf_ofb());
+ EVP_add_cipher(EVP_bf_cbc());
+ EVP_add_cipher_alias(SN_bf_cbc,"BF");
+ EVP_add_cipher_alias(SN_bf_cbc,"bf");
+ EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
+#endif
+
+#ifndef NO_CAST
+ EVP_add_cipher(EVP_cast5_ecb());
+ EVP_add_cipher(EVP_cast5_cfb());
+ EVP_add_cipher(EVP_cast5_ofb());
+ EVP_add_cipher(EVP_cast5_cbc());
+ EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
+ EVP_add_cipher_alias(SN_cast5_cbc,"cast");
+ EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
+ EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
+#endif
+
+#ifndef NO_RC5
+ EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+ EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+ EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+ EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+ EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
+ EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
+#endif
+ PKCS12_PBE_add();
+ PKCS5_PBE_add();
+ }
diff --git a/lib/libssl/src/crypto/evp/c_alld.c b/lib/libssl/src/crypto/evp/c_alld.c
new file mode 100644
index 00000000000..febe51a3ee4
--- /dev/null
+++ b/lib/libssl/src/crypto/evp/c_alld.c
@@ -0,0 +1,100 @@
+/* crypto/evp/c_alld.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void OpenSSL_add_all_digests(void)
+ {
+#ifndef NO_MD2
+ EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
+ EVP_add_digest(EVP_md5());
+ EVP_add_digest_alias(SN_md5,"ssl2-md5");
+ EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#endif
+#ifndef NO_SHA
+ EVP_add_digest(EVP_sha());
+#ifndef NO_DSA
+ EVP_add_digest(EVP_dss());
+#endif
+#endif
+#ifndef NO_SHA
+ EVP_add_digest(EVP_sha1());
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#ifndef NO_DSA
+ EVP_add_digest(EVP_dss1());
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#endif
+#if !defined(NO_MDC2) && !defined(NO_DES)
+ EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef NO_RIPEMD
+ EVP_add_digest(EVP_ripemd160());
+ EVP_add_digest_alias(SN_ripemd160,"ripemd");
+ EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
+ }
diff --git a/lib/libssl/src/crypto/mem_dbg.c b/lib/libssl/src/crypto/mem_dbg.c
new file mode 100644
index 00000000000..14770c07337
--- /dev/null
+++ b/lib/libssl/src/crypto/mem_dbg.c
@@ -0,0 +1,703 @@
+/* crypto/mem_dbg.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "cryptlib.h"
+
+static int mh_mode=CRYPTO_MEM_CHECK_OFF;
+/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
+ * when the application asks for it (usually after library initialisation
+ * for which no book-keeping is desired).
+ *
+ * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
+ * thinks that certain allocations should not be checked (e.g. the data
+ * structures used for memory checking). It is not suitable as an initial
+ * state: the library will unexpectedly enable memory checking when it
+ * executes one of those sections that want to disable checking
+ * temporarily.
+ *
+ * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
+ */
+
+static unsigned long order = 0; /* number of memory requests */
+static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
+
+
+typedef struct app_mem_info_st
+/* For application-defined information (static C-string `info')
+ * to be displayed in memory leak list.
+ * Each thread has its own stack. For applications, there is
+ * CRYPTO_push_info("...") to push an entry,
+ * CRYPTO_pop_info() to pop an entry,
+ * CRYPTO_remove_all_info() to pop all entries.
+ */
+ {
+ unsigned long thread;
+ const char *file;
+ int line;
+ const char *info;
+ struct app_mem_info_st *next; /* tail of thread's stack */
+ int references;
+ } APP_INFO;
+
+static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+ * that are at the top of their thread's stack
+ * (with `thread' as key) */
+
+typedef struct mem_st
+/* memory-block description */
+ {
+ char *addr;
+ int num;
+ const char *file;
+ int line;
+ unsigned long thread;
+ unsigned long order;
+ time_t time;
+ APP_INFO *app_info;
+ } MEM;
+
+static long options = /* extra information to be recorded */
+#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
+ V_CRYPTO_MDEBUG_TIME |
+#endif
+#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
+ V_CRYPTO_MDEBUG_THREAD |
+#endif
+ 0;
+
+
+static unsigned long disabling_thread = 0;
+
+int CRYPTO_mem_ctrl(int mode)
+ {
+ int ret=mh_mode;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+ switch (mode)
+ {
+ /* for applications: */
+ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
+ mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
+ disabling_thread = 0;
+ break;
+ case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+ mh_mode = 0;
+ disabling_thread = 0;
+ break;
+
+ /* switch off temporarily (for library-internal use): */
+ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+ if (mh_mode & CRYPTO_MEM_CHECK_ON)
+ {
+ mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE;
+ if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */
+ {
+ /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
+ * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
+ * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release
+ * it because we block entry to this function).
+ * Give them a chance, first, and then claim the locks in
+ * appropriate order (long-time lock first).
+ */
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+ /* Note that after we have waited for CRYPTO_LOCK_MALLOC2
+ * and CRYPTO_LOCK_MALLOC, we'll still be in the right
+ * "case" and "if" branch because MemCheck_start and
+ * MemCheck_stop may never be used while there are multiple
+ * OpenSSL threads. */
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+ disabling_thread=CRYPTO_thread_id();
+ }
+ }
+ break;
+ case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+ if (mh_mode & CRYPTO_MEM_CHECK_ON)
+ {
+ mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
+ if (disabling_thread != 0)
+ {
+ disabling_thread=0;
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+ return(ret);
+ }
+
+int CRYPTO_is_mem_check_on(void)
+ {
+ int ret = 0;
+
+ if (mh_mode & CRYPTO_MEM_CHECK_ON)
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+
+ ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+ && disabling_thread != CRYPTO_thread_id();
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+ }
+ return(ret);
+ }
+
+
+void CRYPTO_dbg_set_options(long bits)
+ {
+ options = bits;
+ }
+
+long CRYPTO_dbg_get_options(void)
+ {
+ return options;
+ }
+
+static int mem_cmp(MEM *a, MEM *b)
+ {
+ return(a->addr - b->addr);
+ }
+
+static unsigned long mem_hash(MEM *a)
+ {
+ unsigned long ret;
+
+ ret=(unsigned long)a->addr;
+
+ ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+ return(ret);
+ }
+
+static int app_info_cmp(APP_INFO *a, APP_INFO *b)
+ {
+ return(a->thread != b->thread);
+ }
+
+static unsigned long app_info_hash(APP_INFO *a)
+ {
+ unsigned long ret;
+
+ ret=(unsigned long)a->thread;
+
+ ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+ return(ret);
+ }
+
+static APP_INFO *pop_info()
+ {
+ APP_INFO tmp;
+ APP_INFO *ret = NULL;
+
+ if (amih != NULL)
+ {
+ tmp.thread=CRYPTO_thread_id();
+ if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
+ {
+ APP_INFO *next=ret->next;
+
+ if (next != NULL)
+ {
+ next->references++;
+ lh_insert(amih,(char *)next);
+ }
+#ifdef LEVITTE_DEBUG
+ if (ret->thread != tmp.thread)
+ {
+ fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+ ret->thread, tmp.thread);
+ abort();
+ }
+#endif
+ if (--(ret->references) <= 0)
+ {
+ ret->next = NULL;
+ if (next != NULL)
+ next->references--;
+ Free(ret);
+ }
+ }
+ }
+ return(ret);
+ }
+
+int CRYPTO_push_info_(const char *info, const char *file, int line)
+ {
+ APP_INFO *ami, *amim;
+ int ret=0;
+
+ if (is_MemCheck_on())
+ {
+ MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+
+ if ((ami = (APP_INFO *)Malloc(sizeof(APP_INFO))) == NULL)
+ {
+ ret=0;
+ goto err;
+ }
+ if (amih == NULL)
+ {
+ if ((amih=lh_new(app_info_hash,app_info_cmp)) == NULL)
+ {
+ Free(ami);
+ ret=0;
+ goto err;
+ }
+ }
+
+ ami->thread=CRYPTO_thread_id();
+ ami->file=file;
+ ami->line=line;
+ ami->info=info;
+ ami->references=1;
+ ami->next=NULL;
+
+ if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
+ {
+#ifdef LEVITTE_DEBUG
+ if (ami->thread != amim->thread)
+ {
+ fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+ amim->thread, ami->thread);
+ abort();
+ }
+#endif
+ ami->next=amim;
+ }
+ err:
+ MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ }
+
+ return(ret);
+ }
+
+int CRYPTO_pop_info(void)
+ {
+ int ret=0;
+
+ if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
+ {
+ MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+
+ ret=(pop_info() != NULL);
+
+ MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ }
+ return(ret);
+ }
+
+int CRYPTO_remove_all_info(void)
+ {
+ int ret=0;
+
+ if (is_MemCheck_on()) /* _must_ be true */
+ {
+ MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+
+ while(pop_info() != NULL)
+ ret++;
+
+ MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ }
+ return(ret);
+ }
+
+
+static unsigned long break_order_num=0;
+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
+ int before_p)
+ {
+ MEM *m,*mm;
+ APP_INFO tmp,*amim;
+
+ switch(before_p & 127)
+ {
+ case 0:
+ break;
+ case 1:
+ if (addr == NULL)
+ break;
+
+ if (is_MemCheck_on())
+ {
+ MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+ if ((m=(MEM *)Malloc(sizeof(MEM))) == NULL)
+ {
+ Free(addr);
+ MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ return;
+ }
+ if (mh == NULL)
+ {
+ if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
+ {
+ Free(addr);
+ Free(m);
+ addr=NULL;
+ goto err;
+ }
+ }
+
+ m->addr=addr;
+ m->file=file;
+ m->line=line;
+ m->num=num;
+ if (options & V_CRYPTO_MDEBUG_THREAD)
+ m->thread=CRYPTO_thread_id();
+ else
+ m->thread=0;
+
+ if (order == break_order_num)
+ {
+ /* BREAK HERE */
+ m->order=order;
+ }
+ m->order=order++;
+#ifdef LEVITTE_DEBUG
+ fprintf(stderr, "LEVITTE_DEBUG: [%5d] %c 0x%p (%d)\n",
+ m->order,
+ (before_p & 128) ? '*' : '+',
+ m->addr, m->num);
+#endif
+ if (options & V_CRYPTO_MDEBUG_TIME)
+ m->time=time(NULL);
+ else
+ m->time=0;
+
+ tmp.thread=CRYPTO_thread_id();
+ m->app_info=NULL;
+ if (amih != NULL
+ && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
+ {
+ m->app_info = amim;
+ amim->references++;
+ }
+
+ if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+ {
+ /* Not good, but don't sweat it */
+ if (mm->app_info != NULL)
+ {
+ mm->app_info->references--;
+ }
+ Free(mm);
+ }
+ err:
+ MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ }
+ break;
+ }
+ return;
+ }
+
+void CRYPTO_dbg_free(void *addr, int before_p)
+ {
+ MEM m,*mp;
+
+ switch(before_p)
+ {
+ case 0:
+ if (addr == NULL)
+ break;
+
+ if (is_MemCheck_on() && (mh != NULL))
+ {
+ MemCheck_off();
+
+ m.addr=addr;
+ mp=(MEM *)lh_delete(mh,(char *)&m);
+ if (mp != NULL)
+ {
+#ifdef LEVITTE_DEBUG
+ fprintf(stderr, "LEVITTE_DEBUG: [%5d] - 0x%p (%d)\n",
+ mp->order, mp->addr, mp->num);
+#endif
+ if (mp->app_info != NULL)
+ {
+ mp->app_info->references--;
+ }
+ Free(mp);
+ }
+
+ MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ }
+ break;
+ case 1:
+ break;
+ }
+ }
+
+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
+ const char *file, int line, int before_p)
+ {
+ MEM m,*mp;
+
+#ifdef LEVITTE_DEBUG
+ fprintf(stderr, "LEVITTE_DEBUG: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
+ addr1, addr2, num, file, line, before_p);
+#endif
+
+ switch(before_p)
+ {
+ case 0:
+ break;
+ case 1:
+ if (addr2 == NULL)
+ break;
+
+ if (addr1 == NULL)
+ {
+ CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
+ break;
+ }
+
+ if (is_MemCheck_on())
+ {
+ MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+
+ m.addr=addr1;
+ mp=(MEM *)lh_delete(mh,(char *)&m);
+ if (mp != NULL)
+ {
+#ifdef LEVITTE_DEBUG
+ fprintf(stderr, "LEVITTE_DEBUG: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+ mp->order,
+ mp->addr, mp->num,
+ addr2, num);
+#endif
+ mp->addr=addr2;
+ mp->num=num;
+ lh_insert(mh,(char *)mp);
+ }
+
+ MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ }
+ break;
+ }
+ return;
+ }
+
+
+typedef struct mem_leak_st
+ {
+ BIO *bio;
+ int chunks;
+ long bytes;
+ } MEM_LEAK;
+
+static void print_leak(MEM *m, MEM_LEAK *l)
+ {
+ char buf[1024];
+ char *bufp = buf;
+ APP_INFO *amip;
+ int ami_cnt;
+ struct tm *lcl = NULL;
+ unsigned long ti;
+
+ if(m->addr == (char *)l->bio)
+ return;
+
+ if (options & V_CRYPTO_MDEBUG_TIME)
+ {
+ lcl = localtime(&m->time);
+
+ sprintf(bufp, "[%02d:%02d:%02d] ",
+ lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
+ bufp += strlen(bufp);
+ }
+
+ sprintf(bufp, "%5lu file=%s, line=%d, ",
+ m->order,m->file,m->line);
+ bufp += strlen(bufp);
+
+ if (options & V_CRYPTO_MDEBUG_THREAD)
+ {
+ sprintf(bufp, "thread=%lu, ", m->thread);
+ bufp += strlen(bufp);
+ }
+
+ sprintf(bufp, "number=%d, address=%08lX\n",
+ m->num,(unsigned long)m->addr);
+ bufp += strlen(bufp);
+
+ BIO_puts(l->bio,buf);
+
+ l->chunks++;
+ l->bytes+=m->num;
+
+ amip=m->app_info;
+ ami_cnt=0;
+ if (!amip)
+ return;
+ ti=amip->thread;
+
+ do
+ {
+ int buf_len;
+ int info_len;
+
+ ami_cnt++;
+ memset(buf,'>',ami_cnt);
+ sprintf(buf + ami_cnt,
+ " thread=%lu, file=%s, line=%d, info=\"",
+ amip->thread, amip->file, amip->line);
+ buf_len=strlen(buf);
+ info_len=strlen(amip->info);
+ if (128 - buf_len - 3 < info_len)
+ {
+ memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+ buf_len = 128 - 3;
+ }
+ else
+ {
+ strcpy(buf + buf_len, amip->info);
+ buf_len = strlen(buf);
+ }
+ sprintf(buf + buf_len, "\"\n");
+
+ BIO_puts(l->bio,buf);
+
+ amip = amip->next;
+ }
+ while(amip && amip->thread == ti);
+
+#ifdef LEVITTE_DEBUG
+ if (amip)
+ {
+ fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
+ abort();
+ }
+#endif
+ }
+
+void CRYPTO_mem_leaks(BIO *b)
+ {
+ MEM_LEAK ml;
+ char buf[80];
+
+ if (mh == NULL) return;
+ ml.bio=b;
+ ml.bytes=0;
+ ml.chunks=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+ lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+ if (ml.chunks != 0)
+ {
+ sprintf(buf,"%ld bytes leaked in %d chunks\n",
+ ml.bytes,ml.chunks);
+ BIO_puts(b,buf);
+ }
+
+#if 0
+ lh_stats_bio(mh,b);
+ lh_node_stats_bio(mh,b);
+ lh_node_usage_stats_bio(mh,b);
+#endif
+ }
+
+union void_fn_to_char_u
+ {
+ char *char_p;
+ void (*fn_p)();
+ };
+
+static void cb_leak(MEM *m, char *cb)
+ {
+ union void_fn_to_char_u mem_callback;
+
+ mem_callback.char_p=cb;
+ mem_callback.fn_p(m->order,m->file,m->line,m->num,m->addr);
+ }
+
+void CRYPTO_mem_leaks_cb(void (*cb)())
+ {
+ union void_fn_to_char_u mem_cb;
+
+ if (mh == NULL) return;
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+ mem_cb.fn_p=cb;
+ lh_doall_arg(mh,(void (*)())cb_leak,mem_cb.char_p);
+ mem_cb.char_p=NULL;
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+ }
+
+#ifndef NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *fp)
+ {
+ BIO *b;
+
+ if (mh == NULL) return;
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ return;
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ CRYPTO_mem_leaks(b);
+ BIO_free(b);
+ }
+#endif
+
diff --git a/lib/libssl/src/crypto/pkcs12/p12_npas.c b/lib/libssl/src/crypto/pkcs12/p12_npas.c
new file mode 100644
index 00000000000..ee71707e2c1
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs12/p12_npas.c
@@ -0,0 +1,212 @@
+/* p12_npas.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
+static int newpass_bags(STACK *bags, char *oldpass, char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
+{
+
+/* Check for NULL PKCS12 structure */
+
+if(!p12) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+ return 0;
+}
+
+/* Check the mac */
+
+if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
+ return 0;
+}
+
+if (!newpass_p12(p12, oldpass, newpass)) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
+ return 0;
+}
+
+return 1;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
+{
+ STACK *asafes, *newsafes, *bags;
+ int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
+ PKCS7 *p7, *p7new;
+ ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+ unsigned char mac[EVP_MAX_MD_SIZE];
+ unsigned int maclen;
+ if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
+ if(!(newsafes = sk_new(NULL))) return 0;
+ for (i = 0; i < sk_num (asafes); i++) {
+ p7 = (PKCS7 *) sk_value(asafes, i);
+ bagnid = OBJ_obj2nid(p7->type);
+ if (bagnid == NID_pkcs7_data) {
+ bags = M_PKCS12_unpack_p7data(p7);
+ } else if (bagnid == NID_pkcs7_encrypted) {
+ bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1);
+ alg_get(p7->d.encrypted->enc_data->algorithm,
+ &pbe_nid, &pbe_iter, &pbe_saltlen);
+ } else continue;
+ if (!bags) {
+ sk_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ if (!newpass_bags(bags, oldpass, newpass)) {
+ sk_pop_free(bags, PKCS12_SAFEBAG_free);
+ sk_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ /* Repack bag in same form with new password */
+ if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
+ else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+ pbe_saltlen, pbe_iter, bags);
+ sk_pop_free(bags, PKCS12_SAFEBAG_free);
+ if(!p7new) {
+ sk_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ sk_push(newsafes, (char *)p7new);
+ }
+ sk_pop_free(asafes, PKCS7_free);
+
+ /* Repack safe: save old safe in case of error */
+
+ p12_data_tmp = p12->authsafes->d.data;
+ if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
+ if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
+
+ if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
+ if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
+ if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
+ ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
+ p12->mac->dinfo->digest = macnew;
+ ASN1_OCTET_STRING_free(p12_data_tmp);
+
+ return 1;
+
+ saferr:
+ /* Restore old safe */
+ ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+ ASN1_OCTET_STRING_free(macnew);
+ p12->authsafes->d.data = p12_data_tmp;
+ return 0;
+
+}
+
+
+static int newpass_bags(STACK *bags, char *oldpass, char *newpass)
+{
+ int i;
+ for (i = 0; i < sk_num(bags); i++) {
+ if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i),
+ oldpass, newpass)) return 0;
+ }
+ return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
+{
+ PKCS8_PRIV_KEY_INFO *p8;
+ X509_SIG *p8new;
+ int p8_nid, p8_saltlen, p8_iter;
+
+ if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
+
+ if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0;
+ alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
+ if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+ p8_iter, p8))) return 0;
+ X509_SIG_free(bag->value.shkeybag);
+ bag->value.shkeybag = p8new;
+ return 1;
+}
+
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
+{
+ PBEPARAM *pbe;
+ unsigned char *p;
+ p = alg->parameter->value.sequence->data;
+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+ *pnid = OBJ_obj2nid(alg->algorithm);
+ *piter = ASN1_INTEGER_get(pbe->iter);
+ *psaltlen = pbe->salt->length;
+ PBEPARAM_free(pbe);
+ return 0;
+}
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/lib/libssl/src/crypto/pkcs7/pk7_attr.c
new file mode 100644
index 00000000000..3b9c0fe3f25
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/pk7_attr.c
@@ -0,0 +1,85 @@
+/* pk7_attr.c */
+/* S/MIME code.
+ * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com)
+ * All Rights Reserved.
+ * Redistribution of this code without the authors permission is expressly
+ * prohibited.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
+{
+ ASN1_STRING *seq;
+ unsigned char *p, *pp;
+ int len;
+ len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+ if(!(pp=(unsigned char *)Malloc(len))) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p=pp;
+ i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+ if(!(seq = ASN1_STRING_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!ASN1_STRING_set (seq, pp, len)) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ Free (pp);
+ return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+ V_ASN1_SEQUENCE, seq);
+}
+
+STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+ ASN1_TYPE *cap;
+ unsigned char *p;
+ cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+ if (!cap) return NULL;
+ p = cap->value.sequence->data;
+ return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length,
+ (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL);
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
+{
+ X509_ALGOR *alg;
+ if(!(alg = X509_ALGOR_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = OBJ_nid2obj (nid);
+ if (arg > 0) {
+ ASN1_INTEGER *nbit;
+ if(!(alg->parameter = ASN1_TYPE_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!(nbit = ASN1_INTEGER_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!ASN1_INTEGER_set (nbit, arg)) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ alg->parameter->value.integer = nbit;
+ alg->parameter->type = V_ASN1_INTEGER;
+ }
+ sk_push (sk, (char *)alg);
+ return 1;
+}
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/lib/libssl/src/crypto/pkcs7/pk7_mime.c
new file mode 100644
index 00000000000..734643be287
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -0,0 +1,673 @@
+/* pk7_mime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+/* MIME and related routines */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *name; /* Name of line e.g. "content-type" */
+char *value; /* Value of line e.g. "text/plain" */
+STACK /* MIME_PARAM */ *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+typedef struct {
+char *param_name; /* Param name e.g. "micalg" */
+char *param_value; /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
+static PKCS7 *B64_read_PKCS7(BIO *bio);
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK **ret);
+static int iscrlf(char c);
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+
+typedef void (*stkfree)();
+
+/* Base 64 read and write of PKCS#7 structure */
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
+{
+ BIO *b64;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ i2d_PKCS7_bio(bio, p7);
+ BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return 1;
+}
+
+static PKCS7 *B64_read_PKCS7(BIO *bio)
+{
+ BIO *b64;
+ PKCS7 *p7;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ if(!(p7 = d2i_PKCS7_bio(bio, NULL)))
+ PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
+ BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return p7;
+}
+
+/* SMIME sender */
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+ char linebuf[MAX_SMLEN];
+ char bound[33], c;
+ int i;
+ if((flags & PKCS7_DETACHED) && data) {
+ /* We want multipart/signed */
+ /* Generate a random boundary */
+ RAND_pseudo_bytes((unsigned char *)bound, 32);
+ for(i = 0; i < 32; i++) {
+ c = bound[i] & 0xf;
+ if(c < 10) c += '0';
+ else c += 'A' - 10;
+ bound[i] = c;
+ }
+ bound[32] = 0;
+ BIO_printf(bio, "MIME-Version: 1.0\n");
+ BIO_printf(bio, "Content-Type: multipart/signed ; ");
+ BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
+ BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
+ BIO_printf(bio, "This is an S/MIME signed message\n\n");
+ /* Now write out the first part */
+ BIO_printf(bio, "------%s\r\n", bound);
+ if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
+ while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(bio, linebuf, i);
+ BIO_printf(bio, "\n------%s\n", bound);
+
+ /* Headers for signature */
+
+ BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
+ BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
+ BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+ B64_write_PKCS7(bio, p7);
+ BIO_printf(bio,"\n------%s--\n\n", bound);
+ return 1;
+ }
+ /* MIME headers */
+ BIO_printf(bio, "MIME-Version: 1.0\n");
+ BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
+ BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
+ BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+ B64_write_PKCS7(bio, p7);
+ BIO_printf(bio, "\n");
+ return 1;
+}
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+ BIO *p7in;
+ STACK *headers = NULL;
+ STACK *parts = NULL;
+ MIME_HEADER *hdr;
+ MIME_PARAM *prm;
+ PKCS7 *p7;
+ int ret;
+
+ if(bcont) *bcont = NULL;
+
+ if (!(headers = mime_parse_hdr(bio))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
+ return NULL;
+ }
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
+ return NULL;
+ }
+
+ /* Handle multipart/signed */
+
+ if(!strcmp(hdr->value, "multipart/signed")) {
+ /* Split into two parts */
+ prm = mime_param_find(hdr, "boundary");
+ if(!prm || !prm->param_value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
+ return NULL;
+ }
+ ret = multi_split(bio, prm->param_value, &parts);
+ sk_pop_free(headers, mime_hdr_free);
+ if(!ret || (sk_num(parts) != 2) ) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ /* Parse the signature piece */
+ p7in = (BIO *)sk_value(parts, 1);
+
+ if (!(headers = mime_parse_hdr(p7in))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ /* Get content type */
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+ !hdr->value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
+ return NULL;
+ }
+
+ if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ strcmp(hdr->value, "application/pkcs7-signature")) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+ sk_pop_free(headers, mime_hdr_free);
+ /* Read in PKCS#7 */
+ if(!(p7 = B64_read_PKCS7(p7in))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ if(bcont) {
+ *bcont = (BIO *)sk_value(parts, 0);
+ BIO_free(p7in);
+ sk_free(parts);
+ } else sk_pop_free(parts, (stkfree)BIO_free);
+ return p7;
+ }
+
+ /* OK, if not multipart/signed try opaque signature */
+
+ if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+ strcmp (hdr->value, "application/pkcs7-mime")) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(headers, mime_hdr_free);
+ return NULL;
+ }
+
+ sk_pop_free(headers, mime_hdr_free);
+
+ if(!(p7 = B64_read_PKCS7(bio))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
+ return NULL;
+ }
+ return p7;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+ char eol;
+ int len;
+ char linebuf[MAX_SMLEN];
+ if(flags & PKCS7_BINARY) {
+ while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(out, linebuf, len);
+ return 1;
+ }
+ if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+ eol = 0;
+ while(iscrlf(linebuf[len - 1])) {
+ len--;
+ eol = 1;
+ }
+ BIO_write(out, linebuf, len);
+ if(eol) BIO_write(out, "\r\n", 2);
+ }
+ return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+ char iobuf[4096];
+ int len;
+ STACK *headers;
+ MIME_HEADER *hdr;
+ if (!(headers = mime_parse_hdr(in))) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
+ return 0;
+ }
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
+ sk_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ if (strcmp (hdr->value, "text/plain")) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ sk_pop_free(headers, mime_hdr_free);
+ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+ BIO_write(out, iobuf, len);
+ return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK **ret)
+{
+ char linebuf[MAX_SMLEN];
+ int len, blen;
+ BIO *bpart = NULL;
+ STACK *parts;
+ char state, part, first;
+ blen = strlen(bound);
+ part = 0;
+ state = 0;
+ first = 1;
+ parts = sk_new(NULL);
+ *ret = parts;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ state = mime_bound_check(linebuf, len, bound, blen);
+ if(state == 1) {
+ first = 1;
+ part++;
+ } else if(state == 2) {
+ sk_push(parts, (char *)bpart);
+ return 1;
+ } else if(part) {
+ if(first) {
+ first = 0;
+ if(bpart) sk_push(parts, (char *)bpart);
+ bpart = BIO_new(BIO_s_mem());
+
+ } else BIO_write(bpart, "\r\n", 2);
+ /* Strip CR+LF from linebuf */
+ while(iscrlf(linebuf[len - 1])) len--;
+ BIO_write(bpart, linebuf, len);
+ }
+ }
+ return 0;
+}
+
+static int iscrlf(char c)
+{
+ if(c == '\r' || c == '\n') return 1;
+ return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID 0
+#define MIME_START 1
+#define MIME_TYPE 2
+#define MIME_NAME 3
+#define MIME_VALUE 4
+#define MIME_QUOTE 5
+#define MIME_COMMENT 6
+
+
+static STACK *mime_parse_hdr(BIO *bio)
+{
+ char *p, *q, c;
+ char *ntmp;
+ char linebuf[MAX_SMLEN];
+ MIME_HEADER *mhdr = NULL;
+ STACK *headers;
+ int len, state, save_state = 0;
+ headers = sk_new(mime_hdr_cmp);
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ /* If whitespace at line start then continuation line */
+ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+ else state = MIME_START;
+ ntmp = NULL;
+ /* Go through all characters */
+ for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+ /* State machine to handle MIME headers
+ * if this looks horrible that's because it *is*
+ */
+
+ switch(state) {
+ case MIME_START:
+ if(c == ':') {
+ state = MIME_TYPE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break;
+
+ case MIME_TYPE:
+ if(c == ';') {
+ mime_debug("Found End Value\n");
+ *p = 0;
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_push(headers, (char *)mhdr);
+ ntmp = NULL;
+ q = p + 1;
+ state = MIME_NAME;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_COMMENT:
+ if(c == ')') {
+ state = save_state;
+ }
+ break;
+
+ case MIME_NAME:
+ if(c == '=') {
+ state = MIME_VALUE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break ;
+
+ case MIME_VALUE:
+ if(c == ';') {
+ state = MIME_NAME;
+ *p = 0;
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ ntmp = NULL;
+ q = p + 1;
+ } else if (c == '"') {
+ mime_debug("Found Quote\n");
+ state = MIME_QUOTE;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_QUOTE:
+ if(c == '"') {
+ mime_debug("Found Match Quote\n");
+ state = MIME_VALUE;
+ }
+ break;
+ }
+ }
+
+ if(state == MIME_TYPE) {
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_push(headers, (char *)mhdr);
+ } else if(state == MIME_VALUE)
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+ return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+ char *p, c;
+ /* Look for first non white space or quote */
+ for(p = name; (c = *p) ;p++) {
+ if(c == '"') {
+ /* Next char is start of string if non null */
+ if(p[1]) return p + 1;
+ /* Else null string */
+ return NULL;
+ }
+ if(!isspace((unsigned char)c)) return p;
+ }
+ return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+ char *p, c;
+ if(!name) return NULL;
+ /* Look for first non white space or quote */
+ for(p = name + strlen(name) - 1; p >= name ;p--) {
+ c = *p;
+ if(c == '"') {
+ if(p - 1 == name) return NULL;
+ *p = 0;
+ return name;
+ }
+ if(isspace((unsigned char)c)) *p = 0;
+ else return name;
+ }
+ return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+ MIME_HEADER *mhdr;
+ char *tmpname, *tmpval, *p;
+ int c;
+ if(name) {
+ if(!(tmpname = BUF_strdup(name))) return NULL;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ if(!(tmpval = BUF_strdup(value))) return NULL;
+ for(p = tmpval ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpval = NULL;
+ mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
+ if(!mhdr) return NULL;
+ mhdr->name = tmpname;
+ mhdr->value = tmpval;
+ if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
+ return mhdr;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+ char *tmpname, *tmpval, *p;
+ int c;
+ MIME_PARAM *mparam;
+ if(name) {
+ tmpname = BUF_strdup(name);
+ if(!tmpname) return 0;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ tmpval = BUF_strdup(value);
+ if(!tmpval) return 0;
+ } else tmpval = NULL;
+ /* Parameter values are case sensitive so leave as is */
+ mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
+ if(!mparam) return 0;
+ mparam->param_name = tmpname;
+ mparam->param_value = tmpval;
+ sk_push(mhdr->params, (char *)mparam);
+ return 1;
+}
+
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
+{
+ return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
+{
+ return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
+{
+ MIME_HEADER htmp;
+ int idx;
+ htmp.name = name;
+ idx = sk_find(hdrs, (char *)&htmp);
+ if(idx < 0) return NULL;
+ return (MIME_HEADER *)sk_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+ MIME_PARAM param;
+ int idx;
+ param.param_name = name;
+ idx = sk_find(hdr->params, (char *)&param);
+ if(idx < 0) return NULL;
+ return (MIME_PARAM *)sk_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+ if(hdr->name) Free(hdr->name);
+ if(hdr->value) Free(hdr->value);
+ if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
+ Free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+ if(param->param_name) Free(param->param_name);
+ if(param->param_value) Free(param->param_value);
+ Free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+ if(linelen == -1) linelen = strlen(line);
+ if(blen == -1) blen = strlen(bound);
+ /* Quickly eliminate if line length too short */
+ if(blen + 2 > linelen) return 0;
+ /* Check for part boundary */
+ if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+ if(!strncmp(line + blen + 2, "--", 2)) return 2;
+ else return 1;
+ }
+ return 0;
+}
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/lib/libssl/src/crypto/pkcs7/pk7_smime.c
new file mode 100644
index 00000000000..b41f42ed044
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -0,0 +1,427 @@
+/* pk7_smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, int flags)
+{
+ PKCS7 *p7;
+ PKCS7_SIGNER_INFO *si;
+ BIO *p7bio;
+ STACK *smcap;
+ int i;
+
+ if(!X509_check_private_key(signcert, pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return NULL;
+ }
+
+ if(!(p7 = PKCS7_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ PKCS7_set_type(p7, NID_pkcs7_signed);
+
+ PKCS7_content_new(p7, NID_pkcs7_data);
+
+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ return NULL;
+ }
+
+ if(!(flags & PKCS7_NOCERTS)) {
+ PKCS7_add_certificate(p7, signcert);
+ if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+ PKCS7_add_certificate(p7, sk_X509_value(certs, i));
+ }
+
+ if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+
+ SMIME_crlf_copy(data, p7bio, flags);
+
+ if(!(flags & PKCS7_NOATTR)) {
+ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
+ /* Add SMIMECapabilities */
+ if(!(smcap = sk_new(NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+#ifndef NO_DES
+ PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
+#endif
+#ifndef NO_RC2
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
+#endif
+#ifndef NO_DES
+ PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
+#endif
+#ifndef NO_RC2
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
+#endif
+ PKCS7_add_attrib_smimecap (si, smcap);
+ sk_pop_free(smcap, X509_ALGOR_free);
+ }
+
+ if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+
+ if (!PKCS7_dataFinal(p7,p7bio)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+ return NULL;
+ }
+
+ BIO_free_all(p7bio);
+ return p7;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, int flags)
+{
+ STACK_OF(X509) *signers;
+ X509 *signer;
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+ char buf[4096];
+ int i, j=0;
+ BIO *p7bio;
+ BIO *tmpout;
+
+ if(!p7) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if(!PKCS7_type_is_signed(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+ return 0;
+ }
+
+ /* Check for no data and no content: no data to verify signature */
+ if(PKCS7_get_detached(p7) && !indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
+ /* Check for data and content: two sets of data */
+ if(!PKCS7_get_detached(p7) && indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
+ return 0;
+ }
+
+ sinfos = PKCS7_get_signer_info(p7);
+
+ if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+ return 0;
+ }
+
+
+ signers = PKCS7_get0_signers(p7, certs, flags);
+
+ if(!signers) return 0;
+
+ /* Now verify the certificates */
+
+ if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
+ signer = sk_X509_value (signers, i);
+ if (!(flags & PKCS7_NOCHAIN)) {
+ X509_STORE_CTX_init(&cert_ctx, store, signer,
+ p7->d.sign->cert);
+ X509_STORE_CTX_set_purpose(&cert_ctx,
+ X509_PURPOSE_SMIME_SIGN);
+ } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+ i = X509_verify_cert(&cert_ctx);
+ if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
+ X509_STORE_CTX_cleanup(&cert_ctx);
+ if (i <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
+ X509_verify_cert_error_string(j));
+ sk_X509_free(signers);
+ return 0;
+ }
+ /* Check for revocation status here */
+ }
+
+ p7bio=PKCS7_dataInit(p7,indata);
+
+ if(flags & PKCS7_TEXT) {
+ if(!(tmpout = BIO_new(BIO_s_mem()))) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ } else tmpout = out;
+
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;)
+ {
+ i=BIO_read(p7bio,buf,sizeof(buf));
+ if (i <= 0) break;
+ if (tmpout) BIO_write(tmpout, buf, i);
+ }
+
+ if(flags & PKCS7_TEXT) {
+ if(!SMIME_text(tmpout, out)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
+ BIO_free(tmpout);
+ goto err;
+ }
+ BIO_free(tmpout);
+ }
+
+ /* Now Verify All Signatures */
+ if (!(flags & PKCS7_NOSIGS))
+ for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+ {
+ si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
+ signer = sk_X509_value (signers, i);
+ j=PKCS7_signatureVerify(p7bio,p7,si, signer);
+ if (j <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
+ goto err;
+ }
+ }
+
+ sk_X509_free(signers);
+ if(indata) BIO_pop(p7bio);
+ BIO_free_all(p7bio);
+
+ return 1;
+
+ err:
+
+ sk_X509_free(signers);
+ BIO_free(p7bio);
+
+ return 0;
+}
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
+{
+ STACK_OF(X509) *signers;
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ PKCS7_ISSUER_AND_SERIAL *ias;
+ X509 *signer;
+ int i;
+
+ if(!p7) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+
+ if(!PKCS7_type_is_signed(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
+ return NULL;
+ }
+ if(!(signers = sk_X509_new(NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ /* Collect all the signers together */
+
+ sinfos = PKCS7_get_signer_info(p7);
+
+ if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
+ return 0;
+ }
+
+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+ {
+ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+ ias = si->issuer_and_serial;
+ signer = NULL;
+ /* If any certificates passed they take priority */
+ if (certs) signer = X509_find_by_issuer_and_serial (certs,
+ ias->issuer, ias->serial);
+ if (!signer && !(flags & PKCS7_NOINTERN)
+ && p7->d.sign->cert) signer =
+ X509_find_by_issuer_and_serial (p7->d.sign->cert,
+ ias->issuer, ias->serial);
+ if (!signer) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ sk_X509_free(signers);
+ return 0;
+ }
+
+ sk_X509_push(signers, signer);
+ }
+ return signers;
+}
+
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+ int flags)
+{
+ PKCS7 *p7;
+ BIO *p7bio = NULL;
+ int i;
+ X509 *x509;
+ if(!(p7 = PKCS7_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ PKCS7_set_type(p7, NID_pkcs7_enveloped);
+ if(!PKCS7_set_cipher(p7, cipher)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
+ goto err;
+ }
+
+ for(i = 0; i < sk_X509_num(certs); i++) {
+ x509 = sk_X509_value(certs, i);
+ if(!PKCS7_add_recipient(p7, x509)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
+ PKCS7_R_ERROR_ADDING_RECIPIENT);
+ goto err;
+ }
+ }
+
+ if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ SMIME_crlf_copy(in, p7bio, flags);
+
+ BIO_flush(p7bio);
+
+ if (!PKCS7_dataFinal(p7,p7bio)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
+ goto err;
+ }
+ BIO_free_all(p7bio);
+
+ return p7;
+
+ err:
+
+ BIO_free(p7bio);
+ PKCS7_free(p7);
+ return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+ BIO *tmpmem;
+ int ret, i;
+ char buf[4096];
+
+ if(!p7) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if(!PKCS7_type_is_enveloped(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
+ return 0;
+ }
+
+ if(!X509_check_private_key(cert, pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return 0;
+ }
+
+ if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+ return 0;
+ }
+
+ if (flags & PKCS7_TEXT) {
+ BIO *tmpbuf, *bread;
+ /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+ if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!(bread = BIO_push(tmpbuf, tmpmem))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ret = SMIME_text(bread, data);
+ BIO_free_all(bread);
+ return ret;
+ } else {
+ for(;;) {
+ i = BIO_read(tmpmem, buf, sizeof(buf));
+ if(i <= 0) break;
+ BIO_write(data, buf, i);
+ }
+ BIO_free_all(tmpmem);
+ return 1;
+ }
+}
diff --git a/lib/libssl/src/crypto/rand/rand_egd.c b/lib/libssl/src/crypto/rand/rand_egd.c
new file mode 100644
index 00000000000..d834408bd4e
--- /dev/null
+++ b/lib/libssl/src/crypto/rand/rand_egd.c
@@ -0,0 +1,110 @@
+/* crypto/rand/rand_egd.c */
+/* Written by Ulf Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/rand.h>
+
+/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+ */
+
+#if defined(WIN32) || defined(VMS) || defined(__VMS)
+int RAND_egd(const char *path)
+ {
+ return(-1);
+ }
+#else
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <string.h>
+
+#ifndef offsetof
+# define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+#endif
+
+int RAND_egd(const char *path)
+ {
+ int ret = -1;
+ struct sockaddr_un addr;
+ int len, num;
+ int fd = -1;
+ unsigned char buf[256];
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ if (strlen(path) > sizeof(addr.sun_path))
+ return (-1);
+ strcpy(addr.sun_path,path);
+ len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+ fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (fd == -1) return (-1);
+ if (connect(fd, (struct sockaddr *)&addr, len) == -1) goto err;
+ buf[0] = 1;
+ buf[1] = 255;
+ write(fd, buf, 2);
+ if (read(fd, buf, 1) != 1) goto err;
+ if (buf[0] == 0) goto err;
+ num = read(fd, buf, 255);
+ if (num < 1) goto err;
+ RAND_seed(buf, num);
+ if (RAND_status() == 1)
+ ret = num;
+ err:
+ if (fd != -1) close(fd);
+ return(ret);
+ }
+#endif
diff --git a/lib/libssl/src/crypto/rand/rand_err.c b/lib/libssl/src/crypto/rand/rand_err.c
new file mode 100644
index 00000000000..d1263edf80f
--- /dev/null
+++ b/lib/libssl/src/crypto/rand/rand_err.c
@@ -0,0 +1,93 @@
+/* crypto/rand/rand_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA RAND_str_functs[]=
+ {
+{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA RAND_str_reasons[]=
+ {
+{RAND_R_PRNG_NOT_SEEDED ,"prng not seeded"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_RAND_strings(void)
+ {
+ static int init=1;
+
+ if (init)
+ {
+ init=0;
+#ifndef NO_ERR
+ ERR_load_strings(ERR_LIB_RAND,RAND_str_functs);
+ ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons);
+#endif
+
+ }
+ }
diff --git a/lib/libssl/src/crypto/rsa/rsa_null.c b/lib/libssl/src/crypto/rsa/rsa_null.c
new file mode 100644
index 00000000000..7b58a0eca39
--- /dev/null
+++ b/lib/libssl/src/crypto/rsa/rsa_null.c
@@ -0,0 +1,149 @@
+/* rsa_null.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+/* This is a dummy RSA implementation that just returns errors when called.
+ * It is designed to allow some RSA functions to work while stopping those
+ * covered by the RSA patent. That is RSA, encryption, decryption, signing
+ * and verify is not allowed but RSA key generation, key checking and other
+ * operations (like storing RSA keys) are permitted.
+ */
+
+static int RSA_null_public_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+#endif
+static int RSA_null_init(RSA *rsa);
+static int RSA_null_finish(RSA *rsa);
+static RSA_METHOD rsa_null_meth={
+ "Null RSA",
+ RSA_null_public_encrypt,
+ RSA_null_public_decrypt,
+ RSA_null_private_encrypt,
+ RSA_null_private_decrypt,
+ NULL, NULL,
+ RSA_null_init,
+ RSA_null_finish,
+ 0,
+ NULL,
+ };
+
+RSA_METHOD *RSA_null_method(void)
+ {
+ return(&rsa_null_meth);
+ }
+
+static int RSA_null_public_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+ }
+
+static int RSA_null_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+ }
+
+static int RSA_null_private_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+ }
+
+static int RSA_null_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+ }
+
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+ {
+ RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+ }
+#endif
+
+static int RSA_null_init(RSA *rsa)
+ {
+ return(1);
+ }
+
+static int RSA_null_finish(RSA *rsa)
+ {
+ return(1);
+ }
+
+
diff --git a/lib/libssl/src/crypto/rsa/rsa_test.c b/lib/libssl/src/crypto/rsa/rsa_test.c
new file mode 100644
index 00000000000..e5ae0c1f698
--- /dev/null
+++ b/lib/libssl/src/crypto/rsa/rsa_test.c
@@ -0,0 +1,314 @@
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "openssl/e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifdef NO_RSA
+int main(int argc, char *argv[])
+{
+ printf("No RSA support\n");
+ return(0);
+}
+#else
+#include <openssl/rsa.h>
+
+#define SetKey \
+ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+ key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+ key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+ key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+ key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+ memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+ return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+ {
+ static unsigned char n[] =
+"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+"\xF5";
+
+ static unsigned char e[] = "\x11";
+
+ static unsigned char d[] =
+"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+ static unsigned char p[] =
+"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+"\x0D";
+
+ static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x89";
+
+ static unsigned char dmp1[] =
+"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+ static unsigned char dmq1[] =
+"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+"\x51";
+
+ static unsigned char iqmp[] =
+"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+ static unsigned char ctext_ex[] =
+"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+ SetKey;
+ }
+
+static int key2(RSA *key, unsigned char *c)
+ {
+ static unsigned char n[] =
+"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+"\x34\x77\xCF";
+
+ static unsigned char e[] = "\x3";
+
+ static unsigned char d[] =
+"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+"\xE5\xEB";
+
+ static unsigned char p[] =
+"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+ static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+
+ static unsigned char dmp1[] =
+"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+ static unsigned char dmq1[] =
+"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+ static unsigned char iqmp[] =
+"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+ static unsigned char ctext_ex[] =
+"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+"\x62\x51";
+
+ SetKey;
+ }
+
+static int key3(RSA *key, unsigned char *c)
+ {
+ static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+
+ static unsigned char e[] = "\x11";
+
+ static unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+
+ static unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+
+ static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+
+ static unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+ static unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+
+ static unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+
+ static unsigned char ctext_ex[] =
+"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+ SetKey;
+ }
+
+static int pad_unknown(void)
+{
+ unsigned long l;
+ while ((l = ERR_get_error()) != 0)
+ if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+ return(1);
+ return(0);
+}
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+ {
+ int err=0;
+ int v;
+ RSA *key;
+ unsigned char ptext[256];
+ unsigned char ctext[256];
+ static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+ unsigned char ctext_ex[256];
+ int plen;
+ int clen = 0;
+ int num;
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ plen = sizeof(ptext_ex) - 1;
+
+ for (v = 0; v < 3; v++)
+ {
+ key = RSA_new();
+ switch (v) {
+ case 0:
+ clen = key1(key, ctext_ex);
+ break;
+ case 1:
+ clen = key2(key, ctext_ex);
+ break;
+ case 2:
+ clen = key3(key, ctext_ex);
+ break;
+ }
+
+ num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+ RSA_PKCS1_PADDING);
+ if (num != clen)
+ {
+ printf("PKCS#1 v1.5 encryption failed!\n");
+ err=1;
+ goto oaep;
+ }
+
+ num = RSA_private_decrypt(num, ctext, ptext, key,
+ RSA_PKCS1_PADDING);
+ if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+ {
+ printf("PKCS#1 v1.5 decryption failed!\n");
+ err=1;
+ }
+ else
+ printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+ oaep:
+ ERR_clear_error();
+ num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num == -1 && pad_unknown())
+ {
+ printf("No OAEP support\n");
+ goto next;
+ }
+ if (num != clen)
+ {
+ printf("OAEP encryption failed!\n");
+ err=1;
+ goto next;
+ }
+
+ num = RSA_private_decrypt(num, ctext, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+ {
+ printf("OAEP decryption (encrypted data) failed!\n");
+ err=1;
+ }
+ else if (memcmp(ctext, ctext_ex, num) == 0)
+ {
+ printf("OAEP test vector %d passed!\n", v);
+ goto next;
+ }
+
+ /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+ Try decrypting ctext_ex */
+
+ num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+
+ if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+ {
+ printf("OAEP decryption (test vector data) failed!\n");
+ err=1;
+ }
+ else
+ printf("OAEP encryption/decryption ok\n");
+ next:
+ RSA_free(key);
+ }
+
+ ERR_remove_state(0);
+
+ CRYPTO_mem_leaks_fp(stdout);
+
+ return err;
+ }
+#endif
diff --git a/lib/libssl/src/crypto/threads/README b/lib/libssl/src/crypto/threads/README
new file mode 100644
index 00000000000..df6b26e146f
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/README
@@ -0,0 +1,14 @@
+Mutithreading testing area.
+
+Since this stuff is very very platorm specific, this is not part of the
+normal build. Have a read of doc/threads.doc.
+
+mttest will do some testing and will currently build under Windows NT/95,
+Solaris and Linux. The IRIX stuff is not finished.
+
+I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)
+and things seem to work ok.
+
+The Linux pthreads package can be retrieved from
+http://www.mit.edu:8001/people/proven/pthreads.html
+
diff --git a/lib/libssl/src/crypto/threads/profile.sh b/lib/libssl/src/crypto/threads/profile.sh
new file mode 100644
index 00000000000..6e3e342fc0b
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/profile.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread -lssl -lcrypto -lnsl -lsocket
+
diff --git a/lib/libssl/src/crypto/threads/ptest.bat b/lib/libssl/src/crypto/threads/ptest.bat
new file mode 100644
index 00000000000..4071b5ffeac
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/ptest.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+
+purify cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssl32.lib ..\..\out\crypt32.lib
+
diff --git a/lib/libssl/src/crypto/threads/pthread.sh b/lib/libssl/src/crypto/threads/pthread.sh
new file mode 100644
index 00000000000..f1c49821d2f
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/pthread.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# build using pthreads
+#
+# http://www.mit.edu:8001/people/proven/pthreads.html
+#
+/bin/rm -f mttest
+pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto
+
diff --git a/lib/libssl/src/crypto/threads/pthread2.sh b/lib/libssl/src/crypto/threads/pthread2.sh
new file mode 100644
index 00000000000..41264c6a504
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/pthread2.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# build using pthreads where it's already built into the system
+#
+/bin/rm -f mttest
+gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread
+
diff --git a/lib/libssl/src/crypto/threads/pthreads-vms.com b/lib/libssl/src/crypto/threads/pthreads-vms.com
new file mode 100644
index 00000000000..63f5b8cc2e9
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/pthreads-vms.com
@@ -0,0 +1,9 @@
+$! To compile mttest on VMS.
+$!
+$! WARNING: only tested with DEC C so far.
