From 36352c5c462c03e8c42077c59ddfabd07fc117f9 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 14 May 2026 11:44:26 +0100 Subject: [PATCH 1/2] re-vendor crypto backends --- .../0001-Vendor-external-dependencies.patch | 6974 ++++++++++------- 1 file changed, 4345 insertions(+), 2629 deletions(-) diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index a4ec2d8ce3..9d368778e0 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -15,7 +15,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-infra/telemetry/README.md | 9 + .../go-infra/telemetry/config/LICENSE | 21 + .../go-infra/telemetry/config/config.go | 11 + - .../go-infra/telemetry/config/config.json | 73 + + .../go-infra/telemetry/config/config.json | 76 + .../go-infra/telemetry/counter/counter.go | 63 + .../telemetry/internal/appinsights/README.md | 12 + .../telemetry/internal/appinsights/client.go | 192 ++ @@ -37,7 +37,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result src/go.sum | 6 + src/go/build/deps_test.go | 55 +- src/go/build/vendor_test.go | 4 + - .../golang-fips/openssl/v2/.gitignore | 2 + + .../golang-fips/openssl/v2/.gitignore | 3 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + .../golang-fips/openssl/v2/README.md | 66 + @@ -45,18 +45,18 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../golang-fips/openssl/v2/bbig/big.go | 37 + .../github.com/golang-fips/openssl/v2/big.go | 11 + .../openssl/v2/chacha20poly1305.go | 151 + - .../golang-fips/openssl/v2/cipher.go | 662 +++++ - .../golang-fips/openssl/v2/const.go | 91 + - .../golang-fips/openssl/v2/cshake.go | 253 ++ - .../github.com/golang-fips/openssl/v2/des.go | 112 + + .../golang-fips/openssl/v2/cipher.go | 665 +++++ + .../golang-fips/openssl/v2/const.go | 99 + + .../golang-fips/openssl/v2/cshake.go | 255 ++ + .../github.com/golang-fips/openssl/v2/des.go | 118 + .../github.com/golang-fips/openssl/v2/dsa.go | 305 ++ - .../github.com/golang-fips/openssl/v2/ec.go | 136 + + .../github.com/golang-fips/openssl/v2/ec.go | 131 + .../github.com/golang-fips/openssl/v2/ecdh.go | 340 +++ .../golang-fips/openssl/v2/ecdsa.go | 219 ++ - .../golang-fips/openssl/v2/ed25519.go | 210 ++ - .../github.com/golang-fips/openssl/v2/evp.go | 620 +++++ + .../golang-fips/openssl/v2/ed25519.go | 208 ++ + .../github.com/golang-fips/openssl/v2/evp.go | 614 ++++ .../github.com/golang-fips/openssl/v2/hash.go | 520 ++++ - .../github.com/golang-fips/openssl/v2/hkdf.go | 451 +++ + .../github.com/golang-fips/openssl/v2/hkdf.go | 441 +++ .../github.com/golang-fips/openssl/v2/hmac.go | 278 ++ .../openssl/v2/internal/fakecgo/abi_amd64.h | 99 + .../openssl/v2/internal/fakecgo/abi_arm64.h | 39 + @@ -104,7 +104,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../v2/internal/fakecgo/trampolines_loong64.s | 78 + .../v2/internal/fakecgo/trampolines_ppc64le.s | 128 + .../v2/internal/fakecgo/trampolines_riscv64.s | 76 + - .../v2/internal/fakecgo/trampolines_s390x.s | 154 ++ + .../v2/internal/fakecgo/trampolines_s390x.s | 154 + .../openssl/v2/internal/fakecgo/zsymbols.go | 165 ++ .../v2/internal/fakecgo/zsymbols_darwin.go | 59 + .../v2/internal/fakecgo/zsymbols_freebsd.go | 48 + @@ -124,10 +124,10 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../openssl/v2/internal/ossl/asm_s390x.s | 117 + .../golang-fips/openssl/v2/internal/ossl/dl.h | 12 + .../openssl/v2/internal/ossl/errors.go | 34 + - .../openssl/v2/internal/ossl/errors_cgo.go | 14 + + .../openssl/v2/internal/ossl/errors_cgo.go | 30 + .../openssl/v2/internal/ossl/errors_nocgo.go | 16 + .../openssl/v2/internal/ossl/ossl.go | 59 + - .../openssl/v2/internal/ossl/shims.h | 434 +++ + .../openssl/v2/internal/ossl/shims.h | 442 +++ .../openssl/v2/internal/ossl/syscall_nocgo.go | 84 + .../v2/internal/ossl/syscall_nocgo_darwin.go | 5 + .../v2/internal/ossl/syscall_nocgo_freebsd.go | 5 + @@ -136,29 +136,30 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../v2/internal/ossl/syscall_nocgo_windows.go | 22 + .../openssl/v2/internal/ossl/zdl.s | 55 + .../openssl/v2/internal/ossl/zdl_nocgo.go | 58 + - .../openssl/v2/internal/ossl/zossl.c | 2054 ++++++++++++++ - .../openssl/v2/internal/ossl/zossl.go | 67 + - .../openssl/v2/internal/ossl/zossl.h | 363 +++ - .../openssl/v2/internal/ossl/zossl_cgo.go | 1486 ++++++++++ - .../openssl/v2/internal/ossl/zossl_nocgo.go | 2450 +++++++++++++++++ - .../golang-fips/openssl/v2/mlkem.go | 365 +++ - .../golang-fips/openssl/v2/openssl.go | 244 ++ + .../openssl/v2/internal/ossl/zossl.c | 2071 ++++++++++++++ + .../openssl/v2/internal/ossl/zossl.go | 73 + + .../openssl/v2/internal/ossl/zossl.h | 371 +++ + .../openssl/v2/internal/ossl/zossl_cgo.go | 1502 ++++++++++ + .../openssl/v2/internal/ossl/zossl_nocgo.go | 2468 +++++++++++++++++ + .../golang-fips/openssl/v2/mldsa.go | 448 +++ + .../golang-fips/openssl/v2/mlkem.go | 368 +++ + .../golang-fips/openssl/v2/openssl.go | 240 ++ .../golang-fips/openssl/v2/openssl_cgo.go | 16 + .../golang-fips/openssl/v2/openssl_nocgo.go | 32 + - .../golang-fips/openssl/v2/osslsetup/fips.go | 165 ++ - .../golang-fips/openssl/v2/osslsetup/init.go | 160 ++ + .../golang-fips/openssl/v2/osslsetup/fips.go | 166 ++ + .../golang-fips/openssl/v2/osslsetup/init.go | 169 ++ .../openssl/v2/osslsetup/init_cgo_unix.go | 31 + .../openssl/v2/osslsetup/init_nocgo_unix.go | 32 + .../openssl/v2/osslsetup/init_windows.go | 36 + - .../openssl/v2/osslsetup/osslsetup.go | 74 + + .../openssl/v2/osslsetup/osslsetup.go | 103 + .../openssl/v2/osslsetup/osslsetup_cgo.go | 11 + .../openssl/v2/osslsetup/osslsetup_nocgo.go | 21 + - .../golang-fips/openssl/v2/params.go | 180 ++ + .../golang-fips/openssl/v2/params.go | 190 ++ .../golang-fips/openssl/v2/pbkdf2.go | 54 + - .../golang-fips/openssl/v2/provideropenssl.go | 239 ++ + .../golang-fips/openssl/v2/provideropenssl.go | 249 ++ .../openssl/v2/providersymcrypt.go | 330 +++ .../github.com/golang-fips/openssl/v2/rand.go | 21 + - .../github.com/golang-fips/openssl/v2/rc4.go | 68 + + .../github.com/golang-fips/openssl/v2/rc4.go | 74 + .../github.com/golang-fips/openssl/v2/rsa.go | 711 +++++ .../golang-fips/openssl/v2/tls1prf.go | 156 ++ .../github.com/golang-fips/openssl/v2/zaes.go | 86 + @@ -173,19 +174,20 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/commoncrypto/zcommoncrypto.s | 76 + .../commoncrypto/zcommoncrypto_cgo.go | 64 + .../commoncrypto/zcommoncrypto_nocgo.go | 102 + - .../internal/cryptokit/CryptoKit_amd64.syso | Bin 0 -> 176512 bytes - .../internal/cryptokit/CryptoKit_arm64.syso | Bin 0 -> 169880 bytes + .../internal/cryptokit/CryptoKit_amd64.syso | Bin 0 -> 181384 bytes + .../internal/cryptokit/CryptoKit_arm64.syso | Bin 0 -> 176808 bytes .../internal/cryptokit/cryptokit.go | 8 + .../internal/cryptokit/cryptokit_cgo.go | 10 + - .../internal/cryptokit/shims.h | 84 + + .../internal/cryptokit/shims.h | 127 + .../internal/cryptokit/syscall_nocgo.go | 15 + - .../internal/cryptokit/zcryptokit.c | 262 ++ - .../internal/cryptokit/zcryptokit.h | 66 + - .../internal/cryptokit/zcryptokit.s | 334 +++ - .../internal/cryptokit/zcryptokit_cgo.go | 320 +++ - .../internal/cryptokit/zcryptokit_nocgo.go | 364 +++ - .../cryptokit/zcryptokit_swift_amd64.go | 283 ++ - .../cryptokit/zcryptokit_swift_arm64.go | 282 ++ + .../internal/cryptokit/xcodebuild_version.txt | 2 + + .../internal/cryptokit/zcryptokit.c | 317 +++ + .../internal/cryptokit/zcryptokit.h | 77 + + .../internal/cryptokit/zcryptokit.s | 400 +++ + .../internal/cryptokit/zcryptokit_cgo.go | 386 +++ + .../internal/cryptokit/zcryptokit_nocgo.go | 441 +++ + .../cryptokit/zcryptokit_swift_amd64.go | 307 ++ + .../cryptokit/zcryptokit_swift_arm64.go | 306 ++ .../internal/fakecgo/abi_amd64.h | 99 + .../internal/fakecgo/abi_arm64.h | 39 + .../internal/fakecgo/asm_amd64.s | 39 + @@ -229,15 +231,16 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-crypto-darwin/xcrypto/des.go | 111 + .../microsoft/go-crypto-darwin/xcrypto/ec.go | 39 + .../go-crypto-darwin/xcrypto/ecdh.go | 146 + - .../go-crypto-darwin/xcrypto/ecdsa.go | 154 ++ + .../go-crypto-darwin/xcrypto/ecdsa.go | 154 + .../go-crypto-darwin/xcrypto/ed25519.go | 124 + .../microsoft/go-crypto-darwin/xcrypto/evp.go | 339 +++ .../microsoft/go-crypto-darwin/xcrypto/gcm.go | 218 ++ .../go-crypto-darwin/xcrypto/hash.go | 337 +++ .../go-crypto-darwin/xcrypto/hkdf.go | 103 + .../go-crypto-darwin/xcrypto/hmac.go | 119 + + .../go-crypto-darwin/xcrypto/mldsa.go | 222 ++ .../go-crypto-darwin/xcrypto/mlkem.go | 261 ++ - .../go-crypto-darwin/xcrypto/pbkdf2.go | 68 + + .../go-crypto-darwin/xcrypto/pbkdf2.go | 76 + .../go-crypto-darwin/xcrypto/rand.go | 28 + .../microsoft/go-crypto-darwin/xcrypto/rc4.go | 81 + .../microsoft/go-crypto-darwin/xcrypto/rsa.go | 208 ++ @@ -256,6 +259,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-crypto-winnative/cng/hkdf.go | 133 + .../microsoft/go-crypto-winnative/cng/hmac.go | 70 + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++ + .../go-crypto-winnative/cng/mldsa.go | 425 +++ .../go-crypto-winnative/cng/mlkem.go | 405 +++ .../go-crypto-winnative/cng/pbkdf2.go | 70 + .../microsoft/go-crypto-winnative/cng/rand.go | 28 + @@ -263,13 +267,13 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-crypto-winnative/cng/rsa.go | 404 +++ .../microsoft/go-crypto-winnative/cng/sha3.go | 203 ++ .../go-crypto-winnative/cng/tls1prf.go | 89 + - .../internal/bcrypt/bcrypt_windows.go | 414 +++ + .../internal/bcrypt/bcrypt_windows.go | 434 +++ .../internal/bcrypt/ntstatus_windows.go | 45 + .../internal/bcrypt/zsyscall_windows.go | 438 +++ .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 23 + - 261 files changed, 34100 insertions(+), 7 deletions(-) + 265 files changed, 35744 insertions(+), 7 deletions(-) create mode 100644 src/cmd/internal/telemetry/counter/deps_ignore.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/LICENSE create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/README.md @@ -396,6 +400,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go + create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/mldsa.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/mlkem.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl_cgo.go @@ -434,6 +439,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit_cgo.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s @@ -491,6 +497,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go @@ -511,6 +518,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/hmac.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/keys.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/mldsa.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/mlkem.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/pbkdf2.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/rand.go @@ -525,30 +533,30 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/sysdll/sys_windows.go diff --git a/src/cmd/go.mod b/src/cmd/go.mod -index 930247f4c895b7..4ec198a52d70e9 100644 +index 930247f4c895b7..080a70ec79a1a7 100644 --- a/src/cmd/go.mod +++ b/src/cmd/go.mod @@ -4,6 +4,8 @@ go 1.27 require ( github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 -+ github.com/microsoft/go-infra/telemetry v0.0.0-20260407113113-dbc3015a3e9c -+ github.com/microsoft/go-infra/telemetry/config v0.0.0-20260128082012-a1498e2b57dd ++ github.com/microsoft/go-infra/telemetry v0.0.0-20260513084116-8db604e72b76 ++ github.com/microsoft/go-infra/telemetry/config v0.0.0-20260513084116-8db604e72b76 golang.org/x/arch v0.23.1-0.20260109160903-657d90bd6695 golang.org/x/build v0.0.0-20260122183339-3ba88df37c64 golang.org/x/mod v0.35.0 diff --git a/src/cmd/go.sum b/src/cmd/go.sum -index 89e5f334cfffbb..1209f1208e06d3 100644 +index 89e5f334cfffbb..03092e84af8453 100644 --- a/src/cmd/go.sum +++ b/src/cmd/go.sum @@ -4,6 +4,10 @@ github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/v github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/ianlancetaylor/demangle v0.0.0-20250417193237-f615e6bd150b h1:ogbOPx86mIhFy764gGkqnkFC8m5PJA7sPzlk9ppLVQA= github.com/ianlancetaylor/demangle v0.0.0-20250417193237-f615e6bd150b/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= -+github.com/microsoft/go-infra/telemetry v0.0.0-20260407113113-dbc3015a3e9c h1:qOt7PpDH8k4734emsdXNylY79cY2qOHubeVP8Z/5iwI= -+github.com/microsoft/go-infra/telemetry v0.0.0-20260407113113-dbc3015a3e9c/go.mod h1:LxxLUDlqi1gwmGrnh1slAFqnEhZnKjn37MABZ6xJs44= -+github.com/microsoft/go-infra/telemetry/config v0.0.0-20260128082012-a1498e2b57dd h1:vNA5PIOnvHfH7O9GUOZXKUakJpdE7+PzsF641y7Zly0= -+github.com/microsoft/go-infra/telemetry/config v0.0.0-20260128082012-a1498e2b57dd/go.mod h1:t6u8QcO4tExYT4+NEB0XqR0ObiUvLe0D8ZpxFobGuA8= ++github.com/microsoft/go-infra/telemetry v0.0.0-20260513084116-8db604e72b76 h1:nP1tNhLNK4ceYOGVEfAY44tj/5Q0vq/pOqZggUzXHXc= ++github.com/microsoft/go-infra/telemetry v0.0.0-20260513084116-8db604e72b76/go.mod h1:LxxLUDlqi1gwmGrnh1slAFqnEhZnKjn37MABZ6xJs44= ++github.com/microsoft/go-infra/telemetry/config v0.0.0-20260513084116-8db604e72b76 h1:LESU567RNJA+E3w8PyUdwbswh/PY8vF0xvsf3fUERMI= ++github.com/microsoft/go-infra/telemetry/config v0.0.0-20260513084116-8db604e72b76/go.mod h1:t6u8QcO4tExYT4+NEB0XqR0ObiUvLe0D8ZpxFobGuA8= github.com/yuin/goldmark v1.6.0 h1:boZcn2GTjpsynOsC0iJHnBWa4Bi0qzfJjthwauItG68= github.com/yuin/goldmark v1.6.0/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/arch v0.23.1-0.20260109160903-657d90bd6695 h1:q45HsUyFzBjBk4mHGgUewJf6KKOkNiWB8wMx0X6elyA= @@ -663,10 +671,10 @@ index 00000000000000..044268a046a54d +var Config []byte diff --git a/src/cmd/vendor/github.com/microsoft/go-infra/telemetry/config/config.json b/src/cmd/vendor/github.com/microsoft/go-infra/telemetry/config/config.json new file mode 100644 -index 00000000000000..76053296e82470 +index 00000000000000..4b16ad97f35d1a --- /dev/null +++ b/src/cmd/vendor/github.com/microsoft/go-infra/telemetry/config/config.json -@@ -0,0 +1,73 @@ +@@ -0,0 +1,76 @@ +{ + "GOOS": [ + "aix", @@ -735,6 +743,9 @@ index 00000000000000..76053296e82470 + }, + { + "Name": "go/cgo:{enabled,disabled}" ++ }, ++ { ++ "Name": "msgo/systemcrypto:{enabled,disabled}" + } + ] + } @@ -2215,14 +2226,14 @@ index 00000000000000..e50deaa4189b18 + return false +} diff --git a/src/cmd/vendor/modules.txt b/src/cmd/vendor/modules.txt -index 6ba72c229f6240..f8ef5d5c1f1d04 100644 +index 6ba72c229f6240..52e14e559e925d 100644 --- a/src/cmd/vendor/modules.txt +++ b/src/cmd/vendor/modules.txt @@ -16,6 +16,17 @@ github.com/google/pprof/third_party/svgpan # github.com/ianlancetaylor/demangle v0.0.0-20250417193237-f615e6bd150b ## explicit; go 1.13 github.com/ianlancetaylor/demangle -+# github.com/microsoft/go-infra/telemetry v0.0.0-20260407113113-dbc3015a3e9c ++# github.com/microsoft/go-infra/telemetry v0.0.0-20260513084116-8db604e72b76 +## explicit; go 1.25 +github.com/microsoft/go-infra/telemetry +github.com/microsoft/go-infra/telemetry/counter @@ -2230,7 +2241,7 @@ index 6ba72c229f6240..f8ef5d5c1f1d04 100644 +github.com/microsoft/go-infra/telemetry/internal/appinsights/internal/contracts +github.com/microsoft/go-infra/telemetry/internal/config +github.com/microsoft/go-infra/telemetry/internal/telemetry -+# github.com/microsoft/go-infra/telemetry/config v0.0.0-20260128082012-a1498e2b57dd ++# github.com/microsoft/go-infra/telemetry/config v0.0.0-20260513084116-8db604e72b76 +## explicit; go 1.24 +github.com/microsoft/go-infra/telemetry/config # golang.org/x/arch v0.23.1-0.20260109160903-657d90bd6695 @@ -2265,7 +2276,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 8703fad3b226c9..49ec9458982cbb 100644 +index 8703fad3b226c9..9f8df0036c955d 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -2274,21 +2285,21 @@ index 8703fad3b226c9..49ec9458982cbb 100644 ) + +require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20260317100950-3fc1e29e8efb -+ github.com/microsoft/go-crypto-darwin v0.0.3-0.20260317085126-9a7217034974 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20260307231751-f82d13314c5c ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd ++ github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b ++ github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe +) diff --git a/src/go.sum b/src/go.sum -index 43554ff45c183e..4c2a20060315bd 100644 +index 43554ff45c183e..3d89135b77492f 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260317100950-3fc1e29e8efb h1:FMUkmY3tU9zypzAzwdQvFg1sKM4kXcUKz+GkR/X6Im8= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260317100950-3fc1e29e8efb/go.mod h1:E+yPtdllHdy5S8YLMfcIRcqjqQySyiexqxxaLK7+cQQ= -+github.com/microsoft/go-crypto-darwin v0.0.3-0.20260317085126-9a7217034974 h1:HdIFLjjkXB3AJ7cXjVynU+69l96flEVAlOwonfXVFqM= -+github.com/microsoft/go-crypto-darwin v0.0.3-0.20260317085126-9a7217034974/go.mod h1:QahyqOoEDhEJ08aC1WtiWq691LyNgXq3qrjI4QmdPzM= -+github.com/microsoft/go-crypto-winnative v0.0.0-20260307231751-f82d13314c5c h1:kHYNsP4g/LehejM+7p42t1ZQWlV/HJBwwjCE7SwFBKo= -+github.com/microsoft/go-crypto-winnative v0.0.0-20260307231751-f82d13314c5c/go.mod h1:a1Z07CJIuWa8WT/pzFIGNTTKS96s8o1B1TPOziAHUxw= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd h1:Gy+X+bKvOprZMji5Fc4Js0BNha4Fw0nM+Ah3Bf53d0k= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd/go.mod h1:E+yPtdllHdy5S8YLMfcIRcqjqQySyiexqxxaLK7+cQQ= ++github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b h1:HADuteQytnLec1jmAOGPGCukWIxObrAm/CBYtVzuo5o= ++github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b/go.mod h1:QahyqOoEDhEJ08aC1WtiWq691LyNgXq3qrjI4QmdPzM= ++github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe h1:WDbUuTTKY8VElMRA3JJ8Quvj9xK9GqEcTiBZ3BF+7mI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe/go.mod h1:a1Z07CJIuWa8WT/pzFIGNTTKS96s8o1B1TPOziAHUxw= golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/net v0.54.1-0.20260509022215-ad8140e0aa2e h1:ITxjUIeFp/ACbvnNlOZLoDmomcET3Yt4lFMgeqBebXk= @@ -2408,12 +2419,13 @@ index 7f6237ffd59c11..8f68bc361081f1 100644 // Verify that the vendor directories contain only packages matching the list above. diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore new file mode 100644 -index 00000000000000..b6c942fc91eec7 +index 00000000000000..0846322952e4df --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore -@@ -0,0 +1,2 @@ +@@ -0,0 +1,3 @@ +**/.DS_Store +.vscode/ ++.github/benchcheck/benchcheck diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml b/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml new file mode 100644 index 00000000000000..aed2e22df2d555 @@ -2458,7 +2470,7 @@ index 00000000000000..97e85154015761 \ No newline at end of file diff --git a/src/vendor/github.com/golang-fips/openssl/v2/README.md b/src/vendor/github.com/golang-fips/openssl/v2/README.md new file mode 100644 -index 00000000000000..0a6d0d0ef2c0c6 +index 00000000000000..6e4c916be0fdcf --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/README.md @@ -0,0 +1,66 @@ @@ -2490,7 +2502,7 @@ index 00000000000000..0a6d0d0ef2c0c6 + +### Multiple OpenSSL versions supported + -+The `openssl` package has support for multiple OpenSSL versions, namely 1.1.0, 1.1.1 and 3.x. ++The `openssl` package has support for multiple OpenSSL versions, namely 1.1.1, 3.x, and 4.x. + +All supported OpenSSL versions pass a small set of automatic tests that ensure they can be built and that there are no major regressions. +These tests do not validate the cryptographic correctness of the `openssl` package. @@ -2910,10 +2922,10 @@ index 00000000000000..789076408c515b +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cipher.go b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go new file mode 100644 -index 00000000000000..228b023453b3d3 +index 00000000000000..f70da2a40b8ee3 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go -@@ -0,0 +1,662 @@ +@@ -0,0 +1,665 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2998,12 +3010,15 @@ index 00000000000000..228b023453b3d3 + return v.