+$
+$ arch := vax
+$ if f$getsyi("CPU") .ge. 128 then arch := axp
+$ define/user openssl [--.include.openssl]
+$ cc/def=PTHREADS mttest.c
+$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/lib/libssl/src/crypto/threads/purify.sh b/lib/libssl/src/crypto/threads/purify.sh
new file mode 100644
index 00000000000..6d44fe26b76
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/purify.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket
+
diff --git a/lib/libssl/src/crypto/threads/solaris.sh b/lib/libssl/src/crypto/threads/solaris.sh
new file mode 100644
index 00000000000..bc93094a274
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/solaris.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket
+
diff --git a/lib/libssl/src/crypto/threads/win32.bat b/lib/libssl/src/crypto/threads/win32.bat
new file mode 100644
index 00000000000..ee6da80a07d
--- /dev/null
+++ b/lib/libssl/src/crypto/threads/win32.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+
+cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssleay32.lib ..\..\out\libeay32.lib
+
diff --git a/lib/libssl/src/crypto/x509/x509_att.c b/lib/libssl/src/crypto/x509/x509_att.c
new file mode 100644
index 00000000000..caafde658f3
--- /dev/null
+++ b/lib/libssl/src/crypto/x509/x509_att.c
@@ -0,0 +1,326 @@
+/* crypto/x509/x509_att.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+ if (!x) return 0;
+ return(sk_X509_ATTRIBUTE_num(x));
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+ int lastpos)
+{
+ ASN1_OBJECT *obj;
+
+ obj=OBJ_nid2obj(nid);
+ if (obj == NULL) return(-2);
+ return(X509at_get_attr_by_OBJ(x,obj,lastpos));
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ int n;
+ X509_ATTRIBUTE *ex;
+
+ if (sk == NULL) return(-1);
+ lastpos++;
+ if (lastpos < 0)
+ lastpos=0;
+ n=sk_X509_ATTRIBUTE_num(sk);
+ for ( ; lastpos < n; lastpos++)
+ {
+ ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
+ if (OBJ_cmp(ex->object,obj) == 0)
+ return(lastpos);
+ }
+ return(-1);
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+ return NULL;
+ else
+ return sk_X509_ATTRIBUTE_value(x,loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+ X509_ATTRIBUTE *ret;
+
+ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+ return(NULL);
+ ret=sk_X509_ATTRIBUTE_delete(x,loc);
+ return(ret);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+ X509_ATTRIBUTE *attr)
+{
+ X509_ATTRIBUTE *new_attr=NULL;
+ STACK_OF(X509_ATTRIBUTE) *sk=NULL;
+
+ if ((x != NULL) && (*x == NULL))
+ {
+ if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
+ goto err;
+ }
+ else
+ sk= *x;
+
+ if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
+ goto err2;
+ if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
+ goto err;
+ if ((x != NULL) && (*x == NULL))
+ *x=sk;
+ return(sk);
+err:
+ X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
+err2:
+ if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
+ if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
+ return(NULL);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+ ASN1_OBJECT *obj, int type,
+ unsigned char *bytes, int len)
+{
+ X509_ATTRIBUTE *attr;
+ STACK_OF(X509_ATTRIBUTE) *ret;
+ attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+ if(!attr) return 0;
+ ret = X509at_add1_attr(x, attr);
+ X509_ATTRIBUTE_free(attr);
+ return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+ int nid, int type,
+ unsigned char *bytes, int len)
+{
+ X509_ATTRIBUTE *attr;
+ STACK_OF(X509_ATTRIBUTE) *ret;
+ attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+ if(!attr) return 0;
+ ret = X509at_add1_attr(x, attr);
+ X509_ATTRIBUTE_free(attr);
+ return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+ char *attrname, int type,
+ unsigned char *bytes, int len)
+{
+ X509_ATTRIBUTE *attr;
+ STACK_OF(X509_ATTRIBUTE) *ret;
+ attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+ if(!attr) return 0;
+ ret = X509at_add1_attr(x, attr);
+ X509_ATTRIBUTE_free(attr);
+ return ret;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+ int atrtype, void *data, int len)
+{
+ ASN1_OBJECT *obj;
+ X509_ATTRIBUTE *ret;
+
+ obj=OBJ_nid2obj(nid);
+ if (obj == NULL)
+ {
+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+ return(NULL);
+ }
+ ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
+ if (ret == NULL) ASN1_OBJECT_free(obj);
+ return(ret);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+ ASN1_OBJECT *obj, int atrtype, void *data, int len)
+{
+ X509_ATTRIBUTE *ret;
+
+ if ((attr == NULL) || (*attr == NULL))
+ {
+ if ((ret=X509_ATTRIBUTE_new()) == NULL)
+ {
+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ }
+ else
+ ret= *attr;
+
+ if (!X509_ATTRIBUTE_set1_object(ret,obj))
+ goto err;
+ if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
+ goto err;
+
+ if ((attr != NULL) && (*attr == NULL)) *attr=ret;
+ return(ret);
+err:
+ if ((attr == NULL) || (ret != *attr))
+ X509_ATTRIBUTE_free(ret);
+ return(NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+ char *atrname, int type, unsigned char *bytes, int len)
+ {
+ ASN1_OBJECT *obj;
+ X509_ATTRIBUTE *nattr;
+
+ obj=OBJ_txt2obj(atrname, 0);
+ if (obj == NULL)
+ {
+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+ X509_R_INVALID_FIELD_NAME);
+ ERR_add_error_data(2, "name=", atrname);
+ return(NULL);
+ }
+ nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
+ ASN1_OBJECT_free(obj);
+ return nattr;
+ }
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
+{
+ if ((attr == NULL) || (obj == NULL))
+ return(0);
+ ASN1_OBJECT_free(attr->object);
+ attr->object=OBJ_dup(obj);
+ return(1);
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
+{
+ ASN1_TYPE *ttmp;
+ ASN1_STRING *stmp;
+ int atype;
+ if (!attr) return 0;
+ if(attrtype & MBSTRING_FLAG) {
+ stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+ OBJ_obj2nid(attr->object));
+ if(!stmp) {
+ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+ return 0;
+ }
+ atype = stmp->type;
+ } else {
+ if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
+ if(!ASN1_STRING_set(stmp, data, len)) goto err;
+ atype = attrtype;
+ }
+ if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+ if(!(ttmp = ASN1_TYPE_new())) goto err;
+ if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
+ attr->set = 1;
+ ASN1_TYPE_set(ttmp, atype, stmp);
+ return 1;
+ err:
+ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+ return 0;
+}
+
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+{
+ if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
+ if(attr->value.single) return 1;
+ return 0;
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+ if (attr == NULL) return(NULL);
+ return(attr->object);
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+ int atrtype, void *data)
+{
+ ASN1_TYPE *ttmp;
+ ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+ if(!ttmp) return NULL;
+ if(atrtype != ASN1_TYPE_get(ttmp)){
+ X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+ return NULL;
+ }
+ return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+ if (attr == NULL) return(NULL);
+ if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
+ if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
+ else return attr->value.single;
+}
diff --git a/lib/libssl/src/crypto/x509/x509_trs.c b/lib/libssl/src/crypto/x509/x509_trs.c
new file mode 100644
index 00000000000..9f7d67952db
--- /dev/null
+++ b/lib/libssl/src/crypto/x509/x509_trs.c
@@ -0,0 +1,263 @@
+/* x509_trs.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+
+static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_any(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
+
+/* WARNING: the following table should be kept in order of trust
+ * and without any gaps so we can just subtract the minimum trust
+ * value to get an index into the table
+ */
+
+static X509_TRUST trstandard[] = {
+{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL},
+{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
+{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+};
+
+#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
+
+IMPLEMENT_STACK_OF(X509_TRUST)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
+{
+ return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
+{
+int (*oldtrust)(int , X509 *, int);
+oldtrust = default_trust;
+default_trust = trust;
+return oldtrust;
+}
+
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+ X509_TRUST *pt;
+ int idx;
+ if(id == -1) return 1;
+ if(!(idx = X509_TRUST_get_by_id(id)))
+ return default_trust(id, x, flags);
+ pt = X509_TRUST_get0(idx);
+ return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+ if(!trtable) return X509_TRUST_COUNT;
+ return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST * X509_TRUST_get0(int idx)
+{
+ if(idx < 0) return NULL;
+ if(idx < X509_TRUST_COUNT) return trstandard + idx;
+ return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+ X509_TRUST tmp;
+ int idx;
+ if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+ return id - X509_TRUST_MIN;
+ tmp.trust = id;
+ if(!trtable) return -1;
+ idx = sk_X509_TRUST_find(trtable, &tmp);
+ if(idx == -1) return -1;
+ return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+ char *name, int arg1, void *arg2)
+{
+ int idx;
+ X509_TRUST *trtmp;
+ /* This is set according to what we change: application can't set it */
+ flags &= ~X509_TRUST_DYNAMIC;
+ /* This will always be set for application modified trust entries */
+ flags |= X509_TRUST_DYNAMIC_NAME;
+ /* Get existing entry if any */
+ idx = X509_TRUST_get_by_id(id);
+ /* Need a new entry */
+ if(idx == -1) {
+ if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
+ X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ trtmp->flags = X509_TRUST_DYNAMIC;
+ } else trtmp = X509_TRUST_get0(idx);
+
+ /* Free existing name if dynamic */
+ if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
+ /* dup supplied name */
+ if(!(trtmp->name = BUF_strdup(name))) {
+ X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* Keep the dynamic flag of existing entry */
+ trtmp->flags &= X509_TRUST_DYNAMIC;
+ /* Set all other flags */
+ trtmp->flags |= flags;
+
+ trtmp->trust = id;
+ trtmp->check_trust = ck;
+ trtmp->arg1 = arg1;
+ trtmp->arg2 = arg2;
+
+ /* If its a new entry manage the dynamic table */
+ if(idx == -1) {
+ if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+ X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!sk_X509_TRUST_push(trtable, trtmp)) {
+ X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static void trtable_free(X509_TRUST *p)
+ {
+ if(!p) return;
+ if (p->flags & X509_TRUST_DYNAMIC)
+ {
+ if (p->flags & X509_TRUST_DYNAMIC_NAME)
+ Free(p->name);
+ Free(p);
+ }
+ }
+
+void X509_TRUST_cleanup(void)
+{
+ int i;
+ for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
+ sk_X509_TRUST_pop_free(trtable, trtable_free);
+ trtable = NULL;
+}
+
+int X509_TRUST_get_flags(X509_TRUST *xp)
+{
+ return xp->flags;
+}
+
+char *X509_TRUST_get0_name(X509_TRUST *xp)
+{
+ return xp->name;
+}
+
+int X509_TRUST_get_trust(X509_TRUST *xp)
+{
+ return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+ if(x->aux) return obj_trust(trust->arg1, x, flags);
+ /* we don't have any trust settings: for compatibility
+ * we return trusted if it is self signed
+ */
+ X509_check_purpose(x, -1, 0);
+ if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
+ else return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+ ASN1_OBJECT *obj;
+ int i;
+ X509_CERT_AUX *ax;
+ ax = x->aux;
+ if(!ax) return X509_TRUST_UNTRUSTED;
+ if(ax->reject) {
+ for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+ obj = sk_ASN1_OBJECT_value(ax->reject, i);
+ if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
+ }
+ }
+ if(ax->trust) {
+ for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+ obj = sk_ASN1_OBJECT_value(ax->trust, i);
+ if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
+ }
+ }
+ return X509_TRUST_UNTRUSTED;
+}
+
+static int trust_any(X509_TRUST *trust, X509 *x, int flags)
+{
+ return X509_TRUST_TRUSTED;
+}
diff --git a/lib/libssl/src/crypto/x509/x509spki.c b/lib/libssl/src/crypto/x509/x509spki.c
new file mode 100644
index 00000000000..b35c3f92e7f
--- /dev/null
+++ b/lib/libssl/src/crypto/x509/x509spki.c
@@ -0,0 +1,121 @@
+/* x509spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1_mac.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+ if ((x == NULL) || (x->spkac == NULL)) return(0);
+ return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+ if ((x == NULL) || (x->spkac == NULL))
+ return(NULL);
+ return(X509_PUBKEY_get(x->spkac->pubkey));
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+ unsigned char *spki_der, *p;
+ int spki_len;
+ NETSCAPE_SPKI *spki;
+ if(len <= 0) len = strlen(str);
+ if (!(spki_der = Malloc(len + 1))) {
+ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+ if(spki_len < 0) {
+ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
+ X509_R_BASE64_DECODE_ERROR);
+ Free(spki_der);
+ return NULL;
+ }
+ p = spki_der;
+ spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+ Free(spki_der);
+ return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+ unsigned char *der_spki, *p;
+ char *b64_str;
+ int der_len;
+ der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+ der_spki = Malloc(der_len);
+ b64_str = Malloc(der_len * 2);
+ if(!der_spki || !b64_str) {
+ X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ p = der_spki;
+ i2d_NETSCAPE_SPKI(spki, &p);
+ EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+ Free(der_spki);
+ return b64_str;
+}
diff --git a/lib/libssl/src/crypto/x509v3/ext_dat.h b/lib/libssl/src/crypto/x509v3/ext_dat.h
new file mode 100644
index 00000000000..801a585a525
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/ext_dat.h
@@ -0,0 +1,97 @@
+/* ext_dat.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* This file contains a table of "standard" extensions */
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
+extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
+
+/* This table will be searched using OBJ_bsearch so it *must* kept in
+ * order of the ext_nid values.
+ */
+
+static X509V3_EXT_METHOD *standard_exts[] = {
+&v3_nscert,
+&v3_ns_ia5_list[0],
+&v3_ns_ia5_list[1],
+&v3_ns_ia5_list[2],
+&v3_ns_ia5_list[3],
+&v3_ns_ia5_list[4],
+&v3_ns_ia5_list[5],
+&v3_ns_ia5_list[6],
+&v3_skey_id,
+&v3_key_usage,
+&v3_pkey_usage_period,
+&v3_alt[0],
+&v3_alt[1],
+&v3_bcons,
+&v3_crl_num,
+&v3_cpols,
+&v3_akey_id,
+&v3_crld,
+&v3_ext_ku,
+&v3_crl_reason,
+&v3_sxnet,
+&v3_info,
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
+
diff --git a/lib/libssl/src/crypto/x509v3/tabtest.c b/lib/libssl/src/crypto/x509v3/tabtest.c
new file mode 100644
index 00000000000..dad0d38dd53
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/tabtest.c
@@ -0,0 +1,88 @@
+/* tabtest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple program to check the ext_dat.h is correct and print out
+ * problems if it is not.
+ */
+
+#include <stdio.h>
+
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+main()
+{
+ int i, prev = -1, bad = 0;
+ X509V3_EXT_METHOD **tmp;
+ i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
+ if(i != STANDARD_EXTENSION_COUNT)
+ fprintf(stderr, "Extension number invalid expecting %d\n", i);
+ tmp = standard_exts;
+ for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
+ if((*tmp)->ext_nid < prev) bad = 1;
+ prev = (*tmp)->ext_nid;
+
+ }
+ if(bad) {
+ tmp = standard_exts;
+ fprintf(stderr, "Extensions out of order!\n");
+ for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
+ printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
+ } else fprintf(stderr, "Order OK\n");
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_info.c b/lib/libssl/src/crypto/x509v3/v3_info.c
new file mode 100644
index 00000000000..78d2135046e
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_info.c
@@ -0,0 +1,236 @@
+/* v3_info.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+ STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+ STACK_OF(CONF_VALUE) *ret);
+static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_info =
+{ NID_info_access, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
+(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
+(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+NULL, NULL, NULL};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+ STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+ STACK_OF(CONF_VALUE) *ret)
+{
+ ACCESS_DESCRIPTION *desc;
+ int i;
+ char objtmp[80], *ntmp;
+ CONF_VALUE *vtmp;
+ for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+ desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+ ret = i2v_GENERAL_NAME(method, desc->location, ret);
+ if(!ret) break;
+ vtmp = sk_CONF_VALUE_value(ret, i);
+ i2t_ASN1_OBJECT(objtmp, 80, desc->method);
+ ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+ if(!ntmp) {
+ X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
+ ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ strcpy(ntmp, objtmp);
+ strcat(ntmp, " - ");
+ strcat(ntmp, vtmp->name);
+ Free(vtmp->name);
+ vtmp->name = ntmp;
+
+ }
+ if(!ret) return sk_CONF_VALUE_new_null();
+ return ret;
+}
+
+static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+ STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
+ CONF_VALUE *cnf, ctmp;
+ ACCESS_DESCRIPTION *acc;
+ int i, objlen;
+ char *objtmp, *ptmp;
+ if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) {
+ X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ cnf = sk_CONF_VALUE_value(nval, i);
+ if(!(acc = ACCESS_DESCRIPTION_new())
+ || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+ X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ptmp = strchr(cnf->name, ';');
+ if(!ptmp) {
+ X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
+ goto err;
+ }
+ objlen = ptmp - cnf->name;
+ ctmp.name = ptmp + 1;
+ ctmp.value = cnf->value;
+ if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
+ goto err;
+ if(!(objtmp = Malloc(objlen + 1))) {
+ X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ strncpy(objtmp, cnf->name, objlen);
+ objtmp[objlen] = 0;
+ acc->method = OBJ_txt2obj(objtmp, 0);
+ if(!acc->method) {
+ X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
+ ERR_add_error_data(2, "value=", objtmp);
+ Free(objtmp);
+ goto err;
+ }
+ Free(objtmp);
+
+ }
+ return ainfo;
+ err:
+ sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+ return NULL;
+}
+
+int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
+
+ M_ASN1_I2D_finish();
+}
+
+ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
+{
+ ACCESS_DESCRIPTION *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
+ ret->method = OBJ_nid2obj(NID_undef);
+ ret->location = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
+}
+
+ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
+ long length)
+{
+ M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
+ M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
+ M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
+}
+
+void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
+{
+ if (a == NULL) return;
+ ASN1_OBJECT_free(a->method);
+ GENERAL_NAME_free(a->location);
+ Free (a);
+}
+
+STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
+{
+ return sk_ACCESS_DESCRIPTION_new(NULL);
+}
+
+void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
+{
+ sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
+}
+
+STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
+ unsigned char **pp, long length)
+{
+return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
+ ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
+{
+return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
+IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
+
diff --git a/lib/libssl/src/crypto/x509v3/v3_purp.c b/lib/libssl/src/crypto/x509v3/v3_purp.c
new file mode 100644
index 00000000000..b7494ebcd56
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -0,0 +1,456 @@
+/* v3_purp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+
+static void x509v3_cache_extensions(X509 *x);
+
+static int ca_check(X509 *x);
+static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca);
+static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
+static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
+static int purpose_smime(X509 *x, int ca);
+static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca);
+static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca);
+static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca);
+
+static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b);
+static void xptable_free(X509_PURPOSE *p);
+
+static X509_PURPOSE xstandard[] = {
+ {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+ {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+ {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+ {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
+ {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+ {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
+};
+
+#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+
+IMPLEMENT_STACK_OF(X509_PURPOSE)
+
+static STACK_OF(X509_PURPOSE) *xptable = NULL;
+
+static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b)
+{
+ return (*a)->purpose - (*b)->purpose;
+}
+
+int X509_check_purpose(X509 *x, int id, int ca)
+{
+ int idx;
+ X509_PURPOSE *pt;
+ if(!(x->ex_flags & EXFLAG_SET)) {
+ CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ x509v3_cache_extensions(x);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ }
+ if(id == -1) return 1;
+ idx = X509_PURPOSE_get_by_id(id);
+ if(idx == -1) return -1;
+ pt = X509_PURPOSE_get0(idx);
+ return pt->check_purpose(pt, x, ca);
+}
+
+int X509_PURPOSE_get_count(void)
+{
+ if(!xptable) return X509_PURPOSE_COUNT;
+ return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+}
+
+X509_PURPOSE * X509_PURPOSE_get0(int idx)
+{
+ if(idx < 0) return NULL;
+ if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
+ return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+}
+
+int X509_PURPOSE_get_by_sname(char *sname)
+{
+ int i;
+ X509_PURPOSE *xptmp;
+ for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+ xptmp = X509_PURPOSE_get0(i);
+ if(!strcmp(xptmp->sname, sname)) return i;
+ }
+ return -1;
+}
+
+
+int X509_PURPOSE_get_by_id(int purpose)
+{
+ X509_PURPOSE tmp;
+ int idx;
+ if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+ return purpose - X509_PURPOSE_MIN;
+ tmp.purpose = purpose;
+ if(!xptable) return -1;
+ idx = sk_X509_PURPOSE_find(xptable, &tmp);
+ if(idx == -1) return -1;
+ return idx + X509_PURPOSE_COUNT;
+}
+
+int X509_PURPOSE_add(int id, int trust, int flags,
+ int (*ck)(X509_PURPOSE *, X509 *, int),
+ char *name, char *sname, void *arg)
+{
+ int idx;
+ X509_PURPOSE *ptmp;
+ /* This is set according to what we change: application can't set it */
+ flags &= ~X509_PURPOSE_DYNAMIC;
+ /* This will always be set for application modified trust entries */
+ flags |= X509_PURPOSE_DYNAMIC_NAME;
+ /* Get existing entry if any */
+ idx = X509_PURPOSE_get_by_id(id);
+ /* Need a new entry */
+ if(idx == -1) {
+ if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ptmp->flags = X509_PURPOSE_DYNAMIC;
+ } else ptmp = X509_PURPOSE_get0(idx);
+
+ /* Free existing name if dynamic */
+ if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+ Free(ptmp->name);
+ Free(ptmp->sname);
+ }
+ /* dup supplied name */
+ ptmp->name = BUF_strdup(name);
+ ptmp->sname = BUF_strdup(sname);
+ if(!ptmp->name || !ptmp->sname) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* Keep the dynamic flag of existing entry */
+ ptmp->flags &= X509_PURPOSE_DYNAMIC;
+ /* Set all other flags */
+ ptmp->flags |= flags;
+
+ ptmp->purpose = id;
+ ptmp->trust = trust;
+ ptmp->check_purpose = ck;
+ ptmp->usr_data = arg;
+
+ /* If its a new entry manage the dynamic table */
+ if(idx == -1) {
+ if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static void xptable_free(X509_PURPOSE *p)
+ {
+ if(!p) return;
+ if (p->flags & X509_PURPOSE_DYNAMIC)
+ {
+ if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+ Free(p->name);
+ Free(p->sname);
+ }
+ Free(p);
+ }
+ }
+
+void X509_PURPOSE_cleanup(void)
+{
+ int i;
+ sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+ for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
+ xptable = NULL;
+}
+
+int X509_PURPOSE_get_id(X509_PURPOSE *xp)
+{
+ return xp->purpose;
+}
+
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
+{
+ return xp->name;
+}
+
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
+{
+ return xp->sname;
+}
+
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
+{
+ return xp->trust;
+}
+
+#ifndef NO_SHA
+static void x509v3_cache_extensions(X509 *x)
+{
+ BASIC_CONSTRAINTS *bs;
+ ASN1_BIT_STRING *usage;
+ ASN1_BIT_STRING *ns;
+ STACK_OF(ASN1_OBJECT) *extusage;
+ int i;
+ if(x->ex_flags & EXFLAG_SET) return;
+ X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+ /* Does subject name match issuer ? */
+ if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
+ x->ex_flags |= EXFLAG_SS;
+ /* V1 should mean no extensions ... */
+ if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
+ /* Handle basic constraints */
+ if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+ if(bs->ca) x->ex_flags |= EXFLAG_CA;
+ if(bs->pathlen) {
+ if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+ || !bs->ca) {
+ x->ex_flags |= EXFLAG_INVALID;
+ x->ex_pathlen = 0;
+ } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+ } else x->ex_pathlen = -1;
+ BASIC_CONSTRAINTS_free(bs);
+ x->ex_flags |= EXFLAG_BCONS;
+ }
+ /* Handle key usage */
+ if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+ if(usage->length > 0) {
+ x->ex_kusage = usage->data[0];
+ if(usage->length > 1)
+ x->ex_kusage |= usage->data[1] << 8;
+ } else x->ex_kusage = 0;
+ x->ex_flags |= EXFLAG_KUSAGE;
+ ASN1_BIT_STRING_free(usage);
+ }
+ x->ex_xkusage = 0;
+ if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+ x->ex_flags |= EXFLAG_XKUSAGE;
+ for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+ switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
+ case NID_server_auth:
+ x->ex_xkusage |= XKU_SSL_SERVER;
+ break;
+
+ case NID_client_auth:
+ x->ex_xkusage |= XKU_SSL_CLIENT;
+ break;
+
+ case NID_email_protect:
+ x->ex_xkusage |= XKU_SMIME;
+ break;
+
+ case NID_code_sign:
+ x->ex_xkusage |= XKU_CODE_SIGN;
+ break;
+
+ case NID_ms_sgc:
+ case NID_ns_sgc:
+ x->ex_xkusage |= XKU_SGC;
+ }
+ }
+ sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+ }
+
+ if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+ if(ns->length > 0) x->ex_nscert = ns->data[0];
+ else x->ex_nscert = 0;
+ x->ex_flags |= EXFLAG_NSCERT;
+ ASN1_BIT_STRING_free(ns);
+ }
+ x->ex_flags |= EXFLAG_SET;
+}
+#endif
+
+/* CA checks common to all purposes
+ * return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 basicConstraints absent so "maybe" a CA
+ * 3 basicConstraints absent but self signed V1.
+ */
+
+#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
+#define ku_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#define xku_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+#define ns_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+
+static int ca_check(X509 *x)
+{
+ /* keyUsage if present should allow cert signing */
+ if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
+ if(x->ex_flags & EXFLAG_BCONS) {
+ if(x->ex_flags & EXFLAG_CA) return 1;
+ /* If basicConstraints says not a CA then say so */
+ else return 0;
+ } else {
+ if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
+ else return 2;
+ }
+}
+
+
+static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
+{
+ if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
+ if(ca) {
+ int ca_ret;
+ ca_ret = ca_check(x);
+ if(!ca_ret) return 0;
+ /* check nsCertType if present */
+ if(x->ex_flags & EXFLAG_NSCERT) {
+ if(x->ex_nscert & NS_SSL_CA) return ca_ret;
+ return 0;
+ }
+ if(ca_ret != 2) return ca_ret;
+ else return 0;
+ }
+ /* We need to do digital signatures with it */
+ if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
+ /* nsCertType if present should allow SSL client use */
+ if(ns_reject(x, NS_SSL_CLIENT)) return 0;
+ return 1;
+}
+
+static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
+{
+ if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
+ /* Otherwise same as SSL client for a CA */
+ if(ca) return check_purpose_ssl_client(xp, x, 1);
+
+ if(ns_reject(x, NS_SSL_SERVER)) return 0;
+ /* Now as for keyUsage: we'll at least need to sign OR encipher */
+ if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
+
+ return 1;
+
+}
+
+static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
+{
+ int ret;
+ ret = check_purpose_ssl_server(xp, x, ca);
+ if(!ret || ca) return ret;
+ /* We need to encipher or Netscape complains */
+ if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
+ return ret;
+}
+
+/* common S/MIME checks */
+static int purpose_smime(X509 *x, int ca)
+{
+ if(xku_reject(x,XKU_SMIME)) return 0;
+ if(ca) {
+ int ca_ret;
+ ca_ret = ca_check(x);
+ if(!ca_ret) return 0;
+ /* check nsCertType if present */
+ if(x->ex_flags & EXFLAG_NSCERT) {
+ if(x->ex_nscert & NS_SMIME_CA) return ca_ret;
+ return 0;
+ }
+ if(ca_ret != 2) return ca_ret;
+ else return 0;
+ }
+ if(x->ex_flags & EXFLAG_NSCERT) {
+ if(x->ex_nscert & NS_SMIME) return 1;
+ /* Workaround for some buggy certificates */
+ if(x->ex_nscert & NS_SSL_CLIENT) return 2;
+ return 0;
+ }
+ return 1;
+}
+
+static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca)
+{
+ int ret;
+ ret = purpose_smime(x, ca);
+ if(!ret || ca) return ret;
+ if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0;
+ return ret;
+}
+
+static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca)
+{
+ int ret;
+ ret = purpose_smime(x, ca);
+ if(!ret || ca) return ret;
+ if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
+ return ret;
+}
+
+static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
+{
+ if(ca) {
+ int ca_ret;
+ if((ca_ret = ca_check(x)) != 2) return ca_ret;
+ else return 0;
+ }
+ if(ku_reject(x, KU_CRL_SIGN)) return 0;
+ return 1;
+}
diff --git a/lib/libssl/src/doc/apps/CA.pl.pod b/lib/libssl/src/doc/apps/CA.pl.pod
new file mode 100644
index 00000000000..83e4c0af810
--- /dev/null
+++ b/lib/libssl/src/doc/apps/CA.pl.pod
@@ -0,0 +1,138 @@
+
+=pod
+
+=head1 NAME
+
+CA.pl - friendlier interface for OpenSSL certificate programs
+
+=head1 SYNOPSIS
+
+B<CA.pl>
+[B<-?>]
+[B<-h>]
+[B<-help>]
+[B<-newcert>]
+[B<-newreq>]
+[B<-newca>]
+[B<-xsign>]
+[B<-sign>]
+[B<-signreq>]
+[B<-signcert>]
+[B<-verify>]
+[B<files>]
+
+=head1 DESCRIPTION
+
+The B<CA.pl> script is a perl script that supplies the relevant command line
+arguments to the B<openssl> command for some common certificate operations.
+It is intended to simplify the process of certificate creation and management
+by the use of some simple options.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<?>, B<-h>, B<-help>
+
+prints a usage message.
+
+=item B<-newcert>
+
+creates a new self signed certificate. The private key and certificate are
+written to the file "newreq.pem".
+
+=item B<-newreq>
+
+creates a new certificate request. The private key and request are
+written to the file "newreq.pem".
+
+=item B<-newca>
+
+creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
+and B<-xsign> options). The user is prompted to enter the filename of the CA
+certificates (which should also contain the private key) or by hitting ENTER
+details of the CA will be prompted for. The relevant files and directories
+are created in a directory called "demoCA" in the current directory.
+
+=item B<-pkcs12>
+
+create a PKCS#12 file containing the user certificate, private key and CA
+certificate. It expects the user certificate and private key to be in the
+file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem,
+it creates a file "newcert.p12". This command can thus be called after the
+B<-sign> option. The PKCS#12 file can be imported directly into a browser.
+If there is an additional argument on the command line it will be used as the
+"friendly name" for the certificate (which is typically displayed in the browser
+list box), otherwise the name "My Certificate" is used.
+
+=item B<-sign>, B<-signreq>, B<-xsign>
+
+calls the B<ca> program to sign a certificate request. It expects the request
+to be in the file "newreq.pem". The new certificate is written to the file
+"newcert.pem" except in the case of the B<-xcert> option when it is written
+to standard output.
+
+=item B<-signcert>
+
+this option is the same as B<-sign> except it expects a self signed certificate
+to be present in the file "newreq.pem".
+
+=item B<-verify>
+
+verifies certificates against the CA certificate for "demoCA". If no certificates
+are specified on the command line it tries to verify the file "newcert.pem".
+
+=item B<files>
+
+one or more optional certificate file names for use with the B<-verify> command.
+
+=back
+
+=head1 EXAMPLES
+
+Create a CA hierarchy:
+
+ CA.pl -newca
+
+Complete certificate creation example: create a CA, create a request, sign
+the request and finally create a PKCS#12 file containing it.
+
+ CA.pl -newca
+ CA.pl -newreq
+ CA.pl -signreq
+ CA.pl -pkcs12 "My Test Certificate"
+
+=head1 NOTES
+
+Most of the filenames mentioned can be modified by editing the B<CA.pl> script.
+
+If the demoCA directory already exists then the B<-newca> command will not
+overwrite it and will do nothing. This can happen if a previous call using
+the B<-newca> option terminated abnormally. To get the correct behaviour
+delete the demoCA directory if it already exists.
+
+Under some environments it may not be possible to run the B<CA.pl> script
+directly (for example Win32) and the default configuration file location may
+be wrong. In this case the command:
+
+ perl -S CA.pl
+
+can be used and the B<OPENSSL_CONF> environment variable changed to point to
+the correct path of the configuration file "openssl.cnf".
+
+The script is intended as a simple front end for the B<openssl> program for use
+by a beginner. Its behaviour isn't always what is wanted. For more control over the
+behaviour of the certificate commands call the B<openssl> command directly.
+
+=head1 ENVIRONMENT VARIABLES
+
+The variable B<OPENSSL_CONF> if defined allows an alternative configuration
+file location to be specified, it should contain the full path to the
+configuration file, not just its directory.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>,
+L<config(5)|config(5)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/asn1parse.pod b/lib/libssl/src/doc/apps/asn1parse.pod
new file mode 100644
index 00000000000..e76e9813aba
--- /dev/null
+++ b/lib/libssl/src/doc/apps/asn1parse.pod
@@ -0,0 +1,129 @@
+=pod
+
+=head1 NAME
+
+asn1parse - ASN.1 parsing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<asn1parse>
+[B<-inform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-offset number>]
+[B<-length number>]
+[B<-i>]
+[B<-oid filename>]
+[B<-strparse offset>]
+
+=head1 DESCRIPTION
+
+The B<asn1parse> command is a diagnostic utility that can parse ASN.1
+structures. It can also be used to extract data from ASN.1 formatted data.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-inform> B<DER|PEM>
+
+the input format. B<DER> is binary format and B<PEM> (the default) is base64
+encoded.
+
+=item B<-in filename>
+
+the input file, default is standard input
+
+=item B<-out filename>
+
+output file to place the DER encoded data into. If this
+option is not present then no data will be output. This is most useful when
+combined with the B<-strparse> option.
+
+=item B<-noout>
+
+don't output the parsed version of the input file.
+
+=item B<-offset number>
+
+starting offset to begin parsing, default is start of file.
+
+=item B<-length number>
+
+number of bytes to parse, default is until end of file.
+
+=item B<-i>
+
+indents the output according to the "depth" of the structures.
+
+=item B<-oid filename>
+
+a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
+file is described in the NOTES section below.
+
+=item B<-strparse offset>
+
+parse the contents octets of the ASN.1 object starting at B<offset>. This
+option can be used multiple times to "drill down" into a nested structure.
+
+
+=back
+
+=head2 OUTPUT
+
+The output will typically contain lines like this:
+
+ 0:d=0 hl=4 l= 681 cons: SEQUENCE
+
+.....
+
+ 229:d=3 hl=3 l= 141 prim: BIT STRING
+ 373:d=2 hl=3 l= 162 cons: cont [ 3 ]
+ 376:d=3 hl=3 l= 159 cons: SEQUENCE
+ 379:d=4 hl=2 l= 29 cons: SEQUENCE
+ 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
+ 386:d=5 hl=2 l= 22 prim: OCTET STRING
+ 410:d=4 hl=2 l= 112 cons: SEQUENCE
+ 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
+ 417:d=5 hl=2 l= 105 prim: OCTET STRING
+ 524:d=4 hl=2 l= 12 cons: SEQUENCE
+
+.....
+
+This example is part of a self signed certificate. Each line starts with the
+offset in decimal. B<d=XX> specifies the current depth. The depth is increased
+within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
+(tag and length octets) of the current type. B<l=XX> gives the length of
+the contents octets.
+
+The B<-i> option can be used to make the output more readable.
+
+Some knowledge of the ASN.1 structure is needed to interpret the output.
+
+In this example the BIT STRING at offset 229 is the certificate public key.
+The contents octets of this will contain the public key information. This can
+be examined using the option B<-strparse 229> to yield:
+
+ 0:d=0 hl=3 l= 137 cons: SEQUENCE
+ 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+ 135:d=1 hl=2 l= 3 prim: INTEGER :010001
+
+=head1 NOTES
+
+If an OID is not part of OpenSSL's internal table it will be represented in
+numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
+allows additional OIDs to be included. Each line consists of three columns,
+the first column is the OID in numerical format and should be followed by white
+space. The second column is the "short name" which is a single word followed
+by white space. The final column is the rest of the line and is the
+"long name". B<asn1parse> displays the long name. Example:
+
+C<1.2.3.4 shortName A long name>
+
+=head1 BUGS
+
+There should be options to change the format of input lines. The output of some
+ASN.1 types is not well handled (if at all).
+
+=cut
diff --git a/lib/libssl/src/doc/apps/ca.pod b/lib/libssl/src/doc/apps/ca.pod
new file mode 100644
index 00000000000..03209aa6b17
--- /dev/null
+++ b/lib/libssl/src/doc/apps/ca.pod
@@ -0,0 +1,479 @@
+
+=pod
+
+=head1 NAME
+
+ca - sample minimal CA application
+
+=head1 SYNOPSIS
+
+B<openssl> B<ca>
+[B<-verbose>]
+[B<-config filename>]
+[B<-name section>]
+[B<-gencrl>]
+[B<-revoke file>]
+[B<-crldays days>]
+[B<-crlhours hours>]
+[B<-crlexts section>]
+[B<-startdate date>]
+[B<-enddate date>]
+[B<-days arg>]
+[B<-md arg>]
+[B<-policy arg>]
+[B<-keyfile arg>]
+[B<-key arg>]
+[B<-cert file>]
+[B<-in file>]
+[B<-out file>]
+[B<-notext>]
+[B<-outdir dir>]
+[B<-infiles>]
+[B<-spkac file>]
+[B<-ss_cert file>]
+[B<-preserveDN>]
+[B<-batch>]
+[B<-msie_hack>]
+[B<-extensions section>]
+
+=head1 DESCRIPTION
+
+The B<ca> command is a minimal CA application. It can be used
+to sign certificate requests in a variety of forms and generate
+CRLs it also maintains a text database of issued certificates
+and their status.
+
+The options descriptions will be divided into each purpose.
+
+=head1 CA OPTIONS
+
+=over 4
+
+=item B<-config filename>
+
+specifies the configuration file to use.
+
+=item B<-in filename>
+
+an input filename containing a single certificate request to be
+signed by the CA.
+
+=item B<-ss_cert filename>
+
+a single self signed certificate to be signed by the CA.
+
+=item B<-spkac filename>
+
+a file containing a single Netscape signed public key and challenge
+and additional field values to be signed by the CA. See the B<NOTES>
+section for information on the required format.
+
+=item B<-infiles>
+
+if present this should be the last option, all subsequent arguments
+are assumed to the the names of files containing certificate requests.
+
+=item B<-out filename>
+
+the output file to output certificates to. The default is standard
+output. The certificate details will also be printed out to this
+file.
+
+=item B<-outdir directory>
+
+the directory to output certificates to. The certificate will be
+written to a filename consisting of the serial number in hex with
+".pem" appended.
+
+=item B<-cert>
+
+the CA certificate file.
+
+=item B<-keyfile filename>
+
+the private key to sign requests with.
+
+=item B<-key password>
+
+the password used to encrypt the private key. Since on some
+systems the command line arguments are visible (e.g. Unix with
+the 'ps' utility) this option should be used with caution.
+
+=item B<-verbose>
+
+this prints extra details about the operations being performed.
+
+=item B<-notext>
+
+don't output the text form of a certificate to the output file.
+
+=item B<-startdate date>
+
+this allows the start date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+
+=item B<-enddate date>
+
+this allows the expiry date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+
+=item B<-days arg>
+
+the number of days to certify the certificate for.
+
+=item B<-md alg>
+
+the message digest to use. Possible values include md5, sha1 and mdc2.
+This option also applies to CRLs.
+
+=item B<-policy arg>
+
+this option defines the CA "policy" to use. This is a section in
+the configuration file which decides which fields should be mandatory
+or match the CA certificate. Check out the B<POLICY FORMAT> section
+for more information.
+
+=item B<-msie_hack>
+
+this is a legacy option to make B<ca> work with very old versions of
+the IE certificate enrollment control "certenr3". It used UniversalStrings
+for almost everything. Since the old control has various security bugs
+its use is strongly discouraged. The newer control "Xenroll" does not
+need this option.
+
+=item B<-preserveDN>
+
+Normally the DN order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order
+is the same as the request. This is largely for compatibility with the
+older IE enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
+
+=item B<-batch>
+
+this sets the batch mode. In this mode no questions will be asked
+and all certificates will be certified automatically.
+
+=item B<-extensions section>
+
+the section of the configuration file containing certificate extensions
+to be added when a certificate is issued. If no extension section is
+present then a V1 certificate is created. If the extension section
+is present (even if it is empty) then a V3 certificate is created.
+
+=back
+
+=head1 CRL OPTIONS
+
+=over 4
+
+=item B<-gencrl>
+
+this option generates a CRL based on information in the index file.
+
+=item B<-crldays num>
+
+the number of days before the next CRL is due. That is the days from
+now to place in the CRL nextUpdate field.
+
+=item B<-crlhours num>
+
+the number of hours before the next CRL is due.
+
+=item B<-revoke filename>
+
+a filename containing a certificate to revoke.
+
+=item B<-crlexts section>
+
+the section of the configuration file containing CRL extensions to
+include. If no CRL extension section is present then a V1 CRL is
+created, if the CRL extension section is present (even if it is
+empty) then a V2 CRL is created. The CRL extensions specified are
+CRL extensions and B<not> CRL entry extensions. It should be noted
+that some software (for example Netscape) can't handle V2 CRLs.
+
+=back
+
+=head1 CONFIGURATION FILE OPTIONS
+
+The options for B<ca> are contained in the B<ca> section of the
+configuration file. Many of these are identical to command line
+options. Where the option is present in the configuration file
+and the command line the command line value is used. Where an
+option is described as mandatory then it must be present in
+the configuration file or the command line equivalent (if
+any) used.
+
+=over 4
+
+=item B<oid_file>
+
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+
+=item B<oid_section>
+
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+
+=item B<new_certs_dir>
+
+the same as the B<-outdir> command line option. It specifies
+the directory where new certificates will be placed. Mandatory.
+
+=item B<certificate>
+
+the same as B<-cert>. It gives the file containing the CA
+certificate. Mandatory.
+
+=item B<private_key>
+
+same as the B<-keyfile> option. The file containing the
+CA private key. Mandatory.
+
+=item B<RANDFILE>
+
+a file used to read and write random number seed information, or
+an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+
+=item B<default_days>
+
+the same as the B<-days> option. The number of days to certify
+a certificate for.
+
+=item B<default_startdate>
+
+the same as the B<-startdate> option. The start date to certify
+a certificate for. If not set the current time is used.
+
+=item B<default_enddate>
+
+the same as the B<-enddate> option. Either this option or
+B<default_days> (or the command line equivalents) must be
+present.
+
+=item B<default_crl_hours default_crl_days>
+
+the same as the B<-crlhours> and the B<-crldays> options. These
+will only be used if neither command line option is present. At
+least one of these must be present to generate a CRL.
+
+=item B<default_md>
+
+the same as the B<-md> option. The message digest to use. Mandatory.
+
+=item B<database>
+
+the text database file to use. Mandatory. This file must be present
+though initially it will be empty.
+
+=item B<serialfile>
+
+a text file containing the next serial number to use in hex. Mandatory.
+This file must be present and contain a valid serial number.
+
+=item B<x509_extensions>
+
+the same as B<-extensions>.
+
+=item B<crl_extensions>
+
+the same as B<-crlexts>.
+
+=item B<preserve>
+
+the same as B<-preserveDN>
+
+=item B<msie_hack>
+
+the same as B<-msie_hack>
+
+=item B<policy>
+
+the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
+for more information.
+
+=back
+
+=head1 POLICY FORMAT
+
+The policy section consists of a set of variables corresponding to
+certificate DN fields. If the value is "match" then the field value
+must match the same field in the CA certificate. If the value is
+"supplied" then it must be present. If the value is "optional" then
+it may be present. Any fields not mentioned in the policy section
+are silently deleted, unless the B<-preserveDN> option is set but
+this can be regarded more of a quirk than intended behaviour.
+
+=head1 SPKAC FORMAT
+
+The input to the B<-spkac> command line option is a Netscape
+signed public key and challenge. This will usually come from
+the B<KEYGEN> tag in an HTML form to create a new private key.
+It is however possible to create SPKACs using the B<spkac> utility.
+
+The file should contain the variable SPKAC set to the value of
+the SPKAC and also the required DN components as name value pairs.
+If you need to include the same component twice then it can be
+preceded by a number and a '.'.
+
+=head1 EXAMPLES
+
+Note: these examples assume that the B<ca> directory structure is
+already set up and the relevant files already exist. This usually
+involves creating a CA certificate and private key with B<req>, a
+serial number file and an empty index file and placing them in
+the relevant directories.
+
+To use the sample configuration file below the directories demoCA,
+demoCA/private and demoCA/newcerts would be created. The CA
+certificate would be copied to demoCA/cacert.pem and its private
+key to demoCA/private/cakey.pem. A file demoCA/serial would be
+created containing for example "01" and the empty index file
+demoCA/index.txt.
+
+
+Sign a certificate request:
+
+ openssl ca -in req.pem -out newcert.pem
+
+Generate a CRL
+
+ openssl ca -gencrl -out crl.pem
+
+Sign several requests:
+
+ openssl ca -infiles req1.pem req2.pem req3.pem
+
+Certify a Netscape SPKAC:
+
+ openssl ca -spkac spkac.txt
+
+A sample SPKAC file (the SPKAC line has been truncated for clarity):
+
+ SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+ CN=Steve Test
+ emailAddress=steve@openssl.org
+ 0.OU=OpenSSL Group
+ 1.OU=Another Group
+
+A sample configuration file with the relevant sections for B<ca>:
+
+ [ ca ]
+ default_ca = CA_default # The default ca section
+
+ [ CA_default ]
+
+ dir = ./demoCA # top dir
+ database = $dir/index.txt # index file.
+ new_certs_dir = $dir/newcerts # new certs dir
+
+ certificate = $dir/cacert.pem # The CA cert
+ serial = $dir/serial # serial no file
+ private_key = $dir/private/cakey.pem# CA private key
+ RANDFILE = $dir/private/.rand # random number file
+
+ default_days = 365 # how long to certify for
+ default_crl_days= 30 # how long before next CRL
+ default_md = md5 # md to use
+
+ policy = policy_any # default policy
+
+ [ policy_any ]
+ countryName = supplied
+ stateOrProvinceName = optional
+ organizationName = optional
+ organizationalUnitName = optional
+ commonName = supplied
+ emailAddress = optional
+
+=head1 WARNINGS
+
+The B<ca> command is quirky and at times downright unfriendly.
+
+The B<ca> utility was originally meant as an example of how to do things
+in a CA. It was not supposed be be used as a full blown CA itself:
+nevertheless some people are using it for this purpose.
+
+The B<ca> command is effectively a single user command: no locking is
+done on the various files and attempts to run more than one B<ca> command
+on the same database can have unpredictable results.
+
+=head1 FILES
+
+Note: the location of all files can change either by compile time options,
+configuration file entries, environment variables or command line options.
+The values below reflect the default values.
+
+ /usr/local/ssl/lib/openssl.cnf - master configuration file
+ ./demoCA - main CA directory
+ ./demoCA/cacert.pem - CA certificate
+ ./demoCA/private/cakey.pem - CA private key
+ ./demoCA/serial - CA serial number file
+ ./demoCA/serial.old - CA serial number backup file
+ ./demoCA/index.txt - CA text database file
+ ./demoCA/index.txt.old - CA text database backup file
+ ./demoCA/certs - certificate output file
+ ./demoCA/.rnd - CA random seed information
+
+=head1 ENVIRONMENT VARIABLES
+
+B<OPENSSL_CONF> reflects the location of master configuration file it can
+be overridden by the B<-config> command line option.
+
+=head1 RESTRICTIONS
+
+The text database index file is a critical part of the process and
+if corrupted it can be difficult to fix. It is theoretically possible
+to rebuild the index file from all the issued certificates and a current
+CRL: however there is no option to do this.
+
+CRL entry extensions cannot currently be created: only CRL extensions
+can be added.
+
+V2 CRL features like delta CRL support and CRL numbers are not currently
+supported.
+
+Although several requests can be input and handled at once it is only
+possible to include one SPKAC or self signed certificate.
+
+=head1 BUGS
+
+The use of an in memory text database can cause problems when large
+numbers of certificates are present because, as the name implies
+the database has to be kept in memory.
+
+Certificate request extensions are ignored: some kind of "policy" should
+be included to use certain static extensions and certain extensions
+from the request.
+
+It is not possible to certify two certificates with the same DN: this
+is a side effect of how the text database is indexed and it cannot easily
+be fixed without introducing other problems. Some S/MIME clients can use
+two certificates with the same DN for separate signing and encryption
+keys.
+
+The B<ca> command really needs rewriting or the required functionality
+exposed at either a command or interface level so a more friendly utility
+(perl script or GUI) can handle things properly. The scripts B<CA.sh> and
+B<CA.pl> help a little but not very much.
+
+Any fields in a request that are not present in a policy are silently
+deleted. This does not happen if the B<-preserveDN> option is used but
+the extra fields are not displayed when the user is asked to certify
+a request. The behaviour should be more friendly and configurable.
+
+Cancelling some commands by refusing to certify a certificate can
+create an empty file.
+
+=head1 SEE ALSO
+
+L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>,
+L<config(5)|config(5)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/ciphers.pod b/lib/libssl/src/doc/apps/ciphers.pod
new file mode 100644
index 00000000000..2301e28251c
--- /dev/null
+++ b/lib/libssl/src/doc/apps/ciphers.pod
@@ -0,0 +1,342 @@
+=pod
+
+=head1 NAME
+
+ciphers - SSL cipher display and cipher list tool.
+
+=head1 SYNOPSIS
+
+B<openssl> B<ciphers>
+[B<-v>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<cipherlist> command converts OpenSSL cipher lists into ordered
+SSL cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-v>
+
+verbose option. List ciphers with a complete description of the authentication,
+key exchange, encryption and mac algorithms used along with any key size
+restrictions and whether the algorithm is classed as an "export" cipher.
+
+=item B<-ssl3>
+
+only include SSL v3 ciphers.
+
+=item B<-ssl2>
+
+only include SSL v2 ciphers.
+
+=item B<-tls1>
+
+only include TLS v1 ciphers.
+
+=item B<-h>, B<-?>
+
+print a brief usage message.
+
+=item B<cipherlist>
+
+a cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+
+=back
+
+=head1 CIPHER LIST FORMAT
+
+The cipher list consists of one or more I<cipher strings> separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+
+The actual cipher string can take several different forms.