(ossl.EVP_CIPHER_PTR) + } + defer func() { -+ if cipher != nil && major() == 3 { -+ // On OpenSSL 3, directly operating on a EVP_CIPHER object -+ // not created by EVP_CIPHER has negative performance -+ // implications, as cipher operations will have -+ // to fetch it on every call. Better to just fetch it once here. -+ cipher, _ = ossl.EVP_CIPHER_fetch(nil, ossl.EVP_CIPHER_get0_name(cipher), nil) ++ if cipher != nil { ++ switch major() { ++ case 3, 4: ++ // On OpenSSL 3, directly operating on a EVP_CIPHER object ++ // not created by EVP_CIPHER has negative performance ++ // implications, as cipher operations will have ++ // to fetch it on every call. Better to just fetch it once here. ++ cipher, _ = ossl.EVP_CIPHER_fetch(nil, ossl.EVP_CIPHER_get0_name(cipher), nil) ++ } + } + cacheCipher.Store(cacheCipherKey{k, mode}, cipher) + }() @@ -3578,10 +3593,10 @@ index 00000000000000..228b023453b3d3 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/const.go b/src/vendor/github.com/golang-fips/openssl/v2/const.go new file mode 100644 -index 00000000000000..e4f8f5b5d0c4a7 +index 00000000000000..a8165e13f85164 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/const.go -@@ -0,0 +1,91 @@ +@@ -0,0 +1,99 @@ +package openssl + +import "unsafe" @@ -3621,6 +3636,9 @@ index 00000000000000..e4f8f5b5d0c4a7 + _KeyTypeX25519 cString = "X25519\x00" + _KeyTypeMLKEM768 cString = "ML-KEM-768\x00" + _KeyTypeMLKEM1024 cString = "ML-KEM-1024\x00" ++ _KeyTypeMLDSA44 cString = "ML-DSA-44\x00" ++ _KeyTypeMLDSA65 cString = "ML-DSA-65\x00" ++ _KeyTypeMLDSA87 cString = "ML-DSA-87\x00" + _KeyTypeChacha20Poly1305 cString = "CHACHA20-POLY1305\x00" + + // Digest names @@ -3669,16 +3687,21 @@ index 00000000000000..e4f8f5b5d0c4a7 + _OSSL_PKEY_PARAM_RSA_EXPONENT2 cString = "rsa-exponent2\x00" + _OSSL_PKEY_PARAM_RSA_COEFFICIENT1 cString = "rsa-coefficient1\x00" + _OSSL_PKEY_PARAM_ML_KEM_SEED cString = "seed\x00" ++ _OSSL_PKEY_PARAM_ML_DSA_SEED cString = "seed\x00" ++ ++ // Signature parameters ++ _OSSL_SIGNATURE_PARAM_CONTEXT_STRING cString = "context-string\x00" ++ _OSSL_SIGNATURE_PARAM_MU cString = "mu\x00" + + // MAC parameters + _OSSL_MAC_PARAM_DIGEST cString = "digest\x00" +) diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cshake.go b/src/vendor/github.com/golang-fips/openssl/v2/cshake.go new file mode 100644 -index 00000000000000..c9fd5e5ad8d25c +index 00000000000000..b37b8e7cc10ac0 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/cshake.go -@@ -0,0 +1,253 @@ +@@ -0,0 +1,255 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -3734,13 +3757,15 @@ index 00000000000000..c9fd5e5ad8d25c + +var shakeSupported sync.Map + ++var hasDigestSqueeze = sync.OnceValue(ossl.EVP_DigestSqueeze_Available) ++ +// SupportsSHAKE returns true if the SHAKE extendable output functions +// with the given securityBits are supported. +func SupportsSHAKE(securityBits int) bool { -+ if major() == 1 || (major() == 3 && minor() < 3) { -+ // SHAKE MD's are supported since OpenSSL 1.1.1, -+ // but EVP_DigestSqueeze is only supported since 3.3, -+ // and we need it to implement [sha3.SHAKE]. ++ if !hasDigestSqueeze() { ++ // SHAKE MD's are supported since OpenSSL 1.1.1, but ++ // EVP_DigestSqueeze (added in OpenSSL 3.3) is required to ++ // implement [sha3.SHAKE]'s streaming Read API. + return false + } + if v, ok := shakeSupported.Load(securityBits); ok { @@ -3934,10 +3959,10 @@ index 00000000000000..c9fd5e5ad8d25c +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/des.go b/src/vendor/github.com/golang-fips/openssl/v2/des.go new file mode 100644 -index 00000000000000..772800a73e3389 +index 00000000000000..71586bbb74bbee --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/des.go -@@ -0,0 +1,112 @@ +@@ -0,0 +1,118 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -3952,9 +3977,15 @@ index 00000000000000..772800a73e3389 +// If CBC is also supported, then the returned cipher.Block +// will also implement NewCBCEncrypter and NewCBCDecrypter. +func SupportsDESCipher() bool { -+ // True for stock OpenSSL 1 w/o FIPS. -+ // False for stock OpenSSL 3 unless the legacy provider is available. -+ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil ++ switch major() { ++ case 1: ++ // DES is not part of the OpenSSL 1.x FIPS module. ++ return !FIPS() && loadCipher(cipherDES, cipherModeECB) != nil ++ default: ++ // On OpenSSL 3+ availability is decided by the algorithm probe: ++ // EVP_CIPHER_fetch returns nil unless the legacy provider is loaded. ++ return loadCipher(cipherDES, cipherModeECB) != nil ++ } +} + +// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported, @@ -4052,7 +4083,7 @@ index 00000000000000..772800a73e3389 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/dsa.go b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go new file mode 100644 -index 00000000000000..63e2e63851fc7b +index 00000000000000..3a025ff7d40011 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go @@ -0,0 +1,305 @@ @@ -4150,7 +4181,7 @@ index 00000000000000..63e2e63851fc7b + case 1: + dsa := getDSA(pkey) + ossl.DSA_get0_pqg(dsa, &p, &q, &g) -+ case 3: ++ case 3, 4: + defer func() { + ossl.BN_free(p) + ossl.BN_free(q) @@ -4216,7 +4247,7 @@ index 00000000000000..63e2e63851fc7b + case 1: + dsa := getDSA(pkey) + ossl.DSA_get0_key(dsa, &by, &bx) -+ case 3: ++ case 3, 4: + defer func() { + ossl.BN_clear_free(bx) + ossl.BN_free(by) @@ -4247,7 +4278,7 @@ index 00000000000000..63e2e63851fc7b + switch major() { + case 1: + return newDSA1(params, x, y) -+ case 3: ++ case 3, 4: + return newDSA3(params, x, y) + default: + panic(errUnsupportedVersion()) @@ -4302,7 +4333,7 @@ index 00000000000000..63e2e63851fc7b +} + +func newDSA3(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + bld := newParamBuilder() + defer bld.finalize() @@ -4363,10 +4394,10 @@ index 00000000000000..63e2e63851fc7b +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ec.go b/src/vendor/github.com/golang-fips/openssl/v2/ec.go new file mode 100644 -index 00000000000000..ea9587b5678add +index 00000000000000..666493af4d51d4 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ec.go -@@ -0,0 +1,136 @@ +@@ -0,0 +1,131 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -4391,11 +4422,6 @@ index 00000000000000..ea9587b5678add +} + +var supportsX25519 = sync.OnceValue(func() bool { -+ if !versionAtOrAbove(1, 1, 1) { -+ // X25519 support was added in OpenSSL 1.1.0, but the APIs we use -+ // to implement it were only added in 1.1.1. -+ return false -+ } + ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_X25519, nil) + if ctx != nil { + ossl.EVP_PKEY_CTX_free(ctx) @@ -4505,7 +4531,7 @@ index 00000000000000..ea9587b5678add +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go new file mode 100644 -index 00000000000000..65f669a6f77156 +index 00000000000000..212b53b9a4e583 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go @@ -0,0 +1,340 @@ @@ -4617,7 +4643,7 @@ index 00000000000000..65f669a6f77156 + if bytes, err = encodeEcPoint(group, pt); err != nil { + return nil, err + } -+ case 3: ++ case 3, 4: + pkey = k._pkey + if _, err := ossl.EVP_PKEY_up_ref(pkey); err != nil { + return nil, err @@ -4651,7 +4677,7 @@ index 00000000000000..65f669a6f77156 + switch major() { + case 1: + return newECDHPkey1(nid, bytes, isPrivate) -+ case 3: ++ case 3, 4: + return newECDHPkey3(nid, bytes, isPrivate) + default: + panic(errUnsupportedVersion()) @@ -4713,7 +4739,7 @@ index 00000000000000..65f669a6f77156 +} + +func newECDHPkey3(nid int32, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + bld := newParamBuilder() + defer bld.finalize() @@ -4823,7 +4849,7 @@ index 00000000000000..65f669a6f77156 + if priv == nil { + return nil, nil, fail("missing ECDH private key") + } -+ case 3: ++ case 3, 4: + if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &priv); err != nil { + return nil, nil, err + } @@ -4851,7 +4877,7 @@ index 00000000000000..65f669a6f77156 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go new file mode 100644 -index 00000000000000..3157d02967aeb2 +index 00000000000000..eb7ccff87c14bd --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go @@ -0,0 +1,219 @@ @@ -4948,7 +4974,7 @@ index 00000000000000..3157d02967aeb2 + } + // Get Z. We don't need to free it, get0 does not increase the reference count. + bd = ossl.EC_KEY_get0_private_key(key) -+ case 3: ++ case 3, 4: + if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X.ptr(), &bx); err != nil { + return nil, nil, nil, err + } @@ -5006,7 +5032,7 @@ index 00000000000000..3157d02967aeb2 + switch major() { + case 1: + return newECDSAKey1(nid, bx, by, bd) -+ case 3: ++ case 3, 4: + return newECDSAKey3(nid, bx, by, bd) + default: + panic(errUnsupportedVersion()) @@ -5038,7 +5064,7 @@ index 00000000000000..3157d02967aeb2 +} + +func newECDSAKey3(nid int32, bx, by, bd ossl.BIGNUM_PTR) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + // Create the encoded public key public key from bx and by. + pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { @@ -5076,10 +5102,10 @@ index 00000000000000..3157d02967aeb2 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go new file mode 100644 -index 00000000000000..dc0060972d3e2a +index 00000000000000..0baf58dc756106 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -@@ -0,0 +1,210 @@ +@@ -0,0 +1,208 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -5110,14 +5136,12 @@ index 00000000000000..dc0060972d3e2a +var supportsEd25519 = sync.OnceValue(func() bool { + switch major() { + case 1: -+ if versionAtOrAbove(1, 1, 1) { -+ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_ED25519, nil) -+ if ctx != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ return true -+ } ++ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_ED25519, nil) ++ if ctx != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ return true + } -+ case 3: ++ case 3, 4: + sig, _ := ossl.EVP_SIGNATURE_fetch(nil, _KeyTypeED25519.ptr(), nil) + if sig != nil { + ossl.EVP_SIGNATURE_free(sig) @@ -5292,10 +5316,10 @@ index 00000000000000..dc0060972d3e2a +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go new file mode 100644 -index 00000000000000..5d7ddbbf02cfe1 +index 00000000000000..ff59409e3d1f76 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -@@ -0,0 +1,620 @@ +@@ -0,0 +1,614 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -5433,33 +5457,21 @@ index 00000000000000..5d7ddbbf02cfe1 + hash.magic = magic512 + hash.marshalledSize = marshaledSize512 + case crypto.SHA512_224: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha512_224() -+ hash.magic = magic512_224 -+ hash.marshalledSize = marshaledSize512 -+ } ++ hash.md = ossl.EVP_sha512_224() ++ hash.magic = magic512_224 ++ hash.marshalledSize = marshaledSize512 + case crypto.SHA512_256: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha512_256() -+ hash.magic = magic512_256 -+ hash.marshalledSize = marshaledSize512 -+ } ++ hash.md = ossl.EVP_sha512_256() ++ hash.magic = magic512_256 ++ hash.marshalledSize = marshaledSize512 + case crypto.SHA3_224: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_224() -+ } ++ hash.md = ossl.EVP_sha3_224() + case crypto.SHA3_256: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_256() -+ } ++ hash.md = ossl.EVP_sha3_256() + case crypto.SHA3_384: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_384() -+ } ++ hash.md = ossl.EVP_sha3_384() + case crypto.SHA3_512: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_512() -+ } ++ hash.md = ossl.EVP_sha3_512() + } + if hash.md == nil { + cacheMD.Store(ch, (*hashAlgorithm)(nil)) @@ -5468,7 +5480,8 @@ index 00000000000000..5d7ddbbf02cfe1 + hash.ch = ch + hash.size = int(ossl.EVP_MD_get_size(hash.md)) + hash.blockSize = int(ossl.EVP_MD_get_block_size(hash.md)) -+ if major() == 3 { ++ switch major() { ++ case 3, 4: + // On OpenSSL 3, directly operating on a EVP_MD object + // not created by EVP_MD_fetch has negative performance + // implications, as digest operations will have @@ -5489,7 +5502,7 @@ index 00000000000000..5d7ddbbf02cfe1 + switch major() { + case 1: + hash.provider = providerOSSLDefault -+ case 3: ++ case 3, 4: + if prov := ossl.EVP_MD_get0_provider(hash.md); prov != nil { + cname := ossl.OSSL_PROVIDER_get0_name(prov) + switch goString(cname) { @@ -5541,7 +5554,7 @@ index 00000000000000..5d7ddbbf02cfe1 + if _, err := ossl.EVP_PKEY_keygen(ctx, &pkey); err != nil { + return nil, err + } -+ case 3: ++ case 3, 4: + var err error + switch id { + case ossl.EVP_PKEY_RSA: @@ -5556,6 +5569,12 @@ index 00000000000000..5d7ddbbf02cfe1 + pkey, err = ossl.EVP_PKEY_Q_keygen_MLKEM(nil, nil, _KeyTypeMLKEM768.ptr()) + case ossl.EVP_PKEY_MLKEM_1024: + pkey, err = ossl.EVP_PKEY_Q_keygen_MLKEM(nil, nil, _KeyTypeMLKEM1024.ptr()) ++ case ossl.EVP_PKEY_ML_DSA_44: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA44.ptr()) ++ case ossl.EVP_PKEY_ML_DSA_65: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA65.ptr()) ++ case ossl.EVP_PKEY_ML_DSA_87: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA87.ptr()) + default: + panic("unsupported key type '" + strconv.Itoa(int(id)) + "'") + } @@ -5687,9 +5706,10 @@ index 00000000000000..5d7ddbbf02cfe1 + clabel = (*byte)(cryptoMalloc(len(label))) + copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) + var err error -+ if major() == 3 { ++ switch major() { ++ case 3, 4: + _, err = ossl.EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Slice(clabel, len(label))) -+ } else { ++ default: + _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_LABEL, int32(len(label)), unsafe.Pointer(clabel)) + } + if err != nil { @@ -5885,10 +5905,8 @@ index 00000000000000..5d7ddbbf02cfe1 + } + var pkey ossl.EVP_PKEY_PTR + if _, err := ossl.EVP_PKEY_fromdata(ctx, &pkey, selection, params); err != nil { -+ if major() == 3 && minor() <= 2 { -+ // OpenSSL 3.0.1 and 3.0.2 have a bug where EVP_PKEY_fromdata -+ // does not free the internally allocated EVP_PKEY on error. -+ // See https://github.com/openssl/openssl/issues/17407. ++ //versionguardcheck:ignore OpenSSL 3.0.0–3.0.2 leak EVP_PKEY on error: https://github.com/openssl/openssl/issues/17407. ++ if major() == 3 && minor() == 0 && patch() <= 2 { + ossl.EVP_PKEY_free(pkey) + } + return nil, err @@ -6444,10 +6462,10 @@ index 00000000000000..d9c2c6c5f989e0 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go new file mode 100644 -index 00000000000000..610703a870c21a +index 00000000000000..695bf122165169 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -@@ -0,0 +1,451 @@ +@@ -0,0 +1,441 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -6467,8 +6485,8 @@ index 00000000000000..610703a870c21a +func SupportsHKDF() bool { + switch major() { + case 1: -+ return versionAtOrAbove(1, 1, 1) -+ case 3: ++ return true ++ case 3, 4: + _, err := fetchHKDF3() + return err == nil + default: @@ -6481,7 +6499,7 @@ index 00000000000000..610703a870c21a + switch major() { + case 1: + return false -+ case 3: ++ case 3, 4: + // TLS13-KDF is available in OpenSSL 3.0.0 and later. + _, err := fetchTLS13_KDF() + return err == nil @@ -6619,7 +6637,7 @@ index 00000000000000..610703a870c21a + return nil, err + } + return out[:keylen], nil -+ case 3: ++ case 3, 4: + ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) + if err != nil { + return nil, err @@ -6668,7 +6686,7 @@ index 00000000000000..610703a870c21a + if _, err := ossl.EVP_PKEY_derive(ctx, out, &keylen); err != nil { + return nil, err + } -+ case 3: ++ case 3, 4: + ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) + if err != nil { + return nil, err @@ -6735,7 +6753,7 @@ index 00000000000000..610703a870c21a + c := &hkdf1{ctx: ctx, hashLen: size} + runtime.SetFinalizer(c, (*hkdf1).finalize) + return c, nil -+ case 3: ++ case 3, 4: + ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) + if err != nil { + return nil, err @@ -6765,7 +6783,7 @@ index 00000000000000..610703a870c21a +// It is safe to call this function concurrently. +// The returned EVP_KDF_PTR shouldn't be freed. +var fetchTLS13_KDF = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS13_KDF.ptr(), nil) + if err != nil { @@ -6776,7 +6794,7 @@ index 00000000000000..610703a870c21a + +// newTLS13KDFExpandCtx3 fetches the "TLS13-KDF" for TLS 1.3 handshakes. +func newTLS13KDFExpandCtx3(md ossl.EVP_MD_PTR, label, context, pseudorandomKey []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + kdf, err := fetchTLS13_KDF() + if err != nil { @@ -6800,9 +6818,7 @@ index 00000000000000..610703a870c21a + bld.addOctetString(_OSSL_KDF_PARAM_PREFIX, []byte("tls13 ")) + bld.addOctetString(_OSSL_KDF_PARAM_LABEL, label) + bld.addOctetString(_OSSL_KDF_PARAM_DATA, context) -+ if len(pseudorandomKey) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ } ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) + + params, err := bld.build() + if err != nil { @@ -6820,7 +6836,7 @@ index 00000000000000..610703a870c21a +// It is safe to call this function concurrently. +// The returned EVP_KDF_PTR shouldn't be freed. +var fetchHKDF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_HKDF.ptr(), nil) + if err != nil { @@ -6831,7 +6847,7 @@ index 00000000000000..610703a870c21a + +// newHKDFCtx3 implements HKDF for OpenSSL 3 using the EVP_KDF API. +func newHKDFCtx3(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + kdf, err := fetchHKDF3() + if err != nil { @@ -6851,18 +6867,10 @@ index 00000000000000..610703a870c21a + defer bld.finalize() + bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) + bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) -+ if len(secret) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) -+ } -+ if len(salt) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) -+ } -+ if len(pseudorandomKey) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ } -+ if len(info) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) -+ } ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) ++ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) ++ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) + params, err := bld.build() + if err != nil { + return ctx, err @@ -6901,7 +6909,7 @@ index 00000000000000..610703a870c21a +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hmac.go b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go