+
+It can consist of a single cipher suite such as B<RC4-SHA>.
+
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example B<SHA1> represents all ciphers
+suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
+algorithms.
+
+Lists of cipher suites can be combined in a single cipher string using the
+B<+> character. This is used as a logical B<and> operation. For example
+B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+algorithms.
+
+Each cipher string can be optionally preceded by the characters B<!>,
+B<-> or B<+>.
+
+If B<!> is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+
+If B<-> is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+
+If B<+> is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+
+Additionally the cipher string B<@STRENGTH> can be used at any point to sort
+the current cipher list in order of encryption algorithm key length.
+
+=head1 CIPHER STRINGS
+
+The following is a list of all permitted cipher strings and their meanings.
+
+=over 4
+
+=item B<DEFAULT>
+
+the default cipher list. This is determined at compile time and is normally
+B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
+specified.
+
+=item B<ALL>
+
+all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
+
+=item B<HIGH>
+
+"high" encryption cipher suites. This currently means those with key lengths larger
+than 128 bits.
+
+=item B<MEDIUM>
+
+"medium" encryption cipher suites, currently those using 128 bit encryption.
+
+=item B<LOW>
+
+"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
+but excluding export cipher suites.
+
+=item B<EXP>, B<EXPORT>
+
+export encryption algorithms. Including 40 and 56 bits algorithms.
+
+=item B<EXPORT40>
+
+40 bit export encryption algorithms
+
+=item B<EXPORT56>
+
+56 bit export encryption algorithms.
+
+=item B<eNULL>, B<NULL>
+
+the "NULL" ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are disabled unless explicitly
+included.
+
+=item B<aNULL>
+
+the cipher suites offering no authentication. This is currently the anonymous
+DH algorithms. These cipher suites are vulnerable to a "man in the middle"
+attack and so their use is normally discouraged.
+
+=item B<kRSA>, B<RSA>
+
+cipher suites using RSA key exchange.
+
+=item B<kEDH>
+
+cipher suites using ephemeral DH key agreement.
+
+=item B<kDHr>, B<kDHd>
+
+cipher suites using DH key agreement and DH certificates signed by CAs with RSA
+and DSS keys respectively. Not implemented.
+
+=item B<aRSA>
+
+cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
+
+=item B<aDSS>, B<DSS>
+
+cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
+
+=item B<aDH>
+
+cipher suites effectively using DH authentication, i.e. the certificates carry
+DH keys. Not implemented.
+
+=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
+
+ciphers suites using FORTEZZA key exchange, authentication, encryption or all
+FORTEZZA algorithms. Not implemented.
+
+=item B<TLSv1>, B<SSLv3>, B<SSLv2>
+
+TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
+
+=item B<DH>
+
+cipher suites using DH, including anonymous DH.
+
+=item B<ADH>
+
+anonymous DH cipher suites.
+
+=item B<3DES>
+
+cipher suites using triple DES.
+
+=item B<DES>
+
+cipher suites using DES (not triple DES).
+
+=item B<RC4>
+
+cipher suites using RC4.
+
+=item B<RC2>
+
+cipher suites using RC2.
+
+=item B<IDEA>
+
+cipher suites using IDEA.
+
+=item B<MD5>
+
+cipher suites using MD5.
+
+=item B<SHA1>, B<SHA>
+
+cipher suites using SHA1.
+
+=back
+
+=head1 CIPHER SUITE NAMES
+
+The following lists give the SSL or TLS cipher suites names from the
+relevant specification and their OpenSSL equivalents.
+
+=head2 SSL v3.0 cipher suites.
+
+ SSL_RSA_WITH_NULL_MD5 NULL-MD5
+ SSL_RSA_WITH_NULL_SHA NULL-SHA
+ SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
+ SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
+ SSL_RSA_WITH_RC4_128_SHA RC4-SHA
+ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
+ SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
+ SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
+ SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
+
+ SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+ SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
+ SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
+ SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
+
+ SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
+ SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
+ SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
+
+ SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
+ SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
+
+=head2 TLS v1.0 cipher suites.
+
+ TLS_RSA_WITH_NULL_MD5 NULL-MD5
+ TLS_RSA_WITH_NULL_SHA NULL-SHA
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
+ TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA RC4-SHA
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
+ TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
+ TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
+ TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
+
+ TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+ TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+ TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
+
+ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
+ TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
+ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
+
+=head2 Additional Export 1024 and other cipher suites
+
+Note: these ciphers can also be used in SSL v3.
+
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
+ TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
+
+=head2 SSL v2.0 cipher suites.
+
+ SSL_CK_RC4_128_WITH_MD5 RC4-MD5
+ SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
+ SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
+ SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
+ SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
+ SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
+
+=head1 NOTES
+
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
+because there is no support for DH certificates.
+
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+
+=head1 EXAMPLES
+
+Verbose listing of all OpenSSL ciphers including NULL ciphers:
+
+ openssl ciphers -v 'ALL:eNULL'
+
+Include all ciphers except NULL and anonymous DH then sort by
+strength:
+
+ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+
+Include only 3DES ciphers and then place RSA ciphers last:
+
+ openssl ciphers -v '3DES:+RSA'
+
+=head1 SEE ALSO
+
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/config.pod b/lib/libssl/src/doc/apps/config.pod
new file mode 100644
index 00000000000..ce874a42ce1
--- /dev/null
+++ b/lib/libssl/src/doc/apps/config.pod
@@ -0,0 +1,138 @@
+
+=pod
+
+=head1 NAME
+
+config - OpenSSL CONF library configuration files
+
+=head1 DESCRIPTION
+
+The OpenSSL CONF library can be used to read configuration files.
+It is used for the OpenSSL master configuration file B<openssl.cnf>
+and in a few other places like B<SPKAC> files and certificate extension
+files for the B<x509> utility.
+
+A configuration file is divided into a number of sections. Each section
+starts with a line B<[ section_name ]> and ends when a new section is
+started or end of file is reached. A section name can consist of
+alphanumeric characters and underscores.
+
+The first section of a configuration file is special and is referred
+to as the B<default> section this is usually unnamed and is from the
+start of file until the first named section. When a name is being looked up
+it is first looked up in a named section (if any) and then the
+default section.
+
+The environment is mapped onto a section called B<ENV>.
+
+Comments can be included by preceding them with the B<#> character
+
+Each section in a configuration file consists of a number of name and
+value pairs of the form B<name=value>
+
+The B<name> string can contain any alphanumeric characters as well as
+a few punctuation symbols such as B<.> B<,> B<;> and B<_>.
+
+The B<value> string consists of the string following the B<=> character
+until end of line with any leading and trailing white space removed.
+
+The value string undergoes variable expansion. This can be done by
+including the form B<$var> or B<${var}>: this will substitute the value
+of the named variable in the current section. It is also possible to
+substitute a value from another section using the syntax B<$section::name>
+or B<${section::name}>. By using the form B<$ENV::name> environment
+variables can be substituted. It is also possible to assign values to
+environment variables by using the name B<ENV::name>, this will work
+if the program looks up environment variables using the B<CONF> library
+instead of calling B<getenv()> directly.
+
+It is possible to escape certain characters by using any kind of quote
+or the B<\> character. By making the last character of a line a B<\>
+a B<value> string can be spread across multiple lines. In addition
+the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
+
+=head1 NOTES
+
+If a configuration file attempts to expand a variable that doesn't exist
+then an error is flagged and the file will not load. This can happen
+if an attempt is made to expand an environment variable that doesn't
+exist. For example the default OpenSSL master configuration file used
+the value of B<HOME> which may not be defined on non Unix systems.
+
+This can be worked around by including a B<default> section to provide
+a default value: then if the environment lookup fails the default value
+will be used instead. For this to work properly the default value must
+be defined earlier in the configuration file than the expansion. See
+the B<EXAMPLES> section for an example of how to do this.
+
+If the same variable exists in the same section then all but the last
+value will be silently ignored. In certain circumstances such as with
+DNs the same field may occur multiple times. This is usually worked
+around by ignoring any characters before an initial B<.> e.g.
+
+ 1.OU="My first OU"
+ 2.OU="My Second OU"
+
+=head1 EXAMPLES
+
+Here is a sample configuration file using some of the features
+mentioned above.
+
+ # This is the default section.
+
+ HOME=/temp
+ RANDFILE= ${ENV::HOME}/.rnd
+ configdir=$ENV::HOME/config
+
+ [ section_one ]
+
+ # We are now in section one.
+
+ # Quotes permit leading and trailing whitespace
+ any = " any variable name "
+
+ other = A string that can \
+ cover several lines \
+ by including \\ characters
+
+ message = Hello World\n
+
+ [ section_two ]
+
+ greeting = $section_one::message
+
+This next example shows how to expand environment variables safely.
+
+Suppose you want a variable called B<tmpfile> to refer to a
+temporary filename. The directory it is placed in can determined by
+the the B<TEMP> or B<TMP> environment variables but they may not be
+set to any value at all. If you just include the environment variable
+names and the variable doesn't exist then this will cause an error when
+an attempt is made to load the configuration file. By making use of the
+default section both values can be looked up with B<TEMP> taking
+priority and B</tmp> used if neither is defined:
+
+ TMP=/tmp
+ # The above value is used if TMP isn't in the environment
+ TEMP=$ENV::TMP
+ # The above value is used if TEMP isn't in the environment
+ tmpfile=${ENV::TEMP}/tmp.filename
+
+=head1 BUGS
+
+Currently there is no way to include characters using the octal B<\nnn>
+form. Strings are all null terminated so nulls cannot form part of
+the value.
+
+The escaping isn't quite right: if you want to use sequences like B<\n>
+you can't use any quote escaping on the same line.
+
+Files are loaded in a single pass. This means that an variable expansion
+will only work if the variables referenced are defined earlier in the
+file.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>, L<req(1)|req(1)>, L<ca(1)|ca(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/crl.pod b/lib/libssl/src/doc/apps/crl.pod
new file mode 100644
index 00000000000..a40c873b956
--- /dev/null
+++ b/lib/libssl/src/doc/apps/crl.pod
@@ -0,0 +1,117 @@
+=pod
+
+=head1 NAME
+
+crl - CRL utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<crl>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-text>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-hash>]
+[B<-issuer>]
+[B<-lastupdate>]
+[B<-nextupdate>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+
+=head1 DESCRIPTION
+
+The B<crl> command processes CRL files in DER or PEM format.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. B<DER> format is DER encoded CRL
+structure. B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-text>
+
+print out the CRL in text form.
+
+=item B<-noout>
+
+don't output the encoded version of the CRL.
+
+=item B<-hash>
+
+output a hash of the issuer name. This can be use to lookup CRLs in
+a directory by issuer name.
+
+=item B<-issuer>
+
+output the issuer name.
+
+=item B<-lastupdate>
+
+output the lastUpdate field.
+
+=item B<-nextupdate>
+
+output the nextUpdate field.
+
+=item B<-CAfile file>
+
+verify the signature on a CRL by looking up the issuing certificate in
+B<file>
+
+=item B<-CApath dir>
+
+verify the signature on a CRL by looking up the issuing certificate in
+B<dir>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=back
+
+=head1 NOTES
+
+The PEM CRL format uses the header and footer lines:
+
+ -----BEGIN X509 CRL-----
+ -----END X509 CRL-----
+
+=head1 EXAMPLES
+
+Convert a CRL file from PEM to DER:
+
+ openssl crl -in crl.pem -outform DER -out crl.der
+
+Output the text form of a DER encoded certificate:
+
+ openssl crl -in crl.der -text -noout
+
+=head1 BUGS
+
+Ideally it should be possible to create a CRL using appropriate options
+and files too.
+
+=head1 SEE ALSO
+
+L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/crl2pkcs7.pod b/lib/libssl/src/doc/apps/crl2pkcs7.pod
new file mode 100644
index 00000000000..da199b044a8
--- /dev/null
+++ b/lib/libssl/src/doc/apps/crl2pkcs7.pod
@@ -0,0 +1,90 @@
+=pod
+
+=head1 NAME
+
+crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs7>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-print_certs>]
+
+=head1 DESCRIPTION
+
+The B<crl2pkcs7> command takes an optional CRL and one or more
+certificates and converts them into a PKCS#7 degenerate "certificates
+only" structure.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the CRL input format. B<DER> format is DER encoded CRL
+structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the PKCS#7 structure output format. B<DER> format is DER
+encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-in filename>
+
+This specifies the input filename to read a CRL from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write the PKCS#7 structure to or standard
+output by default.
+
+=item B<-certfile filename>
+
+specifies a filename containing one or more certificates in B<PEM> format.
+All certificates in the file will be added to the PKCS#7 structure. This
+option can be used more than once to read certificates form multiple
+files.
+
+=item B<-nocrl>
+
+normally a CRL is included in the output file. With this option no CRL is
+included in the output file and a CRL is not read from the input file.
+
+=back
+
+=head1 EXAMPLES
+
+Create a PKCS#7 structure from a certificate and CRL:
+
+ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
+
+Creates a PKCS#7 structure in DER format with no CRL from several
+different certificates:
+
+ openssl crl2pkcs7 -nocrl -certfile newcert.pem
+ -certfile demoCA/cacert.pem -outform DER -out p7.der
+
+=head1 NOTES
+
+The output file is a PKCS#7 signed data structure containing no signers and
+just certificates and an optional CRL.
+
+This utility can be used to send certificates and CAs to Netscape as part of
+the certificate enrollment process. This involves sending the DER encoded output
+as MIME type application/x-x509-user-cert.
+
+The B<PEM> encoded form with the header and footer lines removed can be used to
+install user certificates and CAs in MSIE using the Xenroll control.
+
+=head1 SEE ALSO
+
+L<pkcs7(1)|pkcs7(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/dgst.pod b/lib/libssl/src/doc/apps/dgst.pod
new file mode 100644
index 00000000000..cbf2cc529aa
--- /dev/null
+++ b/lib/libssl/src/doc/apps/dgst.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+dgst, md5, md2, sha1, sha, mdc2, ripemd160 - message digests
+
+=head1 SYNOPSIS
+
+[B<dgst>]
+[B<-md5|-md2|-sha1|-sha|mdc2|-ripemd160>]
+[B<-c>]
+[B<-d>]
+[B<file...>]
+
+[B<md5|md2|sha1|sha|mdc2|ripemd160>]
+[B<-c>]
+[B<-d>]
+[B<file...>]
+
+=head1 DESCRIPTION
+
+The digest functions print out the message digest of a supplied file or files
+in hexadecimal form.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-c>
+
+print out the digest in two digit groups separated by colons.
+
+=item B<-d>
+
+print out BIO debugging information.
+
+=item B<file...>
+
+file or files to digest. If no files are specified then standard input is
+used.
+
+=back
+
+=head1 NOTES
+
+The digest of choice for all new applications is SHA1. Other digests are
+however still widely used.
+
+=cut
diff --git a/lib/libssl/src/doc/apps/dhparam.pod b/lib/libssl/src/doc/apps/dhparam.pod
new file mode 100644
index 00000000000..6b237ec05a9
--- /dev/null
+++ b/lib/libssl/src/doc/apps/dhparam.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+dhparam - DH parameter manipulation and generation
+
+=head1 SYNOPSIS
+
+B<openssl dh>
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-text>]
+[B<-C>]
+[B<-2>]
+[B<-5>]
+[B<-rand file(s)>]
+[numbits]
+
+=head1 DESCRIPTION
+
+This command is used to manipulate DH parameter files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#3 DHparameter structure. The PEM form is the
+default format: it consists of the B<DER> format base64 encoded with
+additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+
+=item B<-out filename>
+
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+
+=item B<-2>, B<-5>
+
+The generator to use, either 2 or 5. 2 is the default. If present then the
+input file is ignored and parameters are generated instead.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+
+=item B<numbits>
+
+this option specifies that a parameter set should be generated of size
+B<numbits>. It must be the last option. If not present then a value of 512
+is used. If this option is present then the input file is ignored and
+parameters are generated instead.
+
+=item B<-noout>
+
+this option inhibits the output of the encoded version of the parameters.
+
+=item B<-text>
+
+this option prints out the DH parameters in human readable form.
+
+=item B<-C>
+
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the B<get_dhXXX()> function.
+
+=back
+
+=head1 WARNINGS
+
+The program B<dhparam> combines the functionality of the programs B<dh> and
+B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh>
+programs are retained for now but may have different purposes in future
+versions of OpenSSL.
+
+=head1 NOTES
+
+PEM format DH parameters use the header and footer lines:
+
+ -----BEGIN DH PARAMETERS-----
+ -----END DH PARAMETERS-----
+
+OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
+DH.
+
+This program manipulates DH parameters not keys.
+
+=head1 BUGS
+
+There should be a way to generate and manipulate DH keys.
+
+=head1 SEE ALSO
+
+L<dsaparam(1)|dsaparam(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/dsa.pod b/lib/libssl/src/doc/apps/dsa.pod
new file mode 100644
index 00000000000..28e534bb956
--- /dev/null
+++ b/lib/libssl/src/doc/apps/dsa.pod
@@ -0,0 +1,150 @@
+=pod
+
+=head1 NAME
+
+dsa - DSA key processing
+
+=head1 SYNOPSIS
+
+B<openssl> B<dsa>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-text>]
+[B<-noout>]
+[B<-modulus>]
+[B<-pubin>]
+[B<-pubout>]
+
+=head1 DESCRIPTION
+
+The B<dsa> command processes DSA keys. They can be converted between various
+forms and their components printed out. B<Note> This command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option with a private key uses
+an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
+version (currently zero), p, q, g, the public and private key components
+respectively as ASN.1 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
+
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. In the case of a private key
+PKCS#8 format is also accepted.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output by
+is not specified. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<dsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+
+=item B<-text>
+
+prints out the public, private key components and parameters.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the key.
+
+=item B<-modulus>
+
+this option prints out the value of the public key component of the key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this option a
+public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output. With this option a public
+key will be output instead. This option is automatically set if the input is
+a public key.
+
+=back
+
+=head1 NOTES
+
+The PEM private key format uses the header and footer lines:
+
+ -----BEGIN DSA PRIVATE KEY-----
+ -----END DSA PRIVATE KEY-----
+
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
+=head1 EXAMPLES
+
+To remove the pass phrase on a DSA private key:
+
+ openssl dsa -in key.pem -out keyout.pem
+
+To encrypt a private key using triple DES:
+
+ openssl dsa -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format:
+
+ openssl dsa -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl dsa -in key.pem -text -noout
+
+To just output the public part of a private key:
+
+ openssl dsa -in key.pem -pubout -out pubkey.pem
+
+=head1 SEE ALSO
+
+L<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>,
+L<genrsa(1)|genrsa(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/dsaparam.pod b/lib/libssl/src/doc/apps/dsaparam.pod
new file mode 100644
index 00000000000..8647f34698c
--- /dev/null
+++ b/lib/libssl/src/doc/apps/dsaparam.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+dsaparam - DSA parameter manipulation and generation
+
+=head1 SYNOPSIS
+
+B<openssl dsaparam>
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-text>]
+[B<-C>]
+[B<-rand file(s)>]
+[B<-genkey>]
+[B<numbits>]
+
+=head1 DESCRIPTION
+
+This command is used to manipulate or generate DSA parameter files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting
+of p, q and g respectively. The PEM form is the default format: it consists
+of the B<DER> format base64 encoded with additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified. If the B<numbits> parameter is included then
+this option will be ignored.
+
+=item B<-out filename>
+
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+
+=item B<-noout>
+
+this option inhibits the output of the encoded version of the parameters.
+
+=item B<-text>
+
+this option prints out the DSA parameters in human readable form.
+
+=item B<-C>
+
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the B<get_dsaXXX()> function.
+
+=item B<-genkey>
+
+this option will generate a DSA either using the specified or generated
+parameters.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+
+=item B<numbits>
+
+this option specifies that a parameter set should be generated of size
+B<numbits>. It must be the last option. If this option is included then
+the input file (if any) is ignored.
+
+=back
+
+=head1 NOTES
+
+PEM format DSA parameters use the header and footer lines:
+
+ -----BEGIN DSA PARAMETERS-----
+ -----END DSA PARAMETERS-----
+
+DSA parameter generation is a slow process and as a result the same set of
+DSA parameters is often used to generate several distinct keys.
+
+=head1 SEE ALSO
+
+L<gendsa(1)|gendsa(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<rsa(1)|rsa(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/enc.pod b/lib/libssl/src/doc/apps/enc.pod
new file mode 100644
index 00000000000..e436ccc37e6
--- /dev/null
+++ b/lib/libssl/src/doc/apps/enc.pod
@@ -0,0 +1,257 @@
+=pod
+
+=head1 NAME
+
+enc - symmetric cipher routines
+
+=head1 SYNOPSIS
+
+B<openssl enc -ciphername>
+[B<-in filename>]
+[B<-out filename>]
+[B<-pass arg>]
+[B<-e>]
+[B<-d>]
+[B<-a>]
+[B<-A>]
+[B<-k password>]
+[B<-kfile filename>]
+[B<-K key>]
+[B<-iv IV>]
+[B<-p>]
+[B<-P>]
+[B<-bufsize number>]
+[B<-debug>]
+
+=head1 DESCRIPTION
+
+The symmetric cipher commands allow data to be encrypted or decrypted
+using various block and stream ciphers using keys based on passwords
+or explicitly provided. Base64 encoding or decoding can also be performed
+either by itself or in addition to the encryption or decryption.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+the input filename, standard input by default.
+
+=item B<-out filename>
+
+the output filename, standard output by default.
+
+=item B<-pass arg>
+
+the password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-salt>
+
+use a salt in the key derivation routines. This option should B<ALWAYS>
+be used unless compatibility with previous versions of OpenSSL or SSLeay
+is required. This option is only present on OpenSSL versions 0.9.5 or
+above.
+
+=item B<-nosalt>
+
+don't use a salt in the key derivation routines. This is the default for
+compatibility with previous versions of OpenSSL and SSLeay.
+
+=item B<-e>
+
+encrypt the input data: this is the default.
+
+=item B<-d>
+
+decrypt the input data.
+
+=item B<-a>
+
+base64 process the data. This means that if encryption is taking place
+the data is base64 encoded after encryption. If decryption is set then
+the input data is base64 decoded before being decrypted.
+
+=item B<-A>
+
+if the B<-a> option is set then base64 process the data on one line.
+
+=item B<-k password>
+
+the password to derive the key from. This is for compatibility with previous
+versions of OpenSSL. Superseded by the B<-pass> argument.
+
+=item B<-kfile filename>
+
+read the password to derive the key from the first line of B<filename>.
+This is for computability with previous versions of OpenSSL. Superseded by
+the B<-pass> argument.
+
+=item B<-S salt>
+
+the actual salt to use: this must be represented as a string comprised only
+of hex digits.
+
+=item B<-K key>
+
+the actual key to use: this must be represented as a string comprised only
+of hex digits.
+
+=item B<-iv IV>
+
+the actual IV to use: this must be represented as a string comprised only
+of hex digits.
+
+=item B<-p>
+
+print out the key and IV used.
+
+=item B<-P>
+
+print out the key and IV used then immediately exit: don't do any encryption
+or decryption.
+
+=item B<-bufsize number>
+
+set the buffer size for I/O
+
+=item B<-debug>
+
+debug the BIOs used for I/O.
+
+=back
+
+=head1 NOTES
+
+The program can be called either as B<openssl ciphername> or
+B<openssl enc -ciphername>.
+
+A password will be prompted for to derive the key and IV if necessary.
+
+The B<-salt> option should B<ALWAYS> be used if the key is being derived
+from a password unless you want compatibility with previous versions of
+OpenSSL and SSLeay.
+
+Without the B<-salt> option it is possible to perform efficient dictionary
+attacks on the password and to attack stream cipher encrypted data. The reason
+for this is that without the salt the same password always generates the same
+encryption key. When the salt is being used the first eight bytes of the
+encrypted data are reserved for the salt: it is generated at random when
+encrypting a file and read from the encrypted file when it is decrypted.
+
+Some of the ciphers do not have large keys and others have security
+implications if not used correctly. A beginner is advised to just use
+a strong block cipher in CBC mode such as bf or des3.
+
+All the block ciphers use PKCS#5 padding also known as standard block
+padding: this allows a rudimentary integrity or password check to be
+performed. However since the chance of random data passing the test is
+better than 1 in 256 it isn't a very good test.
+
+All RC2 ciphers have the same key and effective key length.
+
+Blowfish and RC5 algorithms use a 128 bit key.
+
+=head1 SUPPORTED CIPHERS
+
+ base64 Base 64
+
+ bf-cbc Blowfish in CBC mode
+ bf Alias for bf-cbc
+ bf-cfb Blowfish in CFB mode
+ bf-ecb Blowfish in ECB mode
+ bf-ofb Blowfish in OFB mode
+
+ cast-cbc CAST in CBC mode
+ cast Alias for cast-cbc
+ cast5-cbc CAST5 in CBC mode
+ cast5-cfb CAST5 in CFB mode
+ cast5-ecb CAST5 in ECB mode
+ cast5-ofb CAST5 in OFB mode
+
+ des-cbc DES in CBC mode
+ des Alias for des-cbc
+ des-cfb DES in CBC mode
+ des-ofb DES in OFB mode
+ des-ecb DES in ECB mode
+
+ des-ede-cbc Two key triple DES EDE in CBC mode
+ des-ede Alias for des-ede
+ des-ede-cfb Two key triple DES EDE in CFB mode
+ des-ede-ofb Two key triple DES EDE in OFB mode
+
+ des-ede3-cbc Three key triple DES EDE in CBC mode
+ des-ede3 Alias for des-ede3-cbc
+ des3 Alias for des-ede3-cbc
+ des-ede3-cfb Three key triple DES EDE CFB mode
+ des-ede3-ofb Three key triple DES EDE in OFB mode
+
+ desx DESX algorithm.
+
+ idea-cbc IDEA algorithm in CBC mode
+ idea same as idea-cbc
+ idea-cfb IDEA in CFB mode
+ idea-ecb IDEA in ECB mode
+ idea-ofb IDEA in OFB mode
+
+ rc2-cbc 128 bit RC2 in CBC mode
+ rc2 Alias for rc2-cbc
+ rc2-cfb 128 bit RC2 in CBC mode
+ rc2-ecb 128 bit RC2 in CBC mode
+ rc2-ofb 128 bit RC2 in CBC mode
+ rc2-64-cbc 64 bit RC2 in CBC mode
+ rc2-40-cbc 40 bit RC2 in CBC mode
+
+ rc4 128 bit RC4
+ rc4-64 64 bit RC4
+ rc4-40 40 bit RC4
+
+ rc5-cbc RC5 cipher in CBC mode
+ rc5 Alias for rc5-cbc
+ rc5-cfb RC5 cipher in CBC mode
+ rc5-ecb RC5 cipher in CBC mode
+ rc5-ofb RC5 cipher in CBC mode
+
+=head1 EXAMPLES
+
+Just base64 encode a binary file:
+
+ openssl base64 -in file.bin -out file.b64
+
+Decode the same file
+
+ openssl base64 -d -in file.b64 -out file.bin
+
+Encrypt a file using triple DES in CBC mode using a prompted password:
+
+ openssl des3 -salt -in file.txt -out file.des3
+
+Decrypt a file using a supplied password:
+
+ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
+
+Encrypt a file then base64 encode it (so it can be sent via mail for example)
+using Blowfish in CBC mode:
+
+ openssl bf -a -salt -in file.txt -out file.bf
+
+Base64 decode a file then decrypt it:
+
+ openssl bf -d -salt -a -in file.bf -out file.txt
+
+Decrypt some data using a supplied 40 bit RC4 key:
+
+ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
+
+=head1 BUGS
+
+The B<-A> option when used with large files doesn't work properly.
+
+There should be an option to allow an iteration count to be included.
+
+Like the EVP library the B<enc> program only supports a fixed number of
+algorithms with certain parameters. So if, for example, you want to use RC2
+with a 76 bit key or RC4 with an 84 bit key you can't use this program.
+
+=cut
diff --git a/lib/libssl/src/doc/apps/gendsa.pod b/lib/libssl/src/doc/apps/gendsa.pod
new file mode 100644
index 00000000000..3314ace5172
--- /dev/null
+++ b/lib/libssl/src/doc/apps/gendsa.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+gendsa - generate a DSA private key from a set of parameters
+
+=head1 SYNOPSIS
+
+B<openssl> B<gendsa>
+[B<-out filename>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-rand file(s)>]
+[B<paramfile>]
+
+=head1 DESCRIPTION
+
+The B<gendsa> command generates a DSA private key from a DSA parameter file
+(which will be typically generated by the B<openssl dsaparam> command).
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified no encryption is used.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+
+=item B<paramfile>
+
+This option specifies the DSA parameter file to use. The parameters in this
+file determine the size of the private key. DSA parameters can be generated
+and examined using the B<openssl dsaparam> command.
+
+=back
+
+=head1 NOTES
+
+DSA key generation is little more than random number generation so it is
+much quicker that RSA key generation for example.
+
+=head1 SEE ALSO
+
+L<dsaparam(1)|dsaparam(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<rsa(1)|rsa(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/genrsa.pod b/lib/libssl/src/doc/apps/genrsa.pod
new file mode 100644
index 00000000000..a2d878410b0
--- /dev/null
+++ b/lib/libssl/src/doc/apps/genrsa.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+genrsa - generate an RSA private key
+
+=head1 SYNOPSIS
+
+B<openssl> B<genrsa>
+[B<-out filename>]
+[B<-passout arg>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-f4>]
+[B<-3>]
+[B<-rand file(s)>]
+[B<numbits>]
+
+=head1 DESCRIPTION
+
+The B<genrsa> command generates an RSA private key.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-out filename>
+
+the output filename. If this argument is not specified then standard output is
+used.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. If none of these options is
+specified no encryption is used. If encryption is used a pass phrase is prompted
+for if it is not supplied via the B<-passout> argument.
+
+=item B<-F4|-3>
+
+the public exponent to use, either 65537 or 3. The default is 65537.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+
+=item B<numbits>
+
+the size of the private key to generate in bits. This must be the last option
+specified. The default is 512.
+
+=back
+
+=head1 NOTES
+
+RSA private key generation essentially involves the generation of two prime
+numbers. When generating a private key various symbols will be output to
+indicate the progress of the generation. A B<.> represents each number which
+has passed an initial sieve test, B<+> means a number has passed a single
+round of the Miller-Rabin primality test. A newline means that the number has
+passed all the prime tests (the actual number depends on the key size).
+
+Because key generation is a random process the time taken to generate a key
+may vary somewhat.
+
+=head1 BUGS
+
+A quirk of the prime generation algorithm is that it cannot generate small
+primes. Therefore the number of bits should not be less that 64. For typical
+private keys this will not matter because for security reasons they will
+be much larger (typically 1024 bits).
+
+=head1 SEE ALSO
+
+L<gendsa(1)|gendsa(1)>
diff --git a/lib/libssl/src/doc/apps/nseq.pod b/lib/libssl/src/doc/apps/nseq.pod
new file mode 100644
index 00000000000..989c3108fb8
--- /dev/null
+++ b/lib/libssl/src/doc/apps/nseq.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+nseq - create or examine a netscape certificate sequence
+
+=head1 SYNOPSIS
+
+B<openssl> B<nseq>
+[B<-in filename>]
+[B<-out filename>]
+[B<-toseq>]
+
+=head1 DESCRIPTION
+
+The B<nseq> command takes a file containing a Netscape certificate
+sequence and prints out the certificates contained in it or takes a
+file of certificates and converts it into a Netscape certificate
+sequence.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies the input filename to read or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename or standard output by default.
+
+=item B<-toseq>
+
+normally a Netscape certificate sequence will be input and the output
+is the certificates contained in it. With the B<-toseq> option the
+situation is reversed: a Netscape certificate sequence is created from
+a file of certificates.
+
+=back
+
+=head1 EXAMPLES
+
+Output the certificates in a Netscape certificate sequence
+
+ openssl nseq -in nseq.pem -out certs.pem
+
+Create a Netscape certificate sequence
+
+ openssl nseq -in certs.pem -toseq -out nseq.pem
+
+=head1 NOTES
+
+The B<PEM> encoded form uses the same headers and footers as a certificate:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+A Netscape certificate sequence is a Netscape specific form that can be sent
+to browsers as an alternative to the standard PKCS#7 format when several
+certificates are sent to the browser: for example during certificate enrollment.
+It is used by Netscape certificate server for example.
+
+=head1 BUGS
+
+This program needs a few more options: like allowing DER or PEM input and
+output files and allowing multiple certificate files to be used.
+
+=cut
diff --git a/lib/libssl/src/doc/apps/openssl.pod b/lib/libssl/src/doc/apps/openssl.pod
new file mode 100644
index 00000000000..9b1320606ba
--- /dev/null
+++ b/lib/libssl/src/doc/apps/openssl.pod
@@ -0,0 +1,298 @@
+
+=pod
+
+=head1 NAME
+
+openssl - OpenSSL command line tool
+
+=head1 SYNOPSIS
+
+B<openssl>
+I<command>
+[ I<command_opts> ]
+[ I<command_args> ]
+
+=head1 DESCRIPTION
+
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+cryptography standards required by them.
+
+The B<openssl> program is a command line tool for using the various
+cryptography functions of OpenSSL's B<crypto> library from the shell.
+It can be used for
+
+ o Creation of RSA, DH and DSA key parameters
+ o Creation of X.509 certificates, CSRs and CRLs
+ o Calculation of Message Digests
+ o Encryption and Decryption with Ciphers
+ o SSL/TLS Client and Server Tests
+ o Handling of S/MIME signed or encrypted mail
+
+=head1 COMMAND SUMMARY
+
+The B<openssl> program provides a rich variety of commands (I<command> in the
+SYNOPSIS above), each of which often has a wealth of options and arguments
+(I<command_opts> and I<command_args> in the SYNOPSIS).
+
+=head2 STANDARD COMMANDS
+
+=over 10
+
+=item L<B<asn1parse>|asn1parse(1)>
+
+Parse an ASN.1 sequence.
+
+=item L<B<ca>|ca(1)>
+
+Certificate Authority (CA) Management.
+
+=item L<B<ciphers>|ciphers(1)>
+
+Cipher Suite Description Determination.
+
+=item L<B<crl>|crl(1)>
+
+Certificate Revocation List (CRL) Management.
+
+=item L<B<crl2pkcs7>|crl2pkcs7(1)>
+
+CRL to PKCS#7 Conversion.
+
+=item L<B<dgst>|dgst(1)>
+
+Message Digest Calculation.
+
+=item L<B<dh>|dh(1)>
+
+Diffie-Hellman Data Management.
+
+=item L<B<dsa>|dsa(1)>
+
+DSA Data Management.
+
+=item L<B<dsaparam>|dsaparam(1)>
+
+DSA Parameter Generation.
+
+=item L<B<enc>|enc(1)>
+
+Encoding with Ciphers.
+
+=item L<B<errstr>|errstr(1)>
+
+Error Number to Error String Conversion.
+
+=item L<B<gendh>|gendh(1)>
+
+Generation of Diffie-Hellman Parameters.
+
+=item L<B<gendsa>|gendsa(1)>
+
+Generation of DSA Parameters.
+
+=item L<B<genrsa>|genrsa(1)>
+
+Generation of RSA Parameters.
+
+=item L<B<passwd>|passwd(1)>
+
+Generation of hashed passwords.
+
+=item L<B<pkcs7>|pkcs7(1)>
+
+PKCS#7 Data Management.
+
+=item L<B<req>|req(1)>
+
+X.509 Certificate Signing Request (CSR) Management.
+
+=item L<B<rsa>|rsa(1)>
+
+RSA Data Management.
+
+=item L<B<s_client>|s_client(1)>
+
+This implements a generic SSL/TLS client which can establish a transparent
+connection to a remote server speaking SSL/TLS. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL B<ssl> library.
+
+=item L<B<s_server>|s_server(1)>
+
+This implements a generic SSL/TLS server which accepts connections from remote
+clients speaking SSL/TLS. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL B<ssl> library. It provides both an own command
+line oriented protocol for testing SSL functions and a simple HTTP response
+facility to emulate an SSL/TLS-aware webserver.
+
+=item L<B<s_time>|s_time(1)>
+
+SSL Connection Timer.
+
+=item L<B<sess_id>|sess_id(1)>
+
+SSL Session Data Management.
+
+=item L<B<smime>|smime(1)>
+
+S/MIME mail processing.
+
+=item L<B<speed>|speed(1)>
+
+Algorithm Speed Measurement.
+
+=item L<B<verify>|verify(1)>
+
+X.509 Certificate Verification.
+
+=item L<B<version>|version(1)>
+
+OpenSSL Version Information.
+
+=item L<B<x509>|x509(1)>
+
+X.509 Certificate Data Management.
+
+=back
+
+=head2 MESSAGE DIGEST COMMANDS
+
+=over 10
+
+=item B<md2>
+
+MD2 Digest
+
+=item B<md5>
+
+MD5 Digest
+
+=item B<mdc2>
+
+MDC2 Digest
+
+=item B<rmd160>
+
+RMD-160 Digest
+
+=item B<sha>
+
+SHA Digest
+
+=item B<sha1>
+
+SHA-1 Digest
+
+=back
+
+=head2 ENCODING AND CIPHER COMMANDS
+
+=over 10
+
+=item B<base64>
+
+Base64 Encoding
+
+=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+
+Blowfish Cipher
+
+=item B<cast cast-cbc>
+
+CAST Cipher
+
+=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+
+CAST5 Cipher
+
+=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+
+DES Cipher
+
+=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+
+Triple-DES Cipher
+
+=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+
+IDEA Cipher
+
+=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+
+RC2 Cipher
+
+=item B<rc4>
+
+RC4 Cipher
+
+=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+
+RC5 Cipher
+
+=back
+
+=head1 PASS PHRASE ARGUMENTS
+
+Several commands accept password arguments, typically using B<-passin>
+and B<-passout> for input and output passwords respectively. These allow
+the password to be obtained from a variety of sources. Both of these
+options take a single argument whose format is described below. If no
+password argument is given and a password is required then the user is
+prompted to enter one: this will typically be read from the current
+terminal with echoing turned off.
+
+=over 10
+
+=item B<pass:password>
+
+the actual password is B<password>. Since the password is visible
+to utilities (like 'ps' under Unix) this form should only be used
+where security is not important.
+
+=item B<env:var>
+
+obtain the password from the environment variable B<var>. Since
+the environment of other processes is visible on certain platforms
+(e.g. ps under certain Unix OSes) this option should be used with caution.
+
+=item B<file:pathname>
+
+the first line of B<pathname> is the password. If the same B<pathname>
+argument is supplied to B<-passin> and B<-passout> arguments then the first
+line will be used for the input password and the next line for the output
+password. B<pathname> need not refer to a regular file: it could for example
+refer to a device or named pipe.
+
+=item B<fd:number>
+
+read the password from the file descriptor B<number>. This can be used to
+send the data via a pipe for example.
+
+=item B<stdin>
+
+read the password from standard input.
+
+=back
+
+=head1 SEE ALSO
+
+L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
+L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>,
+L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>,
+L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+L<passwd(1)|passwd(1)>,
+L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, L<s_client(1)|s_client(1)>,
+L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
+L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
+
+=head1 HISTORY
+
+The openssl(1) document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/lib/libssl/src/doc/apps/passwd.pod b/lib/libssl/src/doc/apps/passwd.pod
new file mode 100644
index 00000000000..cee6a2f172e
--- /dev/null
+++ b/lib/libssl/src/doc/apps/passwd.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+passwd - compute password hashes
+
+=head1 SYNOPSIS
+
+B<openssl passwd>
+[B<-crypt>]
+[B<-apr1>]
+[B<-salt> I<string>]
+[B<-in> I<file>]
+[B<-stdin>]
+[B<-quiet>]
+[B<-table>]
+{I<password>}
+
+=head1 DESCRIPTION
+
+The B<passwd> command computes the hash of a password typed at
+run-time or the hash of each password in a list. The password list is
+taken from the named file for option B<-in file>, from stdin for
+option B<-stdin>, and from the command line otherwise.
+The Unix standard algorithm B<crypt> and the MD5-based B<apr1> algorithm
+are available.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-crypt>
+
+Use the B<crypt> algorithm (default).
+
+=item B<-apr1>
+
+Use the B<apr1> algorithm.
+
+=item B<-salt> I<string>
+
+Use the specified salt.
+
+=item B<-in> I<file>
+
+Read passwords from I<file>.
+
+=item B<-stdin>
+
+Read passwords from B<stdin>.
+
+=item B<-quiet>
+
+Don't output warnings when passwords given at the command line are truncated.
+
+=item B<-table>
+
+In the output list, prepend the cleartext password and a TAB character
+to each password hash.
+
+=back
+
+=head1 EXAMPLES
+
+B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+
+B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+
+=cut
diff --git a/lib/libssl/src/doc/apps/pkcs12.pod b/lib/libssl/src/doc/apps/pkcs12.pod
new file mode 100644
index 00000000000..241f9c4a8b0
--- /dev/null
+++ b/lib/libssl/src/doc/apps/pkcs12.pod
@@ -0,0 +1,310 @@
+
+=pod
+
+=head1 NAME
+
+pkcs12 - PKCS#12 file utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs12>
+[B<-export>]
+[B<-chain>]
+[B<-inkey filename>]
+[B<-certfile filename>]
+[B<-name name>]
+[B<-caname name>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-nomacver>]
+[B<-nocerts>]
+[B<-clcerts>]
+[B<-cacerts>]
+[B<-nokeys>]
+[B<-info>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-nodes>]
+[B<-noiter>]
+[B<-maciter>]
+[B<-twopass>]
+[B<-descert>]
+[B<-certpbe>]
+[B<-keypbe>]
+[B<-keyex>]
+[B<-keysig>]
+[B<-password arg>]
+[B<-passin arg>]
+[B<-passout arg>]
+[B<-rand file(s)>]
+
+=head1 DESCRIPTION
+
+The B<pkcs12> command allows PKCS#12 files (sometimes referred to as
+PFX files) to be created and parsed. PKCS#12 files are used by several
+programs including Netscape, MSIE and MS Outlook.
+
+=head1 COMMAND OPTIONS
+
+There are a lot of options the meaning of some depends of whether a PKCS#12 file
+is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12
+file can be created by using the B<-export> option (see below).
+
+=head1 PARSING OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies filename of the PKCS#12 file to be parsed. Standard input is used
+by default.
+
+=item B<-out filename>
+
+The filename to write certificates and private keys to, standard output by default.
+They are all written in PEM format.
+
+=item B<-pass arg>, B<-passin arg>
+
+the PKCS#12 file (i.e. input file) password source. For more information about the
+format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-passout arg>
+
+pass phrase source to encrypt any outputed private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-noout>
+
+this option inhibits output of the keys and certificates to the output file version
+of the PKCS#12 file.
+
+=item B<-clcerts>
+
+only output client certificates (not CA certificates).
+
+=item B<-cacerts>
+
+only output CA certificates (not client certificates).
+
+=item B<-nocerts>
+
+no certificates at all will be output.
+
+=item B<-nokeys>
+
+no private keys will be output.
+
+=item B<-info>
+
+output additional information about the PKCS#12 file structure, algorithms used and
+iteration counts.
+
+=item B<-des>
+
+use DES to encrypt private keys before outputting.
+
+=item B<-des3>
+
+use triple DES to encrypt private keys before outputting, this is the default.
+
+=item B<-idea>
+
+use IDEA to encrypt private keys before outputting.
+
+=item B<-nodes>
+
+don't encrypt the private keys at all.
+
+=item B<-nomacver>
+
+don't attempt to verify the integrity MAC before reading the file.
+
+=item B<-twopass>
+
+prompt for separate integrity and encryption passwords: most software
+always assumes these are the same so this option will render such
+PKCS#12 files unreadable.
+
+=back
+
+=head1 FILE CREATION OPTIONS
+
+=over 4
+
+=item B<-export>
+
+This option specifies that a PKCS#12 file will be created rather than
+parsed.
+
+=item B<-out filename>
+
+This specifies filename to write the PKCS#12 file to. Standard output is used
+by default.
+
+=item B<-in filename>
+
+The filename to read certificates and private keys from, standard input by default.
+They must all be in PEM format. The order doesn't matter but one private key and
+its corresponding certificate should be present. If additional certificates are
+present they will also be included in the PKCS#12 file.
+
+=item B<-inkey filename>
+
+file to read private key from. If not present then a private key must be present
+in the input file.
+
+=item B<-name friendlyname>
+
+This specifies the "friendly name" for the certificate and private key. This name
+is typically displayed in list boxes by software importing the file.
+
+=item B<-certfile filename>
+
+A filename to read additional certificates from.
+
+=item B<-caname friendlyname>
+
+This specifies the "friendly name" for other certificates. This option may be
+used multiple times to specify names for all certificates in the order they
+appear. Netscape ignores friendly names on other certificates whereas MSIE
+displays them.
+
+=item B<-pass arg>, B<-passout arg>
+
+the PKCS#12 file (i.e. output file) password source. For more information about
+the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-passin password>
+
+pass phrase source to decrypt any input private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-chain>
+
+if this option is present then an attempt is made to include the entire
+certificate chain of the user certificate. The standard CA store is used
+for this search. If the search fails it is considered a fatal error.
+
+=item B<-descert>
+
+encrypt the certificate using triple DES, this may render the PKCS#12
+file unreadable by some "export grade" software. By default the private
+key is encrypted using triple DES and the certificate using 40 bit RC2.
+
+=item B<-keypbe alg>, B<-certpbe alg>
+
+these options allow the algorithm used to encrypt the private key and
+certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms
+can be selected it is advisable only to use PKCS#12 algorithms. See the list
+in the B<NOTES> section for more information.
+
+=item B<-keyex|-keysig>
+
+specifies that the private key is to be used for key exchange or just signing.
+This option is only interpreted by MSIE and similar MS software. Normally
+"export grade" software will only allow 512 bit RSA keys to be used for
+encryption purposes but arbitrary length keys for signing. The B<-keysig>
+option marks the key for signing only. Signing only keys can be used for
+S/MIME signing, authenticode (ActiveX control signing) and SSL client
+authentication, however due to a bug only MSIE 5.0 and later support
+the use of signing only keys for SSL client authentication.
+
+=item B<-nomaciter>, B<-noiter>
+
+these options affect the iteration counts on the MAC and key algorithms.
+Unless you wish to produce files compatible with MSIE 4.0 you should leave
+these options alone.
+
+To discourage attacks by using large dictionaries of common passwords the
+algorithm that derives keys from passwords can have an iteration count applied
+to it: this causes a certain part of the algorithm to be repeated and slows it
+down. The MAC is used to check the file integrity but since it will normally
+have the same password as the keys and certificates it could also be attacked.
+By default both MAC and encryption iteration counts are set to 2048, using
+these options the MAC and encryption iteration counts can be set to 1, since
+this reduces the file security you should not use these options unless you
+really have to. Most software supports both MAC and key iteration counts.
+MSIE 4.0 doesn't support MAC iteration counts so it needs the B<-nomaciter>
+option.
+
+=item B<-maciter>
+
+This option is included for compatibility with previous versions, it used
+to be needed to use MAC iterations counts but they are now used by default.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+
+=back
+
+=head1 NOTES
+
+Although there are a large number of options most of them are very rarely
+used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
+for PKCS#12 file creation B<-export> and B<-name> are also used.
+
+If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
+then all certificates will be output in the order they appear in the input
+PKCS#12 files. There is no guarantee that the first certificate present is
+the one corresponding to the private key. Certain software which requires
+a private key and certificate and assumes the first certificate in the
+file is the one corresponding to the private key: this may not always
+be the case. Using the B<-clcerts> option will solve this problem by only
+outputing the certificate corresponding to the private key. If the CA
+certificates are required then they can be output to a separate file using
+the B<-nokeys -cacerts> options to just output CA certificates.
+
+The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
+algorithms for private keys and certificates to be specified. Normally
+the defaults are fine but occasionally software can't handle triple DES
+encrypted private keys, then the option B<-keypbe PBE-SHA1-RC2-40> can
+be used to reduce the private key encryption to 40 bit RC2. A complete
+description of all algorithms is contained in the B<pkcs8> manual page.
+
+=head1 EXAMPLES
+
+Parse a PKCS#12 file and output it to a file:
+
+ openssl pkcs12 -in file.p12 -out file.pem
+
+Output only client certificates to a file:
+
+ openssl pkcs12 -in file.p12 -clcerts -out file.pem
+
+Don't encrypt the private key:
+
+ openssl pkcs12 -in file.p12 -out file.pem -nodes
+
+Print some info about a PKCS#12 file:
+
+ openssl pkcs12 -in file.p12 -info -noout
+
+Create a PKCS#12 file:
+
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
+
+Include some extra certificates:
+
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+ -certfile othercerts.pem
+
+=head1 BUGS
+
+Some would argue that the PKCS#12 standard is one big bug :-)
+
+=head1 SEE ALSO
+
+L<pkcs8(1)|pkcs8(1)>
+
diff --git a/lib/libssl/src/doc/apps/pkcs7.pod b/lib/libssl/src/doc/apps/pkcs7.pod
new file mode 100644
index 00000000000..4e9bd6e46bf
--- /dev/null
+++ b/lib/libssl/src/doc/apps/pkcs7.pod
@@ -0,0 +1,97 @@
+=pod
+
+=head1 NAME
+
+pkcs7 - PKCS#7 utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs7>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-print_certs>]
+[B<-text>]
+[B<-noout>]
+
+=head1 DESCRIPTION
+
+The B<pkcs7> command processes PKCS#7 files in DER or PEM format.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. B<DER> format is DER encoded PKCS#7
+v1.5 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-print_certs>
+
+prints out any certificates or CRLs contained in the file. They are
+preceded by their subject and issuer names in one line format.
+
+=item B<-text>
+
+prints out certificates details in full rather than just subject and
+issuer names.
+
+=item B<-noout>
+
+don't output the encoded version of the PKCS#7 structure (or certificates
+is B<-print_certs> is set).
+
+=back
+
+=head1 EXAMPLES
+
+Convert a PKCS#7 file from PEM to DER:
+
+ openssl pkcs7 -in file.pem -outform DER -out file.der
+
+Output all certificates in a file:
+
+ openssl pkcs7 -in file.pem -print_certs -out certs.pem
+
+=head1 NOTES
+
+The PEM PKCS#7 format uses the header and footer lines:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+For compatability with some CAs it will also accept:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+=head1 RESTRICTIONS
+
+There is no option to print out all the fields of a PKCS#7 file.
+
+This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
+cannot currently parse, for example, the new CMS as described in RFC2630.
+
+=head1 SEE ALSO
+
+L<crl2pkcs7(1)|crl2pkcs7(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/pkcs8.pod b/lib/libssl/src/doc/apps/pkcs8.pod
new file mode 100644
index 00000000000..a56b2dd0020
--- /dev/null
+++ b/lib/libssl/src/doc/apps/pkcs8.pod
@@ -0,0 +1,235 @@
+=pod
+
+=head1 NAME
+
+pkcs8 - PKCS#8 format private key conversion tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs8>
+[B<-topk8>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-noiter>]
+[B<-nocrypt>]
+[B<-nooct>]
+[B<-embed>]
+[B<-nsdb>]
+[B<-v2 alg>]
+[B<-v1 alg>]
+
+=head1 DESCRIPTION
+
+The B<pkcs8> command processes private keys in PKCS#8 format. It can handle
+both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
+format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-topk8>
+
+Normally a PKCS#8 private key is expected on input and a traditional format
+private key will be written. With the B<-topk8> option the situation is
+reversed: it reads a traditional format private key and writes a PKCS#8
+format key.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. If a PKCS#8 format key is expected on input
+then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be
+expected. Otherwise the B<DER> or B<PEM> format of the traditional format
+private key is used.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output by
+default. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-nocrypt>
+
+PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
+structures using an appropriate password based encryption algorithm. With
+this option an unencrypted PrivateKeyInfo structure is expected or output.
+This option does not encrypt private keys at all and should only be used
+when absolutely necessary. Certain software such as some versions of Java
+code signing software used unencrypted private keys.
+
+=item B<-nooct>
+
+This option generates RSA private keys in a broken format that some software
+uses. Specifically the private key should be enclosed in a OCTET STRING
+but some software just includes the structure itself without the
+surrounding OCTET STRING.
+
+=item B<-embed>
+
+This option generates DSA keys in a broken format. The DSA parameters are
+embedded inside the PrivateKey structure. In this form the OCTET STRING
+contains an ASN1 SEQUENCE consisting of two structures: a SEQUENCE containing
+the parameters and an ASN1 INTEGER containing the private key.
+
+=item B<-nsdb>
+
+This option generates DSA keys in a broken format compatible with Netscape
+private key databases. The PrivateKey contains a SEQUENCE consisting of
+the public and private keys respectively.
+
+=item B<-v2 alg>
+
+This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
+private keys are encrypted with the password based encryption algorithm
+called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
+was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
+the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
+encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
+not many implementations support PKCS#5 v2.0 yet. If you are just using
+private keys with OpenSSL then this doesn't matter.
+
+The B<alg> argument is the encryption algorithm to use, valid values include
+B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
+
+=item B<-v1 alg>
+
+This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+list of possible algorithms is included below.
+
+=back
+
+=head1 NOTES
+
+The encrypted form of a PEM encode PKCS#8 files uses the following
+headers and footers:
+
+ -----BEGIN ENCRYPTED PRIVATE KEY-----
+ -----END ENCRYPTED PRIVATE KEY-----
+
+The unencrypted form uses:
+
+ -----BEGIN PRIVATE KEY-----
+ -----END PRIVATE KEY-----
+
+Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
+counts are more secure that those encrypted using the traditional
+SSLeay compatible formats. So if additional security is considered
+important the keys should be converted.
+
+The default encryption is only 56 bits because this is the encryption
+that most current implementations of PKCS#8 will support.
+
+Some software may use PKCS#12 password based encryption algorithms
+with PKCS#8 format private keys: these are handled automatically
+but there is no option to produce them.
+
+It is possible to write out DER encoded encrypted private keys in
+PKCS#8 format because the encryption details are included at an ASN1
+level whereas the traditional format includes them at a PEM level.
+
+=head1 PKCS#5 v1.5 and PKCS#12 algorithms.
+
+Various algorithms can be used with the B<-v1> command line option,
+including PKCS#5 v1.5 and PKCS#12. These are described in more detail
+below.
+
+=over 4
+
+=item B<PBE-MD2-DES PBE-MD5-DES>
+
+These algorithms were included in the original PKCS#5 v1.5 specification.
+They only offer 56 bits of protection since they both use DES.
+
+=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES>
+
+These algorithms are not mentioned in the original PKCS#5 v1.5 specification
+but they use the same key derivation algorithm and are supported by some
+software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
+56 bit DES.
+
+=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40>
+
+These algorithms use the PKCS#12 password based encryption algorithm and
+allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
+
+=back
+
+=head1 EXAMPLES
+
+Convert a private from traditional to PKCS#5 v2.0 format using triple
+DES:
+
+ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
+
+Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
+(DES):
+
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+
+Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
+(3DES):
+
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
+
+Read a DER unencrypted PKCS#8 format private key:
+
+ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
+
+Convert a private key from any PKCS#8 format to traditional format:
+
+ openssl pkcs8 -in pk8.pem -out key.pem
+
+=head1 STANDARDS
+
+Test vectors from this PKCS#5 v2.0 implementation were posted to the
+pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
+counts, several people confirmed that they could decrypt the private
+keys produced and Therefore it can be assumed that the PKCS#5 v2.0
+implementation is reasonably accurate at least as far as these
+algorithms are concerned.
+
+The format of PKCS#8 DSA (and other) private keys is not well documented:
+it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
+PKCS#8 private key format complies with this standard.
+
+=head1 BUGS
+
+There should be an option that prints out the encryption algorithm
+in use and other details such as the iteration count.
+
+PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
+key format for OpenSSL: for compatibility several of the utilities use
+the old format at present.
+
+=head1 SEE ALSO
+
+L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/req.pod b/lib/libssl/src/doc/apps/req.pod
new file mode 100644
index 00000000000..fde6ff2e9fe
--- /dev/null
+++ b/lib/libssl/src/doc/apps/req.pod
@@ -0,0 +1,528 @@
+
+=pod
+
+=head1 NAME
+
+req - PKCS#10 certificate and certificate generating utility.
+
+=head1 SYNOPSIS
+
+B<openssl> B<req>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-text>]
+[B<-noout>]
+[B<-verify>]
+[B<-modulus>]
+[B<-new>]
+[B<-newkey rsa:bits>]
+[B<-newkey dsa:file>]
+[B<-nodes>]
+[B<-key filename>]
+[B<-keyform PEM|DER>]
+[B<-keyout filename>]
+[B<-[md5|sha1|md2|mdc2]>]
+[B<-config filename>]
+[B<-x509>]
+[B<-days n>]
+[B<-asn1-kludge>]
+[B<-newhdr>]
+[B<-extensions section>]
+[B<-reqexts section>]
+
+=head1 DESCRIPTION
+
+The B<req> command primarily creates and processes certificate requests
+in PKCS#10 format. It can additionally create self signed certificates
+for use as root CAs for example.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#10. The B<PEM> form is the default format: it
+consists of the B<DER> format base64 encoded with additional header and
+footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a request from or standard input
+if this option is not specified. A request is only read if the creation
+options (B<-new> and B<-newkey>) are not specified.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write to or standard output by
+default.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-text>
+
+prints out the certificate request in text form.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the request.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the public key
+contained in the request.
+
+=item B<-verify>
+
+verifies the signature on the request.
+
+=item B<-new>
+
+this option generates a new certificate request. It will prompt
+the user for the relevant field values. The actual fields
+prompted for and their maximum and minimum sizes are specified
+in the configuration file and any requested extensions.
+
+If the B<-key> option is not used it will generate a new RSA private
+key using information specified in the configuration file.
+
+=item B<-newkey arg>
+
+this option creates a new certificate request and a new private
+key. The argument takes one of two forms. B<rsa:nbits>, where
+B<nbits> is the number of bits, generates an RSA key B<nbits>
+in size. B<dsa:filename> generates a DSA key using the parameters
+in the file B<filename>.
+
+=item B<-key filename>
+
+This specifies the file to read the private key from. It also
+accepts PKCS#8 format private keys for PEM format files.
+
+=item B<-keyform PEM|DER>
+
+the format of the private key file specified in the B<-key>
+argument. PEM is the default.
+
+=item B<-keyout filename>
+
+this gives the filename to write the newly created private key to.
+If this option is not specified then the filename present in the
+configuration file is used.
+
+=item B<-nodes>
+
+if this option is specified then if a private key is created it
+will not be encrypted.
+
+=item B<-[md5|sha1|md2|mdc2]>
+
+this specifies the message digest to sign the request with. This
+overrides the digest algorithm specified in the configuration file.
+This option is ignored for DSA requests: they always use SHA1.
+
+=item B<-config filename>
+
+this allows an alternative configuration file to be specified,
+this overrides the compile time filename or any specified in
+the B<OPENSSL_CONF> environment variable.
+
+=item B<-x509>
+
+this option outputs a self signed certificate instead of a certificate
+request. This is typically used to generate a test certificate or
+a self signed root CA. The extensions added to the certificate
+(if any) are specified in the configuration file.
+
+=item B<-days n>
+
+when the B<-x509> option is being used this specifies the number of
+days to certify the certificate for. The default is 30 days.
+
+=item B<-extensions section>
+=item B<-reqexts section>
+
+these options specify alternative sections to include certificate
+extensions (if the B<-x509> option is present) or certificate
+request extensions. This allows several different sections to
+be used in the same configuration file to specify requests for
+a variety of purposes.
+
+=item B<-asn1-kludge>
+
+by default the B<req> command outputs certificate requests containing
+no attributes in the correct PKCS#10 format. However certain CAs will only
+accept requests containing no attributes in an invalid form: this
+option produces this invalid format.
+
+More precisely the B<Attributes> in a PKCS#10 certificate request
+are defined as a B<SET OF Attribute>. They are B<not OPTIONAL> so
+if no attributes are present then they should be encoded as an
+empty B<SET OF>. The invalid form does not include the empty
+B<SET OF> whereas the correct form does.
+
+It should be noted that very few CAs still require the use of this option.
+
+=item B<-newhdr>
+
+Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+request. Some software (Netscape certificate server) and some CAs need this.
+
+=back
+
+=head1 CONFIGURATION FILE FORMAT
+
+The configuration options are specified in the B<req> section of
+the configuration file. As with all configuration files if no
+value is specified in the specific section (i.e. B<req>) then
+the initial unnamed or B<default> section is searched too.
+
+The options available are described in detail below.
+
+=over 4
+
+=item B<input_password output_password>
+
+The passwords for the input private key file (if present) and
+the output private key file (if one will be created). The
+command line options B<passin> and B<passout> override the
+configuration file values.
+
+=item B<default_bits>
+
+This specifies the default key size in bits. If not specified then
+512 is used. It is used if the B<-new> option is used. It can be
+overridden by using the B<-newkey> option.
+
+=item B<default_keyfile>
+
+This is the default filename to write a private key to. If not
+specified the key is written to standard output. This can be
+overridden by the B<-keyout> option.
+
+=item B<oid_file>
+
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+
+=item B<oid_section>
+
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+
+=item B<RANDFILE>
+
+This specifies a filename in which random number seed information is
+placed and read from, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+It is used for private key generation.
+
+=item B<encrypt_key>
+
+If this is set to B<no> then if a private key is generated it is
+B<not> encrypted. This is equivalent to the B<-nodes> command line
+option. For compatibility B<encrypt_rsa_key> is an equivalent option.
+
+=item B<default_md>
+
+This option specifies the digest algorithm to use. Possible values
+include B<md5 sha1 mdc2>. If not present then MD5 is used. This
+option can be overridden on the command line.
+
+=item B<string_mask>
+
+This option masks out the use of certain string types in certain
+fields. Most users will not need to change this option.
+
+It can be set to several values B<default> which is also the default
+option uses PrintableStrings, T61Strings and BMPStrings if the
+B<pkix> value is used then only PrintableStrings and BMPStrings will
+be used. This follows the PKIX recommendation in RFC2459. If the
+B<utf8only> option is used then only UTF8Strings will be used: this
+is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
+option just uses PrintableStrings and T61Strings: certain software has
+problems with BMPStrings and UTF8Strings: in particular Netscape.
+
+=item B<req_extensions>
+
+this specifies the configuration file section containing a list of
+extensions to add to the certificate request. It can be overridden
+by the B<-reqexts> command line switch.
+
+=item B<x509_extensions>
+
+this specifies the configuration file section containing a list of
+extensions to add to certificate generated when the B<-x509> switch
+is used. It can be overridden by the B<-extensions> command line switch.
+
+=item B<prompt>
+
+if set to the value B<no> this disables prompting of certificate fields
+and just takes values from the config file directly. It also changes the
+expected format of the B<distinguished_name> and B<attributes> sections.
+
+=item B<attributes>
+
+this specifies the section containing any request attributes: its format
+is the same as B<distinguished_name>. Typically these may contain the
+challengePassword or unstructuredName types. They are currently ignored
+by OpenSSL's request signing utilities but some CAs might want them.
+
+=item B<distinguished_name>
+
+This specifies the section containing the distinguished name fields to
+prompt for when generating a certificate or certificate request. The format
+is described in the next section.
+
+=back
+
+=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
+
+There are two separate formats for the distinguished name and attribute
+sections. If the B<prompt> option is set to B<no> then these sections
+just consist of field names and values: for example,
+
+ CN=My Name
+ OU=My Organization
+ emailAddress=someone@somewhere.org
+
+This allows external programs (e.g. GUI based) to generate a template file
+with all the field names and values and just pass it to B<req>. An example
+of this kind of configuration file is contained in the B<EXAMPLES> section.
+
+Alternatively if the B<prompt> option is absent or not set to B<no> then the
+file contains field prompting information. It consists of lines of the form:
+
+ fieldName="prompt"
+ fieldName_default="default field value"
+ fieldName_min= 2
+ fieldName_max= 4
+
+"fieldName" is the field name being used, for example commonName (or CN).
+The "prompt" string is used to ask the user to enter the relevant
+details. If the user enters nothing then the default value is used if no
+default value is present then the field is omitted. A field can
+still be omitted if a default value is present if the user just
+enters the '.' character.
+
+The number of characters entered must be between the fieldName_min and
+fieldName_max limits: there may be additional restrictions based
+on the field being used (for example countryName can only ever be
+two characters long and must fit in a PrintableString).
+
+Some fields (such as organizationName) can be used more than once
+in a DN. This presents a problem because configuration files will
+not recognize the same name occurring twice. To avoid this problem
+if the fieldName contains some characters followed by a full stop
+they will be ignored. So for example a second organizationName can
+be input by calling it "1.organizationName".
+
+The actual permitted field names are any object identifier short or
+long names. These are compiled into OpenSSL and include the usual
+values such as commonName, countryName, localityName, organizationName,
+organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+is include as well as name, surname, givenName initials and dnQualifier.
+
+Additional object identifiers can be defined with the B<oid_file> or
+B<oid_section> options in the configuration file. Any additional fields
+will be treated as though they were a DirectoryString.
+
+
+=head1 EXAMPLES
+
+Examine and verify certificate request:
+
+ openssl req -in req.pem -text -verify -noout
+
+Create a private key and then generate a certificate request from it:
+
+ openssl genrsa -out key.pem 1024
+ openssl req -new -key key.pem -out req.pem
+
+The same but just using req:
+
+ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
+
+Generate a self signed root certificate:
+
+ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
+
+Example of a file pointed to by the B<oid_file> option:
+
+ 1.2.3.4 shortName A longer Name
+ 1.2.3.6 otherName Other longer Name
+
+Example of a section pointed to by B<oid_section> making use of variable
+expansion:
+
+ testoid1=1.2.3.5
+ testoid2=${testoid1}.6
+
+Sample configuration file prompting for field values:
+
+ [ req ]
+ default_bits = 1024
+ default_keyfile = privkey.pem
+ distinguished_name = req_distinguished_name
+ attributes = req_attributes
+ x509_extensions = v3_ca
+
+ dirstring_type = nobmp
+
+ [ req_distinguished_name ]
+ countryName = Country Name (2 letter code)
+ countryName_default = AU
+ countryName_min = 2
+ countryName_max = 2
+
+ localityName = Locality Name (eg, city)
+
+ organizationalUnitName = Organizational Unit Name (eg, section)
+
+ commonName = Common Name (eg, YOUR name)
+ commonName_max = 64
+
+ emailAddress = Email Address
+ emailAddress_max = 40
+
+ [ req_attributes ]
+ challengePassword = A challenge password
+ challengePassword_min = 4
+ challengePassword_max = 20
+
+ [ v3_ca ]
+
+ subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid:always,issuer:always
+ basicConstraints = CA:true
+
+Sample configuration containing all field values:
+
+
+ RANDFILE = $ENV::HOME/.rnd
+
+ [ req ]
+ default_bits = 1024
+ default_keyfile = keyfile.pem
+ distinguished_name = req_distinguished_name
+ attributes = req_attributes
+ prompt = no
+ output_password = mypass
+
+ [ req_distinguished_name ]
+ C = GB
+ ST = Test State or Province
+ L = Test Locality
+ O = Organization Name
+ OU = Organizational Unit Name
+ CN = Common Name
+ emailAddress = test@email.address
+
+ [ req_attributes ]
+ challengePassword = A challenge password
+
+
+=head1 NOTES
+
+The header and footer lines in the B<PEM> format are normally:
+
+ -----BEGIN CERTIFICATE REQUEST----
+ -----END CERTIFICATE REQUEST----
+
+some software (some versions of Netscape certificate server) instead needs:
+
+ -----BEGIN NEW CERTIFICATE REQUEST----
+ -----END NEW CERTIFICATE REQUEST----
+
+which is produced with the B<-newhdr> option but is otherwise compatible.
+Either form is accepted transparently on input.
+
+The certificate requests generated by B<Xenroll> with MSIE have extensions
+added. It includes the B<keyUsage> extension which determines the type of
+key (signature only or general purpose) and any additional OIDs entered
+by the script in an extendedKeyUsage extension.
+
+=head1 DIAGNOSTICS
+
+The following messages are frequently asked about:
+
+ Using configuration from /some/path/openssl.cnf
+ Unable to load config info
+
+This is followed some time later by...
+
+ unable to find 'distinguished_name' in config
+ problems making Certificate Request
+
+The first error message is the clue: it can't find the configuration
+file! Certain operations (like examining a certificate request) don't
+need a configuration file so its use isn't enforced. Generation of
+certificates or requests however does need a configuration file. This
+could be regarded as a bug.
+
+Another puzzling message is this:
+
+ Attributes:
+ a0:00
+
+this is displayed when no attributes are present and the request includes
+the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
+0x00). If you just see:
+
+ Attributes:
+
+then the B<SET OF> is missing and the encoding is technically invalid (but
+it is tolerated). See the description of the command line option B<-asn1-kludge>
+for more information.
+
+=head1 ENVIRONMENT VARIABLES
+
+The variable B<OPENSSL_CONF> if defined allows an alternative configuration
+file location to be specified, it will be overridden by the B<-config> command
+line switch if it is present. For compatibility reasons the B<SSLEAY_CONF>
+environment variable serves the same purpose but its use is discouraged.
+
+=head1 BUGS
+
+OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
+treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
+This can cause problems if you need characters that aren't available in
+PrintableStrings and you don't want to or can't use BMPStrings.
+
+As a consequence of the T61String handling the only correct way to represent
+accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
+currently chokes on these. If you have to use accented characters with Netscape
+and MSIE then you currently need to use the invalid T61String form.
+
+The current prompting is not very friendly. It doesn't allow you to confirm what
+you've just entered. Other things like extensions in certificate requests are
+statically defined in the configuration file. Some of these: like an email
+address in subjectAltName should be input by the user.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/rsa.pod b/lib/libssl/src/doc/apps/rsa.pod
new file mode 100644
index 00000000000..62ad62e23df
--- /dev/null
+++ b/lib/libssl/src/doc/apps/rsa.pod
@@ -0,0 +1,156 @@
+
+=pod
+
+=head1 NAME
+
+rsa - RSA key processing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<rsa>
+[B<-inform PEM|NET|DER>]
+[B<-outform PEM|NET|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-text>]
+[B<-noout>]
+[B<-modulus>]
+[B<-check>]
+[B<-pubin>]
+[B<-pubout>]
+
+=head1 DESCRIPTION
+
+The B<rsa> command processes RSA keys. They can be converted between various
+forms and their components printed out. B<Note> this command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+utility.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|NET|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. On input PKCS#8 format private
+keys are also accepted. The B<NET> form is a format compatible with older Netscape
+servers and MS IIS, this uses unsalted RC4 for its encryption. It is not very
+secure and so should only be used when necessary.
+
+=item B<-outform DER|NET|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output if this
+option is not specified. If any encryption options are set then a pass phrase
+will be prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout password>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<rsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+
+=item B<-text>
+
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the key.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the key.
+
+=item B<-check>
+
+this option checks the consistency of an RSA private key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this
+option a public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.
+
+=back
+
+=head1 NOTES
+
+The PEM private key format uses the header and footer lines:
+
+ -----BEGIN RSA PRIVATE KEY-----
+ -----END RSA PRIVATE KEY-----
+
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
+=head1 EXAMPLES
+
+To remove the pass phrase on an RSA private key:
+
+ openssl rsa -in key.pem -out keyout.pem
+
+To encrypt a private key using triple DES:
+
+ openssl rsa -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format:
+
+ openssl rsa -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl rsa -in key.pem -text -noout
+
+To just output the public part of a private key:
+
+ openssl rsa -in key.pem -pubout -out pubkey.pem
+
+=head1 SEE ALSO
+
+L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/s_client.pod b/lib/libssl/src/doc/apps/s_client.pod
new file mode 100644
index 00000000000..3ede134164c
--- /dev/null
+++ b/lib/libssl/src/doc/apps/s_client.pod
@@ -0,0 +1,213 @@
+
+=pod
+
+=head1 NAME
+
+s_client - SSL/TLS client program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_client>
+[B<-connect> host:port>]
+[B<-verify depth>]
+[B<-cert filename>]
+[B<-key filename>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-reconnect>]
+[B<-pause>]
+[B<-showcerts>]
+[B<-debug>]
+[B<-nbio_test>]
+[B<-state>]
+[B<-nbio>]
+[B<-crlf>]
+[B<-quiet>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-bugs>]
+[B<-cipher cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<s_client> command implements a generic SSL/TLS client which connects
+to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
+SSL servers.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-connect host:port>
+
+This specifies the host and optional port to connect to. If not specified
+then an attempt is made to connect to the local host on port 4433.
+
+=item B<-cert certname>
+
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+
+=item B<-CApath directory>
+
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+
+=item B<-reconnect>
+
+reconnects to the same server 5 times using the same session ID, this can
+be used as a test that session caching is working.
+
+=item B<-pause>
+
+pauses 1 second between each read and write call.
+
+=item B<-showcerts>
+
+display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+
+=item B<-prexit>
+
+print session information when the program exits. This will always attempt
+to print out information even if the connection fails. Normally information
+will only be printed out once if the connection succeeds. This option is useful
+because the cipher in use may be renegotiated or the connection may fail
+because a client certificate is required or is requested only after an
+attempt is made to access a certain URL. Note: the output produced by this
+option is not always accurate because a connection might never have been
+established.
+
+=item B<-state>
+
+prints out the SSL session states.
+
+=item B<-debug>
+
+print extensive debugging information including a hex dump of all traffic.
+
+=item B<-nbio_test>
+
+tests non-blocking I/O
+
+=item B<-nbio>
+
+turns on non-blocking I/O
+
+=item B<-crlf>
+
+this option translated a line feed from the terminal into CR+LF as required
+by some servers.
+
+=item B<-quiet>
+
+inhibit printing of session and certificate information.
+
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if TLS is turned off with the B<-no_tls> option others will only
+support SSL v2 and may need the B<-ssl2> option.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client. See the B<ciphers>
+command for more information.
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection is established with an SSL server then any data received
+from the server is displayed and any key presses will be sent to the
+server. If the line begins with an B<R> then the session will be
+renegotiated. If the line begins with a B<Q> the connection will be closed
+down.
+
+=head1 NOTES
+
+B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP
+server the command:
+
+ openssl s_client -connect servername:443
+
+would typically be used (https uses port 443). If the connection succeeds
+then an HTTP command can be given such as "GET /" to retrieve a web page.
+
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
+B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using B<s_client> the CA list can be viewed
+and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> command and send an HTTP request
+for an appropriate page.
+
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+
+If there are problems verifying a server certificate then the
+B<-showcerts> option can be used to show the whole chain.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_client is rather
+hard to read and not a model of how things should be done. A typical
+SSL client program would be much simpler.
+
+The B<-verify> option should really exit if the server verification
+fails.
+
+The B<-prexit> option is a bit of a hack. We should really report
+information whenever a session is renegotiated.
+
+=head1 SEE ALSO
+
+L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/s_server.pod b/lib/libssl/src/doc/apps/s_server.pod
new file mode 100644
index 00000000000..0f29c361d90
--- /dev/null
+++ b/lib/libssl/src/doc/apps/s_server.pod
@@ -0,0 +1,265 @@
+
+=pod
+
+=head1 NAME
+
+s_server - SSL/TLS server program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_client>
+[B<-accept port>]
+[B<-context id>]
+[B<-verify depth>]
+[B<-Verify depth>]
+[B<-cert filename>]
+[B<-key keyfile>]
+[B<-dcert filename>]
+[B<-dkey keyfile>]
+[B<-dhparam filename>]
+[B<-nbio>]
+[B<-nbio_test>]
+[B<-crlf>]
+[B<-debug>]
+[B<-state>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-nocert>]
+[B<-cipher cipherlist>]
+[B<-quiet>]
+[B<-no_tmp_rsa>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-no_dhe>]
+[B<-bugs>]
+[B<-hack>]
+[B<-www>]
+[B<-WWW>]
+
+=head1 DESCRIPTION
+
+The B<s_server> command implements a generic SSL/TLS server which listens
+for connections on a given port using SSL/TLS.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-accept port>
+
+the TCP port to listen on for connections. If not specified 4433 is used.
+
+=item B<-context id>
+
+sets the SSL context id. It can be given any string value. If this option
+is not present a default value will be used.
+
+=item B<-cert certname>
+
+The certificate to use, most servers cipher suites require the use of a
+certificate and some require a certificate with a certain public key type:
+for example the DSS cipher suites require a certificate containing a DSS
+(DSA) key. If not specified then the filename "server.pem" will be used.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-dcert filename>, B<-dkey keyname>
+
+specify an additional certificate and private key, these behave in the
+same manner as the B<-cert> and B<-key> options except there is no default
+if they are not specified (no additional certificate and key is used). As
+noted above some cipher suites require a certificate containing a key of
+a certain type. Some cipher suites need a certificate carrying an RSA key
+and some a DSS (DSA) key. By using RSA and DSS certificates and keys
+a server can support clients which only support RSA or DSS cipher suites
+by using an appropriate certificate.
+
+=item B<-nocert>
+
+if this option is set then no certificate is used. This restricts the
+cipher suites available to the anonymous ones (currently just anonymous
+DH).
+
+=item B<-dhparam filename>
+
+the DH parameter file to use. The ephemeral DH cipher suites generate keys
+using a set of DH parameters. If not specified then an attempt is made to
+load the parameters from the server certificate file. If this fails then
+a static set of parameters hard coded into the s_server program will be used.
+
+=item B<-nodhe>
+
+if this option is set then no DH parameters will be loaded effectively
+disabling the ephemeral DH cipher suites.
+
+=item B<-no_tmp_rsa>
+
+certain export cipher suites sometimes use a temporary RSA key, this option
+disables temporary RSA key generation.
+
+=item B<-verify depth>, B<-Verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+client certificate chain and makes the server request a certificate from
+the client. With the B<-verify> option a certificate is requested but the
+client does not have to send one, with the B<-Verify> option the client
+must supply a certificate or an error occurs.
+
+=item B<-CApath directory>
+
+The directory to use for client certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the server certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain. The list
+is also used in the list of acceptable client CAs passed to the client when
+a certificate is requested.
+
+=item B<-state>
+
+prints out the SSL session states.
+
+=item B<-debug>
+
+print extensive debugging information including a hex dump of all traffic.
+
+=item B<-nbio_test>
+
+tests non blocking I/O
+
+=item B<-nbio>
+
+turns on non blocking I/O
+
+=item B<-crlf>
+
+this option translated a line feed from the terminal into CR+LF.
+
+=item B<-quiet>
+
+inhibit printing of session and certificate information.
+
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-hack>
+
+this option enables a further workaround for some some early Netscape
+SSL code (?).
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list used by the server to be modified. When
+the client sends a list of supported ciphers the first client cipher
+also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist irrelevant. See
+the B<ciphers> command for more information.
+
+=item B<-www>
+
+sends a status message back to the client when it connects. This includes
+lots of information about the ciphers used and various session parameters.
+The output is in HTML format so this option will normally be used with a
+web browser.
+
+=item B<-WWW>
+
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded.
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection request is established with an SSL client and neither the
+B<-www> nor the B<-WWW> option has been used then normally any data received
+from the client is displayed and any key presses will be sent to the client.
+
+Certain single letter commands are also recognized which perform special
+operations: these are listed below.
+
+=over 4
+
+=item B<q>
+
+end the current SSL connection but still accept new connections.
+
+=item B<Q>
+
+end the current SSL connection and exit.
+
+=item B<r>
+
+renegotiate the SSL session.
+
+=item B<R>
+
+renegotiate the SSL session and request a client certificate.
+
+=item B<P>
+
+send some plain text down the underlying TCP connection: this should
+cause the client to disconnect due to a protocol violation.
+
+=item B<S>
+
+print out some session cache status information.
+
+=back
+
+=head1 NOTES
+
+B<s_server> can be used to debug SSL clients. To accept connections from
+a web browser the command:
+
+ openssl s_server -accept 443 -www
+
+can be used for example.
+
+Most web browsers (in particular Netscape and MSIE) only support RSA cipher
+suites, so they cannot connect to servers which don't use a certificate
+carrying an RSA key or a version of OpenSSL with RSA disabled.
+
+Although specifying an empty list of CAs when requesting a client certificate
+is strictly speaking a protocol violation, some SSL clients interpret this to
+mean any CA is acceptable. This is useful for debugging purposes.
+
+The session parameters can printed out using the B<sess_id> program.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_server is rather
+hard to read and not a model of how things should be done. A typical
+SSL server program would be much simpler.
+
+The output of common ciphers is wrong: it just gives the list of ciphers that
+OpenSSL recognizes and the client supports.
+
+There should be a way for the B<s_server> program to print out details of any
+unknown cipher suites a client says it supports.
+
+=head1 SEE ALSO
+
+L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/sess_id.pod b/lib/libssl/src/doc/apps/sess_id.pod
new file mode 100644
index 00000000000..9988d2cd3d5
--- /dev/null
+++ b/lib/libssl/src/doc/apps/sess_id.pod
@@ -0,0 +1,151 @@
+
+=pod
+
+=head1 NAME
+
+sess_id - SSL/TLS session handling utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<sess_id>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-text>]
+[B<-noout>]
+[B<-context ID>]
+
+=head1 DESCRIPTION
+
+The B<sess_id> process the encoded version of the SSL session structure
+and optionally prints out SSL session details (for example the SSL session
+master key) in human readable format. Since this is a diagnostic tool that
+needs some knowledge of the SSL protocol to use properly, most users will
+not need to use it.
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+format containing session details. The precise format can vary from one version
+to the next. The B<PEM> form is the default format: it consists of the B<DER>
+format base64 encoded with additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read session information from or standard
+input by default.
+
+=item B<-out filename>
+
+This specifies the output filename to write session information to or standard
+output if this option is not specified.
+
+=item B<-text>
+
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+
+=item B<-cert>
+
+if a certificate is present in the session it will be output using this option,
+if the B<-text> option is also present then it will be printed out in text form.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the session.
+
+=item B<-context ID>
+
+this option can set the session id so the output session information uses the
+supplied ID. The ID can be any string of characters. This option wont normally
+be used.
+
+=back
+
+=head1 OUTPUT
+
+Typical output:
+
+ SSL-Session:
+ Protocol : TLSv1
+ Cipher : 0016
+ Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+ Session-ID-ctx: 01000000
+ Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+ Key-Arg : None
+ Start Time: 948459261
+ Timeout : 300 (sec)
+ Verify return code 0 (ok)
+
+Theses are described below in more detail.
+
+=over 4
+
+=item B<Protocol>
+
+this is the protocol in use TLSv1, SSLv3 or SSLv2.
+
+=item B<Cipher>
+
+the cipher used this is the actual raw SSL or TLS cipher code, see the SSL
+or TLS specifications for more information.
+
+=item B<Session-ID>
+
+the SSL session ID in hex format.
+
+=item B<Session-ID-ctx>
+
+the session ID context in hex format.
+
+=item B<Master-Key>
+
+this is the SSL session master key.
+
+=item B<Key-Arg>
+
+the key argument, this is only used in SSL v2.
+
+=item B<Start Time>
+
+this is the session start time represented as an integer in standard Unix format.
+
+=item B<Timeout>
+
+the timeout in seconds.
+
+=item B<Verify return code>
+
+this is the return code when an SSL client certificate is verified.
+
+=back
+
+=head1 NOTES
+
+The PEM encoded session format uses the header and footer lines:
+
+ -----BEGIN SSL SESSION PARAMETERS-----
+ -----END SSL SESSION PARAMETERS-----
+
+Since the SSL session output contains the master key it is possible to read the contents
+of an encrypted session using this information. Therefore appropriate security precautions
+should be taken if the information is being output by a "real" application. This is
+however strongly discouraged and should only be used for debugging purposes.
+
+=head1 BUGS
+
+The cipher and start time should be printed out in human readable form.
+
+=head1 SEE ALSO
+
+L<ciphers(1)|ciphers(1)>, L<s_server(1)|s_server(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/smime.pod b/lib/libssl/src/doc/apps/smime.pod
new file mode 100644
index 00000000000..631ecdc241e
--- /dev/null
+++ b/lib/libssl/src/doc/apps/smime.pod
@@ -0,0 +1,325 @@
+=pod
+
+=head1 NAME
+
+smime - S/MIME utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<smime>
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-sign>]
+[B<-verify>]
+[B<-pk7out>]
+[B<-des>]
+[B<-des3>]
+[B<-rc2-40>]
+[B<-rc2-64>]
+[B<-rc2-128>]
+[B<-in file>]
+[B<-certfile file>]
+[B<-signer file>]
+[B<-recip file>]
+[B<-in file>]
+[B<-inkey file>]
+[B<-out file>]
+[B<-to addr>]
+[B<-from ad>]
+[B<-subject s>]
+[B<-text>]
+[B<-rand file(s)>]
+[cert.pem]...
+
+=head1 DESCRIPTION
+
+The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and
+verify S/MIME messages.
+
+=head1 COMMAND OPTIONS
+
+There are five operation options that set the type of operation to be performed.
+The meaning of the other options varies according to the operation type.
+
+=over 4
+
+=item B<-encrypt>
+
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in MIME format.
+
+=item B<-decrypt>
+
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in MIME format for the input file. The decrypted mail
+is written to the output file.
+
+=item B<-sign>
+
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in MIME format is written
+to the output file.
+
+=item B<-verify>
+
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+
+=item B<-pk7out>
+
+takes an input message and writes out a PEM encoded PKCS#7 structure.
+
+=item B<-in filename>
+
+the input message to be encrypted or signed or the MIME message to
+be decrypted or verified.
+
+=item B<-out filename>
+
+the message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+
+=item B<-text>
+
+this option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME
+type text/plain then an error occurs.
+
+=item B<-CAfile file>
+
+a file containing trusted CA certificates, only used with B<-verify>.
+
+=item B<-CApath dir>
+
+a directory containing trusted CA certificates, only used with
+B<-verify>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
+
+the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
+or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
+used. Only used with B<-encrypt>.
+
+=item B<-nointern>
+
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
+
+=item B<-noverify>
+
+do not verify the signers certificate of a signed message.
+
+=item B<-nochain>
+
+do not do chain verification of signers certificates: that is don't
+use the certificates in the signed message as untrusted CAs.
+
+=item B<-nosigs>
+
+don't try to verify the signatures on the message.
+
+=item B<-nocerts>
+
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the B<-certfile> option for example).
+
+=item B<-noattr>
+
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+
+=item B<-binary>
+
+normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+
+=item B<-nodetach>
+
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME. Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-certfile file>
+
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in PEM format.
+
+=item B<-signer file>
+
+the signers certificate when signing a message. If a message is
+being verified then the signers certificates will be written to this
+file if the verification was successful.
+
+=item B<-recip file>
+
+the recipients certificate when decrypting a message. This certificate
+must match one of the recipients of the message or an error occurs.
+
+=item B<-inkey file>
+
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+
+=item B<cert.pem...>
+
+one or more certificates of message recipients: used when encrypting
+a message.
+
+=item B<-to, -from, -subject>
+
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+
+=back
+
+=head1 NOTES
+
+The MIME message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+
+The supplied message to be signed or encrypted must include the
+necessary MIME headers: or many S/MIME clients wont display it
+properly (if at all). You can use the B<-text> option to automatically
+add plain text headers.
+
+A "signed and encrypted" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages "in parallel" by signing an already signed message.
+
+The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
+clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
+encrypted data is used for other purposes.
+
+=head1 EXIT CODES
+
+=over 4
+
+=item 0
+
+the operation was completely successfully.
+
+=item 1
+
+an error occurred parsing the command options.
+
+=item 2
+
+one of the input files could not be read.
+
+=item 3
+
+an error occurred creating the PKCS#7 file or when reading the MIME
+message.
+
+=item 4
+
+an error occurred decrypting or verifying the message.
+
+=item 5
+
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+
+=back
+
+=head1 EXAMPLES
+
+Create a cleartext signed message:
+
+ openssl smime -sign -in message.txt -text -out mail.msg \
+ -signer mycert.pem
+
+Create and opaque signed message
+
+ openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+ -signer mycert.pem
+
+Create a signed message, include some additional certificates and
+read the private key from another file:
+
+ openssl smime -sign -in in.txt -text -out mail.msg \
+ -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+
+Send a signed message under Unix directly to sendmail, including headers:
+
+ openssl smime -sign -in in.txt -text -signer mycert.pem \
+ -from steve@openssl.org -to someone@somewhere \
+ -subject "Signed message" | sendmail someone@somewhere
+
+Verify a message and extract the signer's certificate if successful:
+
+ openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
+
+Send encrypted mail using triple DES:
+
+ openssl smime -encrypt -in in.txt -from steve@openssl.org \
+ -to someone@somewhere -subject "Encrypted message" \
+ -des3 user.pem -out mail.msg
+
+Sign and encrypt mail:
+
+ openssl smime -sign -in ml.txt -signer my.pem -text \
+ | openssl -encrypt -out mail.msg \
+ -from steve@openssl.org -to someone@somewhere \
+ -subject "Signed and Encrypted message" -des3 user.pem
+
+Note: the encryption command does not include the B<-text> option because the message
+being encrypted already has MIME headers.
+
+Decrypt mail:
+
+ openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+
+=head1 BUGS
+
+The MIME parser isn't very clever: it seems to handle most messages that I've thrown
+at it but it may choke on others.
+
+The code currently will only write out the signer's certificate to a file: if the
+signer has a separate encryption certificate this must be manually extracted. There
+should be some heuristic that determines the correct encryption certificate.
+
+Ideally a database should be maintained of a certificates for each email address.
+
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. this means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+
+No revocation checking is done on the signer's certificate.
+
+The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
+structures may cause parsing errors.
+
+=cut
diff --git a/lib/libssl/src/doc/apps/speed.pod b/lib/libssl/src/doc/apps/speed.pod
new file mode 100644
index 00000000000..fecd9a994de
--- /dev/null
+++ b/lib/libssl/src/doc/apps/speed.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+speed - test library performance
+
+=head1 SYNOPSIS
+
+B<openssl speed>
+[B<md2>]
+[B<mdc2>]
+[B<md5>]
+[B<hmac>]
+[B<sha1>]
+[B<rmd160>]
+[B<idea-cbc>]
+[B<rc2-cbc>]
+[B<rc5-cbc>]
+[B<bf-cbc>]
+[B<des-cbc>]
+[B<des-ede3>]
+[B<rc4>]
+[B<rsa512>]
+[B<rsa1024>]
+[B<rsa2048>]
+[B<rsa4096>]
+[B<dsa512>]
+[B<dsa1024>]
+[B<dsa2048>]
+[B<idea>]
+[B<rc2>]
+[B<des>]
+[B<rsa>]
+[B<blowfish>]
+
+=head1 DESCRIPTION
+
+This command is used to test the performance of cryptographic algorithms.
+
+=head1 OPTIONS
+
+If an option is given, B<speed> test that algorithm, otherwise all of
+the above are tested.
+
+=cut
diff --git a/lib/libssl/src/doc/apps/spkac.pod b/lib/libssl/src/doc/apps/spkac.pod
new file mode 100644
index 00000000000..bb84dfbe335
--- /dev/null
+++ b/lib/libssl/src/doc/apps/spkac.pod
@@ -0,0 +1,127 @@
+=pod
+
+=head1 NAME
+
+spkac - SPKAC printing and generating utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<spkac>
+[B<-in filename>]
+[B<-out filename>]
+[B<-key keyfile>]
+[B<-passin arg>]
+[B<-challenge string>]
+[B<-pubkey>]
+[B<-spkac spkacname>]
+[B<-spksect section>]
+[B<-noout>]
+[B<-verify>]
+
+
+=head1 DESCRIPTION
+
+The B<spkac> command processes Netscape signed public key and challenge
+(SPKAC) files. It can print out their contents, verify the signature and
+produce its own SPKACs from a supplied private key.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified. Ignored if the B<-key> option is used.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-key keyfile>
+
+create an SPKAC file using the private key in B<keyfile>. The
+B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if
+present.
+
+=item B<-passin password>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-challenge string>
+
+specifies the challenge string if an SPKAC is being created.
+
+=item B<-spkac spkacname>
+
+allows an alternative name form the variable containing the
+SPKAC. The default is "SPKAC". This option affects both
+generated and input SPKAC files.
+
+=item B<-spksect section>
+
+allows an alternative name form the section containing the
+SPKAC. The default is the default section.
+
+=item B<-noout>
+
+don't output the text version of the SPKAC (not used if an
+SPKAC is being created).
+
+=item B<-pubkey>
+
+output the public key of an SPKAC (not used if an SPKAC is
+being created).
+
+=item B<-verify>
+
+verifies the digital signature on the supplied SPKAC.
+
+
+=back
+
+=head1 EXAMPLES
+
+Print out the contents of an SPKAC:
+
+ openssl spkac -in spkac.cnf
+
+Verify the signature of an SPKAC:
+
+ openssl spkac -in spkac.cnf -noout -verify
+
+Create an SPKAC using the challenge string "hello":
+
+ openssl spkac -key key.pem -challenge hello -out spkac.cnf
+
+Example of an SPKAC, (long lines split up for clarity):
+
+ SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\
+ PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\
+ PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\
+ 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\
+ 4=
+
+=head1 NOTES
+
+A created SPKAC with suitable DN components appended can be fed into
+the B<ca> utility.
+
+SPKACs are typically generated by Netscape when a form is submitted
+containing the B<KEYGEN> tag as part of the certificate enrollment
+process.
+
+The challenge string permits a primitive form of proof of possession
+of private key. By checking the SPKAC signature and a random challenge
+string some guarantee is given that the user knows the private key
+corresponding to the public key being certified. This is important in
+some applications. Without this it is possible for a previous SPKAC
+to be used in a "replay attack".
+
+=head1 SEE ALSO
+
+L<ca(1)|ca(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/verify.pod b/lib/libssl/src/doc/apps/verify.pod
new file mode 100644
index 00000000000..4a6572d3b89
--- /dev/null
+++ b/lib/libssl/src/doc/apps/verify.pod
@@ -0,0 +1,273 @@
+=pod
+
+=head1 NAME
+
+pkcs7 - PKCS#7 utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<verify>
+[B<-CApath directory>]
+[B<-CAfile file>]
+[B<-purpose purpose>]
+[B<-untrusted file>]
+[B<-help>]
+[B<-verbose>]
+[B<->]
+[certificates]
+
+
+=head1 DESCRIPTION
+
+The B<verify> command verifies certificate chains.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-CApath directory>
+
+A directory of trusted certificates. The certificates should have names
+of the form: hash.0 or have symbolic links to them of this
+form ("hash" is the hashed certificate subject name: see the B<-hash> option
+of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
+create symbolic links to a directory of certificates.
+
+=item B<-CAfile file>
+
+A file of trusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
+=item B<-untrusted file>
+
+A file of untrusted certificates. The file should contain multiple certificates
+
+=item B<-purpose purpose>
+
+the intended use for the certificate. Without this option no chain verification
+will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
+B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
+section for more information.
+
+=item B<-help>
+
+prints out a usage message.
+
+=item B<-verbose>
+
+print extra information about the operations being performed.
+
+=item B<->
+
+marks the last option. All arguments following this are assumed to be
+certificate files. This is useful if the first certificate filename begins
+with a B<->.
+
+=item B<certificates>
+
+one or more certificates to verify. If no certificate filenames are included
+then an attempt is made to read a certificate from standard input. They should
+all be in PEM format.
+
+
+=back
+
+=head1 VERIFY OPERATION
+
+The B<verify> program uses the same functions as the internal SSL and S/MIME
+verification, therefore this description applies to these verify operations
+too.
+
+There is one crucial difference between the verify operations performed
+by the B<verify> program: wherever possible an attempt is made to continue
+after an error whereas normally the verify operation would halt on the
+first error. This allows all the problems with a certificate chain to be
+determined.
+
+The verify operation consists of a number of separate steps.
+
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root CA. It is an error if the whole chain cannot be built
+up. The chain is built up by looking up a certificate whose subject name
+matches the issuer name of the current certificate. If a certificate is found
+whose subject and issuer names are identical it is assumed to be the root CA.
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates. The root CA
+is always looked up in the trusted certificate list: if the certificate to
+verify is a root certificate then an exact match must be found in the trusted
+list.
+
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose. If the B<-purpose> option is not included
+then no checks are done. The supplied or "leaf" certificate must have extensions
+compatible with the supplied purpose and all other certificates must also be valid
+CA certificates. The precise extensions required are described in more detail in
+the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
+
+The third operation is to check the trust settings on the root CA. The root
+CA should be trusted for the supplied purpose. For compatibility with previous
+versions of SSLeay and OpenSSL a certificate with no trust settings is considered
+to be valid for all purposes.
+
+The final operation is to check the validity of the certificate chain. The validity
+period is checked against the current system time and the notBefore and notAfter
+dates in the certificate. The certificate signatures are also checked at this
+point.
+
+If all operations complete successfully then certificate is considered valid. If
+any operation fails then the certificate is not valid.
+
+=head1 DIAGNOSTICS
+
+When a verify operation fails the output messages can be somewhat cryptic. The
+general form of the error message is:
+
+ server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+ error 24 at 1 depth lookup:invalid CA certificate
+
+The first line contains the name of the certificate being verified followed by
+the subject name of the certificate. The second line contains the error number
+and the depth. The depth is number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified itself
+then 1 for the CA that signed the certificate and so on. Finally a text version
+of the error number is presented.
+
+An exhaustive list of the error codes and messages is shown below, this also
+includes the name of the error code as defined in the header file x509_vfy.h
+Some of the error codes are defined but never returned: these are described
+as "unused".
+
+=over 4
+
+=item B<0 X509_V_OK: ok>
+
+the operation was successful.
+
+=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
+
+the CRL of a certificate could not be found. Unused.
+
+=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+
+the certificate signature could not be decrypted. This means that the actual signature value
+could not be determined rather than it not matching the expected value, this is only
+meaningful for RSA keys.
+
+=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+
+the CRL signature could not be decrypted: this means that the actual signature value
+could not be determined rather than it not matching the expected value. Unused.
+
+=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+
+=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+
+the signature of the certificate is invalid. Unused.
+
+=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+
+the certificate is not yet valid: the notBefore date is after the current time.
+
+=item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+
+the CRL is not yet valid. Unused.
+
+=item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired>
+
+the certificate has expired: that is the notAfter date is before the current time.
+
+=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+
+the CRL has expired. Unused.
+
+=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+
+the certificate notBefore field contains an invalid time.
+
+=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+
+the certificate notAfter field contains an invalid time.
+
+=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+
+the CRL lastUpdate field contains an invalid time. Unused.
+
+=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+
+the CRL nextUpdate field contains an invalid time. Unused.
+
+=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
+
+an error occurred trying to allocate memory. This should never happen.
+
+=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+
+the passed certificate is self signed and the same certificate cannot be found in the list of
+trusted certificates.
+
+=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+
+the certificate chain could be built up using the untrusted certificates but the root could not
+be found locally.
+
+=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+
+the issuer certificate of a locally looked up certificate could not be found. This normally means
+the list of trusted certificates is not complete.
+
+=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+
+no signatures could be verified because the chain contains only one certificate and it is not
+self signed.
+
+=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+
+the certificate chain length is greater than the supplied maximum depth. Unused.
+
+=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
+
+the certificate has been revoked. Unused.
+
+=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
+
+a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
+with the supplied purpose.
+
+=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+
+the basicConstraints pathlength parameter has been exceeded.
+
+=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+
+the supplied certificate cannot be used for the specified purpose.
+
+=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+
+the root CA is not marked as trusted for the specified purpose.
+
+=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
+
+the root CA is marked to reject the specified purpose.
+
+=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+
+an application specific error. Unused.
+
+=back
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/apps/version.pod b/lib/libssl/src/doc/apps/version.pod
new file mode 100644
index 00000000000..5d261a64057
--- /dev/null
+++ b/lib/libssl/src/doc/apps/version.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+version - print OpenSSL version information
+
+=head1 SYNOPSIS
+
+B<openssl version>
+[B<-a>]
+[B<-v>]
+[B<-b>]
+[B<-o>]
+[B<-f>]
+[B<-p>]
+
+=head1 DESCRIPTION
+
+This command is used to print out version information about OpenSSL.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-a>
+
+all information, this is the same as setting all the other flags.