new file mode 100644 -index 00000000000000..fec80f30b1c94f +index 00000000000000..7f629c2f74a4db --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go @@ -0,0 +1,278 @@ @@ -6950,7 +6958,7 @@ index 00000000000000..fec80f30b1c94f + return nil + } + hmac.ctx1 = ctx -+ case 3: ++ case 3, 4: + ctx := newHMAC3(key, md) + if ctx.ctx == nil { + return nil @@ -7056,12 +7064,12 @@ index 00000000000000..fec80f30b1c94f + panic(err) + } + var hkey []byte -+ if minor() == 0 && patch() <= 2 { ++ //versionguardcheck:ignore OpenSSL 3.0.0–3.0.2 EVP_MAC_init does not reset without a key: https://github.com/openssl/openssl/issues/17811. ++ if major() == 3 && minor() == 0 && patch() <= 2 { + // EVP_MAC_init only resets the ctx internal state if a key is passed + // when using OpenSSL 3.0.0, 3.0.1, and 3.0.2. Save a copy of the key + // in the context so Reset can use it later. New OpenSSL versions + // do not have this issue so it isn't necessary to save the key. -+ // See https://github.com/openssl/openssl/issues/17811. + hkey = make([]byte, len(key)) + copy(hkey, key) + } @@ -7074,7 +7082,7 @@ index 00000000000000..fec80f30b1c94f + if _, err := ossl.HMAC_Init_ex(h.ctx1.ctx, nil, nil, nil); err != nil { + panic(err) + } -+ case 3: ++ case 3, 4: + if _, err := ossl.EVP_MAC_init(h.ctx3.ctx, h.ctx3.key, nil); err != nil { + panic(err) + } @@ -7099,7 +7107,7 @@ index 00000000000000..fec80f30b1c94f + switch major() { + case 1: + ossl.HMAC_Update(h.ctx1.ctx, p) -+ case 3: ++ case 3, 4: + ossl.EVP_MAC_update(h.ctx3.ctx, p) + default: + panic(errUnsupportedVersion()) @@ -7133,7 +7141,7 @@ index 00000000000000..fec80f30b1c94f + panic(err) + } + ossl.HMAC_Final(ctx2, h.sum[:h.size], nil) -+ case 3: ++ case 3, 4: + ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) + if err != nil { + panic(err) @@ -7165,7 +7173,7 @@ index 00000000000000..fec80f30b1c94f + runtime.SetFinalizer(cl, (*opensslHMAC).finalize) + return cl, nil + -+ case 3: ++ case 3, 4: + ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) + if err != nil { + panic(err) @@ -12163,17 +12171,33 @@ index 00000000000000..4b8fd49edd2d40 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_cgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_cgo.go new file mode 100644 -index 00000000000000..ef1d99652e3bae +index 00000000000000..f7678a67c0231a --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_cgo.go -@@ -0,0 +1,14 @@ +@@ -0,0 +1,30 @@ +package ossl + +/* +#include "zossl.h" + ++// Force mkcgo_err_retrieve to be stack-guarded, ++// even when it doesn't actually need it. ++// This is necessary to ensure Go binaries built ++// with -fstack-protector-strong comply with BinSkim BA3003, ++// so that at least one function in the binary uses __stack_chk_guard. ++// See https://github.com/microsoft/go/issues/2240. ++ ++#define MKCGO_STACK_PROTECT ++ ++#if defined(__has_attribute) ++#if __has_attribute(stack_protect) ++#undef MKCGO_STACK_PROTECT ++#define MKCGO_STACK_PROTECT __attribute__((stack_protect)) ++#endif ++#endif ++ +// mkcgo_err_retrieve retrieves the error state from OpenSSL. -+uintptr_t mkcgo_err_retrieve() { ++uintptr_t MKCGO_STACK_PROTECT mkcgo_err_retrieve() { + // BIO operations using BIO_s_mem should not fail. + _BIO_PTR bio = _mkcgo_BIO_new(_mkcgo_BIO_s_mem(), NULL); + _mkcgo_ERR_print_errors(bio); @@ -12270,10 +12294,10 @@ index 00000000000000..9d38464e9fb964 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h new file mode 100644 -index 00000000000000..ef675266fc2f0d +index 00000000000000..7c71f0d811fe80 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h -@@ -0,0 +1,434 @@ +@@ -0,0 +1,442 @@ +// This header file is used by the mkcgo tool to generate cgo and Go bindings for the +// OpenSSL C API. Run "go generate ." to regenerate the bindings. +// Do not include this file, import "zossl.h" instead. @@ -12329,6 +12353,9 @@ index 00000000000000..ef675266fc2f0d + _EVP_PKEY_DSA = 116, + _EVP_PKEY_MLKEM_768 = 1455, + _EVP_PKEY_MLKEM_1024 = 1456, ++ _EVP_PKEY_ML_DSA_44 = 1457, ++ _EVP_PKEY_ML_DSA_65 = 1458, ++ _EVP_PKEY_ML_DSA_87 = 1459, + _EVP_PKEY_OP_DERIVE = (1 << 10), // this value differs between OpenSSL 1 and 3, but we only use it in 1 + _EVP_MAX_MD_SIZE = 64, + @@ -12358,6 +12385,9 @@ index 00000000000000..ef675266fc2f0d + + _NID_ML_KEM_768 = 1455, + _NID_ML_KEM_1024 = 1456, ++ _NID_ML_DSA_44 = 1457, ++ _NID_ML_DSA_65 = 1458, ++ _NID_ML_DSA_87 = 1459, + + _RSA_PKCS1_PADDING = 1, + _RSA_NO_PADDING = 3, @@ -12413,10 +12443,10 @@ index 00000000000000..ef675266fc2f0d +typedef int point_conversion_form_t; + +// Tags used by mkcgo to determine which OpenSSL version each function is available in: -+// - no tag: OpenSSL 1.0 or later ++// - no tag: available in all supported versions (OpenSSL 1.1.1+) +// - legacy_1: Only OpenSSL 1 +// - 3: OpenSSL 3.0 or later -+// - 111: OpenSSL 1.1.1 or later ++// - 33: OpenSSL 3.3 or later + +// The noescape/nocallback attributes are performance optimizations. +// Only add functions that have been observed to benefit from these @@ -12479,16 +12509,16 @@ index 00000000000000..ef675266fc2f0d +const _EVP_MD_PTR EVP_sha256(void) __attribute__((noerror)); +const _EVP_MD_PTR EVP_sha384(void) __attribute__((noerror)); +const _EVP_MD_PTR EVP_sha512(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha512_224(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha512_256(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_224(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_256(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_384(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_512(void) __attribute__((tag("111"),noerror)); ++const _EVP_MD_PTR EVP_sha512_224(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha512_256(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_224(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_256(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_384(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_512(void) __attribute__((noerror)); + +_EVP_MD_CTX_PTR EVP_MD_CTX_new(void); +void EVP_MD_CTX_free(_EVP_MD_CTX_PTR ctx); -+int EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR ctx, int cmd, int p1, void *p2) __attribute__((tag("111"))); ++int EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR ctx, int cmd, int p1, void *p2); +int EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in); +const _OSSL_PARAM_PTR EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); +const _OSSL_PARAM_PTR EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); @@ -12500,13 +12530,13 @@ index 00000000000000..ef675266fc2f0d +int EVP_DigestUpdate(_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt) __attribute__((noescape,nocallback,slice("d","cnt"))); +int EVP_DigestFinal_ex(_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s) __attribute__((noescape,nocallback,slice("md","s"))); +int EVP_DigestFinalXOF(_EVP_MD_CTX_PTR ctx, unsigned char *md, size_t mdlen) __attribute__((tag("33"),noescape,nocallback,slice("md","mdlen"))); -+int EVP_DigestSqueeze(_EVP_MD_CTX_PTR ctx, unsigned char *out, size_t outlen) __attribute__((tag("33"),noescape,nocallback,slice("out","outlen"))); -+int EVP_DigestSign(_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"),noescape,nocallback,slice("sigret","siglen"),slice("tbs","tbslen"))); ++int EVP_DigestSqueeze(_EVP_MD_CTX_PTR ctx, unsigned char *out, size_t outlen) __attribute__((tag("33"),optional,noescape,nocallback,slice("out","outlen"))); ++int EVP_DigestSign(_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) __attribute__((noescape,nocallback,slice("sigret","siglen"),slice("tbs","tbslen"))); +int EVP_DigestSignInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); +int EVP_DigestSignFinal(_EVP_MD_CTX_PTR ctx, unsigned char *sig, size_t *siglen) __attribute__((slice("sig","siglen"))); +int EVP_DigestVerifyInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); +int EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen) __attribute__((slice("sig","siglen"))); -+int EVP_DigestVerify(_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"),slice("sigret","siglen"),slice("tbs","tbslen"))); ++int EVP_DigestVerify(_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((slice("sigret","siglen"),slice("tbs","tbslen"))); + +// HMAC API +int HMAC_Init_ex(_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const _EVP_MD_PTR arg3, _ENGINE_PTR arg4) __attribute__((tag("legacy_1"),noescape,nocallback,slice("arg1","arg2"))); @@ -12556,8 +12586,8 @@ index 00000000000000..ef675266fc2f0d + +// EVP_PKEY API +_EVP_PKEY_PTR EVP_PKEY_new(void); -+_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"),slice("key","keylen"))); -+_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"),slice("key","keylen"))); ++_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((slice("key","keylen"))); ++_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((slice("key","keylen"))); +int EVP_PKEY_get_size(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_size"))); +int EVP_PKEY_get_bits(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_bits"))); +void EVP_PKEY_free(_EVP_PKEY_PTR arg0); @@ -12572,8 +12602,8 @@ index 00000000000000..ef675266fc2f0d +int EVP_PKEY_up_ref(_EVP_PKEY_PTR key); +int EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR pkey, _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); +int EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR ctx, void *label, int labellen) __attribute__((tag("3"),slice("label","labellen"))); -+int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR pkey, unsigned char *pub, size_t *publen) __attribute__((tag("111"),noescape,nocallback,slice("pub","publen"))); -+int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR pkey, unsigned char *priv, size_t *privlen) __attribute__((tag("111"),noescape,nocallback,slice("priv","privlen"))); ++int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR pkey, unsigned char *pub, size_t *publen) __attribute__((noescape,nocallback,slice("pub","publen"))); ++int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR pkey, unsigned char *priv, size_t *privlen) __attribute__((noescape,nocallback,slice("priv","privlen"))); +int EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); +int EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *pkey, int selection, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); +int EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR ctx); @@ -12599,12 +12629,14 @@ index 00000000000000..ef675266fc2f0d +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); + +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new(_EVP_PKEY_PTR arg0, _ENGINE_PTR arg1); +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_id(int id, _ENGINE_PTR e); +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR libctx, _EVP_PKEY_PTR pkey, const char *propquery) __attribute__((tag("3"))); +void EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR arg0); +int EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2); ++int EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback)); +int EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR arg0, int arg1) __attribute__((tag("3"))); +int EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR arg0, const _EVP_MD_PTR arg1) __attribute__((tag("3"))); +int EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"),slice("arg1","arg2"))); @@ -12700,7 +12732,7 @@ index 00000000000000..ef675266fc2f0d +const char *OBJ_nid2sn(int n) __attribute__((noerror)); + +// EVP KEM API for ML-KEM (OpenSSL 3.x) -+_EVP_KEYMGMT_PTR EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++_EVP_KEYMGMT_PTR EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"),optional)); +void EVP_KEYMGMT_free(_EVP_KEYMGMT_PTR keymgmt) __attribute__((tag("3"))); +int EVP_PKEY_encapsulate_init(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); +int EVP_PKEY_encapsulate(_EVP_PKEY_CTX_PTR ctx, unsigned char *wrappedkey, size_t *wrappedkeylen, unsigned char *genkey, size_t *genkeylen) __attribute__((tag("3"))); @@ -13012,10 +13044,10 @@ index 00000000000000..0a087c1514bd8b +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c new file mode 100644 -index 00000000000000..c284c017339d4a +index 00000000000000..b4567cb95136b1 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c -@@ -0,0 +1,2054 @@ +@@ -0,0 +1,2071 @@ +// Code generated by mkcgo. DO NOT EDIT. + +#include @@ -13145,6 +13177,7 @@ index 00000000000000..c284c017339d4a +int (*_g_EVP_PKEY_CTX_set1_hkdf_salt)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); +int (*_g_EVP_PKEY_CTX_set_hkdf_md)(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR); +int (*_g_EVP_PKEY_CTX_set_hkdf_mode)(_EVP_PKEY_CTX_PTR, int); ++int (*_g_EVP_PKEY_CTX_set_params)(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR); +_EVP_PKEY_PTR (*_g_EVP_PKEY_Q_keygen)(_OSSL_LIB_CTX_PTR, const char*, const char*, ...); +int (*_g_EVP_PKEY_assign)(_EVP_PKEY_PTR, int, void*); +int (*_g_EVP_PKEY_decapsulate)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); @@ -13313,15 +13346,18 @@ index 00000000000000..c284c017339d4a + __mkcgo__dlsym(EVP_DigestFinal_ex) + __mkcgo__dlsym(EVP_DigestInit) + __mkcgo__dlsym(EVP_DigestInit_ex) ++ __mkcgo__dlsym(EVP_DigestSign) + __mkcgo__dlsym(EVP_DigestSignFinal) + __mkcgo__dlsym(EVP_DigestSignInit) + __mkcgo__dlsym(EVP_DigestUpdate) ++ __mkcgo__dlsym(EVP_DigestVerify) + __mkcgo__dlsym(EVP_DigestVerifyFinal) + __mkcgo__dlsym(EVP_DigestVerifyInit) + __mkcgo__dlsym(EVP_EncryptFinal_ex) + __mkcgo__dlsym(EVP_EncryptInit_ex) + __mkcgo__dlsym(EVP_EncryptUpdate) + __mkcgo__dlsym(EVP_MD_CTX_copy_ex) ++ __mkcgo__dlsym(EVP_MD_CTX_ctrl) + __mkcgo__dlsym(EVP_MD_CTX_free) + __mkcgo__dlsym(EVP_MD_CTX_new) + __mkcgo__dlsym(EVP_PKEY_CTX_ctrl) @@ -13336,9 +13372,13 @@ index 00000000000000..c284c017339d4a + __mkcgo__dlsym(EVP_PKEY_encrypt) + __mkcgo__dlsym(EVP_PKEY_encrypt_init) + __mkcgo__dlsym(EVP_PKEY_free) ++ __mkcgo__dlsym(EVP_PKEY_get_raw_private_key) ++ __mkcgo__dlsym(EVP_PKEY_get_raw_public_key) + __mkcgo__dlsym(EVP_PKEY_keygen) + __mkcgo__dlsym(EVP_PKEY_keygen_init) + __mkcgo__dlsym(EVP_PKEY_new) ++ __mkcgo__dlsym(EVP_PKEY_new_raw_private_key) ++ __mkcgo__dlsym(EVP_PKEY_new_raw_public_key) + __mkcgo__dlsym(EVP_PKEY_paramgen) + __mkcgo__dlsym(EVP_PKEY_paramgen_init) + __mkcgo__dlsym(EVP_PKEY_sign) @@ -13372,7 +13412,13 @@ index 00000000000000..c284c017339d4a + __mkcgo__dlsym(EVP_sha224) + __mkcgo__dlsym(EVP_sha256) + __mkcgo__dlsym(EVP_sha384) ++ __mkcgo__dlsym(EVP_sha3_224) ++ __mkcgo__dlsym(EVP_sha3_256) ++ __mkcgo__dlsym(EVP_sha3_384) ++ __mkcgo__dlsym(EVP_sha3_512) + __mkcgo__dlsym(EVP_sha512) ++ __mkcgo__dlsym(EVP_sha512_224) ++ __mkcgo__dlsym(EVP_sha512_256) + __mkcgo__dlsym(OBJ_nid2sn) + __mkcgo__dlsym(OPENSSL_init) + __mkcgo__dlsym(OPENSSL_init_crypto) @@ -13420,15 +13466,18 @@ index 00000000000000..c284c017339d4a + _g_EVP_DigestFinal_ex = NULL; + _g_EVP_DigestInit = NULL; + _g_EVP_DigestInit_ex = NULL; ++ _g_EVP_DigestSign = NULL; + _g_EVP_DigestSignFinal = NULL; + _g_EVP_DigestSignInit = NULL; + _g_EVP_DigestUpdate = NULL; ++ _g_EVP_DigestVerify = NULL; + _g_EVP_DigestVerifyFinal = NULL; + _g_EVP_DigestVerifyInit = NULL; + _g_EVP_EncryptFinal_ex = NULL; + _g_EVP_EncryptInit_ex = NULL; + _g_EVP_EncryptUpdate = NULL; + _g_EVP_MD_CTX_copy_ex = NULL; ++ _g_EVP_MD_CTX_ctrl = NULL; + _g_EVP_MD_CTX_free = NULL; + _g_EVP_MD_CTX_new = NULL; + _g_EVP_PKEY_CTX_ctrl = NULL; @@ -13443,9 +13492,13 @@ index 00000000000000..c284c017339d4a + _g_EVP_PKEY_encrypt = NULL; + _g_EVP_PKEY_encrypt_init = NULL; + _g_EVP_PKEY_free = NULL; ++ _g_EVP_PKEY_get_raw_private_key = NULL; ++ _g_EVP_PKEY_get_raw_public_key = NULL; + _g_EVP_PKEY_keygen = NULL; + _g_EVP_PKEY_keygen_init = NULL; + _g_EVP_PKEY_new = NULL; ++ _g_EVP_PKEY_new_raw_private_key = NULL; ++ _g_EVP_PKEY_new_raw_public_key = NULL; + _g_EVP_PKEY_paramgen = NULL; + _g_EVP_PKEY_paramgen_init = NULL; + _g_EVP_PKEY_sign = NULL; @@ -13479,7 +13532,13 @@ index 00000000000000..c284c017339d4a + _g_EVP_sha224 = NULL; + _g_EVP_sha256 = NULL; + _g_EVP_sha384 = NULL; ++ _g_EVP_sha3_224 = NULL; ++ _g_EVP_sha3_256 = NULL; ++ _g_EVP_sha3_384 = NULL; ++ _g_EVP_sha3_512 = NULL; + _g_EVP_sha512 = NULL; ++ _g_EVP_sha512_224 = NULL; ++ _g_EVP_sha512_256 = NULL; + _g_OBJ_nid2sn = NULL; + _g_OPENSSL_init = NULL; + _g_OPENSSL_init_crypto = NULL; @@ -13488,38 +13547,6 @@ index 00000000000000..c284c017339d4a + _g_RAND_bytes = NULL; +} + -+void __mkcgo_load_111(void* handle) { -+ __mkcgo__dlsym(EVP_DigestSign) -+ __mkcgo__dlsym(EVP_DigestVerify) -+ __mkcgo__dlsym(EVP_MD_CTX_ctrl) -+ __mkcgo__dlsym(EVP_PKEY_get_raw_private_key) -+ __mkcgo__dlsym(EVP_PKEY_get_raw_public_key) -+ __mkcgo__dlsym(EVP_PKEY_new_raw_private_key) -+ __mkcgo__dlsym(EVP_PKEY_new_raw_public_key) -+ __mkcgo__dlsym(EVP_sha3_224) -+ __mkcgo__dlsym(EVP_sha3_256) -+ __mkcgo__dlsym(EVP_sha3_384) -+ __mkcgo__dlsym(EVP_sha3_512) -+ __mkcgo__dlsym(EVP_sha512_224) -+ __mkcgo__dlsym(EVP_sha512_256) -+} -+ -+void __mkcgo_unload_111() { -+ _g_EVP_DigestSign = NULL; -+ _g_EVP_DigestVerify = NULL; -+ _g_EVP_MD_CTX_ctrl = NULL; -+ _g_EVP_PKEY_get_raw_private_key = NULL; -+ _g_EVP_PKEY_get_raw_public_key = NULL; -+ _g_EVP_PKEY_new_raw_private_key = NULL; -+ _g_EVP_PKEY_new_raw_public_key = NULL; -+ _g_EVP_sha3_224 = NULL; -+ _g_EVP_sha3_256 = NULL; -+ _g_EVP_sha3_384 = NULL; -+ _g_EVP_sha3_512 = NULL; -+ _g_EVP_sha512_224 = NULL; -+ _g_EVP_sha512_256 = NULL; -+} -+ +void __mkcgo_load_3(void* handle) { + __mkcgo__dlsym(EC_POINT_set_affine_coordinates) + __mkcgo__dlsym(EVP_CIPHER_fetch) @@ -13532,7 +13559,7 @@ index 00000000000000..c284c017339d4a + __mkcgo__dlsym(EVP_KDF_derive) + __mkcgo__dlsym(EVP_KDF_fetch) + __mkcgo__dlsym(EVP_KDF_free) -+ __mkcgo__dlsym(EVP_KEYMGMT_fetch) ++ __mkcgo__dlsym_nocheck(EVP_KEYMGMT_fetch, EVP_KEYMGMT_fetch) + __mkcgo__dlsym(EVP_KEYMGMT_free) + __mkcgo__dlsym(EVP_MAC_CTX_dup) + __mkcgo__dlsym(EVP_MAC_CTX_free) @@ -13560,6 +13587,7 @@ index 00000000000000..c284c017339d4a + __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_salt) + __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_md) + __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_mode) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set_params) + __mkcgo__dlsym(EVP_PKEY_Q_keygen) + __mkcgo__dlsym(EVP_PKEY_decapsulate) + __mkcgo__dlsym(EVP_PKEY_decapsulate_init) @@ -13633,6 +13661,7 @@ index 00000000000000..c284c017339d4a + _g_EVP_PKEY_CTX_set1_hkdf_salt = NULL; + _g_EVP_PKEY_CTX_set_hkdf_md = NULL; + _g_EVP_PKEY_CTX_set_hkdf_mode = NULL; ++ _g_EVP_PKEY_CTX_set_params = NULL; + _g_EVP_PKEY_Q_keygen = NULL; + _g_EVP_PKEY_decapsulate = NULL; + _g_EVP_PKEY_decapsulate_init = NULL; @@ -13668,7 +13697,7 @@ index 00000000000000..c284c017339d4a + +void __mkcgo_load_33(void* handle) { + __mkcgo__dlsym(EVP_DigestFinalXOF) -+ __mkcgo__dlsym(EVP_DigestSqueeze) ++ __mkcgo__dlsym_nocheck(EVP_DigestSqueeze, EVP_DigestSqueeze) +} + +void __mkcgo_unload_33() { @@ -14150,6 +14179,10 @@ index 00000000000000..c284c017339d4a + return _ret; +} + ++int _mkcgo_available_EVP_DigestSqueeze() { ++ return _g_EVP_DigestSqueeze != NULL; ++} ++ +int _mkcgo_EVP_DigestSqueeze(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { + int _ret = _g_EVP_DigestSqueeze(_arg0, _arg1, _arg2); + if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); @@ -14236,6 +14269,10 @@ index 00000000000000..c284c017339d4a + _g_EVP_KDF_free(_arg0); +} + ++int _mkcgo_available_EVP_KEYMGMT_fetch() { ++ return _g_EVP_KEYMGMT_fetch != NULL; ++} ++ +_EVP_KEYMGMT_PTR _mkcgo_EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { + _EVP_KEYMGMT_PTR _ret = _g_EVP_KEYMGMT_fetch(_arg0, _arg1, _arg2); + if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); @@ -14432,6 +14469,12 @@ index 00000000000000..c284c017339d4a + return _ret; +} + ++int _mkcgo_EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ +_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, const char* _arg3, uintptr_t *_err_state) { + _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); + if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); @@ -14444,6 +14487,12 @@ index 00000000000000..c284c017339d4a + return _ret; +} + ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ +_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { + _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); + if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); @@ -15072,10 +15121,10 @@ index 00000000000000..c284c017339d4a + diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go new file mode 100644 -index 00000000000000..39b0a728fdd700 +index 00000000000000..9f39419e8d14ae --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go -@@ -0,0 +1,67 @@ +@@ -0,0 +1,73 @@ +// Code generated by mkcgo. DO NOT EDIT. + +package ossl @@ -15101,6 +15150,9 @@ index 00000000000000..39b0a728fdd700 + EVP_PKEY_DSA = 116 + EVP_PKEY_MLKEM_768 = 1455 + EVP_PKEY_MLKEM_1024 = 1456 ++ EVP_PKEY_ML_DSA_44 = 1457 ++ EVP_PKEY_ML_DSA_65 = 1458 ++ EVP_PKEY_ML_DSA_87 = 1459 + EVP_PKEY_OP_DERIVE = (1 << 10) + EVP_MAX_MD_SIZE = 64 + EVP_PKEY_PUBLIC_KEY = 0x86 @@ -15123,6 +15175,9 @@ index 00000000000000..39b0a728fdd700 + NID_secp521r1 = 716 + NID_ML_KEM_768 = 1455 + NID_ML_KEM_1024 = 1456 ++ NID_ML_DSA_44 = 1457 ++ NID_ML_DSA_65 = 1458 ++ NID_ML_DSA_87 = 1459 + RSA_PKCS1_PADDING = 1 + RSA_NO_PADDING = 3 + RSA_PKCS1_OAEP_PADDING = 4 @@ -15145,10 +15200,10 @@ index 00000000000000..39b0a728fdd700 +) diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h new file mode 100644 -index 00000000000000..c65571c283503c +index 00000000000000..5e172b625edf3a --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h -@@ -0,0 +1,363 @@ +@@ -0,0 +1,371 @@ +// Code generated by mkcgo. DO NOT EDIT. + +#ifndef MKCGO_H // only include this header once @@ -15208,6 +15263,9 @@ index 00000000000000..c65571c283503c + _EVP_PKEY_DSA = 116, + _EVP_PKEY_MLKEM_768 = 1455, + _EVP_PKEY_MLKEM_1024 = 1456, ++ _EVP_PKEY_ML_DSA_44 = 1457, ++ _EVP_PKEY_ML_DSA_65 = 1458, ++ _EVP_PKEY_ML_DSA_87 = 1459, + _EVP_PKEY_OP_DERIVE = (1 << 10), + _EVP_MAX_MD_SIZE = 64, + _EVP_PKEY_PUBLIC_KEY = 0x86, @@ -15230,6 +15288,9 @@ index 00000000000000..c65571c283503c + _NID_secp521r1 = 716, + _NID_ML_KEM_768 = 1455, + _NID_ML_KEM_1024 = 1456, ++ _NID_ML_DSA_44 = 1457, ++ _NID_ML_DSA_65 = 1458, ++ _NID_ML_DSA_87 = 1459, + _RSA_PKCS1_PADDING = 1, + _RSA_NO_PADDING = 3, + _RSA_PKCS1_OAEP_PADDING = 4, @@ -15254,8 +15315,6 @@ index 00000000000000..c65571c283503c +uintptr_t mkcgo_err_retrieve(); +void __mkcgo_load_(void* handle); +void __mkcgo_unload_(); -+void __mkcgo_load_111(void* handle); -+void __mkcgo_unload_111(); +void __mkcgo_load_3(void* handle); +void __mkcgo_unload_3(); +void __mkcgo_load_33(void* handle); @@ -15269,6 +15328,8 @@ index 00000000000000..c65571c283503c +void __mkcgo_load_version(void* handle); +void __mkcgo_unload_version(); + ++int _mkcgo_available_EVP_DigestSqueeze(); ++int _mkcgo_available_EVP_KEYMGMT_fetch(); +int _mkcgo_available_EVP_chacha20_poly1305(); +int _mkcgo_available_OPENSSL_version_major(); +int _mkcgo_available_OPENSSL_version_minor(); @@ -15389,8 +15450,10 @@ index 00000000000000..c65571c283503c +int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR, const unsigned char*, int, uintptr_t *); +int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR, uintptr_t *); +int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR, int, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); +_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR, const char*, const char*, const char*, uintptr_t *); +_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); +_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); +_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR, const char*, const char*, size_t, uintptr_t *); +_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); @@ -15514,10 +15577,10 @@ index 00000000000000..c65571c283503c +#endif // MKCGO_H diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go new file mode 100644 -index 00000000000000..7e7063d31539c8 +index 00000000000000..9faa8e16a69cf6 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go -@@ -0,0 +1,1486 @@ +@@ -0,0 +1,1502 @@ +// Code generated by mkcgo. DO NOT EDIT. + +package ossl @@ -15567,10 +15630,14 @@ index 00000000000000..7e7063d31539c8 +#cgo nocallback _mkcgo_EVP_MD_CTX_get_params +#cgo noescape _mkcgo_EVP_MD_CTX_set_params +#cgo nocallback _mkcgo_EVP_MD_CTX_set_params ++#cgo noescape _mkcgo_EVP_PKEY_CTX_set_params ++#cgo nocallback _mkcgo_EVP_PKEY_CTX_set_params +#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_EC +#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_EC +#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_ED25519 +#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_ED25519 ++#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_MLDSA ++#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_MLDSA +#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_MLKEM +#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_MLKEM +#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_RSA @@ -15641,14 +15708,6 @@ index 00000000000000..7e7063d31539c8 + C.__mkcgo_unload_() +} + -+func MkcgoLoad_111(handle unsafe.Pointer) { -+ C.__mkcgo_load_111(handle) -+} -+ -+func MkcgoUnload_111() { -+ C.__mkcgo_unload_111() -+} -+ +func MkcgoLoad_3(handle unsafe.Pointer) { + C.__mkcgo_load_3(handle) +} @@ -16058,6 +16117,10 @@ index 00000000000000..7e7063d31539c8 + return int32(_ret), newMkcgoErr("EVP_DigestSignInit", uintptr(_err)) +} + ++func EVP_DigestSqueeze_Available() bool { ++ return C._mkcgo_available_EVP_DigestSqueeze() != 0 ++} ++ +func EVP_DigestSqueeze(ctx EVP_MD_CTX_PTR, out []byte) (int32, error) { + var _err C.uintptr_t + _ret := C._mkcgo_EVP_DigestSqueeze(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), C.size_t(len(out)), mkcgoNoEscape(&_err)) @@ -16150,6 +16213,10 @@ index 00000000000000..7e7063d31539c8 + C._mkcgo_EVP_KDF_free(kdf) +} + ++func EVP_KEYMGMT_fetch_Available() bool { ++ return C._mkcgo_available_EVP_KEYMGMT_fetch() != 0 ++} ++ +func EVP_KEYMGMT_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KEYMGMT_PTR, error) { + var _err C.uintptr_t + _ret := C._mkcgo_EVP_KEYMGMT_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) @@ -16346,6 +16413,12 @@ index 00000000000000..7e7063d31539c8 + return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", uintptr(_err)) +} + ++func EVP_PKEY_CTX_set_params(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_params", uintptr(_err)) ++} ++ +func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { + var _err C.uintptr_t + _ret := C._mkcgo_EVP_PKEY_Q_keygen_EC(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), (*C.char)(unsafe.Pointer(arg1)), mkcgoNoEscape(&_err)) @@ -16358,6 +16431,12 @@ index 00000000000000..7e7063d31539c8 + return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", uintptr(_err)) +} + ++func EVP_PKEY_Q_keygen_MLDSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_MLDSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_MLDSA", uintptr(_err)) ++} ++ +func EVP_PKEY_Q_keygen_MLKEM(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { + var _err C.uintptr_t + _ret := C._mkcgo_EVP_PKEY_Q_keygen_MLKEM(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) @@ -17006,10 +17085,10 @@ index 00000000000000..7e7063d31539c8 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go new file mode 100644 -index 00000000000000..1f3ab498325710 +index 00000000000000..9940275b3749ff --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go -@@ -0,0 +1,2450 @@ +@@ -0,0 +1,2468 @@ +// Code generated by mkcgo. DO NOT EDIT. + +//go:build !cgo @@ -17557,6 +17636,10 @@ index 00000000000000..1f3ab498325710 + return int32(r0), newMkcgoErr("EVP_DigestSignInit", _err) +} + ++func EVP_DigestSqueeze_Available() bool { ++ return _mkcgo_EVP_DigestSqueeze != 0 ++} ++ +var _mkcgo_EVP_DigestSqueeze uintptr + +func EVP_DigestSqueeze(ctx EVP_MD_CTX_PTR, out []byte) (int32, error) { @@ -17679,6 +17762,10 @@ index 00000000000000..1f3ab498325710 + syscallN(0, _mkcgo_EVP_KDF_free, uintptr(kdf)) +} + ++func EVP_KEYMGMT_fetch_Available() bool { ++ return _mkcgo_EVP_KEYMGMT_fetch != 0 ++} ++ +var _mkcgo_EVP_KEYMGMT_fetch uintptr + +func EVP_KEYMGMT_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KEYMGMT_PTR, error) { @@ -17952,6 +18039,14 @@ index 00000000000000..1f3ab498325710 + return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", _err) +} + ++var _mkcgo_EVP_PKEY_CTX_set_params uintptr ++ ++func