+
+=item B<-v>
+
+the current OpenSSL version.
+
+=item B<-b>
+
+the date the current version of OpenSSL was built.
+
+=item B<-o>
+
+option information: various options set when the library was built.
+
+=item B<-c>
+
+compilation flags.
+
+=item B<-p>
+
+platform setting.
+
+=back
+
+=head1 NOTES
+
+The output of B<openssl version -a> would typically be used when sending
+in a bug report.
+
+=cut
diff --git a/lib/libssl/src/doc/apps/x509.pod b/lib/libssl/src/doc/apps/x509.pod
new file mode 100644
index 00000000000..b127182bbbf
--- /dev/null
+++ b/lib/libssl/src/doc/apps/x509.pod
@@ -0,0 +1,543 @@
+
+=pod
+
+=head1 NAME
+
+x509 - Certificate display and signing utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<x509>
+[B<-inform DER|PEM|NET>]
+[B<-outform DER|PEM|NET>]
+[B<-keyform DER|PEM>]
+[B<-CAform DER|PEM>]
+[B<-CAkeyform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-serial>]
+[B<-hash>]
+[B<-subject>]
+[B<-issuer>]
+[B<-startdate>]
+[B<-enddate>]
+[B<-purpose>]
+[B<-dates>]
+[B<-modulus>]
+[B<-fingerprint>]
+[B<-alias>]
+[B<-noout>]
+[B<-trustout>]
+[B<-clrtrust>]
+[B<-clrreject>]
+[B<-addtrust arg>]
+[B<-addreject arg>]
+[B<-setalias arg>]
+[B<-days arg>]
+[B<-signkey filename>]
+[B<-x509toreq>]
+[B<-req>]
+[B<-CA filename>]
+[B<-CAkey filename>]
+[B<-CAcreateserial>]
+[B<-CAserial filename>]
+[B<-text>]
+[B<-C>]
+[B<-md2|-md5|-sha1|-mdc2>]
+[B<-clrext>]
+[B<-extfile filename>]
+[B<-extensions section>]
+
+=head1 DESCRIPTION
+
+The B<x509> command is a multi purpose certificate utility. It can be
+used to display certificate information, convert certificates to
+various forms, sign certificate requests like a "mini CA" or edit
+certificate trust settings.
+
+Since there are a large number of options they will split up into
+various sections.
+
+
+=head1 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM|NET>
+
+This specifies the input format normally the command will expect an X509
+certificate but this can change if other options such as B<-req> are
+present. The DER format is the DER encoding of the certificate and PEM
+is the base64 encoding of the DER encoding with header and footer lines
+added. The NET option is an obscure Netscape server format that is now
+obsolete.
+
+=item B<-outform DER|PEM|NET>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a certificate from or standard input
+if this option is not specified.
+
+=item B<-out filename>
+
+This specifies the output filename to write to or standard output by
+default.
+
+=item B<-md2|-md5|-sha1|-mdc2>
+
+the digest to use. This affects any signing or display option that uses a message
+digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
+specified then MD5 is used. If the key being used to sign with is a DSA key then
+this option has no effect: SHA1 is always used with DSA keys.
+
+
+=back
+
+=head1 DISPLAY OPTIONS
+
+Note: the B<-alias> and B<-purpose> options are also display options
+but are described in the B<TRUST OPTIONS> section.
+
+=over 4
+
+=item B<-text>
+
+prints out the certificate in text form. Full details are output including the
+public key, signature algorithms, issuer and subject names, serial number
+any extensions present and any trust settings.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the request.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the public key
+contained in the certificate.
+
+=item B<-serial>
+
+outputs the certificate serial number.
+
+=item B<-hash>
+
+outputs the "hash" of the certificate subject name. This is used in OpenSSL to
+form an index to allow certificates in a directory to be looked up by subject
+name.
+
+=item B<-subject>
+
+outputs the subject name.
+
+=item B<-issuer>
+
+outputs the issuer name.
+
+=item B<-startdate>
+
+prints out the start date of the certificate, that is the notBefore date.
+
+=item B<-enddate>
+
+prints out the expiry date of the certificate, that is the notAfter date.
+
+=item B<-dates>
+
+prints out the start and expiry dates of a certificate.
+
+=item B<-fingerprint>
+
+prints out the digest of the DER encoded version of the whole certificate.
+
+=item B<-C>
+
+this outputs the certificate in the form of a C source file.
+
+=back
+
+=head1 TRUST SETTINGS
+
+Please note these options are currently experimental and may well change.
+
+A B<trusted certificate> is an ordinary certificate which has several
+additional pieces of information attached to it such as the permitted
+and prohibited uses of the certificate and an "alias".
+
+Normally when a certificate is being verified at least one certificate
+must be "trusted". By default a trusted certificate must be stored
+locally and must be a root CA: any certificate chain ending in this CA
+is then usable for any purpose.
+
+Trust settings currently are only used with a root CA. They allow a finer
+control over the purposes the root CA can be used for. For example a CA
+may be trusted for SSL client but not SSL server use.
+
+See the description of the B<verify> utility for more information on the
+meaning of trust settings.
+
+Future versions of OpenSSL will recognize trust settings on any
+certificate: not just root CAs.
+
+
+=over 4
+
+=item B<-trustout>
+
+this causes B<x509> to output a B<trusted> certificate. An ordinary
+or trusted certificate can be input but by default an ordinary
+certificate is output and any trust settings are discarded. With the
+B<-trustout> option a trusted certificate is output. A trusted
+certificate is automatically output if any trust settings are modified.
+
+=item B<-setalias arg>
+
+sets the alias of the certificate. This will allow the certificate
+to be referred to using a nickname for example "Steve's Certificate".
+
+=item B<-alias>
+
+outputs the certificate alias, if any.
+
+=item B<-clrtrust>
+
+clears all the permitted or trusted uses of the certificate.
+
+=item B<-clrreject>
+
+clears all the prohibited or rejected uses of the certificate.
+
+=item B<-addtrust arg>
+
+adds a trusted certificate use. Currently acceptable values
+are B<all> (any purpose), B<sslclient> (SSL client use), B<sslserver>
+(SSL server use) B<email> (S/MIME email) and B<objsign> (Object signing).
+
+=item B<-addreject arg>
+
+adds a prohibited use. It accepts the same values as the B<-addtrust>
+option.
+
+=item B<-purpose>
+
+this option performs tests on the certificate extensions and outputs
+the results. For a more complete description see the B<CERTIFICATE
+EXTENSIONS> section.
+
+=back
+
+=head1 SIGNING OPTIONS
+
+The B<x509> utility can be used to sign certificates and requests: it
+can thus behave like a "mini CA".
+
+=over 4
+
+=item B<-signkey filename>
+
+this option causes the input file to be self signed using the supplied
+private key.
+
+If the input file is a certificate it sets the issuer name to the
+subject name (i.e. makes it self signed) changes the public key to the
+supplied value and changes the start and end dates. The start date is
+set to the current time and the end date is set to a value determined
+by the B<-days> option. Any certificate extensions are retained unless
+the B<-clrext> option is supplied.
+
+If the input is a certificate request then a self signed certificate
+is created using the supplied private key using the subject name in
+the request.
+
+=item B<-clrext>
+
+delete any extensions from a certificate. This option is used when a
+certificate is being created from another certificate (for example with
+the B<-signkey> or the B<-CA> options). Normally all extensions are
+retained.
+
+=item B<-keyform PEM|DER>
+
+specifies the format (DER or PEM) of the private key file used in the
+B<-signkey> option.
+
+=item B<-days arg>
+
+specifies the number of days to make a certificate valid for. The default
+is 30 days.
+
+=item B<-x509toreq>
+
+converts a certificate into a certificate request. The B<-signkey> option
+is used to pass the required private key.
+
+=item B<-req>
+
+by default a certificate is expected on input. With this option a
+certificate request is expected instead.
+
+=item B<-CA filename>
+
+specifies the CA certificate to be used for signing. When this option is
+present B<x509> behaves like a "mini CA". The input file is signed by this
+CA using this option: that is its issuer name is set to the subject name
+of the CA and it is digitally signed using the CAs private key.
+
+This option is normally combined with the B<-req> option. Without the
+B<-req> option the input is a certificate which must be self signed.
+
+=item B<-CAkey filename>
+
+sets the CA private key to sign a certificate with. If this option is
+not specified then it is assumed that the CA private key is present in
+the CA certificate file.
+
+=item B<-CAserial filename>
+
+sets the CA serial number file to use.
+
+When the B<-CA> option is used to sign a certificate it uses a serial
+number specified in a file. This file consist of one line containing
+an even number of hex digits with the serial number to use. After each
+use the serial number is incremented and written out to the file again.
+
+The default filename consists of the CA certificate file base name with
+".srl" appended. For example if the CA certificate file is called
+"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+
+=item B<-CAcreateserial filename>
+
+with this option the CA serial number file is created if it does not exist:
+it will contain the serial number "02" and the certificate being signed will
+have the 1 as its serial number. Normally if the B<-CA> option is specified
+and the serial number file does not exist it is an error.
+
+=item B<-extfile filename>
+
+file containing certificate extensions to use. If not specified then
+no extensions are added to the certificate.
+
+=item B<-extensions section>
+
+the section to add certificate extensions from. If this option is not
+specified then the extensions should either be contained in the unnamed
+(default) section or the default section should contain a variable called
+"extensions" which contains the section to use.
+
+=back
+
+=head1 EXAMPLES
+
+Note: in these examples the '\' means the example should be all on one
+line.
+
+Display the contents of a certificate:
+
+ openssl x509 -in cert.pem -noout -text
+
+Display the certificate serial number:
+
+ openssl x509 -in cert.pem -noout -serial
+
+Display the certificate MD5 fingerprint:
+
+ openssl x509 -in cert.pem -noout -fingerprint
+
+Display the certificate SHA1 fingerprint:
+
+ openssl x509 -sha1 -in cert.pem -noout -fingerprint
+
+Convert a certificate from PEM to DER format:
+
+ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+
+Convert a certificate to a certificate request:
+
+ openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+
+Convert a certificate request into a self signed certificate using
+extensions for a CA:
+
+ openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
+ -signkey key.pem -out cacert.pem
+
+Sign a certificate request using the CA certificate above and add user
+certificate extensions:
+
+ openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
+ -CA cacert.pem -CAkey key.pem -CAcreateserial
+
+
+Set a certificate to be trusted for SSL client use and change set its alias to
+"Steve's Class 1 CA"
+
+ openssl x509 -in cert.pem -addtrust sslclient \
+ -alias "Steve's Class 1 CA" -out trust.pem
+
+=head1 NOTES
+
+The PEM format uses the header and footer lines:
+
+ -----BEGIN CERTIFICATE----
+ -----END CERTIFICATE----
+
+it will also handle files containing:
+
+ -----BEGIN X509 CERTIFICATE----
+ -----END X509 CERTIFICATE----
+
+Trusted certificates have the lines
+
+ -----BEGIN TRUSTED CERTIFICATE----
+ -----END TRUSTED CERTIFICATE----
+
+The B<-fingerprint> option takes the digest of the DER encoded certificate.
+This is commonly called a "fingerprint". Because of the nature of message
+digests the fingerprint of a certificate is unique to that certificate and
+two certificates with the same fingerprint can be considered to be the same.
+
+The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
+
+=head1 CERTIFICATE EXTENSIONS
+
+The B<-purpose> option checks the certificate extensions and determines
+what the certificate can be used for. The actual checks done are rather
+complex and include various hacks and workarounds to handle broken
+certificates and software.
+
+The same code is used when verifying untrusted certificates in chains
+so this section is useful if a chain is rejected by the verify code.
+
+The basicConstraints extension CA flag is used to determine whether the
+certificate can be used as a CA. If the CA flag is true then it is a CA,
+if the CA flag is false then it is not a CA. B<All> CAs should have the
+CA flag set to true.
+
+If the basicConstraints extension is absent then the certificate is
+considered to be a "possible CA" other extensions are checked according
+to the intended use of the certificate. A warning is given in this case
+because the certificate should really not be regarded as a CA: however
+it is allowed to be a CA to work around some broken software.
+
+If the certificate is a V1 certificate (and thus has no extensions) and
+it is self signed it is also assumed to be a CA but a warning is again
+given: this is to work around the problem of Verisign roots which are V1
+self signed certificates.
+
+If the keyUsage extension is present then additional restraints are
+made on the uses of the certificate. A CA certificate B<must> have the
+keyCertSign bit set if the keyUsage extension is present.
+
+The extended key usage extension places additional restrictions on the
+certificate uses. If this extension is present (whether critical or not)
+the key can only be used for the purposes specified.
+
+A complete description of each test is given below. The comments about
+basicConstraints and keyUsage and V1 certificates above apply to B<all>
+CA certificates.
+
+
+=over 4
+
+=item B<SSL Client>
+
+The extended key usage extension must be absent or include the "web client
+authentication" OID. keyUsage must be absent or it must have the
+digitalSignature bit set. Netscape certificate type must be absent or it must
+have the SSL client bit set.
+
+=item B<SSL Client CA>
+
+The extended key usage extension must be absent or include the "web client
+authentication" OID. Netscape certificate type must be absent or it must have
+the SSL CA bit set: this is used as a work around if the basicConstraints
+extension is absent.
+
+=item B<SSL Server>
+
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs. keyUsage must be absent or it
+must have the digitalSignature, the keyEncipherment set or both bits set.
+Netscape certificate type must be absent or have the SSL server bit set.
+
+=item B<SSL Server CA>
+
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs. Netscape certificate type must
+be absent or the SSL CA bit must be set: this is used as a work around if the
+basicConstraints extension is absent.
+
+=item B<Netscape SSL Server>
+
+For Netscape SSL clients to connect to an SSL server it must have the
+keyEncipherment bit set if the keyUsage extension is present. This isn't
+always valid because some cipher suites use the key for digital signing.
+Otherwise it is the same as a normal SSL server.
+
+=item B<Common S/MIME Client Tests>
+
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or should have the
+S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
+then the SSL client bit is tolerated as an alternative but a warning is shown:
+this is because some Verisign certificates don't set the S/MIME bit.
+
+=item B<S/MIME Signing>
+
+In addition to the common S/MIME client tests the digitalSignature bit must
+be set if the keyUsage extension is present.
+
+=item B<S/MIME Encryption>
+
+In addition to the common S/MIME tests the keyEncipherment bit must be set
+if the keyUsage extension is present.
+
+=item B<S/MIME CA>
+
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or must have the
+S/MIME CA bit set: this is used as a work around if the basicConstraints
+extension is absent.
+
+=item B<CRL Signing>
+
+The keyUsage extension must be absent or it must have the CRL signing bit
+set.
+
+=item B<CRL Signing CA>
+
+The normal CA tests apply. Except in this case the basicConstraints extension
+must be present.
+
+=back
+
+=head1 BUGS
+
+The way DNs are printed is in a "historical SSLeay" format which doesn't
+follow any published standard. It should follow some standard like RFC2253
+or RFC1779 with options to make the stuff more readable.
+
+Extensions in certificates are not transferred to certificate requests and
+vice versa.
+
+It is possible to produce invalid certificates or requests by specifying the
+wrong private key or using inconsistent options in some cases: these should
+be checked.
+
+There should be options to explicitly set such things as start and end
+dates rather than an offset from the current time.
+
+The code to implement the verify behaviour described in the B<TRUST SETTINGS>
+is currently being developed. It thus describes the intended behavior rather
+than the current behaviour. It is hoped that it will represent reality in
+OpenSSL 0.9.5 and later.
+
+=head1 SEE ALSO
+
+L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_CTX_new.pod b/lib/libssl/src/doc/crypto/BN_CTX_new.pod
new file mode 100644
index 00000000000..c94d8c610da
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_CTX_new.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_CTX *BN_CTX_new(void);
+
+ void BN_CTX_init(BN_CTX *c);
+
+ void BN_CTX_free(BN_CTX *c);
+
+=head1 DESCRIPTION
+
+A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by
+library functions. Since dynamic memory allocation to create B<BIGNUM>s
+is rather expensive when used in conjunction with repeated subroutine
+calls, the B<BN_CTX> structure is used.
+
+BN_CTX_new() allocates and initializes a B<BN_CTX>
+structure. BN_CTX_init() initializes an existing uninitialized
+B<BN_CTX>.
+
+BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
+created by BN_CTX_new(), also the structure itself.
+If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>,
+L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX>
+may be freed by BN_CTX_free().
+
+
+=head1 RETURN VALUES
+
+BN_CTX_new() returns a pointer to the B<BN_CTX>. If the allocation fails,
+it returns B<NULL> and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+BN_CTX_init() and BN_CTX_free() have no return values.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<BN_CTX_start(3)|BN_CTX_start(3)>
+
+=head1 HISTORY
+
+BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay
+and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_CTX_start.pod b/lib/libssl/src/doc/crypto/BN_CTX_start.pod
new file mode 100644
index 00000000000..c30552b1220
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_CTX_start.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ void BN_CTX_start(BN_CTX *ctx);
+
+ BIGNUM *BN_CTX_get(BN_CTX *ctx);
+
+ void BN_CTX_end(BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+These functions are used to obtain temporary B<BIGNUM> variables from
+a B<BN_CTX> in order to save the overhead of repeatedly creating and
+freeing B<BIGNUM>s in functions that are called from inside a loop.
+
+A function must call BN_CTX_start() first. Then, BN_CTX_get() may be
+called repeatedly to obtain temporary B<BIGNUM>s. All BN_CTX_get()
+calls must be made before calling any other functions that use the
+B<ctx> as an argument.
+
+Finally, BN_CTX_end() must be called before returning from the function.
+When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from
+BN_CTX_get() become invalid.
+
+=head1 RETURN VALUES
+
+BN_CTX_start() and BN_CTX_end() return no values.
+
+BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error.
+Once BN_CTX_get() has failed, the subsequent calls will return B<NULL>
+as well, so it is sufficient to check the return value of the last
+BN_CTX_get() call. In case of an error, an error code is set, which
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+
+=head1 SEE ALSO
+
+L<BN_CTX_new(3)|BN_CTX_new(3)>
+
+=head1 HISTORY
+
+BN_CTX_start(), BN_CTX_get() and BN_CTX_end() were added in OpenSSL 0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_add.pod b/lib/libssl/src/doc/crypto/BN_add.pod
new file mode 100644
index 00000000000..0541d456435
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_add.pod
@@ -0,0 +1,99 @@
+=pod
+
+=head1 NAME
+
+BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp,
+BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+ BN_CTX *ctx);
+
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_add() adds B<a> and B<b> and places the result in B<r> (C<r=a+b>).
+B<r> may be the same B<BIGNUM> as B<a> or B<b>.
+
+BN_sub() subtracts B<b> from B<a> and places the result in B<r> (C<r=a-b>).
+
+BN_mul() multiplies B<a> and B<b> and places the result in B<r> (C<r=a*b>).
+B<r> may be the same B<BIGNUM> as B<a> or B<b>.
+For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>.
+
+BN_div() divides B<a> by B<d> and places the result in B<dv> and the
+remainder in B<rem> (C<dv=a/d, rem=a%d>). Either of B<dv> and B<rem> may
+be NULL, in which case the respective value is not returned.
+For division by powers of 2, use BN_rshift(3).
+
+BN_sqr() takes the square of B<a> and places the result in B<r>
+(C<r=a^2>). B<r> and B<a> may be the same B<BIGNUM>.
+This function is faster than BN_mul(r,a,a).
+
+BN_mod() find the remainder of B<a> divided by B<m> and places it in
+B<rem> (C<rem=a%m>).
+
+BN_mod_mul() multiplies B<a> by B<b> and finds the remainder when
+divided by B<m> (C<r=(a*b)%m>). B<r> may be the same B<BIGNUM> as B<a>
+or B<b>. For a more efficient algorithm, see
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>; for repeated
+computations using the same modulus, see L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>.
+
+BN_exp() raises B<a> to the B<p>-th power and places the result in B<r>
+(C<r=a^p>). This function is faster than repeated applications of
+BN_mul().
+
+BN_mod_exp() computes B<a> to the B<p>-th power modulo B<m> (C<r=a^p %
+m>). This function uses less time and space than BN_exp().
+
+BN_gcd() computes the greatest common divisor of B<a> and B<b> and
+places the result in B<r>. B<r> may be the same B<BIGNUM> as B<a> or
+B<b>.
+
+For all functions, B<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>.
+
+Unless noted otherwise, the result B<BIGNUM> must be different from
+the arguments.
+
+=head1 RETURN VALUES
+
+For all functions, 1 is returned for success, 0 on error. The return
+value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+
+=head1 HISTORY
+
+BN_add(), BN_sub(), BN_div(), BN_sqr(), BN_mod(), BN_mod_mul(),
+BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and
+OpenSSL. The B<ctx> argument to BN_mul() was added in SSLeay
+0.9.1b. BN_exp() appeared in SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_add_word.pod b/lib/libssl/src/doc/crypto/BN_add_word.pod
new file mode 100644
index 00000000000..66bedfb9244
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_add_word.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic
+functions on BIGNUMs with integers
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+
+=head1 DESCRIPTION
+
+These functions perform arithmetic operations on BIGNUMs with unsigned
+integers. They are much more efficient than the normal BIGNUM
+arithmetic operations.
+
+BN_add_word() adds B<w> to B<a> (C<a+=w>).
+
+BN_sub_word() subtracts B<w> from B<a> (C<a-=w>).
+
+BN_mul_word() multiplies B<a> and B<w> (C<a*=b>).
+
+BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder.
+
+BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%m>).
+
+For BN_div_word() and BN_mod_word(), B<w> must not be 0.
+
+=head1 RETURN VALUES
+
+BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0
+on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+BN_mod_word() and BN_div_word() return B<a>%B<w>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+
+=head1 HISTORY
+
+BN_add_word() and BN_mod_word() are available in all versions of
+SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and
+BN_sub_word() and BN_mul_word() in SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_bn2bin.pod b/lib/libssl/src/doc/crypto/BN_bn2bin.pod
new file mode 100644
index 00000000000..05f9e628cc3
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_bn2bin.pod
@@ -0,0 +1,95 @@
+=pod
+
+=head1 NAME
+
+BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+
+=head1 DESCRIPTION
+
+BN_bn2bin() converts the absolute value of B<a> into big-endian form
+and stores it at B<to>. B<to> must point to BN_num_bytes(B<a>) bytes of
+memory.
+
+BN_bin2bn() converts the positive integer in big-endian form of length
+B<len> at B<s> into a B<BIGNUM> and places it in B<ret>. If B<ret> is
+NULL, a new B<BIGNUM> is created.
+
+BN_bn2hex() and BN_bn2dec() return printable strings containing the
+hexadecimal and decimal encoding of B<a> respectively. For negative
+numbers, the string is prefaced with a leading '-'. The string must be
+Free()d later.
+
+BN_hex2bn() converts the string B<str> containing a hexadecimal number
+to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
+B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
+length in hexadecimal digits. If the string starts with '-', the
+number is negative. BN_dec2bn() is the same using the decimal system.
+
+BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
+with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
+B<fp>.
+
+BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
+that consists of the number's length in bytes represented as a 3-byte
+big-endian number, and the number itself in big-endian format, where
+the most significant bit signals a negative number (the representation
+of numbers with the MSB set is prefixed with null byte).
+
+BN_bn2mpi() stores the representation of B<a> at B<to>, where B<to>
+must be large enough to hold the result. The size can be determined by
+calling BN_bn2mpi(B<a>, NULL).
+
+BN_mpi2bn() converts the B<len> bytes long representation at B<s> to
+a B<BIGNUM> and stores it at B<ret>, or in a newly allocated B<BIGNUM>
+if B<ret> is NULL.
+
+=head1 RETURN VALUES
+
+BN_bn2bin() returns the length of the big-endian number placed at B<to>.
+BN_bin2bn() returns the B<BIGNUM>, NULL on error.
+
+BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
+on error. BN_hex2bn() and BN_dec2bn() return the number's length in
+hexadecimal or decimal digits, and 0 on error.
+
+BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
+
+BN_bn2mpi() returns the length of the representation. BN_mpi2bn()
+returns the B<BIGNUM>, and NULL on error.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+L<BN_num_bytes(3)|BN_num_bytes(3)>
+
+=head1 HISTORY
+
+BN_bn2bin(), BN_bin2bn(), BN_print_fp() and BN_print() are available
+in all versions of SSLeay and OpenSSL.
+
+BN_bn2hex(), BN_bn2dec(), BN_hex2bn(), BN_dec2bn(), BN_bn2mpi() and
+BN_mpi2bn() were added in SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_cmp.pod b/lib/libssl/src/doc/crypto/BN_cmp.pod
new file mode 100644
index 00000000000..23e9ed0b4f9
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_cmp.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
+absolute values.
+
+BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
+or B<w> respectively. BN_is_odd() tests if a is odd.
+
+BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
+
+=head1 RETURN VALUES
+
+BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
+B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
+of B<a> and B<b>.
+
+BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
+the condition is true, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>
+
+=head1 HISTORY
+
+BN_cmp(), BN_ucmp(), BN_is_zero(), BN_is_one() and BN_is_word() are
+available in all versions of SSLeay and OpenSSL.
+BN_is_odd() was added in SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_copy.pod b/lib/libssl/src/doc/crypto/BN_copy.pod
new file mode 100644
index 00000000000..8ad25e7834f
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_copy.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+BN_copy, BN_dup - copy BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
+
+ BIGNUM *BN_dup(const BIGNUM *from);
+
+=head1 DESCRIPTION
+
+BN_copy() copies B<from> to B<to>. BN_dup() creates a new B<BIGNUM>
+containing the value B<from>.
+
+=head1 RETURN VALUES
+
+BN_copy() returns B<to> on success, NULL on error. BN_dup() returns
+the new B<BIGNUM>, and NULL on error. The error codes can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>
+
+=head1 HISTORY
+
+BN_copy() and BN_dup() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_generate_prime.pod b/lib/libssl/src/doc/crypto/BN_generate_prime.pod
new file mode 100644
index 00000000000..638f6514ee8
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_generate_prime.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+ BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+
+ int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
+ void *), BN_CTX *ctx, void *cb_arg);
+
+ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+ void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
+ int do_trial_division);
+
+=head1 DESCRIPTION
+
+BN_generate_prime() generates a pseudo-random prime number of B<num>
+bits.
+If B<ret> is not B<NULL>, it will be used to store the number.
+
+If B<callback> is not B<NULL>, it is called as follows:
+
+=over 4
+
+=item *
+
+B<callback(0, i, cb_arg)> is called after generating the i-th
+potential prime number.
+
+=item *
+
+While the number is being tested for primality, B<callback(1, j,
+cb_arg)> is called as described below.
+
+=item *
+
+When a prime has been found, B<callback(2, i, cb_arg)> is called.
+
+=back
+
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+
+If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add>
+== B<rem> (p % B<add> == 1 if B<rem> == B<NULL>) in order to suit a given
+generator.
+
+If B<safe> is true, it will be a safe prime (i.e. a prime p so
+that (p-1)/2 is also prime).
+
+The PRNG must be seeded prior to calling BN_generate_prime().
+The prime number generation has a negligible error probability.
+
+BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is
+prime. The following tests are performed until one of them shows that
+B<a> is composite; if B<a> passes all these tests, it is considered
+prime.
+
+BN_is_prime_fasttest(), when called with B<do_trial_division == 1>,
+first attempts trial division by a number of small primes;
+if no divisors are found by this test and B<callback> is not B<NULL>,
+B<callback(1, -1, cb_arg)> is called.
+If B<do_trial_division == 0>, this test is skipped.
+
+Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+probabilistic primality test with B<checks> iterations. If
+B<checks == BN_prime_check>, a number of iterations is used that
+yields a false positive rate of at most 2^-80 for random input.
+
+If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+after the j-th iteration (j = 0, 1, ...). B<ctx> is a
+pre-allocated B<BN_CTX> (to save the overhead of allocating and
+freeing the structure in a loop), or B<NULL>.
+
+=head1 RETURN VALUES
+
+BN_generate_prime() returns the prime number on success, B<NULL> otherwise.
+
+BN_is_prime() returns 0 if the number is composite, 1 if it is
+prime with an error probability of less than 0.25^B<checks>, and
+-1 on error.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+The B<cb_arg> arguments to BN_generate_prime() and to BN_is_prime()
+were added in SSLeay 0.9.0. The B<ret> argument to BN_generate_prime()
+was added in SSLeay 0.9.1.
+BN_is_prime_fasttest() was added in OpenSSL 0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_mod_inverse.pod b/lib/libssl/src/doc/crypto/BN_mod_inverse.pod
new file mode 100644
index 00000000000..49e62daf9f2
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_mod_inverse.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+BN_mod_inverse - compute inverse modulo n
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_mod_inverse() computes the inverse of B<a> modulo B<n>
+places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,
+a new B<BIGNUM> is created.
+
+B<ctx> is a previously allocated B<BN_CTX> used for temporary
+variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.
+
+=head1 RETURN VALUES
+
+BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and
+NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+
+=head1 HISTORY
+
+BN_mod_inverse() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod b/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod
new file mode 100644
index 00000000000..0f0c1375af2
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod
@@ -0,0 +1,95 @@
+=pod
+
+=head1 NAME
+
+BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
+BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+These functions implement Montgomery multiplication. They are used
+automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input,
+but they may be useful when several operations are to be performed
+using the same modulus.
+
+BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
+BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
+
+BN_MONT_CTX_set() sets up the B<mont> structure from the modulus B<m>
+by precomputing its inverse and a value R.
+
+BN_MONT_CTX_copy() copies the B<N_MONT_CTX> B<from> to B<to>.
+
+BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
+it was created by BN_MONT_CTX_new(), also the structure itself.
+
+BN_mod_mul_montgomery() computes Mont(B<a>,B<b>):=B<a>*B<b>*R^-1 and places
+the result in B<r>.
+
+BN_from_montgomery() performs the Montgomery reduction B<r> = B<a>*R^-1.
+
+BN_to_montgomery() computes Mont(B<a>,R^2).
+
+For all functions, B<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables.
+
+The B<BN_MONT_CTX> structure is defined as follows:
+
+ typedef struct bn_mont_ctx_st
+ {
+ int ri; /* number of bits in R */
+ BIGNUM RR; /* R^2 (used to convert to Montgomery form) */
+ BIGNUM N; /* The modulus */
+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
+ * (Ni is only stored for bignum algorithm) */
+ BN_ULONG n0; /* least significant word of Ni */
+ int flags;
+ } BN_MONT_CTX;
+
+BN_to_montgomery() is a macro.
+
+=head1 RETURN VALUES
+
+BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL
+on error.
+
+BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values.
+
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<BN_CTX_new(3)|BN_CTX_new(3)>
+
+=head1 HISTORY
+
+BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(),
+BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery()
+are available in all versions of SSLeay and OpenSSL.
+
+BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod b/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod
new file mode 100644
index 00000000000..32432ce4e68
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+BN_mod_mul_reciprocal, BN_RECP_CTX_new, BN_RECP_CTX_init,
+BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
+reciprocal
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+ BN_CTX *ctx);
+
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_mod_mul_reciprocal() can be used to perform an efficient
+L<BN_mod_mul(3)|BN_mod_mul(3)> operation when the operation will be performed
+repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m>
+using B<recp>=1/B<m>, which is set as described below. B<ctx> is a
+previously allocated B<BN_CTX> used for temporary variables.
+
+BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
+BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>.
+
+BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
+was created by BN_RECP_CTX_new(), also the structure itself.
+
+BN_RECP_CTX_set() stores B<m> in B<recp> and sets it up for computing
+1/B<m> and shifting it left by BN_num_bits(B<m>)+1 to make it an
+integer. The result and the number of bits it was shifted left will
+later be stored in B<recp>.
+
+BN_div_recp() divides B<a> by B<m> using B<recp>. It places the quotient
+in B<dv> and the remainder in B<rem>.
+
+The B<BN_RECP_CTX> structure is defined as follows:
+
+ typedef struct bn_recp_ctx_st
+ {
+ BIGNUM N; /* the divisor */
+ BIGNUM Nr; /* the reciprocal */
+ int num_bits;
+ int shift;
+ int flags;
+ } BN_RECP_CTX;
+
+It cannot be shared between threads.
+
+=head1 RETURN VALUES
+
+BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
+on error.
+
+BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values.
+
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<BN_CTX_new(3)|BN_CTX_new(3)>
+
+=head1 HISTORY
+
+B<BN_RECP_CTX> was added in SSLeay 0.9.0. Before that, the function
+BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal()
+arguments were different.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_new.pod b/lib/libssl/src/doc/crypto/BN_new.pod
new file mode 100644
index 00000000000..c1394ff2a37
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_new.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_new(void);
+
+ void BN_init(BIGNUM *);
+
+ void BN_clear(BIGNUM *a);
+
+ void BN_free(BIGNUM *a);
+
+ void BN_clear_free(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_new() allocated and initializes a B<BIGNUM> structure. BN_init()
+initializes an existing uninitialized B<BIGNUM>.
+
+BN_clear() is used to destroy sensitive data such as keys when they
+are no longer needed. It erases the memory used by B<a> and sets it
+to the value 0.
+
+BN_free() frees the components of the B<BIGNUM>, and if it was created
+by BN_new(), also the structure itself. BN_clear_free() additionally
+overwrites the data before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
+it returns B<NULL> and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+BN_init(), BN_clear(), BN_free() and BN_clear_free() have no return
+values.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>
+
+=head1 HISTORY
+
+BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in
+all versions on SSLeay and OpenSSL. BN_init() was added in SSLeay
+0.9.1b.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_num_bytes.pod b/lib/libssl/src/doc/crypto/BN_num_bytes.pod
new file mode 100644
index 00000000000..61589fb9aca
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_num_bytes.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_num_bytes(const BIGNUM *a);
+
+ int BN_num_bits(const BIGNUM *a);
+
+ int BN_num_bits_word(BN_ULONG w);
+
+=head1 DESCRIPTION
+
+These functions return the size of a B<BIGNUM> in bytes or bits,
+and the size of an unsigned integer in bits.
+
+BN_num_bytes() is a macro.
+
+=head1 RETURN VALUES
+
+The size.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>
+
+=head1 HISTORY
+
+BN_num_bytes(), BN_num_bits() and BN_num_bits_word() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_rand.pod b/lib/libssl/src/doc/crypto/BN_rand.pod
new file mode 100644
index 00000000000..33363c981f6
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_rand.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+BN_rand, BN_pseudo_rand - generate pseudo-random number
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+=head1 DESCRIPTION
+
+BN_rand() generates a cryptographically strong pseudo-random number of
+B<bits> bits in length and stores it in B<rnd>. If B<top> is true, the
+two most significant bits of the number will be set to 1, so that the
+product of two such random numbers will always have 2*B<bits> length.
+If B<bottom> is true, the number will be odd.
+
+BN_pseudo_rand() does the same, but pseudo-random numbers generated by
+this function are not necessarily unpredictable. They can be used for
+non-cryptographic purposes and for certain purposes in cryptographic
+protocols, but usually not for key generation etc.
+
+The PRNG must be seeded prior to calling BN_rand().
+
+=head1 RETURN VALUES
+
+BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+
+=head1 HISTORY
+
+BN_rand() is available in all versions of SSLeay and OpenSSL.
+BN_pseudo_rand() was added in OpenSSL 0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_set_bit.pod b/lib/libssl/src/doc/crypto/BN_set_bit.pod
new file mode 100644
index 00000000000..b7c47b9b015
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_set_bit.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+
+ int BN_is_bit_set(const BIGNUM *a, int n);
+
+ int BN_mask_bits(BIGNUM *a, int n);
+
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_set_bit() sets bit B<n> in B<a> to 1 (C<a|=(1E<lt>E<lt>n)>). The
+number is expanded if necessary.
+
+BN_clear_bit() sets bit B<n> in B<a> to 0 (C<a&=~(1E<lt>E<lt>n)>). An
+error occurs if B<a> is shorter than B<n> bits.
+
+BN_is_bit_set() tests if bit B<n> in B<a> is set.
+
+BN_mask_bits() truncates B<a> to an B<n> bit number
+(C<a&=~((~0)E<gt>E<gt>n)>). An error occurs if B<a> already is
+shorter than B<n> bits.
+
+BN_lshift() shifts B<a> left by B<n> bits and places the result in
+B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
+the result in B<r> (C<r=2*a>).
+
+BN_rshift() shifts B<a> right by B<n> bits and places the result in
+B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
+the result in B<r> (C<r=a/2>).
+
+For the shift functions, B<r> and B<a> may be the same variable.
+
+=head1 RETURN VALUES
+
+BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.
+
+All other functions return 1 for success, 0 on error. The error codes
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)>
+
+=head1 HISTORY
+
+BN_set_bit(), BN_clear_bit(), BN_is_bit_set(), BN_mask_bits(),
+BN_lshift(), BN_lshift1(), BN_rshift(), and BN_rshift1() are available
+in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/BN_zero.pod b/lib/libssl/src/doc/crypto/BN_zero.pod
new file mode 100644
index 00000000000..165fd9a228c
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/BN_zero.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+BN_zero, BN_one, BN_set_word, BN_get_word - BIGNUM assignment operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+
+ BIGNUM *BN_value_one(void);
+
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
+B<w> respectively. BN_zero() and BN_one() are macros.
+
+BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
+is useful for use in comparisons and assignment.
+
+BN_get_word() returns B<a>, if it can be represented as an unsigned
+long.
+
+=head1 RETURN VALUES
+
+BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
+be represented as an unsigned long.
+
+BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
+BN_value_one() returns the constant.
+
+=head1 BUGS
+
+Someone might change the constant.
+
+If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
+unsigned long but this value is also returned on error.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+
+=head1 HISTORY
+
+BN_zero(), BN_one() and BN_set_word() are available in all versions of
+SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in
+SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod b/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod
new file mode 100644
index 00000000000..1bd5bed67d7
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data functions
+
+=head1 SYNOPSIS
+
+ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
+
+ void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+
+These functions should only be used by applications to manipulate
+B<CRYPTO_EX_DATA> structures passed to the B<new_func()>, B<free_func()> and
+B<dup_func()> callbacks: as passed to B<RSA_get_ex_new_index()> for example.
+
+B<CRYPTO_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+application.
+
+B<CRYPTO_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<CRYPTO_set_ex_data()> call.
+
+=head1 RETURN VALUES
+
+B<CRYPTO_set_ex_data()> returns 1 on success or 0 on failure.
+
+B<CRYPTO_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+parameter.
+
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>
+
+=head1 HISTORY
+
+CRYPTO_set_ex_data() and CRYPTO_get_ex_data() have been available since SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DH_generate_key.pod b/lib/libssl/src/doc/crypto/DH_generate_key.pod
new file mode 100644
index 00000000000..920995b2e5a
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DH_generate_key.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_generate_key(DH *dh);
+
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+=head1 DESCRIPTION
+
+DH_generate_key() performs the first step of a Diffie-Hellman key
+exchange by generating private and public DH values. By calling
+DH_compute_key(), these are combined with the other party's public
+value to compute the shared key.
+
+DH_generate_key() expects B<dh> to contain the shared parameters
+B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
+unless B<dh-E<gt>priv_key> is already set, and computes the
+corresponding public value B<dh-E<gt>pub_key>, which can then be
+published.
+
+DH_compute_key() computes the shared secret from the private DH value
+in B<dh> and the other party's public value in B<pub_key> and stores
+it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+
+=head1 RETURN VALUES
+
+DH_generate_key() returns 1 on success, 0 otherwise.
+
+DH_compute_key() returns the size of the shared secret on success, -1
+on error.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+
+=head1 HISTORY
+
+DH_generate_key() and DH_compute_key() are available in all versions
+of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DH_generate_parameters.pod b/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
new file mode 100644
index 00000000000..a7d0c75f0cb
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback)(int, int, void *), void *cb_arg);
+
+ int DH_check(DH *dh, int *codes);
+
+=head1 DESCRIPTION
+
+DH_generate_parameters() generates Diffie-Hellman parameters that can
+be shared among a group of users, and returns them in a newly
+allocated B<DH> structure. The pseudo-random number generator must be
+seeded prior to calling DH_generate_parameters().
+
+B<prime_len> is the length in bits of the safe prime to be generated.
+B<generator> is a small number E<gt> 1, typically 2 or 5.
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
+number is generated, and when a prime has been found, B<callback(3,
+0, cb_arg)> is called.
+
+DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
+a safe prime, and that B<g> is a suitable generator. In the case of an
+error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
+DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
+DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
+checked, i.e. it does not equal 2 or 5.
+
+=head1 RETURN VALUES
+
+DH_generate_parameters() returns a pointer to the DH structure, or
+NULL if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+DH_check() returns 1 if the check could be performed, 0 otherwise.
+
+=head1 NOTES
+
+DH_generate_parameters() may run for several hours before finding a
+suitable prime.
+
+The parameters generated by DH_generate_parameters() are not to be
+used in signature schemes.
+
+=head1 BUGS
+
+If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
+a usable generator.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+
+=head1 HISTORY
+
+DH_check() is available in all versions of SSLeay and OpenSSL.
+The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
+
+In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
+instead of DH_CHECK_P_NOT_SAFE_PRIME.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod b/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod
new file mode 100644
index 00000000000..82e2548bcdf
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+
+ int DH_set_ex_data(DH *d, int idx, void *arg);
+
+ char *DH_get_ex_data(DH *d, int idx);
+
+=head1 DESCRIPTION
+
+These functions handle application specific data in DH
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
+
+=head1 HISTORY
+
+DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
+available since OpenSSL 0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DH_new.pod b/lib/libssl/src/doc/crypto/DH_new.pod
new file mode 100644
index 00000000000..64624b9d156
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DH_new.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+DH_new, DH_free - allocate and free DH objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH* DH_new(void);
+
+ void DH_free(DH *dh);
+
+=head1 DESCRIPTION
+
+DH_new() allocates and initializes a B<DH> structure.
+
+DH_free() frees the B<DH> structure and its components. The values are
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DH_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+DH_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_generate_key(3)|DH_generate_key(3)>
+
+=head1 HISTORY
+
+DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DH_set_method.pod b/lib/libssl/src/doc/crypto/DH_set_method.pod
new file mode 100644
index 00000000000..dca41d8dbc8
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DH_set_method.pod
@@ -0,0 +1,99 @@
+=pod
+
+=head1 NAME
+
+DH_set_default_method, DH_get_default_method, DH_set_method,
+DH_new_method, DH_OpenSSL - select DH method
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ void DH_set_default_method(DH_METHOD *meth);
+
+ DH_METHOD *DH_get_default_method(void);
+
+ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+
+ DH *DH_new_method(DH_METHOD *meth);
+
+ DH_METHOD *DH_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used.
+
+Initially, the default is to use the OpenSSL internal implementation.
+DH_OpenSSL() returns a pointer to that method.
+
+DH_set_default_method() makes B<meth> the default method for all B<DH>
+structures created later.
+
+DH_get_default_method() returns a pointer to the current default
+method.
+
+DH_set_method() selects B<meth> for all operations using the structure B<dh>.
+
+DH_get_method() returns a pointer to the method currently selected
+for B<dh>.
+
+DH_new_method() allocates and initializes a B<DH> structure so that
+B<method> will be used for the DH operations. If B<method> is B<NULL>,
+the default method is used.
+
+=head1 THE DH_METHOD STRUCTURE
+
+ typedef struct dh_meth_st
+ {
+ /* name of the implementation */
+ const char *name;
+
+ /* generate private and public DH values for key agreement */
+ int (*generate_key)(DH *dh);
+
+ /* compute shared secret */
+ int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+ /* compute r = a ^ p mod m. May be NULL */
+ int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+
+ /* called at DH_new */
+ int (*init)(DH *dh);
+
+ /* called at DH_free */
+ int (*finish)(DH *dh);
+
+ int flags;
+
+ char *app_data; /* ?? */
+
+ } DH_METHOD;
+
+=head1 RETURN VALUES
+
+DH_OpenSSL(), DH_get_default_method() and DH_get_method() return
+pointers to the respective B<DH_METHOD>s.
+
+DH_set_default_method() returns no value.
+
+DH_set_method() returns a pointer to the B<DH_METHOD> previously
+associated with B<dh>.
+
+DH_new_method() returns B<NULL> and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
+
+=head1 HISTORY
+
+DH_set_default_method(), DH_get_default_method(), DH_set_method(),
+DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DH_size.pod b/lib/libssl/src/doc/crypto/DH_size.pod
new file mode 100644
index 00000000000..97f26fda785
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DH_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+DH_size - get Diffie-Hellman prime size
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_size(DH *dh);
+
+=head1 DESCRIPTION
+
+This function returns the Diffie-Hellman size in bytes. It can be used
+to determine how much memory must be allocated for the shared secret
+computed by DH_compute_key().
+
+B<dh-E<gt>p> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
+
+=head1 HISTORY
+
+DH_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_SIG_new.pod b/lib/libssl/src/doc/crypto/DSA_SIG_new.pod
new file mode 100644
index 00000000000..671655554a5
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_SIG_new.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_SIG_new(void);
+
+ void DSA_SIG_free(DSA_SIG *a);
+
+=head1 DESCRIPTION
+
+DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
+
+DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
+values are erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
+error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_SIG_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+
+=head1 HISTORY
+
+DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_do_sign.pod b/lib/libssl/src/doc/crypto/DSA_do_sign.pod
new file mode 100644
index 00000000000..a24fd5714ef
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_do_sign.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+DSA_do_sign, DSA_do_verify - raw DSA signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_do_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and returns it in a
+newly allocated B<DSA_SIG> structure.
+
+L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
+of the signing operation in case signature generation is
+time-critical.
+
+DSA_do_verify() verifies that the signature B<sig> matches a given
+message digest B<dgst> of size B<len>. B<dsa> is the signer's public
+key.
+
+=head1 RETURN VALUES
+
+DSA_do_sign() returns the signature, NULL on error. DSA_do_verify()
+returns 1 for a valid signature, 0 for an incorrect signature and -1
+on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+L<DSA_sign(3)|DSA_sign(3)>
+
+=head1 HISTORY
+
+DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_dup_DH.pod b/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
new file mode 100644
index 00000000000..29cb1075d11
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DSA_dup_DH - create a DH structure out of DSA structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DH * DSA_dup_DH(DSA *r);
+
+=head1 DESCRIPTION
+
+DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
+is lost during that conversion, but the resulting DH parameters
+contain its length.
+
+=head1 RETURN VALUE
+
+DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTE
+
+Be careful to avoid small subgroup attacks when using this.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+
+=head1 HISTORY
+
+DSA_dup_DH() was added in OpenSSL 0.9.4.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_generate_key.pod b/lib/libssl/src/doc/crypto/DSA_generate_key.pod
new file mode 100644
index 00000000000..52890db5be2
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_generate_key.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_key - generate DSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_generate_key(DSA *a);
+
+=head1 DESCRIPTION
+
+DSA_generate_key() expects B<a> to contain DSA parameters. It generates
+a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
+
+The PRNG must be seeded prior to calling DSA_generate_key().
+
+=head1 RETURN VALUE
+
+DSA_generate_key() returns 1 on success, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+
+=head1 HISTORY
+
+DSA_generate_key() is available since SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_generate_parameters.pod b/lib/libssl/src/doc/crypto/DSA_generate_parameters.pod
new file mode 100644
index 00000000000..43f60b0eb95
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_generate_parameters.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_parameters - generate DSA parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed,
+ int seed_len, int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *), void *cb_arg);
+
+=head1 DESCRIPTION
+
+DSA_generate_parameters() generates primes p and q and a generator g
+for use in the DSA.
+
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.
+
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.
+
+DSA_generate_parameters() places the iteration count in
+*B<counter_ret> and a counter used for finding a generator in
+*B<h_ret>, unless these are B<NULL>.
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as follows:
+
+=over 4
+
+=item *
+
+When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
+(m is 0 for the first candidate).
+
+=item *
+
+When a candidate for q has passed a test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
+
+=item *
+
+When a prime q has been found, B<callback(2, 0, cb_arg)> and
+B<callback(3, 0, cb_arg)> are called.
+
+=item *
+
+Before a candidate for p (other than the first) is generated and tested,
+B<callback(0, counter, cb_arg)> is called.
+
+=item *
+
+When a candidate for p has passed the test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While it is tested by the Miller-Rabin primality test,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
+
+=item *
+
+When p has been found, B<callback(2, 1, cb_arg)> is called.
+
+=item *
+
+When the generator has been found, B<callback(3, 1, cb_arg)> is called.
+
+=back
+
+=head1 RETURN VALUE
+
+DSA_generate_parameters() returns a pointer to the DSA structure, or
+B<NULL> if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+Seed lengths E<gt> 20 are not supported.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<DSA_free(3)|DSA_free(3)>
+
+=head1 HISTORY
+
+DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
+argument was added in SSLeay 0.9.0.
+In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
+in the inner loop of the Miller-Rabin test whenever it reached the
+squaring step (the parameters to B<callback> did not reveal how many
+witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
+is called as in BN_is_prime(3), i.e. once for each witness.
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod b/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod
new file mode 100644
index 00000000000..4612e708ecc
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/DSA.h>
+
+ int DSA_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+
+ int DSA_set_ex_data(DSA *d, int idx, void *arg);
+
+ char *DSA_get_ex_data(DSA *d, int idx);
+
+=head1 DESCRIPTION
+
+These functions handle application specific data in DSA
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
+
+=head1 HISTORY
+
+DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
+available since OpenSSL 0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_new.pod b/lib/libssl/src/doc/crypto/DSA_new.pod
new file mode 100644
index 00000000000..7dde54445b7
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_new.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+DSA_new, DSA_free - allocate and free DSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA* DSA_new(void);
+
+ void DSA_free(DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_new() allocates and initializes a B<DSA> structure.
+
+DSA_free() frees the B<DSA> structure and its components. The values are
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_new() returns B<NULL> and sets an error
+code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>
+
+=head1 HISTORY
+
+DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_set_method.pod b/lib/libssl/src/doc/crypto/DSA_set_method.pod
new file mode 100644
index 00000000000..0b13ec9237c
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_set_method.pod
@@ -0,0 +1,111 @@
+=pod
+
+=head1 NAME
+
+DSA_set_default_method, DSA_get_default_method, DSA_set_method,
+DSA_new_method, DSA_OpenSSL - select RSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/DSA.h>
+
+ void DSA_set_default_method(DSA_METHOD *meth);
+
+ DSA_METHOD *DSA_get_default_method(void);
+
+ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+
+ DSA *DSA_new_method(DSA_METHOD *meth);
+
+ DSA_METHOD *DSA_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used.
+
+Initially, the default is to use the OpenSSL internal implementation.
+DSA_OpenSSL() returns a pointer to that method.
+
+DSA_set_default_method() makes B<meth> the default method for all B<DSA>
+structures created later.
+
+DSA_get_default_method() returns a pointer to the current default
+method.
+
+DSA_set_method() selects B<meth> for all operations using the structure B<DSA>.
+
+DSA_get_method() returns a pointer to the method currently selected
+for B<DSA>.
+
+DSA_new_method() allocates and initializes a B<DSA> structure so that
+B<method> will be used for the DSA operations. If B<method> is B<NULL>,
+the default method is used.
+
+=head1 THE DSA_METHOD STRUCTURE
+
+struct
+ {
+ /* name of the implementation */
+ const char *name;
+
+ /* sign */
+ DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+
+ /* pre-compute k^-1 and r */
+ int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+
+ /* verify */
+ int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+ /* compute rr = a1^p1 * a2^p2 mod m. May be NULL */
+ int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
+
+ /* compute r = a ^ p mod m. May be NULL */
+ int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+ /* called at DSA_new */
+ int (*init)(DSA *DSA);
+
+ /* called at DSA_free */
+ int (*finish)(DSA *DSA);
+
+ int flags;
+
+ char *app_data; /* ?? */
+
+ } DSA_METHOD;
+
+=head1 RETURN VALUES
+
+DSA_OpenSSL(), DSA_get_default_method() and DSA_get_method() return
+pointers to the respective B<DSA_METHOD>s.
+
+DSA_set_default_method() returns no value.
+
+DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
+associated with B<dsa>.
+
+DSA_new_method() returns B<NULL> and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
+fails. Otherwise it returns a pointer to the newly allocated
+structure.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
+
+=head1 HISTORY
+
+DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
+DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_sign.pod b/lib/libssl/src/doc/crypto/DSA_sign.pod
new file mode 100644
index 00000000000..f6e60a8ca32
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_sign.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_sign(int type, const unsigned char *dgst, int len,
+ unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+
+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+ BIGNUM **rp);
+
+ int DSA_verify(int type, const unsigned char *dgst, int len,
+ unsigned char *sigbuf, int siglen, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
+encoding at B<sigret>. The length of the signature is places in
+*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
+
+DSA_sign_setup() may be used to precompute part of the signing
+operation in case signature generation is time-critical. It expects
+B<dsa> to contain DSA parameters. It places the precomputed values
+in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
+the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
+be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
+B<ctx> is a pre-allocated B<BN_CTX> or NULL.
+
+DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<dgst> of size B<len>.
+B<dsa> is the signer's public key.
+
+The B<type> parameter is ignored.
+
+The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
+is called.
+
+=head1 RETURN VALUES
+
+DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
+DSA_verify() returns 1 for a valid signature, 0 for an incorrect
+signature and -1 on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
+
+=head1 HISTORY
+
+DSA_sign() and DSA_verify() are available in all versions of SSLeay.
+DSA_sign_setup() was added in SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/DSA_size.pod b/lib/libssl/src/doc/crypto/DSA_size.pod
new file mode 100644
index 00000000000..23b6320a4d4
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/DSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+DSA_size - get DSA signature size
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_size(DSA *dsa);
+
+=head1 DESCRIPTION
+
+This function returns the size of an ASN.1 encoded DSA signature in
+bytes. It can be used to determine how much memory must be allocated
+for a DSA signature.
+
+B<dsa-E<gt>q> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
+
+=head1 HISTORY
+
+DSA_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod b/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod
new file mode 100644
index 00000000000..2a129da036c
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
+reason code
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ int ERR_GET_LIB(unsigned long e);
+
+ int ERR_GET_FUNC(unsigned long e);
+
+ int ERR_GET_REASON(unsigned long e);
+
+=head1 DESCRIPTION
+
+The error code returned by ERR_get_error() consists of a library
+number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
+and ERR_GET_REASON() can be used to extract these.
+
+The library number and function code describe where the error
+occurred, the reason code is the information about what went wrong.
+
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library. Note that different
+libraries may use the same value to signal different functions and
+reasons.
+
+B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
+unique. However, when checking for sub-library specific reason codes,
+be sure to also compare the library number.
+
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
+
+=head1 RETURN VALUES
+
+The library number, function code and reason code respectively.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_clear_error.pod b/lib/libssl/src/doc/crypto/ERR_clear_error.pod
new file mode 100644
index 00000000000..566e1f4e317
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_clear_error.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+ERR_clear_error - clear the error queue
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_clear_error(void);
+
+=head1 DESCRIPTION
+
+ERR_clear_error() empties the current thread's error queue.
+
+=head1 RETURN VALUES
+
+ERR_clear_error() has no return value.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_error_string.pod b/lib/libssl/src/doc/crypto/ERR_error_string.pod
new file mode 100644
index 00000000000..0d2417599cd
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_error_string.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+ERR_error_string - obtain human-readable error message
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ char *ERR_error_string(unsigned long e, char *buf);
+
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+
+=head1 DESCRIPTION
+
+ERR_error_string() generates a human-readable string representing the
+error code B<e>, and places it at B<buf>. B<buf> must be at least 120
+bytes long. If B<buf> is B<NULL>, the error string is placed in a
+static buffer.
+
+The string will have the following format:
+
+ error:[error code]:[library name]:[function name]:[reason string]
+
+I<error code> is an 8 digit hexadecimal number, I<library name>,
+I<function name> and I<reason string> are ASCII text.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the library name, function
+name and reason string respectively.
+
+The OpenSSL error strings should be loaded by calling
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
+applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+first.
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
+all error codes currently in the queue.
+
+=head1 RETURN VALUES
+
+ERR_error_string() returns a pointer to a static buffer containing the
+string if B<buf == NULL>, B<buf> otherwise.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the strings, and B<NULL> if
+none is registered for the error code.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+L<ERR_print_errors(3)|ERR_print_errors(3)>
+
+=head1 HISTORY
+
+ERR_error_string() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_get_error.pod b/lib/libssl/src/doc/crypto/ERR_get_error.pod
new file mode 100644
index 00000000000..75ece00d976
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_get_error.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+ERR_get_error, ERR_peek_error - obtain error code
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+
+=head1 DESCRIPTION
+
+ERR_get_error() returns the last error code from the thread's error
+queue and removes the entry. This function can be called repeatedly
+until there are no more error codes to return.
+
+ERR_peek_error() returns the last error code from the thread's
+error queue without modifying it.
+
+See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
+location and reason of the error, and
+L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
+messages.
+
+ERR_get_error_line() and ERR_peek_error_line() are the same as the
+above, but they additionally store the file name and line number where
+the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
+
+ERR_get_error_line_data() and ERR_peek_error_line_data() store
+additional data and flags associated with the error code in *B<data>
+and *B<flags>, unless these are B<NULL>. *B<data> contains a string
+if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by Malloc(),
+*B<flags>&B<ERR_TXT_MALLOCED> is true.
+
+=head1 RETURN VALUES
+
+The error code, or 0 if there is no error in the queue.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
+
+=head1 HISTORY
+
+ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
+ERR_peek_error_line() are available in all versions of SSLeay and
+OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
+were added in SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod b/lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod
new file mode 100644
index 00000000000..9bdec75a463
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
+load and free error strings
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+
+ #include <openssl/ssl.h>
+
+ void SSL_load_error_strings(void);
+
+=head1 DESCRIPTION
+
+ERR_load_crypto_strings() registers the error strings for all
+B<libcrypto> functions. SSL_load_error_strings() does the same,
+but also registers the B<libssl> error strings.
+
+One of these functions should be called before generating
+textual error messages. However, this is not required when memory
+usage is an issue.
+
+ERR_free_strings() frees all previously loaded error strings.
+
+=head1 RETURN VALUES
+
+ERR_load_crypto_strings(), SSL_load_error_strings() and
+ERR_free_strings() return no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
+
+=head1 HISTORY
+
+ERR_load_error_strings(), SSL_load_error_strings() and
+ERR_free_strings() are available in all versions of SSLeay and
+OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_load_strings.pod b/lib/libssl/src/doc/crypto/ERR_load_strings.pod
new file mode 100644
index 00000000000..5acdd0edbc5
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_load_strings.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
+arbitrary error strings
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+
+ int ERR_get_next_error_library(void);
+
+ unsigned long ERR_PACK(int lib, int func, int reason);
+
+=head1 DESCRIPTION
+
+ERR_load_strings() registers error strings for library number B<lib>.
+
+B<str> is an array of error string data:
+
+ typedef struct ERR_string_data_st
+ {
+ unsigned long error;
+ char *string;
+ } ERR_STRING_DATA;
+
+The error code is generated from the library number and a function and
+reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
+ERR_PACK() is a macro.
+
+The last entry in the array is {0,0}.
+
+ERR_get_next_error_library() can be used to assign library numbers
+to user libraries at runtime.
+
+=head1 RETURN VALUE
+
+ERR_load_strings() returns no value. ERR_PACK() return the error code.
+ERR_get_next_error_library() returns a new library number.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+=head1 HISTORY
+
+ERR_load_error_strings() and ERR_PACK() are available in all versions
+of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
+SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_print_errors.pod b/lib/libssl/src/doc/crypto/ERR_print_errors.pod
new file mode 100644
index 00000000000..b100a5fa2b3
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_print_errors.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+ERR_print_errors, ERR_print_errors_fp - print error messages
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+
+=head1 DESCRIPTION
+
+ERR_print_errors() is a convenience function that prints the error
+strings for all errors that OpenSSL has recorded to B<bp>, thus
+emptying the error queue.
+
+ERR_print_errors_fp() is the same, except that the output goes to a
+B<FILE>.
+
+
+The error strings will have the following format:
+
+ [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+
+I<error code> is an 8 digit hexadecimal number. I<library name>,
+I<function name> and I<reason string> are ASCII text, as is I<optional
+text message> if one was set for the respective error code.
+
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+=head1 RETURN VALUES
+
+ERR_print_errors() and ERR_print_errors_fp() return no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+
+=head1 HISTORY
+
+ERR_print_errors() and ERR_print_errors_fp()
+are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_put_error.pod b/lib/libssl/src/doc/crypto/ERR_put_error.pod
new file mode 100644
index 00000000000..acd241fbe47
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_put_error.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+ERR_put_error, ERR_add_error_data - record an error
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+ int line);
+
+ void ERR_add_error_data(int num, ...);
+
+=head1 DESCRIPTION
+
+ERR_put_error() adds an error code to the thread's error queue. It
+signals that the error of reason code B<reason> occurred in function
+B<func> of library B<lib>, in line number B<line> of B<file>.
+This function is usually called by a macro.
+
+ERR_add_error_data() associates the concatenation of its B<num> string
+arguments with the error code added last.
+
+L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
+error strings so that the application can a generate human-readable
+error messages for the error code.
+
+=head1 RETURN VALUES
+
+ERR_put_error() and ERR_add_error_data() return
+no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+=head1 HISTORY
+
+ERR_put_error() is available in all versions of SSLeay and OpenSSL.
+ERR_add_error_data() was added in SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ERR_remove_state.pod b/lib/libssl/src/doc/crypto/ERR_remove_state.pod
new file mode 100644
index 00000000000..ebcdc0f5a5b
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ERR_remove_state.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+ERR_remove_state - free a thread's error queue
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_remove_state(unsigned long pid);
+
+=head1 DESCRIPTION
+
+ERR_remove_state() frees the error queue associated with thread B<pid>.
+If B<pid> == 0, the current thread will have its error queue removed.
+
+Since error queue data structures are allocated automatically for new
+threads, they must be freed when threads are terminated in oder to
+avoid memory leaks.
+
+=head1 RETURN VALUE
+
+ERR_remove_state() returns no value.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>
+
+=head1 HISTORY
+
+ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
new file mode 100644
index 00000000000..345b1ddfa79
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -0,0 +1,197 @@
+=pod
+
+=head1 NAME
+
+EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+
+ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
+
+ #define EVP_MD_type(e) ((e)->type)
+ #define EVP_MD_pkey_type(e) ((e)->pkey_type)
+ #define EVP_MD_size(e) ((e)->md_size)
+ #define EVP_MD_block_size(e) ((e)->block_size)
+
+ #define EVP_MD_CTX_md(e) (e)->digest)
+ #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
+ #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
+ #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
+
+ EVP_MD *EVP_md_null(void);
+ EVP_MD *EVP_md2(void);
+ EVP_MD *EVP_md5(void);
+ EVP_MD *EVP_sha(void);
+ EVP_MD *EVP_sha1(void);
+ EVP_MD *EVP_dss(void);
+ EVP_MD *EVP_dss1(void);
+ EVP_MD *EVP_mdc2(void);
+ EVP_MD *EVP_ripemd160(void);
+
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+ #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+
+=head1 DESCRIPTION
+
+The EVP digest routines are a high level interface to message digests.
+
+EVP_DigestInit() initialises a digest context B<ctx> to use a digest
+B<type>: this will typically be supplied by a function such as
+EVP_sha1().
+
+EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+digest context B<ctx>. This funtion can be called several times on the
+same B<ctx> to hash additional data.
+
+EVP_DigestFinal() retrieves the digest value from B<ctx> and places
+it in B<md>. If the B<s> parameter is not NULL then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
+After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate()
+can be made, but EVP_DigestInit() can be called to initialiase a new
+digest operation.
+
+EVP_MD_CTX_copy() can be used to copy the message digest state from
+B<in> to B<out>. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes.
+
+EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
+when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
+hash.
+
+EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
+message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
+
+EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
+representing the given message digest when passed an B<EVP_MD> structure.
+For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
+normally used when setting ASN1 OIDs.
+
+EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
+B<EVP_MD_CTX>.
+
+EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
+with this digest. For example EVP_sha1() is associated with RSA so this will
+return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
+algorithms may not be retained in future versions of OpenSSL.
+
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
+algorithms respectively. The associated signature algorithm is RSA in each case.
+
+EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
+algorithms but using DSS (DSA) for the signature algorithm.
+
+EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return an B<EVP_MD> structure when passed a digest name, a digest NID or
+an ASN1_OBJECT structure respectively. The digest table must be initialised
+using, for example, OpenSSL_add_all_digests() for these functions to work.
+
+=head1 RETURN VALUES
+
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values.
+
+EVP_MD_CTX_copy() returns 1 if successful or 0 for failure.
+
+EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
+size in bytes.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+corresponding EVP_MD structures.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return either an B<EVP_MD> structure or NULL if an error occurs.
+
+=head1 NOTES
+
+The B<EVP> interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+
+SHA1 is the digest of choice for new applications. The other digest algorithms
+are still in common use.
+
+=head1 EXAMPLE
+
+This example digests the data "Test Message\n" and "Hello World\n", using the
+digest name passed on the command line.
+
+ #include <stdio.h>
+ #include <openssl/evp.h>
+
+ main(int argc, char *argv[])
+ {
+ EVP_MD_CTX mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+
+ OpenSSL_add_all_digests();
+
+ if(!argv[1]) {
+ printf("Usage: mdtest digestname\n");
+ exit(1);
+ }
+
+ md = EVP_get_digestbyname(argv[1]);
+
+ if(!md) {
+ printf("Unknown message digest %s\n", argv[1]);
+ exit(1);
+ }
+
+ EVP_DigestInit(&mdctx, md);
+ EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal(&mdctx, md_value, &md_len);
+
+ printf("Digest is: ");
+ for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
+ printf("\n");
+ }
+
+=head1 BUGS
+
+Several of the functions do not return values: maybe they should. Although the
+internal digest operations will never fail some future hardware based operations
+might.
+
+The link between digests and signing algorithms results in a situation where
+EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
+even though they are identical digests.
+
+The size of an B<EVP_MD_CTX> structure is determined at compile time: this results
+in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+
+=head1 HISTORY
+
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
+available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
new file mode 100644
index 00000000000..77ed4ccdba2
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -0,0 +1,224 @@
+=pod
+
+=head1 NAME
+
+EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char *key, unsigned char *iv);
+ void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl);
+
+ void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char *key, unsigned char *iv);
+ void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+ int *outl);
+
+ void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char *key, unsigned char *iv, int enc);
+ void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+ int *outl);
+
+ void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+ #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+ #define EVP_CIPHER_nid(e) ((e)->nid)
+ #define EVP_CIPHER_block_size(e) ((e)->block_size)
+ #define EVP_CIPHER_key_length(e) ((e)->key_len)
+ #define EVP_CIPHER_iv_length(e) ((e)->iv_len)
+
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+ #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher)
+ #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid)
+ #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size)
+ #define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len)
+ #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len)
+ #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+=head1 DESCRIPTION
+
+The EVP cipher routines are a high level interface to certain
+symmetric ciphers.
+
+EVP_EncryptInit() initialises a cipher context B<ctx> for encryption
+with cipher B<type>. B<type> is normally supplied by a function such
+as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the
+IV to use (if necessary), the actual number of bytes used for the
+key and IV depends on the cipher. It is possible to set all parameters
+to NULL except B<type> in an initial call and supply the remaining
+parameters in subsequent calls. This is normally done when the
+EVP_CIPHER_asn1_to_param() function is called to set the cipher
+parameters from an ASN1 AlgorithmIdentifier and the key from a
+different source.
+
+EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
+writes the encrypted version to B<out>. This function can be called
+multiple times to encrypt successive blocks of data. The amount
+of data written depends on the block alignment of the encrypted data:
+as a result the amount of data written may be anything from zero bytes
+to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
+room. The actual number of bytes written is placed in B<outl>.
+
+EVP_EncryptFinal() encrypts the "final" data, that is any data that
+remains in a partial block. It uses L<standard block padding|/NOTES> (aka PKCS
+padding). The encrypted final data is written to B<out> which should
+have sufficient space for one cipher block. The number of bytes written
+is placed in B<outl>. After this function is called the encryption operation
+is finished and no further calls to EVP_EncryptUpdate() should be made.
+
+EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the
+corresponding decryption operations. EVP_DecryptFinal() will return an
+error code if the final block is not correctly formatted. The parameters
+and restrictions are identical to the encryption operations except that
+the decrypted data buffer B<out> passed to EVP_DecryptUpdate() should
+have sufficient room for (B<inl> + cipher_block_size) bytes unless the
+cipher block size is 1 in which case B<inl> bytes is sufficient.
+
+EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions
+that can be used for decryption or encryption. The operation performed
+depends on the value of the B<enc> parameter. It should be set to 1 for
+encryption and 0 for decryption.
+
+EVP_CIPHER_CTX_cleanup() clears all information from a cipher context.
+It should be called after all operations using a cipher are complete
+so sensitive information does not remain in memory.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an EVP_CIPHER structure when passed a cipher name, a NID or an
+ASN1_OBJECT structure.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
+passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The actual NID
+value is an internal value which may not have a corresponding OBJECT
+IDENTIFIER.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
+for all ciphers.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
+It will return zero if the cipher does not use an IV. The constant
+B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
+length for all ciphers.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
+cipher or context. This "type" is the actual NID of the cipher OBJECT
+IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
+128 bit RC2 have the same NID. If the cipher does not have an object
+identifier or does not have ASN1 support this function will return
+B<NID_undef>.
+
+EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
+an B<EVP_CIPHER_CTX> structure.
+
+EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
+on the passed cipher. This will typically include any parameters and an
+IV. The cipher IV (if any) must be set when this call is made. This call
+should be made before the cipher is actually "used" (before any
+EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
+may fail if the cipher does not have any ASN1 support.
+
+EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
+AlgorithmIdentifier "parameter". The precise effect depends on the cipher
+In the case of RC2, for example, it will set the IV and effective key length.
+This function should be called after the base cipher type is set but before
+the key is set. For example EVP_CipherInit() will be called with the IV and
+key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
+EVP_CipherInit() again with all parameters except the key set to NULL. It is
+possible for this function to fail if the cipher does not have any ASN1 support
+or the parameters cannot be set (for example the RC2 effective key length
+does not have an B<EVP_CIPHER> structure).
+
+=head1 RETURN VALUES
+
+EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() do not return
+values.
+
+EVP_DecryptInit() and EVP_DecryptUpdate() do not return values.
+EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
+
+EVP_CipherInit() and EVP_CipherUpdate() do not return values.
+EVP_CipherFinal() returns 1 for a decryption failure or 1 for success, if
+the operation is encryption then it always returns 1.
+
+EVP_CIPHER_CTX_cleanup() does not return a value.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an B<EVP_CIPHER> structure or NULL on error.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length or zero if the cipher does not use an IV.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
+OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
+
+EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
+
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for
+success or zero for failure.
+
+=head1 NOTES
+
+Where possible the B<EVP> interface to symmetric ciphers should be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the cipher used and much more flexible.
+
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
+length of the encrypted data a multiple of the block size. Padding is always
+added so if the data is already a multiple of the block size B<n> will equal
+the block size. For example if the block size is 8 and 11 bytes are to be
+encrypted then 5 padding bytes of value 5 will be added.
+
+When decrypting the final block is checked to see if it has the correct form.
+
+Although the decryption operation can produce an error, it is not a strong
+test that the input data or key is correct. A random block has better than
+1 in 256 chance of being of the correct format and problems with the
+input data earlier on will not produce a final decrypt error.
+
+=head1 BUGS
+
+The current B<EVP> cipher interface is not as flexible as it should be. Only
+certain "spot" encryption algorithms can be used for ciphers which have various
+parameters associated with them (RC2, RC5 for example) this is inadequate.
+
+Several of the functions do not return error codes because the software versions
+can never fail. This is not true of hardware versions.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod
new file mode 100644
index 00000000000..b0b1058d196
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number
+
+=head1 SYNOPSIS
+
+ #include <openssl/opensslv.h>
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+
+ #include <openssl/crypto.h>
+ long SSLeay(void);
+
+=head1 DESCRIPTION
+
+OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+
+ MMNNFFRBB major minor fix final beta/patch
+
+for example
+
+ 0x000904100 == 0.9.4 release
+ 0x000905000 == 0.9.5 dev
+
+Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
+
+SSLeay() returns this number. The return value can be compared to the
+macro to make sure that the correct version of the library has been
+loaded, especially when using DLLs on Windows systems.
+
+=head1 RETURN VALUE
+
+The version number.
+
+=head1 SEE ALSO
+
+L<crypto(3)|crypto(3)>
+
+=head1 HISTORY
+
+SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
+OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod b/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
new file mode 100644
index 00000000000..1300fe190c7
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+OpenSSL_add_all_algorithms() - add algorithms to internal table
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+
+ void EVP_cleanup(void);
+
+=head1 DESCRIPTION
+
+OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
+this table to lookup ciphers via functions such as EVP_get_cipher_byname().
+
+OpenSSL_add_all_digests() adds all digest algorithms to the table.
+
+OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
+ciphers).
+
+OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
+password based encryption algorithms.
+
+EVP_cleanup() removes all ciphers and digests from the table.
+
+=head1 RETURN VALUES
+
+None of the functions return a value.
+
+=head1 NOTES
+
+A typical application will will call OpenSSL_add_all_algorithms() initially and
+EVP_cleanup() before exiting.
+
+An application does not need to add algorithms to use them explicitly, for example
+by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
+needs to lookup algorithms.
+
+The cipher and digest lookup functions are used in many parts of the library. If
+the table is not initialised several functions will misbehave and complain they
+cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
+This is a common query in the OpenSSL mailing lists.
+
+Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
+statically linked executable can be quite large. If this is important it is possible
+to just add the required ciphers and digests.
+
+=head1 BUGS
+
+Although the functions do not return error codes it is possible for them to fail.
+This will only happen as a result of a memory allocation failure so this is not
+too much of a problem in practice.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RAND_add.pod b/lib/libssl/src/doc/crypto/RAND_add.pod
new file mode 100644
index 00000000000..0a13ec2a92b
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RAND_add.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_seed(const void *buf, int num);
+
+ void RAND_add(const void *buf, int num, double entropy);
+
+ int RAND_status(void);
+
+ void RAND_screen(void);
+
+=head1 DESCRIPTION
+
+RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
+if the data at B<buf> are unpredictable to an adversary, this
+increases the uncertainty about the state and makes the PRNG output
+less predictable. Suitable input comes from user interaction (random
+key presses, mouse movements) and certain hardware events. The
+B<entropy> argument is (the lower bound of) an estimate of how much
+randomness is contained in B<buf>, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. RFC 1750.
+
+RAND_add() may be called with sensitive data such as user entered
+passwords. The seed values cannot be recovered from the PRNG output.
+
+OpenSSL makes sure that the PRNG state is unique for each thread. On
+systems that provide C</dev/urandom>, the randomness device is used
+to seed the PRNG transparently. However, on all other systems, the
+application is responsible for seeding the PRNG by calling RAND_add(),
+L<RAND_egd(3)|RAND_egd(3)>
+or L<RAND_load_file(3)|RAND_load_file(3)>.
+
+RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+
+The RAND_screen() function is available for the convenience of Windows
+programmers. It adds the current contents of the screen to the PRNG.
+For applications that can catch Windows events, seeding the PRNG with
+the parameters of B<WM_MOUSEMOVE> events is a significantly better
+source of randomness. It should be noted that both methods cannot be
+used on servers that run without user interaction.
+
+=head1 RETURN VALUES
+
+RAND_status() returns 1 if the PRNG has been seeded with enough data,
+0 otherwise.
+
+The other functions do not return values.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_seed() and RAND_screen() are available in all versions of SSLeay
+and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
+0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RAND_bytes.pod b/lib/libssl/src/doc/crypto/RAND_bytes.pod
new file mode 100644
index 00000000000..b6ebd505278
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RAND_bytes.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+RAND_bytes, RAND_pseudo_bytes - generate random data
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_bytes(unsigned char *buf, int num);
+
+ int RAND_pseudo_bytes(unsigned char *buf, int num);
+
+=head1 DESCRIPTION
+
+RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
+into B<buf>. An error occurs if the PRNG has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+
+RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
+Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
+
+=head1 RETURN VALUES
+
+RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
+bytes generated are cryptographically strong, 0 otherwise. Both
+functions return -1 if they are not supported by the current RAND
+method.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+
+=head1 HISTORY
+
+RAND_bytes() is available in all versions of SSLeay and OpenSSL. It
+has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
+in OpenSSL 0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RAND_cleanup.pod b/lib/libssl/src/doc/crypto/RAND_cleanup.pod
new file mode 100644
index 00000000000..3a8f0749a8d
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RAND_cleanup.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+RAND_cleanup - erase the PRNG state
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_cleanup(void);
+
+=head1 DESCRIPTION
+
+RAND_cleanup() erases the memory used by the PRNG.
+
+=head1 RETURN VALUE
+
+RAND_cleanup() returns no value.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RAND_egd.pod b/lib/libssl/src/doc/crypto/RAND_egd.pod
new file mode 100644
index 00000000000..a40bd961988
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RAND_egd.pod
@@ -0,0 +1,38 @@
+=pod
+
+=head1 NAME
+
+RAND_egd - query entropy gathering daemon
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_egd(const char *path);
+
+=head1 DESCRIPTION
+
+RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
+
+EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
+Makefile.PL; make; make install> to install). It is run as B<egd>
+I<path>, where I<path> is an absolute path designating a socket. When
+RAND_egd() is called with that path as an argument, it tries to read
+random bytes that EGD has collected. The read is performed in
+non-blocking mode.
+
+=head1 RETURN VALUE
+
+RAND_egd() returns the number of bytes read from the daemon on
+success, and -1 if the connection failed or the daemon did not return
+enough data to fully seed the PRNG.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_egd() is available since OpenSSL 0.9.5.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RAND_load_file.pod b/lib/libssl/src/doc/crypto/RAND_load_file.pod
new file mode 100644
index 00000000000..8dd700ca3d4
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RAND_load_file.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ const char *RAND_file_name(char *buf, int num);
+
+ int RAND_load_file(const char *filename, long max_bytes);
+
+ int RAND_write_file(const char *filename);
+
+=head1 DESCRIPTION
+
+RAND_file_name() generates a default path for the random seed
+file. B<buf> points to a buffer of size B<num> in which to store the
+filename. The seed file is $RANDFILE if that environment variable is
+set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
+too small for the path name, an error occurs.
+
+RAND_load_file() reads a number of bytes from file B<filename> and
+adds them to the PRNG. If B<max_bytes> is non-negative,
+up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
+if B<max_bytes> is -1, the complete file is read.
+
+RAND_write_file() writes a number of random bytes (currently 1024) to
+file B<filename> which can be used to initialize the PRNG by calling
+RAND_load_file() in a later session.
+
+=head1 RETURN VALUES
+
+RAND_load_file() returns the number of bytes read.
+
+RAND_write_file() returns the number of bytes written, and -1 if the
+bytes written were generated without appropriate seed.
+
+RAND_file_name() returns a pointer to B<buf> on success, and NULL on
+error.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
new file mode 100644
index 00000000000..466e9b8767b
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_set_rand_method(RAND_METHOD *meth);
+
+ RAND_METHOD *RAND_get_rand_method(void);
+
+ RAND_METHOD *RAND_SSLeay(void);
+
+=head1 DESCRIPTION
+
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random
+number generation. By modifying the method, alternative
+implementations such as hardware RNGs may be used. Initially, the
+default is to use the OpenSSL internal implementation. RAND_SSLeay()
+returns a pointer to that method.
+
+RAND_set_rand_method() sets the RAND method to B<meth>.
+RAND_get_rand_method() returns a pointer to the current method.
+
+=head1 THE RAND_METHOD STRUCTURE
+
+ typedef struct rand_meth_st
+ {
+ void (*seed)(const void *buf, int num);
+ int (*bytes)(unsigned char *buf, int num);
+ void (*cleanup)(void);
+ void (*add)(const void *buf, int num, int entropy);
+ int (*pseudorand)(unsigned char *buf, int num);
+ } RAND_METHOD;
+
+The components point to the implementation of RAND_seed(),
+RAND_bytes(), RAND_cleanup(), RAND_add() and RAND_pseudo_rand().
+Each component may be NULL if the function is not implemented.
+
+=head1 RETURN VALUES
+
+RAND_set_rand_method() returns no value. RAND_get_rand_method() and
+RAND_SSLeay() return pointers to the respective methods.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
+available in all versions of OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_blinding_on.pod b/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
new file mode 100644
index 00000000000..fd2c69abd86
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_blinding_on.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+
+ void RSA_blinding_off(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA is vulnerable to timing attacks. In a setup where attackers can
+measure the time of RSA decryption or signature operations, blinding
+must be used to protect the RSA operation from that attack.
+
+RSA_blinding_on() turns blinding on for key B<rsa> and generates a
+random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
+initialized B<BN_CTX>. The random number generator must be seeded
+prior to calling RSA_blinding_on().
+
+RSA_blinding_off() turns blinding off and frees the memory used for
+the blinding factor.
+
+=head1 RETURN VALUES
+
+RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
+
+RSA_blinding_off() returns no value.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_check_key.pod b/lib/libssl/src/doc/crypto/RSA_check_key.pod
new file mode 100644
index 00000000000..79fed753ade
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_check_key.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+RSA_check_key - validate private RSA keys
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_check_key(RSA *rsa);
+
+=head1 DESCRIPTION
+
+This function validates RSA keys. It checks that B<p> and B<q> are
+in fact prime, and that B<n = p*q>.
+
+It also checks that B<d*e = 1 mod (p-1*q-1)>,
+and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+
+The key's public components may not be B<NULL>.
+
+=head1 RETURN VALUE
+
+RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
+-1 is returned if an error occurs while checking the key.
+
+If the key is invalid or an error occurred, the reason code can be
+obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+
+=head1 HISTORY
+
+RSA_check() appeared in OpenSSL 0.9.4.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_generate_key.pod b/lib/libssl/src/doc/crypto/RSA_generate_key.pod
new file mode 100644
index 00000000000..fdaddbcb13c
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_generate_key.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+RSA_generate_key - generate RSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA *RSA_generate_key(int num, unsigned long e,
+ void (*callback)(int,int,void *), void *cb_arg);
+
+=head1 DESCRIPTION
+
+RSA_generate_key() generates a key pair and returns it in a newly
+allocated B<RSA> structure. The pseudo-random number generator must
+be seeded prior to calling RSA_generate_key().
+
+The modulus size will be B<num> bits, and the public exponent will be
+B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+The exponent is an odd number, typically 3 or 65535.
+
+A callback function may be used to provide feedback about the
+progress of the key generation. If B<callback> is not B<NULL>, it
+will be called as follows:
+
+=over 4
+
+=item *
+
+While a random prime number is generated, it is called as
+described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
+
+=item *
+
+When the n-th randomly generated prime is rejected as not
+suitable for the key, B<callback(2, n, cb_arg)> is called.
+
+=item *
+
+When a random p has been found with p-1 relatively prime to B<e>,
+it is called as B<callback(3, 0, cb_arg)>.
+
+=back
+
+The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
+
+=head1 RETURN VALUE
+
+If key generation fails, RSA_generate_key() returns B<NULL>; the
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+B<callback(2, x, cb_arg)> is used with two different meanings.
+
+RSA_generate_key() goes into an infinite loop for illegal input values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+
+=head1 HISTORY
+
+The B<cb_arg> argument was added in SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod b/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
new file mode 100644
index 00000000000..920dc76325a
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
@@ -0,0 +1,122 @@
+=pod
+
+=head1 NAME
+
+RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+
+ int RSA_set_ex_data(RSA *r, int idx, void *arg);
+
+ void *RSA_get_ex_data(RSA *r, int idx);
+
+ int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+
+ void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+
+ int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+ int idx, long argl, void *argp);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+This has several potential uses, it can be used to cache data associated with
+a structure (for example the hash of some part of the structure) or some
+additional data (for example a handle to the data in an external library).
+
+Since the application data can be anything at all it is passed and retrieved
+as a B<void *> type.
+
+The B<RSA_get_ex_new_index()> function is initially called to "register" some
+new application specific data. It takes three optional function pointers which
+are called when the parent structure (in this case an RSA structure) is
+initially created, when it is copied and when it is freed up. If any or all of
+these function pointer arguments are not used they should be set to NULL. The
+precise manner in which these function pointers are called is described in more
+detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
+parameters which will be passed to the supplied functions but which otherwise
+have no special meaning. It returns an B<index> which should be stored
+(typically in a static variable) and passed used in the B<idx> parameter in
+the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
+will return an index greater than any previously returned, this is important
+because the optional functions are called in order of increasing index value.
+
+B<RSA_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+application.
+
+B<RSA_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<RSA_set_ex_data()> call.
+
+B<new_func()> is called when a structure is initially allocated (for example
+with B<RSA_new()>. The parent structure members will not have any meaningful
+values at this point. This function will typically be used to allocate any
+application specific structure.
+
+B<free_func()> is called when a structure is being freed up. The dynamic parent
+structure members should not be accessed because they will be freed up when
+this function is called.
+
+B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
+pointer to the parent RSA structure. B<ptr> is a the application specific data
+(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
+B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
+B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
+it. The B<idx> parameter is the index: this will be the same value returned by
+B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
+the B<argl> and B<argp> parameters are the values originally passed to the same
+corresponding parameters when B<RSA_get_ex_new_index()> was called.
+
+B<dup_func()> is called when a structure is being copied. Pointers to the
+destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
+B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
+the source application data when the function is called, when the function returns
+the value is copied to the destination: the application can thus modify the data
+pointed to by B<from_d> and have different values in the source and destination.
+The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
+and B<free_func()>.
+
+=head1 RETURN VALUES
+
+B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
+index value).
+
+B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
+
+B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+parameter.
+
+B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
+
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+B<dup_func()> is currently never called.
+
+The return value of B<new_func()> is ignored.
+
+The B<new_func()> function isn't very useful because no meaningful values are
+present in the parent RSA structure when it is called.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+
+=head1 HISTORY
+
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
+available since SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_new.pod b/lib/libssl/src/doc/crypto/RSA_new.pod
new file mode 100644
index 00000000000..f16490ea6a1
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_new.pod
@@ -0,0 +1,38 @@
+=pod
+
+=head1 NAME
+
+RSA_new, RSA_free - allocate and free RSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA * RSA_new(void);
+
+ void RSA_free(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_new() allocates and initializes an B<RSA> structure.
+
+RSA_free() frees the B<RSA> structure and its components. The key is
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, RSA_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+RSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)>
+
+=head1 HISTORY
+
+RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
new file mode 100644
index 00000000000..b8f678fe729
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -0,0 +1,124 @@
+=pod
+
+=head1 NAME
+
+RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
+padding
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+ unsigned char *f, int fl, unsigned char *p, int pl);
+
+ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+
+ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+
+ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_none(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+
+ int RSA_padding_check_none(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+
+=head1 DESCRIPTION
+
+The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
+decrypt, sign and verify functions. Normally they should not be called
+from application programs.
+
+However, they can also be called directly to implement padding for other
+asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
+RSA_padding_check_PKCS1_OAEP() may be used in an application combined
+with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
+parameter.
+
+RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
+B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
+does not meet the size requirements of the encoding method.
+
+The following encoding methods are implemented:
+
+=over 4
+
+=item PKCS1_type_1
+
+PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
+
+=item PKCS1_type_2
+
+PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
+
+=item PKCS1_OAEP
+
+PKCS #1 v2.0 EME-OAEP
+
+=item SSLv23
+
+PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
+
+=item none
+
+simply copy the data
+
+=back
+
+The random number generator must be seeded prior to calling
+RSA_padding_add_xxx().
+
+RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
+a valid encoding for a B<rsa_len> byte RSA key in the respective
+encoding method and stores the recovered data of at most B<tlen> bytes
+(for B<RSA_NO_PADDING>: of size B<tlen>)
+at B<to>.
+
+For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
+of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
+
+=head1 RETURN VALUES
+
+The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
+The RSA_padding_check_xxx() functions return the length of the
+recovered data, -1 on error. Error codes can be obtained by calling
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
+RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
+RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
+RSA_padding_add_none() and RSA_padding_check_none() appeared in
+SSLeay 0.9.0.
+
+RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
+added in OpenSSL 0.9.2b.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_print.pod b/lib/libssl/src/doc/crypto/RSA_print.pod
new file mode 100644
index 00000000000..dd968a5274e
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_print.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp - print
+cryptographic parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+ #include <openssl/dsa.h>
+
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
+
+ #include <openssl/dh.h>
+
+ int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
+
+=head1 DESCRIPTION
+
+A human-readable hexadecimal output of the components of the RSA
+key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
+
+The output lines are indented by B<offset> spaces.
+
+=head1 RETURN VALUES
+
+These functions return 1 on success, 0 on error.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+
+=head1 HISTORY
+
+RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
+DH_print_fp() are available in all versions of SSLeay and OpenSSL.
+DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod b/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod
new file mode 100644
index 00000000000..6861a98a109
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+These functions handle RSA signatures at a low level.
+
+RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
+message digest with an algorithm identifier) using the private key
+B<rsa> and stores the signature in B<to>. B<to> must point to
+B<RSA_size(rsa)> bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This function does not handle the
+B<algorithmIdentifier> specified in PKCS #1. When generating or
+verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
+used.
+
+=item RSA_NO_PADDING
+
+Raw RSA signature. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Signing user data directly with RSA is insecure.
+
+=back
+
+RSA_public_decrypt() recovers the message digest from the B<flen>
+bytes long signature at B<from> using the signer's public key
+B<rsa>. B<to> must point to a memory section large enough to hold the
+message digest (which is smaller than B<RSA_size(rsa) -
+11>). B<padding> is the padding mode that was used to sign the data.
+
+=head1 RETURN VALUES
+
+RSA_private_encrypt() returns the size of the signature (i.e.,
+RSA_size(rsa)). RSA_public_decrypt() returns the size of the
+recovered message digest.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod b/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
new file mode 100644
index 00000000000..910c4752b8d
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
@@ -0,0 +1,86 @@
+=pod
+
+=head1 NAME
+
+RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_public_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_private_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
+session key) using the public key B<rsa> and stores the ciphertext in
+B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This currently is the most widely used mode.
+
+=item RSA_PKCS1_OAEP_PADDING
+
+EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
+encoding parameter. This mode is recommended for all new applications.
+
+=item RSA_SSLV23_PADDING
+
+PKCS #1 v1.5 padding with an SSL-specific modification that denotes
+that the server is SSL3 capable.
+
+=item RSA_NO_PADDING
+
+Raw RSA encryption. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Encrypting user data directly with RSA is insecure.
+
+=back
+
+B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
+based padding modes, and less than RSA_size(B<rsa>) - 21 for
+RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded
+prior to calling RSA_public_encrypt().
+
+RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
+private key B<rsa> and stores the plaintext in B<to>. B<to> must point
+to a memory section large enough to hold the decrypted data (which is
+smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
+was used to encrypt the data.
+
+=head1 RETURN VALUES
+
+RSA_public_encrypt() returns the size of the encrypted data (i.e.,
+RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
+recovered plaintext.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+
+=head1 NOTES
+
+The L<RSA_PKCS1_RSAref(3)|RSA_PKCS1_RSAref(3)> method supports only the RSA_PKCS1_PADDING mode.
+
+=head1 HISTORY
+
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_set_method.pod b/lib/libssl/src/doc/crypto/RSA_set_method.pod
new file mode 100644
index 00000000000..deb1183a235
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_set_method.pod
@@ -0,0 +1,153 @@
+=pod
+
+=head1 NAME
+
+RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref,
+RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ void RSA_set_default_method(RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_default_method(void);
+
+ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_method(RSA *rsa);
+
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+
+ RSA_METHOD *RSA_PKCS1_RSAref(void);
+
+ RSA_METHOD *RSA_null_method(void);
+
+ int RSA_flags(RSA *rsa);
+
+ RSA *RSA_new_method(RSA_METHOD *method);
+
+=head1 DESCRIPTION
+
+An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used.
+
+Initially, the default is to use the OpenSSL internal implementation,
+unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL>
+options. RSA_PKCS1_SSLeay() returns a pointer to that method.
+
+RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref
+library. This is the default method in the C<rsaref> configuration;
+the function is not available in other configurations.
+RSA_null_method() returns a pointer to a method that does not support
+the RSA transformation. It is the default if OpenSSL is compiled with
+C<-DRSA_NULL>. These methods may be useful in the USA because of a
+patent on the RSA cryptosystem.
+
+RSA_set_default_method() makes B<meth> the default method for all B<RSA>
+structures created later.
+
+RSA_get_default_method() returns a pointer to the current default
+method.
+
+RSA_set_method() selects B<meth> for all operations using the key
+B<rsa>.
+
+RSA_get_method() returns a pointer to the method currently selected
+for B<rsa>.
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+
+RSA_new_method() allocates and initializes an B<RSA> structure so that
+B<method> will be used for the RSA operations. If B<method> is B<NULL>,
+the default method is used.
+
+=head1 THE RSA_METHOD STRUCTURE
+
+ typedef struct rsa_meth_st
+ {
+ /* name of the implementation */
+ const char *name;
+
+ /* encrypt */
+ int (*rsa_pub_enc)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+ /* verify arbitrary data */
+ int (*rsa_pub_dec)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+ /* sign arbitrary data */
+ int (*rsa_priv_enc)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+ /* decrypt */
+ int (*rsa_priv_dec)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+ /* compute r0 = r0 ^ I mod rsa->n. May be NULL */
+ int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+
+ /* compute r = a ^ p mod m. May be NULL */
+ int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+ /* called at RSA_new */
+ int (*init)(RSA *rsa);
+
+ /* called at RSA_free */
+ int (*finish)(RSA *rsa);
+
+ /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key
+ * operations, even if p,q,dmp1,dmq1,iqmp
+ * are NULL
+ * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify
+ * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+ */
+ int flags;
+
+ char *app_data; /* ?? */
+
+ /* sign. For backward compatibility, this is used only
+ * if (flags & RSA_FLAG_SIGN_VER)
+ */
+ int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+ /* verify. For backward compatibility, this is used only
+ * if (flags & RSA_FLAG_SIGN_VER)
+ */
+ int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+ } RSA_METHOD;
+
+=head1 RETURN VALUES
+
+RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
+RSA_get_default_method() and RSA_get_method() return pointers to the
+respective B<RSA_METHOD>s.
+
+RSA_set_default_method() returns no value.
+
+RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
+associated with B<rsa>.
+
+RSA_new_method() returns B<NULL> and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
+
+=head1 HISTORY
+
+RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
+RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
+well as the rsa_sign and rsa_verify components of RSA_METHOD were
+added in OpenSSL 0.9.4.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_sign.pod b/lib/libssl/src/doc/crypto/RSA_sign.pod
new file mode 100644
index 00000000000..f0bf6eea1b3
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_sign.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+RSA_sign, RSA_verify - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign() signs the message digest B<m> of size B<m_len> using the
+private key B<rsa> as specified in PKCS #1 v2.0. It stores the
+signature in B<sigret> and the signature size in B<siglen>. B<sigret>
+must point to RSA_size(B<rsa>) bytes of memory.
+
+B<type> denotes the message digest algorithm that was used to generate
+B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
+see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
+an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
+and no algorithm identifier) is created.
+
+RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<m> of size B<m_len>. B<type> denotes
+the message digest algorithm that was used to generate the signature.
+B<rsa> is the signer's public key.
+
+=head1 RETURN VALUES
+
+RSA_sign() returns 1 on success, 0 otherwise. RSA_verify() returns 1
+on successful verification, 0 otherwise.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+Certain signatures with an improper algorithm identifier are accepted
+for compatibility with SSLeay 0.4.5 :-)
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
+
+=head1 HISTORY
+
+RSA_sign() and RSA_verify() are available in all versions of SSLeay
+and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
new file mode 100644
index 00000000000..df9ceb339a6
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+ RSA *rsa);
+
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+ RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
+B<m_len> using the private key B<rsa> represented in DER using PKCS #1
+padding. It stores the signature in B<sigret> and the signature size
+in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
+memory.
+
+B<dummy> is ignored.
+
+The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
+
+RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
+of size B<siglen> is the DER representation of a given octet string
+B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
+public key.
+
+=head1 RETURN VALUES
+
+RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
+RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
+otherwise.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+These functions serve no recognizable purpose.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
+added in SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/RSA_size.pod b/lib/libssl/src/doc/crypto/RSA_size.pod
new file mode 100644
index 00000000000..b36b4d58d54
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/RSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+RSA_size - get RSA modulus size
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_size(RSA *rsa);
+
+=head1 DESCRIPTION
+
+This function returns the RSA modulus size in bytes. It can be used to
+determine how much memory must be allocated for an RSA encrypted
+value.
+
+B<rsa-E<gt>n> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>
+
+=head1 HISTORY
+
+RSA_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/blowfish.pod b/lib/libssl/src/doc/crypto/blowfish.pod
new file mode 100644
index 00000000000..e8c7114311b
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/blowfish.pod
@@ -0,0 +1,106 @@
+=pod
+
+=head1 NAME
+
+blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/blowfish.h>
+
+ void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+ void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+ void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+
+ void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ BF_KEY *key, int enc);
+ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, BF_KEY *schedule, unsigned char *ivec, int enc);
+ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, BF_KEY *schedule, unsigned char *ivec, int *num,
+ int enc);
+ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, BF_KEY *schedule, unsigned char *ivec, int *num);
+ const char *BF_options(void);
+
+=head1 DESCRIPTION
+
+This library implements the Blowfish cipher, which is invented and described
+by Counterpane (see http://www.counterpane.com/blowfish/ ).
+
+Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+It uses a variable size key, but typically, 128 bit (16 byte) keys are
+a considered good for strong encryption. Blowfish can be used in the same
+modes as DES (see L<des_modes(7)|des_modes(7)>). Blowfish is currently one
+of the faster block ciphers. It is quite a bit faster than DES, and much
+faster than IDEA or RC2.
+
+Blowfish consists of a key setup phase and the actual encryption or decryption
+phase.
+
+BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
+at B<data>.
+
+BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
+encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
+B<data>, using the key B<key>. These functions should not be used unless you
+implement 'modes' of Blowfish.
+
+BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
+It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
+putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by
+B<in> and B<out> must be 64 bits in length, no less. If they are larger,
+everything after the first 64 bits is ignored.
+
+The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
+all operate on variable length data. They all take an initialisation vector
+B<ivec> which must be initially filled with zeros, but then just need to be
+passed along into the next call of the same function for the same message.
+BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while
+BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+number of bytes (the amount does not have to be an exact multiple of 8). The
+purpose of the latter two is to simulate stream ciphers, and therefore, they
+need the parameter B<num>, which is a pointer to an integer where the current
+offset in B<ivec> is stored between calls. This integer must be initialised
+to zero when B<ivec> is filled with zeros.
+
+BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It
+encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
+putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or
+decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte
+long initialisation vector, which must be initially filled with zeros.
+
+BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
+It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
+putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an
+8 byte long initialisation vector, which must be initially filled with zeros.
+B<num> must point at an integer which must be initially zero.
+
+BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
+It uses the same parameters as BF_cfb64_encrypt(), which must be initialised
+the same way.
+
+=head1 RETURN VALUES
+
+None of the functions presented here return any value.
+
+=head1 NOTE
+
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling the
+blowfish functions directly.
+
+=head1 SEE ALSO
+
+L<des_modes(7)|des_modes(7)>
+
+=head1 HISTORY
+
+The Blowfish functions are available in all versions of SSLeay and OpenSSL.
+
+=cut
+
diff --git a/lib/libssl/src/doc/crypto/bn.pod b/lib/libssl/src/doc/crypto/bn.pod
new file mode 100644
index 00000000000..1504a1c92df
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/bn.pod
@@ -0,0 +1,148 @@
+=pod
+
+=head1 NAME
+
+bn - multiprecision integer arithmetics
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_new(void);
+ void BN_free(BIGNUM *a);
+ void BN_init(BIGNUM *);
+ void BN_clear(BIGNUM *a);
+ void BN_clear_free(BIGNUM *a);
+
+ BN_CTX *BN_CTX_new(void);
+ void BN_CTX_init(BN_CTX *c);
+ void BN_CTX_free(BN_CTX *c);
+
+ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+ BIGNUM *BN_dup(const BIGNUM *a);
+
+ int BN_num_bytes(const BIGNUM *a);
+ int BN_num_bits(const BIGNUM *a);
+ int BN_num_bits_word(BN_ULONG w);
+
+ int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+ BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+ BIGNUM *BN_value_one(void);
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+ BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+ int BN_is_prime(const BIGNUM *p, int nchecks,
+ void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+ int BN_is_bit_set(const BIGNUM *a, int n);
+ int BN_mask_bits(BIGNUM *a, int n);
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx);
+
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+
+
+=head1 DESCRIPTION
+
+This library performs arithmetic operations on integers of arbitrary
+size. It was written for use in public key cryptography, such as RSA
+and Diffie-Hellman.
+
+It uses dynamic memory allocation for storing its data structures.
+That means that there is no limit on the size of the numbers
+manipulated by these functions, but return values must always be
+checked in case a memory allocation error has occurred.
+
+The basic object in this library is a B<BIGNUM>. It is used to hold a
+single large integer. This type should be considered opaque and fields
+should not be modified or accessed directly.
+
+The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
+L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
+Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
+describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
+random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
+numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
+of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
+
+=head1 SEE ALSO
+
+L<bn_internal(3)|bn_internal(3)>,
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_copy(3)|BN_copy(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
+L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
+L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
+L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
+L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
+L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/bn_internal.pod b/lib/libssl/src/doc/crypto/bn_internal.pod
new file mode 100644
index 00000000000..5af0c791c84
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/bn_internal.pod
@@ -0,0 +1,225 @@
+=pod
+
+=head1 NAME
+
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+library internal functions
+
+=head1 SYNOPSIS
+
+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+ BN_ULONG w);
+ void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+ int num);
+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+ int num);
+
+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+
+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+ int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int tn, int n, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n2, BN_ULONG *tmp);
+ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
+ int n2, BN_ULONG *tmp);
+
+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
+ BIGNUM *bn_expand(BIGNUM *a, int bits);
+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
+ BIGNUM *bn_expand2(BIGNUM *a, int n);
+ void bn_fix_top(BIGNUM *a);
+
+ void bn_check_top(BIGNUM *a);
+ void bn_print(BIGNUM *a);
+ void bn_dump(BN_ULONG *d, int n);
+ void bn_set_max(BIGNUM *a);
+ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+
+=head1 DESCRIPTION
+
+This page documents the internal functions used by the OpenSSL
+B<BIGNUM> implementation. They are described here to facilitate
+debugging and extending the library. They are I<not> to be used by
+applications.
+
+=head2 The BIGNUM structure
+
+ typedef struct bignum_st
+ {
+ int top; /* index of last used d (most significant word) */
+ BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */
+ int max; /* size of the d array */
+ int neg; /* sign */
+ } BIGNUM;
+
+The big number is stored in B<d>, a malloc()ed array of B<BN_ULONG>s,
+least significant first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+in size (B<BITS2>), depending on the 'number of bits' specified in
+C<openssl/bn.h>.
+
+B<max> is the size of the B<d> array that has been allocated. B<top>
+is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+
+Various routines in this library require the use of temporary
+B<BIGNUM> variables during their execution. Since dynamic memory
+allocation to create B<BIGNUM>s is rather expensive when used in
+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+L<BN_CTX_start(3)|BN_CTX_start(3)>.
+
+=head2 Low-level arithmetic operations
+
+These functions are implemented in C and for several platforms in
+assembly language:
+
+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
+in B<rp>, and returns the high word (carry).
+
+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
+the result in B<rp>, and returns the high word (carry).
+
+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+
+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
+by B<d> and returns the result.
+
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
+result in B<rp>, and returns the high word (carry).
+
+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+otherwise).
+
+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.
+
+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.
+
+The following functions are implemented in C:
+
+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
+less than B<b>.
+
+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+array B<r>. It computes B<a>*B<b> and places the result in B<r>.
+
+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+arrays B<r>, B<a> und B<b>. It computes the B<n> low words of
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<t>) operates on the B<n2>
+word arrays B<a> and B<b> and the 2*B<n2> word arrays B<r> and B<t>.
+B<n2> must be a power of 2. It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<tn>, B<n>, B<tmp>) operates
+on the B<n>+B<tn> word arrays B<a> and B<b> and the 4*B<n> word arrays
+B<r> and B<tmp>.
+
+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+and B<b>.
+
+bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
+array B<tmp>.
+
+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+factors have the same size: bn_mul_comba8() is used if they are 8
+words long, bn_mul_recursive() if they are larger than
+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+size, and bn_mul_part_recursive() for others that are larger than
+B<BN_MULL_SIZE_NORMAL>.
+
+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+
+The implementations use the following macros which, depending on the
+architecture, may use "long long" C operations or inline assembler.
+They are defined in C<bn_lcl.h>.
+
+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+low word of the result in B<r> and the high word in B<c>.
+
+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+places the low word of the result in B<r> and the high word in B<c>.
+
+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+of the result in B<r0> and the high word in B<r1>.
+
+=head2 Size changes
+
+bn_expand() ensures that B<b> has enough space for a B<bits> bit
+number. bn_wexpand() ensures that B<b> has enough space for an
+B<n> word number. If the number has to be expanded, both macros
+call bn_expand2(), which allocates a new B<d> array and copies the
+data. They return B<NULL> on error, B<b> otherwise.
+
+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+significant non-zero word when B<a> has shrunk.
+
+=head2 Debugging
+
+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+E<lt>= (a)-E<gt>max)>. A violation will cause the program to abort.
+
+bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
+(in reverse order, i.e. most significant word first) to stderr.
+
+bn_set_max() makes B<a> a static number with a B<max> of its current size.
+This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
+B<BIGNUM> that contains the B<n> low or high words of B<a>.
+
+If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
+and bn_set_max() are defined as empty macros.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/buffer.pod b/lib/libssl/src/doc/crypto/buffer.pod
new file mode 100644
index 00000000000..7088f51bc43
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/buffer.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
+character arrays structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/buffer.h>
+
+ BUF_MEM *BUF_MEM_new(void);
+
+ void BUF_MEM_free(BUF_MEM *a);
+
+ int BUF_MEM_grow(BUF_MEM *str, int len);
+
+ char * BUF_strdup(const char *str);
+
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
+
+The library uses the BUF_MEM structure defined in buffer.h:
+
+ typedef struct buf_mem_st
+ {
+ int length; /* current number of bytes */
+ char *data;
+ int max; /* size of buffer */
+ } BUF_MEM;
+
+B<length> is the current size of the buffer in bytes, B<max> is the amount of
+memory allocated to the buffer. There are three functions which handle these
+and one "miscellaneous" function.
+
+BUF_MEM_new() allocates a new buffer of zero size.
+
+BUF_MEM_free() frees up an already existing buffer. The data is zeroed
+before freeing up in case the buffer contains sensitive data.
+
+BUF_MEM_grow() changes the size of an already existing buffer to
+B<len>. Any data already in the buffer is preserved if it increases in
+size.
+
+BUF_strdup() copies a null terminated string into a block of allocated
+memory and returns a pointer to the allocated block.
+Unlike the standard C library strdup() this function uses Malloc() and so
+should be used in preference to the standard library strdup() because it can
+be used for memory leak checking or replacing the malloc() function.
+
+The memory allocated from BUF_strdup() should be freed up using the Free()
+function.
+
+=head1 RETURN VALUES
+
+BUF_MEM_new() returns the buffer or NULL on error.
+
+BUF_MEM_free() has no return value.
+
+BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
+
+=head1 SEE ALSO
+
+L<bio(3)|bio(3)>
+
+=head1 HISTORY
+
+BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all
+versions of SSLeay and OpenSSL. BUF_strdup() was addded in SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/crypto.pod b/lib/libssl/src/doc/crypto/crypto.pod
new file mode 100644
index 00000000000..4b9ceacd912
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/crypto.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+crypto - OpenSSL cryptographic library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B<crypto> library implements a wide range of cryptographic
+algorithms used in various Internet standards. The services provided
+by this library are used by the OpenSSL implementations of SSL, TLS
+and S/MIME, and they have also been used to implement SSH, OpenPGP, and
+other cryptographic standards.
+
+=head1 OVERVIEW
+
+B<libcrypto> consists of a number of sub-libraries that implement the
+individual algorithms.
+
+The functionality includes symmetric encryption, public key
+cryptography and key agreement, certificate handling, cryptographic
+hash functions and a cryptographic pseudo-random number generator.
+
+=over 4
+
+=item SYMMETRIC CIPHERS
+
+L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>,
+L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)>
+
+=item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
+
+L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rsa(3)|rsa(3)>
+
+=item CERTIFICATES
+
+L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
+
+=item AUTHENTICATION CODES, HASH FUNCTIONS
+
+L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>,
+L<ripemd(3)|ripemd(3)>, L<sha(3)|sha(3)>
+
+=item AUXILIARY FUNCTIONS
+
+L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>
+
+=item INPUT/OUTPUT, DATA ENCODING
+
+L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>,
+L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)>
+
+=item INTERNAL FUNCTIONS
+
+L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>,
+L<objects(3)|objects(3)>, L<stack(3)|stack(3)>,
+L<txt_db(3)|txt_db(3)>
+
+=back
+
+=head1 SEE ALSO
+
+L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/d2i_DHparams.pod b/lib/libssl/src/doc/crypto/d2i_DHparams.pod
new file mode 100644
index 00000000000..a6d1743d39a
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/d2i_DHparams.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_DHparams, i2d_DHparams - ...
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+...
+
+=head1 RETURN VALUES
+
+...
+
+=head1 SEE ALSO
+
+...
+
+=head1 HISTORY
+
+...
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod b/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
new file mode 100644
index 00000000000..ff4d0d57dbf
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ...
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+
+ RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+
+ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+
+ RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+
+=head1 DESCRIPTION
+
+...
+
+=head1 RETURN VALUES
+
+...
+
+=head1 SEE ALSO
+
+...
+
+=head1 HISTORY
+
+...
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/des_modes.pod b/lib/libssl/src/doc/crypto/des_modes.pod
new file mode 100644
index 00000000000..d8148c86fc8
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/des_modes.pod
@@ -0,0 +1,250 @@
+=pod
+
+=head1 NAME
+
+Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
+
+=head1 DESCRIPTION
+
+Several crypto algorithms fo OpenSSL can be used in a number of modes. Those
+are used for using block ciphers in a way similar to stream ciphers, among
+other things.
+
+=head1 OVERVIEW
+
+=head2 Electronic Codebook Mode (ECB)
+
+Normally, this is found as the function I<algorithm>_ecb_encrypt().
+
+=over 2
+
+=item *
+
+64 bits are enciphered at a time.
+
+=item *
+
+The order of the blocks can be rearranged without detection.
+
+=item *
+
+The same plaintext block always produces the same ciphertext block
+(for the same key) making it vulnerable to a 'dictionary attack'.
+
+=item *
+
+An error will only affect one ciphertext block.
+
+=back
+
+=head2 Cipher Block Chaining Mode (CBC)
+
+Normally, this is found as the function I<algorithm>_cbc_encrypt().
+Be aware that des_cbc_encrypt() is not really DES CBC (it does
+not update the IV); use des_ncbc_encrypt() instead.
+
+=over 2
+
+=item *
+
+a multiple of 64 bits are enciphered at a time.
+
+=item *
+
+The CBC mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+
+=item *
+
+The chaining operation makes the ciphertext blocks dependent on the
+current and all preceding plaintext blocks and therefore blocks can not
+be rearranged.
+
+=item *
+
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+
+=item *
+
+An error will affect the current and the following ciphertext blocks.
+
+=back
+
+=head2 Cipher Feedback Mode (CFB)
+
+Normally, this is found as the function I<algorithm>_cfb_encrypt().
+
+=over 2
+
+=item *
+
+a number of bits (j) <= 64 are enciphered at a time.
+
+=item *
+
+The CFB mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+
+=item *
+
+The chaining operation makes the ciphertext variables dependent on the
+current and all preceding variables and therefore j-bit variables are
+chained together and can not be rearranged.
+
+=item *
+
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+
+=item *
+
+The strength of the CFB mode depends on the size of k (maximal if
+j == k). In my implementation this is always the case.
+
+=item *
+
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+
+=item *
+
+Only multiples of j bits can be enciphered.
+
+=item *
+
+An error will affect the current and the following ciphertext variables.
+
+=back
+
+=head2 Output Feedback Mode (OFB)
+
+Normally, this is found as the function I<algorithm>_ofb_encrypt().
+
+=over 2
+
+
+=item *
+
+a number of bits (j) <= 64 are enciphered at a time.
+
+=item *
+
+The OFB mode produces the same ciphertext whenever the same
+plaintext enciphered using the same key and starting variable. More
+over, in the OFB mode the same key stream is produced when the same
+key and start variable are used. Consequently, for security reasons
+a specific start variable should be used only once for a given key.
+
+=item *
+
+The absence of chaining makes the OFB more vulnerable to specific attacks.
+
+=item *
+
+The use of different start variables values prevents the same
+plaintext enciphering to the same ciphertext, by producing different
+key streams.
+
+=item *
+
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+
+=item *
+
+Only multiples of j bits can be enciphered.
+
+=item *
+
+OFB mode of operation does not extend ciphertext errors in the
+resultant plaintext output. Every bit error in the ciphertext causes
+only one bit to be in error in the deciphered plaintext.
+
+=item *
+
+OFB mode is not self-synchronising. If the two operation of
+encipherment and decipherment get out of synchronism, the system needs
+to be re-initialised.
+
+=item *
+
+Each re-initialisation should use a value of the start variable
+different from the start variable values used before with the same
+key. The reason for this is that an identical bit stream would be
+produced each time from the same parameters. This would be
+susceptible to a 'known plaintext' attack.
+
+=back
+
+=head2 Triple ECB Mode
+
+Normally, this is found as the function I<algorithm>_ecb3_encrypt().
+
+=over 2
+
+=item *
+
+Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+
+=item *
+
+As for ECB encryption but increases the key length to 168 bits.
+There are theoretic attacks that can be used that make the effective
+key length 112 bits, but this attack also requires 2^56 blocks of
+memory, not very likely, even for the NSA.
+
+=item *
+
+If both keys are the same it is equivalent to encrypting once with
+just one key.
+
+=item *
+
+If the first and last key are the same, the key length is 112 bits.
+There are attacks that could reduce the key space to 55 bit's but it
+requires 2^56 blocks of memory.
+
+=item *
+
+If all 3 keys are the same, this is effectively the same as normal
+ecb mode.
+
+=back
+
+=head2 Triple CBC Mode
+
+Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
+
+=over 2
+
+
+=item *
+
+Encrypt with key1, decrypt with key2 and then encrypt with key3.
+
+=item *
+
+As for CBC encryption but increases the key length to 168 bits with
+the same restrictions as for triple ecb mode.
+
+=back
+
+=head1 NOTES
+
+This text was been written in large parts by Eric Young in his original
+documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed
+it to:
+
+ AS 2805.5.2
+ Australian Standard
+ Electronic funds transfer - Requirements for interfaces,
+ Part 5.2: Modes of operation for an n-bit block cipher algorithm
+ Appendix A
+
+=head1 SEE ALSO
+
+L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>,
+L<rc2(3)|rc2(3)>
diff --git a/lib/libssl/src/doc/crypto/dh.pod b/lib/libssl/src/doc/crypto/dh.pod
new file mode 100644
index 00000000000..0a9b7c03a20
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/dh.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+dh - Diffie-Hellman key agreement
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH * DH_new(void);
+ void DH_free(DH *dh);
+
+ int DH_size(DH *dh);
+
+ DH * DH_generate_parameters(int prime_len, int generator,
+ void (*callback)(int, int, void *), void *cb_arg);
+ int DH_check(DH *dh, int *codes);
+
+ int DH_generate_key(DH *dh);
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+ void DH_set_default_method(DH_METHOD *meth);
+ DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ DH *DH_new_method(DH_METHOD *meth);
+ DH_METHOD *DH_OpenSSL(void);
+
+ int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+ int (*dup_func)(), void (*free_func)());
+ int DH_set_ex_data(DH *d, int idx, char *arg);
+ char *DH_get_ex_data(DH *d, int idx);
+
+ DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+
+ int DHparams_print_fp(FILE *fp, DH *x);
+ int DHparams_print(BIO *bp, DH *x);
+
+=head1 DESCRIPTION
+
+These functions implement the Diffie-Hellman key agreement protocol.
+The generation of shared DH parameters is described in
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
+to perform a key agreement.
+
+The B<DH> structure consists of several BIGNUM components.
+
+ struct
+ {
+ BIGNUM *p; // prime number (shared)
+ BIGNUM *g; // generator of Z_p (shared)
+ BIGNUM *priv_key; // private DH value x
+ BIGNUM *pub_key; // public DH value g^x
+ // ...
+ };
+ DH
+
+=head1 SEE ALSO
+
+L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>,
+L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
+L<RSA_print(3)|RSA_print(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/dsa.pod b/lib/libssl/src/doc/crypto/dsa.pod
new file mode 100644
index 00000000000..2c092448990
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/dsa.pod
@@ -0,0 +1,104 @@
+=pod
+
+=head1 NAME
+
+dsa - Digital Signature Algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA * DSA_new(void);
+ void DSA_free(DSA *dsa);
+
+ int DSA_size(DSA *dsa);
+
+ DSA * DSA_generate_parameters(int bits, unsigned char *seed,
+ int seed_len, int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *), void *cb_arg);
+
+ DH * DSA_dup_DH(DSA *r);
+
+ int DSA_generate_key(DSA *dsa);
+
+ int DSA_sign(int dummy, const unsigned char *dgst, int len,
+ unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+ BIGNUM **rp);
+ int DSA_verify(int dummy, const unsigned char *dgst, int len,
+ unsigned char *sigbuf, int siglen, DSA *dsa);
+
+ void DSA_set_default_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_OpenSSL(void);
+
+ int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+ int (*dup_func)(), void (*free_func)());
+ int DSA_set_ex_data(DSA *d, int idx, char *arg);
+ char *DSA_get_ex_data(DSA *d, int idx);
+
+ DSA_SIG *DSA_SIG_new(void);
+ void DSA_SIG_free(DSA_SIG *a);
+ int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+ DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+ DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+ DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+ int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
+ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
+ int i2d_DSAparams(DSA *a,unsigned char **pp);
+
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int off);
+ int DSA_print_fp(FILE *bp, DSA *x, int off);
+
+=head1 DESCRIPTION
+
+These functions implement the Digital Signature Algorithm (DSA). The
+generation of shared DSA parameters is described in
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>;
+L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
+generate a signature key. Signature generation and verification are
+described in L<DSA_sign(3)|DSA_sign(3)>.
+
+The B<DSA> structure consists of several BIGNUM components.
+
+ struct
+ {
+ BIGNUM *p; // prime number (public)
+ BIGNUM *q; // 160-bit subprime, q | p-1 (public)
+ BIGNUM *g; // generator of subgroup (public)
+ BIGNUM *priv_key; // private key x
+ BIGNUM *pub_key; // public key y = g^x
+ // ...
+ }
+ DSA;
+
+In public keys, B<priv_key> is NULL.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<DSA_size(3)|DSA_size(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>,
+L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
+L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
+L<RSA_print(3)|RSA_print(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/err.pod b/lib/libssl/src/doc/crypto/err.pod
new file mode 100644
index 00000000000..b824c92b57c
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/err.pod
@@ -0,0 +1,187 @@
+=pod
+
+=head1 NAME
+
+err - error codes
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+
+ int ERR_GET_LIB(unsigned long e);
+ int ERR_GET_FUNC(unsigned long e);
+ int ERR_GET_REASON(unsigned long e);
+
+ void ERR_clear_error(void);
+
+ char *ERR_error_string(unsigned long e, char *buf);
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+
+ void ERR_remove_state(unsigned long pid);
+
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+ int line);
+ void ERR_add_error_data(int num, ...);
+
+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+ unsigned long ERR_PACK(int lib, int func, int reason);
+ int ERR_get_next_error_library(void);
+
+=head1 DESCRIPTION
+
+When a call to the OpenSSL library fails, this is usually signalled
+by the return value, and an error code is stored in an error queue
+associated with the current thread. The B<err> library provides
+functions to obtain these error codes and textual error messages.
+
+The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to
+access error codes.
+
+Error codes contain information about where the error occurred, and
+what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to
+extract this information. A method to obtain human-readable error
+messages is described in L<ERR_error_string(3)|ERR_error_string(3)>.
+
+L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the
+error queue.
+
+Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to
+avoid memory leaks when threads are terminated.
+
+=head1 ADDING NEW ERROR CODES TO OPENSSL
+
+See L<ERR_put_error(3)> if you want to record error codes in the
+OpenSSL error system from within your application.
+
+The remainder of this section is of interest only if you want to add
+new error codes to OpenSSL or add error codes from external libraries.
+
+=head2 Reporting errors
+
+Each sub-library has a specific macro XXXerr() that is used to report
+errors. Its first argument is a function code B<XXX_F_...>, the second
+argument is a reason code B<XXX_R_...>. Function codes are derived
+from the function names; reason codes consist of textual error
+descriptions. For example, the function ssl23_read() reports a
+"handshake failure" as follows:
+
+ SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
+
+Function and reason codes should consist of upper case characters,
+numbers and underscores only. The error file generation script translates
+function codes into function names by looking in the header files
+for an appropriate function name, if none is found it just uses
+the capitalized form such as "SSL23_READ" in the above example.
+
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and underscores changed to spaces.
+
+When you are using new function or reason codes, run B<make errors>.
+The necessary B<#define>s will then automatically be added to the
+sub-library's header file.
+
+Although a library will normally report errors using its own specific
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include ASN1 code which must use
+the ASN1err() macro.
+
+=head2 Adding new libraries
+
+When adding a new sub-library to OpenSSL, assign it a library number
+B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
+name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
+C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
+(in B<crypto/err/err_all.c>). Finally, add an entry
+
+ L XXX xxx.h xxx_err.c
+
+to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
+Running B<make errors> will then generate a file B<xxx_err.c>, and
+add all error codes used in the library to B<xxx.h>.
+
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+
+ #ifndef HEADER_XXX_H
+ #define HEADER_XXX_H
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+
+ /* Include files */
+
+ #include <openssl/bio.h>
+ #include <openssl/x509.h>
+
+ /* Macros, structures and function prototypes */
+
+
+ /* BEGIN ERROR CODES */
+
+The B<BEGIN ERROR CODES> sequence is used by the error code
+generation script as the point to place new error codes, any text
+after this point will be overwritten when B<make errors> is run.
+The closing #endif etc will be automatically added by the script.
+
+The generated C error code file B<xxx_err.c> will load the header
+files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
+header file must load any additional header files containg any
+definitions it uses.
+
+=head1 USING ERROR CODES IN EXTERNAL LIBRARIES
+
+It is also possible to use OpenSSL's error code scheme in external
+libraries. The library needs to load its own codes and call the OpenSSL
+error code insertion script B<mkerr.pl> explicitly to add codes to
+the header file and generate the C error code file. This will normally
+be done if the external library needs to generate new ASN1 structures
+but it can also be used to add more general purpose error code handling.
+
+TBA more details
+
+=head1 INTERNALS
+
+The error queues are stored in a hash table with one B<ERR_STATE>
+entry for each pid. ERR_get_state() returns the current thread's
+B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
+codes. When more error codes are added, the old ones are overwritten,
+on the assumption that the most recent errors are most important.
+
+Error strings are also stored in hash table. The hash tables can
+be obtained by calling ERR_get_err_state_table(void) and
+ERR_get_string_table(void) respectively.
+
+=head1 SEE ALSO
+
+L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
+L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
+L<ERR_clear_error(3)|ERR_clear_error(3)>,
+L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_print_errors(3)|ERR_print_errors(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<ERR_remove_state(3)|ERR_remove_state(3)>,
+L<ERR_put_error(3)|ERR_put_error(3)>,
+L<ERR_load_strings(3)|ERR_load_strings(3)>,
+L<SSL_get_error(3)|SSL_get_error(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/hmac.pod b/lib/libssl/src/doc/crypto/hmac.pod
new file mode 100644
index 00000000000..45b6108c393
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/hmac.pod
@@ -0,0 +1,75 @@
+=pod
+
+=head1 NAME
+
+HMAC, HMAC_Init, HMAC_Update, HMAC_Final - HMAC message authentication code
+
+=head1 SYNOPSIS
+
+ #include <openssl/hmac.h>
+
+ unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+ int key_len, const unsigned char *d, int n,
+ unsigned char *md, unsigned int *md_len);
+
+ void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+ const EVP_MD *md);
+ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+
+ void HMAC_cleanup(HMAC_CTX *ctx);
+
+=head1 DESCRIPTION
+
+HMAC is a MAC (message authentication code), i.e. a keyed hash
+function used for message authentication, which is based on a hash
+function.
+
+HMAC() computes the message authentication code of the B<n> bytes at
+B<d> using the hash function B<evp_md> and the key B<key> which is
+B<key_len> bytes long.
+
+It places the result in B<md> (which must have space for the output of
+the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
+If B<md> is NULL, the digest is placed in a static array. The size of
+the output is placed in B<md_len>, unless it is B<NULL>.
+
+B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
+B<key> and B<evp_md> may be B<NULL> if a key and hash function have
+been set in a previous call to HMAC_Init() for that B<HMAC_CTX>.
+
+HMAC_cleanup() erases the key and other data from the B<HMAC_CTX>.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
+function B<evp_md> and the key B<key> which is B<key_len> bytes long.
+
+HMAC_Update() can be called repeatedly with chunks of the message to
+be authenticated (B<len> bytes at B<data>).
+
+HMAC_Final() places the message authentication code in B<md>, which
+must have space for the hash function output.
+
+=head1 RETURN VALUES
+
+HMAC() returns a pointer to the message authentication code.
+
+HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() do not
+return values.
+
+=head1 CONFORMING TO
+
+RFC 2104
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<evp(3)|evp(3)>
+
+=head1 HISTORY
+
+HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup()
+are available since SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/lh_stats.pod b/lib/libssl/src/doc/crypto/lh_stats.pod
new file mode 100644
index 00000000000..3eeaa72e525
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/lh_stats.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
+
+=head1 SYNOPSIS
+
+ #include <openssl/lhash.h>
+
+ void lh_stats(LHASH *table, FILE *out);
+ void lh_node_stats(LHASH *table, FILE *out);
+ void lh_node_usage_stats(LHASH *table, FILE *out);
+
+ void lh_stats_bio(LHASH *table, BIO *out);
+ void lh_node_stats_bio(LHASH *table, BIO *out);
+ void lh_node_usage_stats_bio(LHASH *table, BIO *out);
+
+=head1 DESCRIPTION
+
+The B<LHASH> structure records statistics about most aspects of
+accessing the hash table. This is mostly a legacy of Eric Young
+writing this library for the reasons of implementing what looked like
+a nice algorithm rather than for a particular software product.
+
+lh_stats() prints out statistics on the size of the hash table, how
+many entries are in it, and the number and result of calls to the
+routines in this library.
+
+lh_node_stats() prints the number of entries for each 'bucket' in the
+hash table.
+
+lh_node_usage_stats() prints out a short summary of the state of the
+hash table. It prints the 'load' and the 'actual load'. The load is
+the average number of data items per 'bucket' in the hash table. The
+'actual load' is the average number of items per 'bucket', but only
+for buckets which contain entries. So the 'actual load' is the
+average number of searches that will need to find an item in the hash
+table, while the 'load' is the average number that will be done to
+record a miss.
+
+lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
+are the same as the above, except that the output goes to a B<BIO>.
+
+=head1 RETURN VALUES
+
+These functions do not return values.
+
+=head1 SEE ALSO
+
+L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
+
+=head1 HISTORY
+
+These functions are available in all versions of SSLeay and OpenSSL.
+
+This manpage is derived from the SSLeay documentation.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/lhash.pod b/lib/libssl/src/doc/crypto/lhash.pod
new file mode 100644
index 00000000000..af2c9a7102d
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/lhash.pod
@@ -0,0 +1,155 @@
+=pod
+
+=head1 NAME
+
+lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
+lh_doall_arg, lh_error - dynamic hash table
+
+=head1 SYNOPSIS
+
+ #include <openssl/lhash.h>
+
+ LHASH *lh_new(unsigned long (*hash)(/*void *a*/),
+ int (*compare)(/*void *a,void *b*/));
+ void lh_free(LHASH *table);
+
+ void *lh_insert(LHASH *table, void *data);
+ void *lh_delete(LHASH *table, void *data);
+ void *lh_retrieve(LHASH *table, void *data);
+
+ void lh_doall(LHASH *table, void (*func)(/*void *b*/));
+ void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/),
+ void *arg);
+
+ int lh_error(LHASH *table);
+
+=head1 DESCRIPTION
+
+This library implements dynamic hash tables. The hash table entries
+can be arbitrary structures. Usually they consist of key and value
+fields.
+
+lh_new() creates a new B<LHASH> structure. B<hash> takes a pointer to
+the structure and returns an unsigned long hash value of its key
+field. The hash value is normally truncated to a power of 2, so make
+sure that your hash function returns well mixed low order
+bits. B<compare> takes two arguments, and returns 0 if their keys are
+equal, non-zero otherwise.
+
+lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
+entries will not be freed; consider using lh_doall() to deallocate any
+remaining entries in the hash table.
+
+lh_insert() inserts the structure pointed to by B<data> into B<table>.
+If there already is an entry with the same key, the old value is
+replaced. Note that lh_insert() stores pointers, the data are not
+copied.
+
+lh_delete() deletes an entry from B<table>.
+
+lh_retrieve() looks up an entry in B<table>. Normally, B<data> is
+a structure with the key field(s) set; the function will return a
+pointer to a fully populated structure.
+
+lh_doall() will, for every entry in the hash table, call B<func> with
+the data item as parameters.
+This function can be quite useful when used as follows:
+ void cleanup(STUFF *a)
+ { STUFF_free(a); }
+ lh_doall(hash,cleanup);
+ lh_free(hash);
+This can be used to free all the entries. lh_free() then cleans up the
+'buckets' that point to nothing. When doing this, be careful if you
+delete entries from the hash table in B<func>: the table may decrease
+in size, moving item that you are currently on down lower in the hash
+table. This could cause some entries to be skipped. The best
+solution to this problem is to set hash-E<gt>down_load=0 before you
+start. This will stop the hash table ever being decreased in size.
+
+lh_doall_arg() is the same as lh_doall() except that B<func> will
+be called with B<arg> as the second argument.
+
+lh_error() can be used to determine if an error occurred in the last
+operation. lh_error() is a macro.
+
+=head1 RETURN VALUES
+
+lh_new() returns B<NULL> on error, otherwise a pointer to the new
+B<LHASH> structure.
+
+When a hash table entry is replaced, lh_insert() returns the value
+being replaced. B<NULL> is returned on normal operation and on error.
+
+lh_delete() returns the entry being deleted. B<NULL> is returned if
+there is no such value in the hash table.
+
+lh_retrieve() returns the hash table entry if it has been found,
+B<NULL> otherwise.
+
+lh_error() returns 1 if an error occurred in the last operation, 0
+otherwise.
+
+lh_free(), lh_doall() and lh_doall_arg() return no values.
+
+=head1 BUGS
+
+lh_insert() returns B<NULL> both for success and error.
+
+=head1 INTERNALS
+
+The following description is based on the SSLeay documentation:
+
+The B<lhash> library implements a hash table described in the
+I<Communications of the ACM> in 1991. What makes this hash table
+different is that as the table fills, the hash table is increased (or
+decreased) in size via Realloc(). When a 'resize' is done, instead of
+all hashes being redistributed over twice as many 'buckets', one
+bucket is split. So when an 'expand' is done, there is only a minimal
+cost to redistribute some values. Subsequent inserts will cause more
+single 'bucket' redistributions but there will never be a sudden large
+cost due to redistributing all the 'buckets'.
+
+The state for a particular hash table is kept in the B<LHASH> structure.
+The decision to increase or decrease the hash table size is made
+depending on the 'load' of the hash table. The load is the number of
+items in the hash table divided by the size of the hash table. The
+default values are as follows. If (hash->up_load E<lt> load) =E<gt>
+expand. if (hash-E<gt>down_load E<gt> load) =E<gt> contract. The
+B<up_load> has a default value of 1 and B<down_load> has a default value
+of 2. These numbers can be modified by the application by just
+playing with the B<up_load> and B<down_load> variables. The 'load' is
+kept in a form which is multiplied by 256. So
+hash-E<gt>up_load=8*256; will cause a load of 8 to be set.
+
+If you are interested in performance the field to watch is
+num_comp_calls. The hash library keeps track of the 'hash' value for
+each item so when a lookup is done, the 'hashes' are compared, if
+there is a match, then a full compare is done, and
+hash-E<gt>num_comp_calls is incremented. If num_comp_calls is not equal
+to num_delete plus num_retrieve it means that your hash function is
+generating hashes that are the same for different values. It is
+probably worth changing your hash function if this is the case because
+even if your hash table has 10 items in a 'bucket', it can be searched
+with 10 B<unsigned long> compares and 10 linked list traverses. This
+will be much less expensive that 10 calls to you compare function.
+
+lh_strhash() is a demo string hashing function:
+
+ unsigned long lh_strhash(const char *c);
+
+Since the B<LHASH> routines would normally be passed structures, this
+routine would not normally be passed to lh_new(), rather it would be
+used in the function passed to lh_new().
+
+=head1 SEE ALSO
+
+L<lh_stats(3)|lh_stats(3)>
+
+=head1 HISTORY
+
+The B<lhash> library is available in all versions of SSLeay and OpenSSL.
+lh_error() was added in SSLeay 0.9.1b.
+
+This manpage is derived from the SSLeay documentation.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/md5.pod b/lib/libssl/src/doc/crypto/md5.pod
new file mode 100644
index 00000000000..d7c120023da
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/md5.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+MD2, MD5, MD2_Init, MD2_Update, MD2_Final, MD5_Init, MD5_Update,
+MD5_Final - MD2 and MD5 hash functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/md2.h>
+
+ unsigned char *MD2(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+
+ void MD2_Init(MD2_CTX *c);
+ void MD2_Update(MD2_CTX *c, const unsigned char *data,
+ unsigned long len);
+ void MD2_Final(unsigned char *md, MD2_CTX *c);
+
+
+ #include <openssl/md5.h>
+
+ unsigned char *MD5(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+
+ void MD5_Init(MD5_CTX *c);
+ void MD5_Update(MD5_CTX *c, const void *data,
+ unsigned long len);
+ void MD5_Final(unsigned char *md, MD5_CTX *c);
+
+=head1 DESCRIPTION
+
+MD2 and MD5 are cryptographic hash functions with a 128 bit output.
+
+MD2() and MD5() compute the MD2 and MD5 message digest of the B<n>
+bytes at B<d> and place it in B<md> (which must have space for
+MD2_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If
+B<md> is NULL, the digest is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+MD2_Init() initializes a B<MD2_CTX> structure.
+
+MD2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+MD2_Final() places the message digest in B<md>, which must have space
+for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
+
+MD5_Init(), MD5_Update() and MD5_Final() are analogous using an
+B<MD5_CTX> structure.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+etc. instead of calling the hash functions directly.
+
+=head1 NOTE
+
+MD2 and MD5 are recommended only for compatibility with existing
+applications. In new applications, SHA-1 or RIPEMD-160 should be
+preferred.
+
+=head1 RETURN VALUES
+
+MD2() and MD5() return pointers to the hash value.
+
+MD2_Init(), MD2_Update() MD2_Final(), MD5_Init(), MD5_Update() and
+MD5_Final() do not return values.
+
+=head1 CONFORMING TO
+
+RFC 1319, RFC 1321
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(),
+MD5_Update() and MD5_Final() are available in all versions of SSLeay
+and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/mdc2.pod b/lib/libssl/src/doc/crypto/mdc2.pod
new file mode 100644
index 00000000000..11dc303e04f
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/mdc2.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
+
+=head1 SYNOPSIS
+
+ #include <openssl/mdc2.h>
+
+ unsigned char *MDC2(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+
+ void MDC2_Init(MDC2_CTX *c);
+ void MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+ unsigned long len);
+ void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+
+=head1 DESCRIPTION
+
+MDC2 is a method to construct hash functions with 128 bit output from
+block ciphers. These functions are an implementation of MDC2 with
+DES.
+
+MDC2() computes the MDC2 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+MDC2_Init() initializes a B<MDC2_CTX> structure.
+
+MDC2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+MDC2_Final() places the message digest in B<md>, which must have space
+for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
+hash functions directly.
+
+=head1 RETURN VALUES
+
+MDC2() returns a pointer to the hash value.
+
+MDC2_Init(), MDC2_Update() and MDC2_Final() do not return values.
+
+=head1 CONFORMING TO
+
+ISO/IEC 10118-2, with DES
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+MDC2(), MDC2_Init(), MDC2_Update() and MDC2_Final() are available since
+SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/rand.pod b/lib/libssl/src/doc/crypto/rand.pod
new file mode 100644
index 00000000000..295b6810505
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/rand.pod
@@ -0,0 +1,158 @@
+=pod
+
+=head1 NAME
+
+rand - pseudo-random number generator
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_bytes(unsigned char *buf,int num);
+ int RAND_pseudo_bytes(unsigned char *buf,int num);
+
+ void RAND_seed(const void *buf,int num);
+ void RAND_add(const void *buf,int num,int entropy);
+ int RAND_status(void);
+ void RAND_screen(void);
+
+ int RAND_load_file(const char *file,long max_bytes);
+ int RAND_write_file(const char *file);
+ const char *RAND_file_name(char *file,int num);
+
+ int RAND_egd(const char *path);
+
+ void RAND_set_rand_method(RAND_METHOD *meth);
+ RAND_METHOD *RAND_get_rand_method(void);
+ RAND_METHOD *RAND_SSLeay(void);
+
+ void RAND_cleanup(void);
+
+=head1 DESCRIPTION
+
+These functions implement a cryptographically secure pseudo-random
+number generator (PRNG). It is used by other library functions for
+example to generate random keys, and applications can use it when they
+need randomness.
+
+A cryptographic PRNG must be seeded with unpredictable data such as
+mouse movements or keys pressed at random by the user. This is
+described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
+(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
+seeding process whenever the application is started.
+
+L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
+PRNG.
+
+=head1 INTERNALS
+
+The RAND_SSLeay() method implements a PRNG based on a cryptographic
+hash function.
+
+The following description of its design is based on the SSLeay
+documentation:
+
+First up I will state the things I believe I need for a good RNG.
+
+=over 4
+
+=item 1
+
+A good hashing algorithm to mix things up and to convert the RNG 'state'
+to random numbers.
+
+=item 2
+
+An initial source of random 'state'.
+
+=item 3
+
+The state should be very large. If the RNG is being used to generate
+4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+If your RNG state only has 128 bits, you are obviously limiting the
+search space to 128 bits, not 2048. I'm probably getting a little
+carried away on this last point but it does indicate that it may not be
+a bad idea to keep quite a lot of RNG state. It should be easier to
+break a cipher than guess the RNG seed data.
+
+=item 4
+
+Any RNG seed data should influence all subsequent random numbers
+generated. This implies that any random seed data entered will have
+an influence on all subsequent random numbers generated.
+
+=item 5
+
+When using data to seed the RNG state, the data used should not be
+extractable from the RNG state. I believe this should be a
+requirement because one possible source of 'secret' semi random
+data would be a private key or a password. This data must
+not be disclosed by either subsequent random numbers or a
+'core' dump left by a program crash.
+
+=item 6
+
+Given the same initial 'state', 2 systems should deviate in their RNG state
+(and hence the random numbers generated) over time if at all possible.
+
+=item 7
+
+Given the random number output stream, it should not be possible to determine
+the RNG state or the next random number.
+
+=back
+
+The algorithm is as follows.
+
+There is global state made up of a 1023 byte buffer (the 'state'), a
+working hash value ('md'), and a counter ('count').
+
+Whenever seed data is added, it is inserted into the 'state' as
+follows.
+
+The input is chopped up into units of 20 bytes (or less for
+the last block). Each of these blocks is run through the hash
+function as follows: The data passed to the hash function
+is the current 'md', the same number of bytes from the 'state'
+(the location determined by in incremented looping index) as
+the current 'block', the new key data 'block', and 'count'
+(which is incremented after each use).
+The result of this is kept in 'md' and also xored into the
+'state' at the same locations that were used as input into the
+hash function. I
+believe this system addresses points 1 (hash function; currently
+SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
+function and xor).
+
+When bytes are extracted from the RNG, the following process is used.
+For each group of 10 bytes (or less), we do the following:
+
+Input into the hash function the top 10 bytes from the local 'md'
+(which is initialized from the global 'md' before any bytes are
+generated), the bytes that are to be overwritten by the random bytes,
+and bytes from the 'state' (incrementing looping index). From this
+digest output (which is kept in 'md'), the top (up to) 10 bytes are
+returned to the caller and the bottom (up to) 10 bytes are xored into
+the 'state'.
+
+Finally, after we have finished 'num' random bytes for the caller,
+'count' (which is incremented) and the local and global 'md' are fed
+into the hash function and the results are kept in the global 'md'.
+
+I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
+into the 'state' the 'old' data from the caller that is about to be
+overwritten) and 7 (by not using the 10 bytes given to the caller to
+update the 'state', but they are used to update 'md').
+
+So of the points raised, only 2 is not addressed (but see
+L<RAND_add(3)|RAND_add(3)>).
+
+=head1 SEE ALSO
+
+L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<RAND_bytes(3)|RAND_bytes(3)>,
+L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
+L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/rc4.pod b/lib/libssl/src/doc/crypto/rc4.pod
new file mode 100644
index 00000000000..b6d3a4342ca
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/rc4.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+RC4_set_key, RC4 - RC4 encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/rc4.h>
+
+ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+
+ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+ unsigned char *outdata);
+
+=head1 DESCRIPTION
+
+This library implements the Alleged RC4 cipher, which is described for
+example in I<Applied Cryptography>. It is believed to be compatible
+with RC4[TM], a proprietary cipher of RSA Security Inc.
+
+RC4 is a stream cipher with variable key length. Typically, 128 bit
+(16 byte) keys are used for strong encryption, but shorter insecure
+key sizes have been widely used due to export restrictions.
+
+RC4 consists of a key setup phase and the actual encryption or
+decryption phase.
+
+RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
+key at B<data>.
+
+RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
+B<key> and places the result at B<outdata>. Repeated RC4() calls with
+the same B<key> yield a continuous key stream.
+
+Since RC4 is a stream cipher (the input is XORed with a pseudo-random
+key stream to produce the output), decryption uses the same function
+calls as encryption.
+
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+etc. instead of calling the RC4 functions directly.
+
+=head1 RETURN VALUES
+
+RC4_set_key() and RC4() do not return values.
+
+=head1 NOTE
+
+Certain conditions have to be observed to securely use stream ciphers.
+It is not permissible to perform multiple encryptions using the same
+key stream.
+
+=head1 SEE ALSO
+
+L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<rc2(3)|rc2(3)>
+
+=head1 HISTORY
+
+RC4_set_key() and RC4() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/ripemd.pod b/lib/libssl/src/doc/crypto/ripemd.pod
new file mode 100644
index 00000000000..31054b6a8cc
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/ripemd.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
+RIPEMD-160 hash function
+
+=head1 SYNOPSIS
+
+ #include <openssl/ripemd.h>
+
+ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+
+ void RIPEMD160_Init(RIPEMD160_CTX *c);
+ void RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
+ unsigned long len);
+ void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+
+=head1 DESCRIPTION
+
+RIPEMD-160 is a cryptographic hash function with a
+160 bit output.
+
+RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
+
+RIPEMD160_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+RIPEMD160_Final() places the message digest in B<md>, which must have
+space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
+the B<RIPEMD160_CTX>.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
+hash functions directly.
+
+=head1 RETURN VALUES
+
+RIPEMD160() returns a pointer to the hash value.
+
+RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() do not
+return values.
+
+=head1 CONFORMING TO
+
+ISO/IEC 10118-3 (draft) (??)
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update() and
+RIPEMD160_Final() are available since SSLeay 0.9.0.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/rsa.pod b/lib/libssl/src/doc/crypto/rsa.pod
new file mode 100644
index 00000000000..0486c044a68
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/rsa.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+rsa - RSA public key cryptosystem
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA * RSA_new(void);
+ void RSA_free(RSA *rsa);
+
+ int RSA_public_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+ int RSA_size(RSA *rsa);
+
+ RSA *RSA_generate_key(int num, unsigned long e,
+ void (*callback)(int,int,void *), void *cb_arg);
+
+ int RSA_check_key(RSA *rsa);
+
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+ void RSA_blinding_off(RSA *rsa);
+
+ void RSA_set_default_method(RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_method(RSA *rsa);
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+ RSA_METHOD *RSA_PKCS1_RSAref(void);
+ RSA_METHOD *RSA_null_method(void);
+ int RSA_flags(RSA *rsa);
+ RSA *RSA_new_method(RSA_METHOD *method);
+
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+ int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+ int (*dup_func)(), void (*free_func)());
+ int RSA_set_ex_data(RSA *r,int idx,char *arg);
+ char *RSA_get_ex_data(RSA *r, int idx);
+
+ int RSA_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+ RSA *rsa);
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+ RSA *rsa);
+
+=head1 DESCRIPTION
+
+These functions implement RSA public key encryption and signatures
+as defined in PKCS #1 v2.0 [RFC 2437].
+
+The B<RSA> structure consists of several BIGNUM components. It can
+contain public as well as private RSA keys:
+
+ struct
+ {
+ BIGNUM *n; // public modulus
+ BIGNUM *e; // public exponent
+ BIGNUM *d; // private exponent
+ BIGNUM *p; // secret prime factor
+ BIGNUM *q; // secret prime factor
+ BIGNUM *dmp1; // d mod (p-1)
+ BIGNUM *dmq1; // d mod (q-1)
+ BIGNUM *iqmp; // q^-1 mod p
+ // ...
+ };
+ RSA
+
+In public keys, the private exponent and the related secret values are
+B<NULL>.
+
+B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private keys, but the
+RSA operations are much faster when these values are available.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 PATENTS
+
+RSA is covered by a US patent which expires in September 2000.
+
+=head1 SEE ALSO
+
+L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
+L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_check_key(3)|RSA_check_key(3)>,
+L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
+L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
+L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/sha.pod b/lib/libssl/src/doc/crypto/sha.pod
new file mode 100644
index 00000000000..0ba315d6d7a
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/sha.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/sha.h>
+
+ unsigned char *SHA1(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+
+ void SHA1_Init(SHA_CTX *c);
+ void SHA1_Update(SHA_CTX *c, const void *data,
+ unsigned long len);
+ void SHA1_Final(unsigned char *md, SHA_CTX *c);
+
+=head1 DESCRIPTION
+
+SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
+160 bit output.
+
+SHA1() computes the SHA-1 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+SHA1_Init() initializes a B<SHA_CTX> structure.
+
+SHA1_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+SHA1_Final() places the message digest in B<md>, which must have space
+for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+etc. instead of calling the hash functions directly.
+
+The predecessor of SHA-1, SHA, is also implemented, but it should be
+used only when backward compatibility is required.
+
+=head1 RETURN VALUES
+
+SHA1() returns a pointer to the hash value.
+
+SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
+
+=head1 CONFORMING TO
+
+SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash
+Standard),
+SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash
+Standard),
+ANSI X9.30
+
+=head1 SEE ALSO
+
+L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+SHA1(), SHA1_Init(), SHA1_Update() and SHA1_Final() are available in all
+versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/lib/libssl/src/doc/crypto/threads.pod b/lib/libssl/src/doc/crypto/threads.pod
new file mode 100644
index 00000000000..5da056f3f82
--- /dev/null
+++ b/lib/libssl/src/doc/crypto/threads.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+CRYPTO_set_locking_callback, CRYPTO_set_id_callback - OpenSSL thread support
+
+=head1 SYNOPSIS
+
+ #include <openssl/crypto.h>
+
+ void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
+ int n, const char *file, int line));
+
+ void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
+
+ int CRYPTO_num_locks(void);
+
+=head1 DESCRIPTION
+
+OpenSSL can safely be used in multi-threaded applications provided
+that two callback functions are set.
+
+locking_function(int mode, int n, const char *file, int line) is
+needed to perform locking on shared data stuctures. Multi-threaded
+applications will crash at random if it is not set.
+
+locking_function() must be able to handle up to CRYPTO_num_locks()
+different mutex locks. It sets the B<n>-th lock if B<mode> &
+B<CRYPTO_LOCK>, and releases it otherwise.
+
+B<file> and B<line> are the file number of the function setting the
+lock. They can be useful for debugging.
+
+id_function(void) is a function that returns a thread ID. It is not
+needed on Windows nor on platforms where getpid() returns a different
+ID for each thread (most notably Linux).
+
+=head1 RETURN VALUES
+
+CRYPTO_num_locks() returns the required number of locks.
+The other functions return no values.
+
+=head1 NOTE
+
+You can find out if OpenSSL was configured with thread support:
+
+ #define OPENSSL_THREAD_DEFINES
+ #include <openssl/opensslconf.h>
+ #if defined(THREADS)
+ // thread support enabled
+ #else
+ // no thread support
+ #endif
+
+=head1 EXAMPLES
+
+B<crypto/threads/mttest.c> shows examples of the callback functions on
+Solaris, Irix and Win32.
+
+=head1 HISTORY
+
+CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
+available in all versions of SSLeay and OpenSSL.
+CRYPTO_num_locks() was added in OpenSSL 0.9.4.
+
+=head1 SEE ALSO
+
+L<crypto(3)|crypto(3)>
+
+=cut
diff --git a/lib/libssl/src/doc/ssl/SSL_get_error.pod b/lib/libssl/src/doc/ssl/SSL_get_error.pod
new file mode 100644
index 00000000000..9cacdedc575
--- /dev/null
+++ b/lib/libssl/src/doc/ssl/SSL_get_error.pod
@@ -0,0 +1,91 @@
+=pod
+
+=head1 NAME
+
+SSL_get_error - obtain result code for SSL I/O operation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_error(SSL *ssl, int ret);
+
+=head1 DESCRIPTION
+
+SSL_get_error() returns a result code (suitable for the C "switch"
+statement) for a preceding call to SSL_connect(), SSL_accept(),
+SSL_read(), or SSL_write() on B<ssl>. The value returned by that
+SSL I/O function must be passed to SSL_get_error() in parameter
+B<ret>.
+
+In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
+current thread's OpenSSL error queue. Thus, SSL_get_error() must be
+used in the same thread that performed the SSL I/O operation, and no
+other OpenSSL function calls should appear in between. The current
+thread's error queue must be empty before the SSL I/O operation is
+attempted, or SSL_get_error() will not work reliably.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur:
+
+=over 4
+
+=item SSL_ERROR_NONE
+
+The SSL I/O operation completed. This result code is returned
+if and only if B<ret E<gt> 0>.
+
+=item SSL_ERROR_ZERO_RETURN
+
+The SSL connection has been closed. If the protocol version is SSL 3.0
+or TLS 1.0, this result code is returned only if a closure
+alerts has occurred in the protocol, i.e. if the connection has been
+closed cleanly.
+
+=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
+
+The operation did not complete; the same SSL I/O function should be
+called again later. There will be protocol progress if, by then, the
+underlying B<BIO> has data available for reading (if the result code is
+B<SSL_ERROR_WANT_READ>) or allows writing data (B<SSL_ERROR_WANT_WRITE>).
+For socket B<BIO>s (e.g. when SSL_set_fd() was used) this means that
+select() or poll() on the underlying socket can be used to find out
+when the SSL I/O function should be retried.
+
+Caveat: Any SSL I/O function can lead to either of
+B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>, i.e. SSL_read()
+may want to write data and SSL_write() may want to read data.
+
+=item SSL_ERROR_WANT_X509_LOOKUP
+
+The operation did not complete because an application callback set by
+SSL_CTX_set_client_cert_cb() has asked to be called again.
+The SSL I/O function should be called again later.
+Details depend on the application.
+
+=item SSL_ERROR_SYSCALL
+
+Some I/O error occurred. The OpenSSL error queue may contain more
+information on the error. If the error queue is empty
+(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
+about the error: If B<ret == 0>, an EOF was observed that violates
+the protocol. If B<ret == -1>, the underlying B<BIO> reported an
+I/O error (for socket I/O on Unix systems, consult B<errno> for details).
+
+=item SSL_ERROR_SSL
+
+A failure in the SSL library occurred, usually a protocol error. The
+OpenSSL error queue contains more information on the error.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<err(3)|err(3)>
+
+=head1 HISTORY
+
+SSL_get_error() was added in SSLeay 0.8.
+
+=cut
diff --git a/lib/libssl/src/doc/ssl/ssl.pod b/lib/libssl/src/doc/ssl/ssl.pod
new file mode 100644
index 00000000000..e53876654a7
--- /dev/null
+++ b/lib/libssl/src/doc/ssl/ssl.pod
@@ -0,0 +1,634 @@
+
+=pod
+
+=head1 NAME
+
+SSL - OpenSSL SSL/TLS library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+documented here.
+
+=head1 HEADER FILES
+
+Currently the OpenSSL B<ssl> library provides the following C header files
+containing the prototypes for the data structures and and functions:
+
+=over 4
+
+=item B<ssl.h>
+
+That's the common header file for the SSL/TLS API. Include it into your
+program to make the API of the B<ssl> library available. It internally
+includes both more private SSL headers and headers from the B<crypto> library.
+Whenever you need hard-core details on the internals of the SSL API, look
+inside this header file.
+
+=item B<ssl2.h>
+
+That's the sub header file dealing with the SSLv2 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl3.h>
+
+That's the sub header file dealing with the SSLv3 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl23.h>
+
+That's the sub header file dealing with the combined use of the SSLv2 and
+SSLv3 protocols.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<tls1.h>
+
+That's the sub header file dealing with the TLSv1 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=back
+
+=head1 DATA STRUCTURES
+
+Currently the OpenSSL B<ssl> library functions deals with the following data
+structures:
+
+=over 4
+
+=item B<SSL_METHOD> (SSL Method)
+
+That's a dispatch structure describing the internal B<ssl> library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an B<SSL_CTX>.
+
+=item B<SSL_CIPHER> (SSL Cipher)
+
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B<SSL_CTX> basis and the actually used ones are then part of the
+B<SSL_SESSION>.
+
+=item B<SSL_CTX> (SSL Context)
+
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B<SSL> structures which are later created for the connections.
+
+=item B<SSL_SESSION> (SSL Session)
+
+This is a structure containing the current SSL session details for a
+connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+
+=item B<SSL> (SSL Connection)
+
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+
+=back
+
+=head1 API FUNCTIONS
+
+Currently the OpenSSL B<ssl> library exports 214 API functions.
+They are documented in the following:
+
+=head2 DEALING WITH PROTOCOL METHODS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol methods defined in B<SSL_METHOD> structures.
+
+=over 4
+
+=item SSL_METHOD *B<SSLv2_client_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<SSLv2_server_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<SSLv2_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B<SSLv3_client_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<SSLv3_server_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<SSLv3_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B<TLSv1_client_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<TLSv1_server_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<TLSv1_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
+
+=back
+
+=head2 DEALING WITH CIPHERS
+
+Here we document the various API functions which deal with the SSL/TLS
+ciphers defined in B<SSL_CIPHER> structures.
+
+=over 4
+
+=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+
+Write a string to I<buf> (with a maximum size of I<len>) containing a human
+readable description of I<cipher>. Returns I<buf>.
+
+=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+
+Determine the number of bits in I<cipher>. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+I<alg_bits>) and the bits which are actually used (the return value).
+
+=item char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+
+Return the internal name of I<cipher> as a string. These are the various
+strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+definitions in the header files.
+
+=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+
+Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
+SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+in the specification the first time).
+
+=back
+
+=head2 DEALING WITH PROTOCOL CONTEXTS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol context defined in the B<SSL_CTX> structure.
+
+=over 4
+
+=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+
+=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+
+=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+
+=item void B<SSL_CTX_free>(SSL_CTX *a);
+
+=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+
+=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+
+=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx);
+
+=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
+
+=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
+
+=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
+
+=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+
+=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
+
+=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+
+=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+
+=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+
+=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+
+=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+
+=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+
+=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+
+=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+
+=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+
+=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+
+=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+
+=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+
+=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
+
+=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+
+=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+
+=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+
+=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
+
+=item SSL_CTX_set_tmp_rsa_callback
+
+C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
+
+Sets the callback which will be called when a temporary private key is
+required. The B<C<export>> flag will be set if the reason for needing
+a temp key is that an export ciphersuite is in use, in which case,
+B<C<keylength>> will contain the required keylength in bits. Generate a key of
+appropriate size (using ???) and return it.
+
+=item SSL_set_tmp_rsa_callback
+
+long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+
+The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+session instead of a context.
+
+=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+
+=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+
+=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+
+=back
+
+=head2 DEALING WITH SESSIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+sessions defined in the B<SSL_SESSION> structures.
+
+=over 4
+
+=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b);
+
+=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+
+=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+
+=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx);
+
+=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item long B<SSL_SESSION_get_time>(SSL_SESSION *s);
+
+=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s);
+
+=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a);
+
+=item SSL_SESSION *B<SSL_SESSION_new>(void);
+
+=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x);
+
+=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x);
+
+=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+
+=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+
+=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+
+=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+
+=back
+
+=head2 DEALING WITH CONNECTIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+connection defined in the B<SSL> structure.
+
+=over 4
+
+=item int B<SSL_accept>(SSL *ssl);
+
+=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+
+=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+
+=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+
+=item char *B<SSL_alert_desc_string>(int value);
+
+=item char *B<SSL_alert_desc_string_long>(int value);
+
+=item char *B<SSL_alert_type_string>(int value);
+
+=item char *B<SSL_alert_type_string_long>(int value);
+
+=item int B<SSL_check_private_key>(SSL *ssl);
+
+=item void B<SSL_clear>(SSL *ssl);
+
+=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_connect>(SSL *ssl);
+
+=item void B<SSL_copy_session_id>(SSL *t, SSL *f);
+
+=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+
+=item int B<SSL_do_handshake>(SSL *ssl);
+
+=item SSL *B<SSL_dup>(SSL *ssl);
+
+=item STACK *B<SSL_dup_CA_list>(STACK *sk);
+
+=item void B<SSL_free>(SSL *ssl);
+
+=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl);
+
+=item char *B<SSL_get_app_data>(SSL *ssl);
+
+=item X509 *B<SSL_get_certificate>(SSL *ssl);
+
+=item SSL_CIPHER *B<SSL_get_cipher>(SSL *ssl);
+
+=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
+
+=item char *B<SSL_get_cipher_list>(SSL *ssl, int n);
+
+=item char *B<SSL_get_cipher_name>(SSL *ssl);
+
+=item char *B<SSL_get_cipher_version>(SSL *ssl);
+
+=item STACK *B<SSL_get_ciphers>(SSL *ssl);
+
+=item STACK *B<SSL_get_client_CA_list>(SSL *ssl);
+
+=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+
+=item long B<SSL_get_default_timeout>(SSL *ssl);
+
+=item int B<SSL_get_error>(SSL *ssl, int i);
+
+=item char *B<SSL_get_ex_data>(SSL *ssl, int idx);
+
+=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+
+=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item int B<SSL_get_fd>(SSL *ssl);
+
+=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void)
+
+=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl);
+
+=item X509 *B<SSL_get_peer_certificate>(SSL *ssl);
+
+=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+
+=item int B<SSL_get_quiet_shutdown>(SSL *ssl);
+
+=item BIO *B<SSL_get_rbio>(SSL *ssl);
+
+=item int B<SSL_get_read_ahead>(SSL *ssl);
+
+=item SSL_SESSION *B<SSL_get_session>(SSL *ssl);
+
+=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
+
+=item int B<SSL_get_shutdown>(SSL *ssl);
+
+=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+
+=item int B<SSL_get_state>(SSL *ssl);
+
+=item long B<SSL_get_time>(SSL *ssl);
+
+=item long B<SSL_get_timeout>(SSL *ssl);
+
+=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void)
+
+=item int B<SSL_get_verify_mode>(SSL *ssl);
+
+=item long B<SSL_get_verify_result>(SSL *ssl);
+
+=item char *B<SSL_get_version>(SSL *ssl);
+
+=item BIO *B<SSL_get_wbio>(SSL *ssl);
+
+=item int B<SSL_in_accept_init>(SSL *ssl);
+
+=item int B<SSL_in_before>(SSL *ssl);
+
+=item int B<SSL_in_connect_init>(SSL *ssl);
+
+=item int B<SSL_in_init>(SSL *ssl);
+
+=item int B<SSL_is_init_finished>(SSL *ssl);
+
+=item STACK *B<SSL_load_client_CA_file>(char *file);
+
+=item void B<SSL_load_error_strings>(void);
+
+=item SSL *B<SSL_new>(SSL_CTX *ctx);
+
+=item long B<SSL_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_peek>(SSL *ssl, char *buf, int num);
+
+=item int B<SSL_pending>(SSL *ssl);
+
+=item int B<SSL_read>(SSL *ssl, char *buf, int num);
+
+=item int B<SSL_renegotiate>(SSL *ssl);
+
+=item char *B<SSL_rstate_string>(SSL *ssl);
+
+=item char *B<SSL_rstate_string_long>(SSL *ssl);
+
+=item long B<SSL_session_reused>(SSL *ssl);
+
+=item void B<SSL_set_accept_state>(SSL *ssl);
+
+=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+
+=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+
+=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+
+=item void B<SSL_set_connect_state>(SSL *ssl);
+
+=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+
+=item int B<SSL_set_fd>(SSL *ssl, int fd);
+
+=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+
+=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+
+=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+
+=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+
+=item int B<SSL_set_rfd>(SSL *ssl, int fd);
+
+=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+
+=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+
+=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
+
+=item void B<SSL_set_time>(SSL *ssl, long t);
+
+=item void B<SSL_set_timeout>(SSL *ssl, long t);
+
+=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+
+=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+
+=item int B<SSL_set_wfd>(SSL *ssl, int fd);
+
+=item int B<SSL_shutdown>(SSL *ssl);
+
+=item int B<SSL_state>(SSL *ssl);
+
+=item char *B<SSL_state_string>(SSL *ssl);
+
+=item char *B<SSL_state_string_long>(SSL *ssl);
+
+=item long B<SSL_total_renegotiations>(SSL *ssl);
+
+=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+
+=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+
+=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+
+=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+
+=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_version>(SSL *ssl);
+
+=item int B<SSL_want>(SSL *ssl);
+
+=item int B<SSL_want_nothing>(SSL *ssl);
+
+=item int B<SSL_want_read>(SSL *ssl);
+
+=item int B<SSL_want_write>(SSL *ssl);
+
+=item int B<SSL_want_x509_lookup>(s);
+
+=item int B<SSL_write>(SSL *ssl, char *buf, int num);
+
+=back
+
+=head1 SEE ALSO
+
+L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
+L<SSL_get_error(3)|SSL_get_error(3)>
+
+=head1 HISTORY
+
+The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/lib/libssl/src/util/pod2man.pl b/lib/libssl/src/util/pod2man.pl
new file mode 100644
index 00000000000..f5ec0767ed4
--- /dev/null
+++ b/lib/libssl/src/util/pod2man.pl
@@ -0,0 +1,1181 @@
+: #!/usr/bin/perl-5.005
+ eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
+ if $running_under_some_shell;
+
+$DEF_PM_SECTION = '3pm' || '3';
+
+=head1 NAME
+
+pod2man - translate embedded Perl pod directives into man pages
+
+=head1 SYNOPSIS
+
+B<pod2man>
+[ B<--section=>I<manext> ]
+[ B<--release=>I<relpatch> ]
+[ B<--center=>I<string> ]
+[ B<--date=>I<string> ]
+[ B<--fixed=>I<font> ]
+[ B<--official> ]
+[ B<--lax> ]
+I<inputfile>
+
+=head1 DESCRIPTION
+
+B<pod2man> converts its input file containing embedded pod directives (see
+L<perlpod>) into nroff source suitable for viewing with nroff(1) or
+troff(1) using the man(7) macro set.
+
+Besides the obvious pod conversions, B<pod2man> also takes care of
+func(), func(n), and simple variable references like $foo or @bar so
+you don't have to use code escapes for them; complex expressions like
+C<$fred{'stuff'}> will still need to be escaped, though. Other nagging
+little roffish things that it catches include translating the minus in
+something like foo-bar, making a long dash--like this--into a real em
+dash, fixing up "paired quotes", putting a little space after the
+parens in something like func(), making C++ and PI look right, making
+double underbars have a little tiny space between them, making ALLCAPS
+a teeny bit smaller in troff(1), and escaping backslashes so you don't
+have to.
+
+=head1 OPTIONS
+
+=over 8
+
+=item center
+
+Set the centered header to a specific string. The default is
+"User Contributed Perl Documentation", unless the C<--official> flag is
+given, in which case the default is "Perl Programmers Reference Guide".
+
+=item date
+
+Set the left-hand footer string to this value. By default,
+the modification date of the input file will be used.
+
+=item fixed
+
+The fixed font to use for code refs. Defaults to CW.
+
+=item official
+
+Set the default header to indicate that this page is of
+the standard release in case C<--center> is not given.
+
+=item release
+
+Set the centered footer. By default, this is the current
+perl release.
+
+=item section
+
+Set the section for the C<.TH> macro. The standard conventions on
+sections are to use 1 for user commands, 2 for system calls, 3 for
+functions, 4 for devices, 5 for file formats, 6 for games, 7 for
+miscellaneous information, and 8 for administrator commands. This works
+best if you put your Perl man pages in a separate tree, like
+F</usr/local/perl/man/>. By default, section 1 will be used
+unless the file ends in F<.pm> in which case section 3 will be selected.
+
+=item lax
+
+Don't complain when required sections aren't present.
+
+=back
+
+=head1 Anatomy of a Proper Man Page
+
+For those not sure of the proper layout of a man page, here's
+an example of the skeleton of a proper man page. Head of the
+major headers should be setout as a C<=head1> directive, and
+are historically written in the rather startling ALL UPPER CASE
+format, although this is not mandatory.
+Minor headers may be included using C<=head2>, and are
+typically in mixed case.
+
+=over 10
+
+=item NAME
+
+Mandatory section; should be a comma-separated list of programs or
+functions documented by this podpage, such as:
+
+ foo, bar - programs to do something
+
+=item SYNOPSIS
+
+A short usage summary for programs and functions, which
+may someday be deemed mandatory.
+
+=item DESCRIPTION
+
+Long drawn out discussion of the program. It's a good idea to break this
+up into subsections using the C<=head2> directives, like
+
+ =head2 A Sample Subection
+
+ =head2 Yet Another Sample Subection
+
+=item OPTIONS
+
+Some people make this separate from the description.
+
+=item RETURN VALUE
+
+What the program or function returns if successful.
+
+=item ERRORS
+
+Exceptions, return codes, exit stati, and errno settings.
+
+=item EXAMPLES
+
+Give some example uses of the program.
+
+=item ENVIRONMENT
+
+Envariables this program might care about.
+
+=item FILES
+
+All files used by the program. You should probably use the FE<lt>E<gt>
+for these.
+
+=item SEE ALSO
+
+Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8).
+
+=item NOTES
+
+Miscellaneous commentary.
+
+=item CAVEATS
+
+Things to take special care with; sometimes called WARNINGS.
+
+=item DIAGNOSTICS
+
+All possible messages the program can print out--and
+what they mean.
+
+=item BUGS
+
+Things that are broken or just don't work quite right.
+
+=item RESTRICTIONS
+
+Bugs you don't plan to fix :-)
+
+=item AUTHOR
+
+Who wrote it (or AUTHORS if multiple).
+
+=item HISTORY
+
+Programs derived from other sources sometimes have this, or
+you might keep a modification log here.
+
+=back
+
+=head1 EXAMPLES
+
+ pod2man program > program.1
+ pod2man some_module.pm > /usr/perl/man/man3/some_module.3
+ pod2man --section=7 note.pod > note.7
+
+=head1 DIAGNOSTICS
+
+The following diagnostics are generated by B<pod2man>. Items
+marked "(W)" are non-fatal, whereas the "(F)" errors will cause
+B<pod2man> to immediately exit with a non-zero status.
+
+=over 4
+
+=item bad option in paragraph %d of %s: ``%s'' should be [%s]<%s>
+
+(W) If you start include an option, you should set it off
+as bold, italic, or code.
+
+=item can't open %s: %s
+
+(F) The input file wasn't available for the given reason.
+
+=item Improper man page - no dash in NAME header in paragraph %d of %s
+
+(W) The NAME header did not have an isolated dash in it. This is
+considered important.
+
+=item Invalid man page - no NAME line in %s
+
+(F) You did not include a NAME header, which is essential.
+
+=item roff font should be 1 or 2 chars, not `%s' (F)
+
+(F) The font specified with the C<--fixed> option was not
+a one- or two-digit roff font.
+
+=item %s is missing required section: %s
+
+(W) Required sections include NAME, DESCRIPTION, and if you're
+using a section starting with a 3, also a SYNOPSIS. Actually,
+not having a NAME is a fatal.
+
+=item Unknown escape: %s in %s
+
+(W) An unknown HTML entity (probably for an 8-bit character) was given via
+a C<EE<lt>E<gt>> directive. Besides amp, lt, gt, and quot, recognized
+entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave,
+Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute,
+Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc,
+icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc,
+ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig,
+THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml,
+Yacute, yacute, and yuml.
+
+=item Unmatched =back
+
+(W) You have a C<=back> without a corresponding C<=over>.
+
+=item Unrecognized pod directive: %s
+
+(W) You specified a pod directive that isn't in the known list of
+C<=head1>, C<=head2>, C<=item>, C<=over>, C<=back>, or C<=cut>.
+
+
+=back
+
+=head1 NOTES
+
+If you would like to print out a lot of man page continuously, you
+probably want to set the C and D registers to set contiguous page
+numbering and even/odd paging, at least on some versions of man(7).
+Settting the F register will get you some additional experimental
+indexing:
+
+ troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ...
+
+The indexing merely outputs messages via C<.tm> for each
+major page, section, subsection, item, and any C<XE<lt>E<gt>>
+directives.
+
+
+=head1 RESTRICTIONS
+
+None at this time.
+
+=head1 BUGS
+
+The =over and =back directives don't really work right. They
+take absolute positions instead of offsets, don't nest well, and
+making people count is suboptimal in any event.
+
+=head1 AUTHORS
+
+Original prototype by Larry Wall, but so massively hacked over by
+Tom Christiansen such that Larry probably doesn't recognize it anymore.
+
+=cut
+
+$/ = "";
+$cutting = 1;
+@Indices = ();
+
+# We try first to get the version number from a local binary, in case we're
+# running an installed version of Perl to produce documentation from an
+# uninstalled newer version's pod files.
+if ($^O ne 'plan9' and $^O ne 'dos' and $^O ne 'os2' and $^O ne 'MSWin32') {
+ my $perl = (-x './perl' && -f './perl' ) ?
+ './perl' :
+ ((-x '../perl' && -f '../perl') ?
+ '../perl' :
+ '');
+ ($version,$patch) = `$perl -e 'print $]'` =~ /^(\d\.\d{3})(\d{2})?/ if $perl;
+}
+# No luck; we'll just go with the running Perl's version
+($version,$patch) = $] =~ /^(.{5})(\d{2})?/ unless $version;
+$DEF_RELEASE = "perl $version";
+$DEF_RELEASE .= ", patch $patch" if $patch;
+
+
+sub makedate {
+ my $secs = shift;
+ my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs);
+ my $mname = (qw{Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec})[$mon];
+ $year += 1900;
+ return "$mday/$mname/$year";
+}
+
+use Getopt::Long;
+
+$DEF_SECTION = 1;
+$DEF_CENTER = "User Contributed Perl Documentation";
+$STD_CENTER = "Perl Programmers Reference Guide";
+$DEF_FIXED = 'CW';
+$DEF_LAX = 0;
+
+sub usage {
+ warn "$0: @_\n" if @_;
+ die <<EOF;
+usage: $0 [options] podpage
+Options are:
+ --section=manext (default "$DEF_SECTION")
+ --release=relpatch (default "$DEF_RELEASE")
+ --center=string (default "$DEF_CENTER")
+ --date=string (default "$DEF_DATE")
+ --fixed=font (default "$DEF_FIXED")
+ --official (default NOT)
+ --lax (default NOT)
+EOF
+}
+
+$uok = GetOptions( qw(
+ section=s
+ release=s
+ center=s
+ date=s
+ fixed=s
+ official
+ lax
+ help));
+
+$DEF_DATE = makedate((stat($ARGV[0]))[9] || time());
+
+usage("Usage error!") unless $uok;
+usage() if $opt_help;
+usage("Need one and only one podpage argument") unless @ARGV == 1;
+
+$section = $opt_section || ($ARGV[0] =~ /\.pm$/
+ ? $DEF_PM_SECTION : $DEF_SECTION);
+$RP = $opt_release || $DEF_RELEASE;
+$center = $opt_center || ($opt_official ? $STD_CENTER : $DEF_CENTER);
+$lax = $opt_lax || $DEF_LAX;
+
+$CFont = $opt_fixed || $DEF_FIXED;
+
+if (length($CFont) == 2) {
+ $CFont_embed = "\\f($CFont";
+}
+elsif (length($CFont) == 1) {
+ $CFont_embed = "\\f$CFont";
+}
+else {
+ die "roff font should be 1 or 2 chars, not `$CFont_embed'";
+}
+
+$date = $opt_date || $DEF_DATE;
+
+for (qw{NAME DESCRIPTION}) {
+# for (qw{NAME DESCRIPTION AUTHOR}) {
+ $wanna_see{$_}++;
+}
+$wanna_see{SYNOPSIS}++ if $section =~ /^3/;
+
+
+$name = @ARGV ? $ARGV[0] : "<STDIN>";
+$Filename = $name;
+if ($section =~ /^1/) {
+ require File::Basename;
+ $name = uc File::Basename::basename($name);
+}
+$name =~ s/\.(pod|p[lm])$//i;
+
+# Lose everything up to the first of
+# */lib/*perl* standard or site_perl module
+# */*perl*/lib from -D prefix=/opt/perl
+# */*perl*/ random module hierarchy
+# which works.
+$name =~ s-//+-/-g;
+if ($name =~ s-^.*?/lib/[^/]*perl[^/]*/--i
+ or $name =~ s-^.*?/[^/]*perl[^/]*/lib/--i
+ or $name =~ s-^.*?/[^/]*perl[^/]*/--i) {
+ # Lose ^site(_perl)?/.
+ $name =~ s-^site(_perl)?/--;
+ # Lose ^arch/. (XXX should we use Config? Just for archname?)
+ $name =~ s~^(.*-$^O|$^O-.*)/~~o;
+ # Lose ^version/.
+ $name =~ s-^\d+\.\d+/--;
+}
+
+# Translate Getopt/Long to Getopt::Long, etc.
+$name =~ s(/)(::)g;
+
+if ($name ne 'something') {
+ FCHECK: {
+ open(F, "< $ARGV[0]") || die "can't open $ARGV[0]: $!";
+ while (<F>) {
+ next unless /^=\b/;
+ if (/^=head1\s+NAME\s*$/) { # an /m would forgive mistakes
+ $_ = <F>;
+ unless (/\s*-+\s+/) {
+ $oops++;
+ warn "$0: Improper man page - no dash in NAME header in paragraph $. of $ARGV[0]\n"
+ } else {
+ my @n = split /\s+-+\s+/;
+ if (@n != 2) {
+ $oops++;
+ warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
+ }
+ else {
+ %namedesc = @n;
+ }
+ }
+ last FCHECK;
+ }
+ next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME
+ next if /^=pod\b/; # It is OK to have =pod before NAME
+ die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
+ }
+ die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
+ }
+ close F;
+}
+
+print <<"END";
+.rn '' }`
+''' \$RCSfile\$\$Revision\$\$Date\$
+'''
+''' \$Log\$
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\\fB\\\\\$1\\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\\\n(.\$>=3 .ne \\\\\$3
+.el .ne 3
+.IP "\\\\\$1" \\\\\$2
+..
+.de Vb
+.ft $CFont
+.nf
+.ne \\\\\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+''' Set up \\*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \\(*W-|\\(bv\\*(Tr
+.ie n \\{\\
+.ds -- \\(*W-
+.ds PI pi
+.if (\\n(.H=4u)&(1m=24u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-12u'-\\" diablo 10 pitch
+.if (\\n(.H=4u)&(1m=20u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-8u'-\\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \\*(M", \\*(S", \\*(N" and \\*(T" are the equivalent of
+''' \\*(L" and \\*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\\}
+.el\\{\\
+.ds -- \\(em\\|
+.tr \\*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \\(*p
+'br\\}
+END
+
+print <<'END';
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+END
+
+print <<"END";
+.TH $name $section "$RP" "$date" "$center"
+.UC
+END
+
+push(@Indices, qq{.IX Title "$name $section"});
+
+while (($name, $desc) = each %namedesc) {
+ for ($name, $desc) { s/^\s+//; s/\s+$//; }
+ push(@Indices, qq(.IX Name "$name - $desc"\n));
+}
+
+print <<'END';
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+END
+print ".ft $CFont\n";
+print <<'END';
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+END
+
+$indent = 0;
+
+$begun = "";
+
+# Unrolling [^A-Z>]|[A-Z](?!<) gives: // MRE pp 165.
+my $nonest = '(?:[^A-Z>]*(?:[A-Z](?!<)[^A-Z>]*)*)';
+
+while (<>) {
+ if ($cutting) {
+ next unless /^=/;
+ $cutting = 0;
+ }
+ if ($begun) {
+ if (/^=end\s+$begun/) {
+ $begun = "";
+ }
+ elsif ($begun =~ /^(roff|man)$/) {
+ print STDOUT $_;
+ }
+ next;
+ }
+ chomp;
+
+ # Translate verbatim paragraph
+
+ if (/^\s/) {
+ @lines = split(/\n/);
+ for (@lines) {
+ 1 while s
+ {^( [^\t]* ) \t ( \t* ) }
+ { $1 . ' ' x (8 - (length($1)%8) + 8 * (length($2))) }ex;
+ s/\\/\\e/g;
+ s/\A/\\&/s;
+ }
+ $lines = @lines;
+ makespace() unless $verbatim++;
+ print ".Vb $lines\n";
+ print join("\n", @lines), "\n";
+ print ".Ve\n";
+ $needspace = 0;
+ next;
+ }
+
+ $verbatim = 0;
+
+ if (/^=for\s+(\S+)\s*/s) {
+ if ($1 eq "man" or $1 eq "roff") {
+ print STDOUT $',"\n\n";
+ } else {
+ # ignore unknown for
+ }
+ next;
+ }
+ elsif (/^=begin\s+(\S+)\s*/s) {
+ $begun = $1;
+ if ($1 eq "man" or $1 eq "roff") {
+ print STDOUT $'."\n\n";
+ }
+ next;
+ }
+
+ # check for things that'll hosed our noremap scheme; affects $_
+ init_noremap();
+
+ if (!/^=item/) {
+
+ # trofficate backslashes; must do it before what happens below
+ s/\\/noremap('\\e')/ge;
+
+ # protect leading periods and quotes against *roff
+ # mistaking them for directives
+ s/^(?:[A-Z]<)?[.']/\\&$&/gm;
+
+ # first hide the escapes in case we need to
+ # intuit something and get it wrong due to fmting
+
+ 1 while s/([A-Z]<$nonest>)/noremap($1)/ge;
+
+ # func() is a reference to a perl function
+ s{
+ \b
+ (
+ [:\w]+ \(\)
+ )
+ } {I<$1>}gx;
+
+ # func(n) is a reference to a perl function or a man page
+ s{
+ ([:\w]+)
+ (
+ \( [^\051]+ \)
+ )
+ } {I<$1>\\|$2}gx;
+
+ # convert simple variable references
+ s/(\s+)([\$\@%][\w:]+)(?!\()/${1}C<$2>/g;
+
+ if (m{ (
+ [\-\w]+
+ \(
+ [^\051]*?
+ [\@\$,]
+ [^\051]*?
+ \)
+ )
+ }x && $` !~ /([LCI]<[^<>]*|-)$/ && !/^=\w/)
+ {
+ warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [LCI]<$1>\n";
+ $oops++;
+ }
+
+ while (/(-[a-zA-Z])\b/g && $` !~ /[\w\-]$/) {
+ warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [CB]<$1>\n";
+ $oops++;
+ }
+
+ # put it back so we get the <> processed again;
+ clear_noremap(0); # 0 means leave the E's
+
+ } else {
+ # trofficate backslashes
+ s/\\/noremap('\\e')/ge;
+
+ }
+
+ # need to hide E<> first; they're processed in clear_noremap
+ s/(E<[^<>]+>)/noremap($1)/ge;
+
+
+ $maxnest = 10;
+ while ($maxnest-- && /[A-Z]</) {
+
+ # can't do C font here
+ s/([BI])<($nonest)>/font($1) . $2 . font('R')/eg;
+
+ # files and filelike refs in italics
+ s/F<($nonest)>/I<$1>/g;
+
+ # no break -- usually we want C<> for this
+ s/S<($nonest)>/nobreak($1)/eg;
+
+ # LREF: a la HREF L<show this text|man/section>
+ s:L<([^|>]+)\|[^>]+>:$1:g;
+
+ # LREF: a manpage(3f)
+ s:L<([a-zA-Z][^\s\/]+)(\([^\)]+\))?>:the I<$1>$2 manpage:g;
+
+ # LREF: an =item on another manpage
+ s{
+ L<
+ ([^/]+)
+ /
+ (
+ [:\w]+
+ (\(\))?
+ )
+ >
+ } {the C<$2> entry in the I<$1> manpage}gx;
+
+ # LREF: an =item on this manpage
+ s{
+ ((?:
+ L<
+ /
+ (
+ [:\w]+
+ (\(\))?
+ )
+ >
+ (,?\s+(and\s+)?)?
+ )+)
+ } { internal_lrefs($1) }gex;
+
+ # LREF: a =head2 (head1?), maybe on a manpage, maybe right here
+ # the "func" can disambiguate
+ s{
+ L<
+ (?:
+ ([a-zA-Z]\S+?) /
+ )?
+ "?(.*?)"?
+ >
+ }{
+ do {
+ $1 # if no $1, assume it means on this page.
+ ? "the section on I<$2> in the I<$1> manpage"
+ : "the section on I<$2>"
+ }
+ }gesx; # s in case it goes over multiple lines, so . matches \n
+
+ s/Z<>/\\&/g;
+
+ # comes last because not subject to reprocessing
+ s/C<($nonest)>/noremap("${CFont_embed}${1}\\fR")/eg;
+ }
+
+ if (s/^=//) {
+ $needspace = 0; # Assume this.
+
+ s/\n/ /g;
+
+ ($Cmd, $_) = split(' ', $_, 2);
+
+ $dotlevel = 1;
+ if ($Cmd eq 'head1') {
+ $dotlevel = 1;
+ }
+ elsif ($Cmd eq 'head2') {
+ $dotlevel = 1;
+ }
+ elsif ($Cmd eq 'item') {
+ $dotlevel = 2;
+ }
+
+ if (defined $_) {
+ &escapes($dotlevel);
+ s/"/""/g;
+ }
+
+ clear_noremap(1);
+
+ if ($Cmd eq 'cut') {
+ $cutting = 1;
+ }
+ elsif ($Cmd eq 'head1') {
+ s/\s+$//;
+ delete $wanna_see{$_} if exists $wanna_see{$_};
+ print qq{.SH "$_"\n};
+ push(@Indices, qq{.IX Header "$_"\n});
+ }
+ elsif ($Cmd eq 'head2') {
+ print qq{.Sh "$_"\n};
+ push(@Indices, qq{.IX Subsection "$_"\n});
+ }
+ elsif ($Cmd eq 'over') {
+ push(@indent,$indent);
+ $indent += ($_ + 0) || 5;
+ }
+ elsif ($Cmd eq 'back') {
+ $indent = pop(@indent);
+ warn "$0: Unmatched =back in paragraph $. of $ARGV\n" unless defined $indent;
+ $needspace = 1;
+ }
+ elsif ($Cmd eq 'item') {
+ s/^\*( |$)/\\(bu$1/g;
+ # if you know how to get ":s please do
+ s/\\\*\(L"([^"]+?)\\\*\(R"/'$1'/g;
+ s/\\\*\(L"([^"]+?)""/'$1'/g;
+ s/[^"]""([^"]+?)""[^"]/'$1'/g;
+ # here do something about the $" in perlvar?
+ print STDOUT qq{.Ip "$_" $indent\n};
+ push(@Indices, qq{.IX Item "$_"\n});
+ }
+ elsif ($Cmd eq 'pod') {
+ # this is just a comment
+ }
+ else {
+ warn "$0: Unrecognized pod directive in paragraph $. of $ARGV: $Cmd\n";
+ }
+ }
+ else {
+ if ($needspace) {
+ &makespace;
+ }
+ &escapes(0);
+ clear_noremap(1);
+ print $_, "\n";
+ $needspace = 1;
+ }
+}
+
+print <<"END";
+
+.rn }` ''
+END
+
+if (%wanna_see && !$lax) {
+ @missing = keys %wanna_see;
+ warn "$0: $Filename is missing required section"
+ . (@missing > 1 && "s")
+ . ": @missing\n";
+ $oops++;
+}
+
+foreach (@Indices) { print "$_\n"; }
+
+exit;
+#exit ($oops != 0);
+
+#########################################################################
+
+sub nobreak {
+ my $string = shift;
+ $string =~ s/ /\\ /g;
+ $string;
+}
+
+sub escapes {
+ my $indot = shift;
+
+ s/X<(.*?)>/mkindex($1)/ge;
+
+ # translate the minus in foo-bar into foo\-bar for roff
+ s/([^0-9a-z-])-([^-])/$1\\-$2/g;
+
+ # make -- into the string version \*(-- (defined above)
+ s/\b--\b/\\*(--/g;
+ s/"--([^"])/"\\*(--$1/g; # should be a better way
+ s/([^"])--"/$1\\*(--"/g;
+
+ # fix up quotes; this is somewhat tricky
+ my $dotmacroL = 'L';
+ my $dotmacroR = 'R';
+ if ( $indot == 1 ) {
+ $dotmacroL = 'M';
+ $dotmacroR = 'S';
+ }
+ elsif ( $indot >= 2 ) {
+ $dotmacroL = 'N';
+ $dotmacroR = 'T';
+ }
+ if (!/""/) {
+ s/(^|\s)(['"])/noremap("$1\\*($dotmacroL$2")/ge;
+ s/(['"])($|[\-\s,;\\!?.])/noremap("\\*($dotmacroR$1$2")/ge;
+ }
+
+ #s/(?!")(?:.)--(?!")(?:.)/\\*(--/g;
+ #s/(?:(?!")(?:.)--(?:"))|(?:(?:")--(?!")(?:.))/\\*(--/g;
+
+
+ # make sure that func() keeps a bit a space tween the parens
+ ### s/\b\(\)/\\|()/g;
+ ### s/\b\(\)/(\\|)/g;
+
+ # make C++ into \*C+, which is a squinched version (defined above)
+ s/\bC\+\+/\\*(C+/g;
+
+ # make double underbars have a little tiny space between them
+ s/__/_\\|_/g;
+
+ # PI goes to \*(PI (defined above)
+ s/\bPI\b/noremap('\\*(PI')/ge;
+
+ # make all caps a teeny bit smaller, but don't muck with embedded code literals
+ my $hidCFont = font('C');
+ if ($Cmd !~ /^head1/) { # SH already makes smaller
+ # /g isn't enough; 1 while or we'll be off
+
+# 1 while s{
+# (?!$hidCFont)(..|^.|^)
+# \b
+# (
+# [A-Z][\/A-Z+:\-\d_$.]+
+# )
+# (s?)
+# \b
+# } {$1\\s-1$2\\s0}gmox;
+
+ 1 while s{
+ (?!$hidCFont)(..|^.|^)
+ (
+ \b[A-Z]{2,}[\/A-Z+:\-\d_\$]*\b
+ )
+ } {
+ $1 . noremap( '\\s-1' . $2 . '\\s0' )
+ }egmox;
+
+ }
+}
+
+# make troff just be normal, but make small nroff get quoted
+# decided to just put the quotes in the text; sigh;
+sub ccvt {
+ local($_,$prev) = @_;
+ noremap(qq{.CQ "$_" \n\\&});
+}
+
+sub makespace {
+ if ($indent) {
+ print ".Sp\n";
+ }
+ else {
+ print ".PP\n";
+ }
+}
+
+sub mkindex {
+ my ($entry) = @_;
+ my @entries = split m:\s*/\s*:, $entry;
+ push @Indices, ".IX Xref " . join ' ', map {qq("$_")} @entries;
+ return '';
+}
+
+sub font {
+ local($font) = shift;
+ return '\\f' . noremap($font);
+}
+
+sub noremap {
+ local($thing_to_hide) = shift;
+ $thing_to_hide =~ tr/\000-\177/\200-\377/;
+ return $thing_to_hide;
+}
+
+sub init_noremap {
+ # escape high bit characters in input stream
+ s/([\200-\377])/"E<".ord($1).">"/ge;
+}
+
+sub clear_noremap {
+ my $ready_to_print = $_[0];
+
+ tr/\200-\377/\000-\177/;
+
+ # trofficate backslashes
+ # s/(?!\\e)(?:..|^.|^)\\/\\e/g;
+
+ # now for the E<>s, which have been hidden until now
+ # otherwise the interative \w<> processing would have
+ # been hosed by the E<gt>
+ s {
+ E<
+ (
+ ( \d + )
+ | ( [A-Za-z]+ )
+ )
+ >
+ } {
+ do {
+ defined $2
+ ? chr($2)
+ :
+ exists $HTML_Escapes{$3}
+ ? do { $HTML_Escapes{$3} }
+ : do {
+ warn "$0: Unknown escape in paragraph $. of $ARGV: ``$&''\n";
+ "E<$1>";
+ }
+ }
+ }egx if $ready_to_print;
+}
+
+sub internal_lrefs {
+ local($_) = shift;
+ local $trailing_and = s/and\s+$// ? "and " : "";
+
+ s{L</([^>]+)>}{$1}g;
+ my(@items) = split( /(?:,?\s+(?:and\s+)?)/ );
+ my $retstr = "the ";
+ my $i;
+ for ($i = 0; $i <= $#items; $i++) {
+ $retstr .= "C<$items[$i]>";
+ $retstr .= ", " if @items > 2 && $i != $#items;
+ $retstr .= " and " if $i+2 == @items;
+ }
+
+ $retstr .= " entr" . ( @items > 1 ? "ies" : "y" )
+ . " elsewhere in this document";
+ # terminal space to avoid words running together (pattern used
+ # strips terminal spaces)
+ $retstr .= " " if length $trailing_and;
+ $retstr .= $trailing_and;
+
+ return $retstr;
+
+}
+
+BEGIN {
+%HTML_Escapes = (
+ 'amp' => '&', # ampersand
+ 'lt' => '<', # left chevron, less-than
+ 'gt' => '>', # right chevron, greater-than
+ 'quot' => '"', # double quote
+
+ "Aacute" => "A\\*'", # capital A, acute accent
+ "aacute" => "a\\*'", # small a, acute accent
+ "Acirc" => "A\\*^", # capital A, circumflex accent
+ "acirc" => "a\\*^", # small a, circumflex accent
+ "AElig" => '\*(AE', # capital AE diphthong (ligature)
+ "aelig" => '\*(ae', # small ae diphthong (ligature)
+ "Agrave" => "A\\*`", # capital A, grave accent
+ "agrave" => "A\\*`", # small a, grave accent
+ "Aring" => 'A\\*o', # capital A, ring
+ "aring" => 'a\\*o', # small a, ring
+ "Atilde" => 'A\\*~', # capital A, tilde
+ "atilde" => 'a\\*~', # small a, tilde
+ "Auml" => 'A\\*:', # capital A, dieresis or umlaut mark
+ "auml" => 'a\\*:', # small a, dieresis or umlaut mark
+ "Ccedil" => 'C\\*,', # capital C, cedilla
+ "ccedil" => 'c\\*,', # small c, cedilla
+ "Eacute" => "E\\*'", # capital E, acute accent
+ "eacute" => "e\\*'", # small e, acute accent
+ "Ecirc" => "E\\*^", # capital E, circumflex accent
+ "ecirc" => "e\\*^", # small e, circumflex accent
+ "Egrave" => "E\\*`", # capital E, grave accent
+ "egrave" => "e\\*`", # small e, grave accent
+ "ETH" => '\\*(D-', # capital Eth, Icelandic
+ "eth" => '\\*(d-', # small eth, Icelandic
+ "Euml" => "E\\*:", # capital E, dieresis or umlaut mark
+ "euml" => "e\\*:", # small e, dieresis or umlaut mark
+ "Iacute" => "I\\*'", # capital I, acute accent
+ "iacute" => "i\\*'", # small i, acute accent
+ "Icirc" => "I\\*^", # capital I, circumflex accent
+ "icirc" => "i\\*^", # small i, circumflex accent
+ "Igrave" => "I\\*`", # capital I, grave accent
+ "igrave" => "i\\*`", # small i, grave accent
+ "Iuml" => "I\\*:", # capital I, dieresis or umlaut mark
+ "iuml" => "i\\*:", # small i, dieresis or umlaut mark
+ "Ntilde" => 'N\*~', # capital N, tilde
+ "ntilde" => 'n\*~', # small n, tilde
+ "Oacute" => "O\\*'", # capital O, acute accent
+ "oacute" => "o\\*'", # small o, acute accent
+ "Ocirc" => "O\\*^", # capital O, circumflex accent
+ "ocirc" => "o\\*^", # small o, circumflex accent
+ "Ograve" => "O\\*`", # capital O, grave accent
+ "ograve" => "o\\*`", # small o, grave accent
+ "Oslash" => "O\\*/", # capital O, slash
+ "oslash" => "o\\*/", # small o, slash
+ "Otilde" => "O\\*~", # capital O, tilde
+ "otilde" => "o\\*~", # small o, tilde
+ "Ouml" => "O\\*:", # capital O, dieresis or umlaut mark
+ "ouml" => "o\\*:", # small o, dieresis or umlaut mark
+ "szlig" => '\*8', # small sharp s, German (sz ligature)
+ "THORN" => '\\*(Th', # capital THORN, Icelandic
+ "thorn" => '\\*(th',, # small thorn, Icelandic
+ "Uacute" => "U\\*'", # capital U, acute accent
+ "uacute" => "u\\*'", # small u, acute accent
+ "Ucirc" => "U\\*^", # capital U, circumflex accent
+ "ucirc" => "u\\*^", # small u, circumflex accent
+ "Ugrave" => "U\\*`", # capital U, grave accent
+ "ugrave" => "u\\*`", # small u, grave accent
+ "Uuml" => "U\\*:", # capital U, dieresis or umlaut mark
+ "uuml" => "u\\*:", # small u, dieresis or umlaut mark
+ "Yacute" => "Y\\*'", # capital Y, acute accent
+ "yacute" => "y\\*'", # small y, acute accent
+ "yuml" => "y\\*:", # small y, dieresis or umlaut mark
+);
+}
+
diff --git a/lib/libssl/src/util/selftest.pl b/lib/libssl/src/util/selftest.pl
new file mode 100644
index 00000000000..91e962a312c
--- /dev/null
+++ b/lib/libssl/src/util/selftest.pl
@@ -0,0 +1,174 @@
+#!/usr/local/bin/perl -w
+#
+# Run the test suite and generate a report
+#
+
+if (! -f "Configure") {
+ print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
+ exit 1;
+}
+
+my $report="testlog";
+my $os="??";
+my $version="??";
+my $platform0="??";
+my $platform="??";
+my $options="??";
+my $last="??";
+my $ok=0;
+my $cc="cc";
+my $cversion="??";
+my $sep="-----------------------------------------------------------------------------\n";
+
+open(OUT,">$report") or die;
+
+print OUT "OpenSSL self-test report:\n\n";
+
+$uname=`uname -a`;
+$uname="??" if $uname eq "";
+
+$c=`sh config -t`;
+foreach $_ (split("\n",$c)) {
+ $os=$1 if (/Operating system: (.*)$/);
+ $platform0=$1 if (/Configuring for (.*)$/);
+}
+
+system "sh config" if (! -f "Makefile.ssl");
+
+if (open(IN,"<Makefile.ssl")) {
+ while (<IN>) {
+ $version=$1 if (/^VERSION=(.*)$/);
+ $platform=$1 if (/^PLATFORM=(.*)$/);
+ $options=$1 if (/^OPTIONS=(.*)$/);
+ $cc=$1 if (/^CC= *(.*)$/);
+ }
+ close(IN);
+} else {
+ print OUT "Error running config!\n";
+}
+
+$cversion=`$cc -v 2>&1`;
+$cversion=`$cc -V 2>&1` if $cversion =~ "usage";
+$cversion=`$cc --version` if $cversion eq "";
+$cversion =~ s/Reading specs.*\n//;
+$cversion =~ s/usage.*\n//;
+chomp $cversion;
+
+if (open(IN,"<CHANGES")) {
+ while(<IN>) {
+ if (/\*\) (.{0,55})/) {
+ $last=$1;
+ last;
+ }
+ }
+ close(IN);
+}
+
+print OUT "OpenSSL version: $version\n";
+print OUT "Last change: $last...\n";
+print OUT "Options: $options\n" if $options ne "";
+print OUT "OS (uname): $uname";
+print OUT "OS (config): $os\n";
+print OUT "Target (default): $platform0\n";
+print OUT "Target: $platform\n";
+print OUT "Compiler: $cversion\n";
+print OUT "\n";
+
+print "Checking compiler...\n";
+if (open(TEST,">cctest.c")) {
+ print TEST "#include <stdio.h>\nmain(){printf(\"Hello world\\n\");}\n";
+ close(TEST);
+ system("$cc -o cctest cctest.c");
+ if (`./cctest` !~ /Hello world/) {
+ print OUT "Compiler doesn't work.\n";
+ goto err;
+ }
+} else {
+ print OUT "Can't create cctest.c\n";
+}
+if (open(TEST,">cctest.c")) {
+ print TEST "#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
+ close(TEST);
+ system("$cc -o cctest -Iinclude cctest.c");
+ $cctest = `./cctest`;
+ if ($cctest !~ /OpenSSL $version/) {
+ if ($cctest =~ /OpenSSL/) {
+ print OUT "#include uses headers from different OpenSSL version!\n";
+ } else {
+ print OUT "Can't compile test program!\n";
+ }
+ goto err;
+ }
+} else {
+ print OUT "Can't create cctest.c\n";
+}
+
+print "Running make...\n";
+if (system("make 2>&1 | tee make.log") > 255) {
+
+ print OUT "make failed!\n";
+ if (open(IN,"<make.log")) {
+ print OUT $sep;
+ while (<IN>) {
+ print OUT;
+ }
+ close(IN);
+ print OUT $sep;
+ } else {
+ print OUT "make.log not found!\n";
+ }
+ goto err;
+}
+
+$_=$options;
+s/no-asm//;
+if (/no-/)
+{
+ print OUT "Test skipped.\n";
+ goto err;
+}
+
+print "Running make test...\n";
+if (system("make test 2>&1 | tee make.log") > 255)
+ {
+ print OUT "make test failed!\n";
+} else {
+ $ok=1;
+}
+
+if ($ok and open(IN,"<make.log")) {
+ while (<IN>) {
+ $ok=2 if /^platform: $platform/;
+ }
+ close(IN);
+}
+
+if ($ok != 2) {
+ print OUT "Failure!\n";
+ if (open(IN,"<make.log")) {
+ print OUT $sep;
+ while (<IN>) {
+ print OUT;
+ }
+ close(IN);
+ print OUT $sep;
+ } else {
+ print OUT "make.log not found!\n";
+ }
+} else {
+ print OUT "Test passed.\n";
+}
+err:
+close(OUT);
+
+print "\n";
+open(IN,"<$report") or die;
+while (<IN>) {
+ if (/$sep/) {
+ print "[...]\n";
+ last;
+ }
+ print;
+}
+print "\nTest report in file $report\n";
+