EVP_PKEY_CTX_set_params(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_params", _err) ++} ++ +var _mkcgo_EVP_PKEY_Q_keygen uintptr + +func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { @@ -17971,6 +18066,12 @@ index 00000000000000..1f3ab498325710 + return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", _err) +} + ++func EVP_PKEY_Q_keygen_MLDSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_MLDSA", _err) ++} ++ +func EVP_PKEY_Q_keygen_MLKEM(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { + var _err uintptr + r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) @@ -18958,15 +19059,18 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_DigestFinal_ex = dlsym(handle, "EVP_DigestFinal_ex\x00", false) + _mkcgo_EVP_DigestInit = dlsym(handle, "EVP_DigestInit\x00", false) + _mkcgo_EVP_DigestInit_ex = dlsym(handle, "EVP_DigestInit_ex\x00", false) ++ _mkcgo_EVP_DigestSign = dlsym(handle, "EVP_DigestSign\x00", false) + _mkcgo_EVP_DigestSignFinal = dlsym(handle, "EVP_DigestSignFinal\x00", false) + _mkcgo_EVP_DigestSignInit = dlsym(handle, "EVP_DigestSignInit\x00", false) + _mkcgo_EVP_DigestUpdate = dlsym(handle, "EVP_DigestUpdate\x00", false) ++ _mkcgo_EVP_DigestVerify = dlsym(handle, "EVP_DigestVerify\x00", false) + _mkcgo_EVP_DigestVerifyFinal = dlsym(handle, "EVP_DigestVerifyFinal\x00", false) + _mkcgo_EVP_DigestVerifyInit = dlsym(handle, "EVP_DigestVerifyInit\x00", false) + _mkcgo_EVP_EncryptFinal_ex = dlsym(handle, "EVP_EncryptFinal_ex\x00", false) + _mkcgo_EVP_EncryptInit_ex = dlsym(handle, "EVP_EncryptInit_ex\x00", false) + _mkcgo_EVP_EncryptUpdate = dlsym(handle, "EVP_EncryptUpdate\x00", false) + _mkcgo_EVP_MD_CTX_copy_ex = dlsym(handle, "EVP_MD_CTX_copy_ex\x00", false) ++ _mkcgo_EVP_MD_CTX_ctrl = dlsym(handle, "EVP_MD_CTX_ctrl\x00", false) + _mkcgo_EVP_MD_CTX_free = dlsym(handle, "EVP_MD_CTX_free\x00", false) + _mkcgo_EVP_MD_CTX_new = dlsym(handle, "EVP_MD_CTX_new\x00", false) + _mkcgo_EVP_PKEY_CTX_ctrl = dlsym(handle, "EVP_PKEY_CTX_ctrl\x00", false) @@ -18981,9 +19085,13 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_PKEY_encrypt = dlsym(handle, "EVP_PKEY_encrypt\x00", false) + _mkcgo_EVP_PKEY_encrypt_init = dlsym(handle, "EVP_PKEY_encrypt_init\x00", false) + _mkcgo_EVP_PKEY_free = dlsym(handle, "EVP_PKEY_free\x00", false) ++ _mkcgo_EVP_PKEY_get_raw_private_key = dlsym(handle, "EVP_PKEY_get_raw_private_key\x00", false) ++ _mkcgo_EVP_PKEY_get_raw_public_key = dlsym(handle, "EVP_PKEY_get_raw_public_key\x00", false) + _mkcgo_EVP_PKEY_keygen = dlsym(handle, "EVP_PKEY_keygen\x00", false) + _mkcgo_EVP_PKEY_keygen_init = dlsym(handle, "EVP_PKEY_keygen_init\x00", false) + _mkcgo_EVP_PKEY_new = dlsym(handle, "EVP_PKEY_new\x00", false) ++ _mkcgo_EVP_PKEY_new_raw_private_key = dlsym(handle, "EVP_PKEY_new_raw_private_key\x00", false) ++ _mkcgo_EVP_PKEY_new_raw_public_key = dlsym(handle, "EVP_PKEY_new_raw_public_key\x00", false) + _mkcgo_EVP_PKEY_paramgen = dlsym(handle, "EVP_PKEY_paramgen\x00", false) + _mkcgo_EVP_PKEY_paramgen_init = dlsym(handle, "EVP_PKEY_paramgen_init\x00", false) + _mkcgo_EVP_PKEY_sign = dlsym(handle, "EVP_PKEY_sign\x00", false) @@ -19017,7 +19125,13 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_sha224 = dlsym(handle, "EVP_sha224\x00", false) + _mkcgo_EVP_sha256 = dlsym(handle, "EVP_sha256\x00", false) + _mkcgo_EVP_sha384 = dlsym(handle, "EVP_sha384\x00", false) ++ _mkcgo_EVP_sha3_224 = dlsym(handle, "EVP_sha3_224\x00", false) ++ _mkcgo_EVP_sha3_256 = dlsym(handle, "EVP_sha3_256\x00", false) ++ _mkcgo_EVP_sha3_384 = dlsym(handle, "EVP_sha3_384\x00", false) ++ _mkcgo_EVP_sha3_512 = dlsym(handle, "EVP_sha3_512\x00", false) + _mkcgo_EVP_sha512 = dlsym(handle, "EVP_sha512\x00", false) ++ _mkcgo_EVP_sha512_224 = dlsym(handle, "EVP_sha512_224\x00", false) ++ _mkcgo_EVP_sha512_256 = dlsym(handle, "EVP_sha512_256\x00", false) + _mkcgo_OBJ_nid2sn = dlsym(handle, "OBJ_nid2sn\x00", false) + _mkcgo_OPENSSL_init = dlsym(handle, "OPENSSL_init\x00", false) + _mkcgo_OPENSSL_init_crypto = dlsym(handle, "OPENSSL_init_crypto\x00", false) @@ -19065,15 +19179,18 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_DigestFinal_ex = 0 + _mkcgo_EVP_DigestInit = 0 + _mkcgo_EVP_DigestInit_ex = 0 ++ _mkcgo_EVP_DigestSign = 0 + _mkcgo_EVP_DigestSignFinal = 0 + _mkcgo_EVP_DigestSignInit = 0 + _mkcgo_EVP_DigestUpdate = 0 ++ _mkcgo_EVP_DigestVerify = 0 + _mkcgo_EVP_DigestVerifyFinal = 0 + _mkcgo_EVP_DigestVerifyInit = 0 + _mkcgo_EVP_EncryptFinal_ex = 0 + _mkcgo_EVP_EncryptInit_ex = 0 + _mkcgo_EVP_EncryptUpdate = 0 + _mkcgo_EVP_MD_CTX_copy_ex = 0 ++ _mkcgo_EVP_MD_CTX_ctrl = 0 + _mkcgo_EVP_MD_CTX_free = 0 + _mkcgo_EVP_MD_CTX_new = 0 + _mkcgo_EVP_PKEY_CTX_ctrl = 0 @@ -19088,9 +19205,13 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_PKEY_encrypt = 0 + _mkcgo_EVP_PKEY_encrypt_init = 0 + _mkcgo_EVP_PKEY_free = 0 ++ _mkcgo_EVP_PKEY_get_raw_private_key = 0 ++ _mkcgo_EVP_PKEY_get_raw_public_key = 0 + _mkcgo_EVP_PKEY_keygen = 0 + _mkcgo_EVP_PKEY_keygen_init = 0 + _mkcgo_EVP_PKEY_new = 0 ++ _mkcgo_EVP_PKEY_new_raw_private_key = 0 ++ _mkcgo_EVP_PKEY_new_raw_public_key = 0 + _mkcgo_EVP_PKEY_paramgen = 0 + _mkcgo_EVP_PKEY_paramgen_init = 0 + _mkcgo_EVP_PKEY_sign = 0 @@ -19124,7 +19245,13 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_sha224 = 0 + _mkcgo_EVP_sha256 = 0 + _mkcgo_EVP_sha384 = 0 ++ _mkcgo_EVP_sha3_224 = 0 ++ _mkcgo_EVP_sha3_256 = 0 ++ _mkcgo_EVP_sha3_384 = 0 ++ _mkcgo_EVP_sha3_512 = 0 + _mkcgo_EVP_sha512 = 0 ++ _mkcgo_EVP_sha512_224 = 0 ++ _mkcgo_EVP_sha512_256 = 0 + _mkcgo_OBJ_nid2sn = 0 + _mkcgo_OPENSSL_init = 0 + _mkcgo_OPENSSL_init_crypto = 0 @@ -19133,38 +19260,6 @@ index 00000000000000..1f3ab498325710 + _mkcgo_RAND_bytes = 0 +} + -+func MkcgoLoad_111(handle unsafe.Pointer) { -+ _mkcgo_EVP_DigestSign = dlsym(handle, "EVP_DigestSign\x00", false) -+ _mkcgo_EVP_DigestVerify = dlsym(handle, "EVP_DigestVerify\x00", false) -+ _mkcgo_EVP_MD_CTX_ctrl = dlsym(handle, "EVP_MD_CTX_ctrl\x00", false) -+ _mkcgo_EVP_PKEY_get_raw_private_key = dlsym(handle, "EVP_PKEY_get_raw_private_key\x00", false) -+ _mkcgo_EVP_PKEY_get_raw_public_key = dlsym(handle, "EVP_PKEY_get_raw_public_key\x00", false) -+ _mkcgo_EVP_PKEY_new_raw_private_key = dlsym(handle, "EVP_PKEY_new_raw_private_key\x00", false) -+ _mkcgo_EVP_PKEY_new_raw_public_key = dlsym(handle, "EVP_PKEY_new_raw_public_key\x00", false) -+ _mkcgo_EVP_sha3_224 = dlsym(handle, "EVP_sha3_224\x00", false) -+ _mkcgo_EVP_sha3_256 = dlsym(handle, "EVP_sha3_256\x00", false) -+ _mkcgo_EVP_sha3_384 = dlsym(handle, "EVP_sha3_384\x00", false) -+ _mkcgo_EVP_sha3_512 = dlsym(handle, "EVP_sha3_512\x00", false) -+ _mkcgo_EVP_sha512_224 = dlsym(handle, "EVP_sha512_224\x00", false) -+ _mkcgo_EVP_sha512_256 = dlsym(handle, "EVP_sha512_256\x00", false) -+} -+ -+func MkcgoUnload_111() { -+ _mkcgo_EVP_DigestSign = 0 -+ _mkcgo_EVP_DigestVerify = 0 -+ _mkcgo_EVP_MD_CTX_ctrl = 0 -+ _mkcgo_EVP_PKEY_get_raw_private_key = 0 -+ _mkcgo_EVP_PKEY_get_raw_public_key = 0 -+ _mkcgo_EVP_PKEY_new_raw_private_key = 0 -+ _mkcgo_EVP_PKEY_new_raw_public_key = 0 -+ _mkcgo_EVP_sha3_224 = 0 -+ _mkcgo_EVP_sha3_256 = 0 -+ _mkcgo_EVP_sha3_384 = 0 -+ _mkcgo_EVP_sha3_512 = 0 -+ _mkcgo_EVP_sha512_224 = 0 -+ _mkcgo_EVP_sha512_256 = 0 -+} -+ +func MkcgoLoad_3(handle unsafe.Pointer) { + _mkcgo_EC_POINT_set_affine_coordinates = dlsym(handle, "EC_POINT_set_affine_coordinates\x00", false) + _mkcgo_EVP_CIPHER_fetch = dlsym(handle, "EVP_CIPHER_fetch\x00", false) @@ -19177,7 +19272,7 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_KDF_derive = dlsym(handle, "EVP_KDF_derive\x00", false) + _mkcgo_EVP_KDF_fetch = dlsym(handle, "EVP_KDF_fetch\x00", false) + _mkcgo_EVP_KDF_free = dlsym(handle, "EVP_KDF_free\x00", false) -+ _mkcgo_EVP_KEYMGMT_fetch = dlsym(handle, "EVP_KEYMGMT_fetch\x00", false) ++ _mkcgo_EVP_KEYMGMT_fetch = dlsym(handle, "EVP_KEYMGMT_fetch\x00", true) + _mkcgo_EVP_KEYMGMT_free = dlsym(handle, "EVP_KEYMGMT_free\x00", false) + _mkcgo_EVP_MAC_CTX_dup = dlsym(handle, "EVP_MAC_CTX_dup\x00", false) + _mkcgo_EVP_MAC_CTX_free = dlsym(handle, "EVP_MAC_CTX_free\x00", false) @@ -19205,6 +19300,7 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt = dlsym(handle, "EVP_PKEY_CTX_set1_hkdf_salt\x00", false) + _mkcgo_EVP_PKEY_CTX_set_hkdf_md = dlsym(handle, "EVP_PKEY_CTX_set_hkdf_md\x00", false) + _mkcgo_EVP_PKEY_CTX_set_hkdf_mode = dlsym(handle, "EVP_PKEY_CTX_set_hkdf_mode\x00", false) ++ _mkcgo_EVP_PKEY_CTX_set_params = dlsym(handle, "EVP_PKEY_CTX_set_params\x00", false) + _mkcgo_EVP_PKEY_Q_keygen = dlsym(handle, "EVP_PKEY_Q_keygen\x00", false) + _mkcgo_EVP_PKEY_decapsulate = dlsym(handle, "EVP_PKEY_decapsulate\x00", false) + _mkcgo_EVP_PKEY_decapsulate_init = dlsym(handle, "EVP_PKEY_decapsulate_init\x00", false) @@ -19278,6 +19374,7 @@ index 00000000000000..1f3ab498325710 + _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt = 0 + _mkcgo_EVP_PKEY_CTX_set_hkdf_md = 0 + _mkcgo_EVP_PKEY_CTX_set_hkdf_mode = 0 ++ _mkcgo_EVP_PKEY_CTX_set_params = 0 + _mkcgo_EVP_PKEY_Q_keygen = 0 + _mkcgo_EVP_PKEY_decapsulate = 0 + _mkcgo_EVP_PKEY_decapsulate_init = 0 @@ -19313,7 +19410,7 @@ index 00000000000000..1f3ab498325710 + +func MkcgoLoad_33(handle unsafe.Pointer) { + _mkcgo_EVP_DigestFinalXOF = dlsym(handle, "EVP_DigestFinalXOF\x00", false) -+ _mkcgo_EVP_DigestSqueeze = dlsym(handle, "EVP_DigestSqueeze\x00", false) ++ _mkcgo_EVP_DigestSqueeze = dlsym(handle, "EVP_DigestSqueeze\x00", true) +} + +func MkcgoUnload_33() { @@ -19460,12 +19557,466 @@ index 00000000000000..1f3ab498325710 + _mkcgo_OPENSSL_version_patch = 0 + _mkcgo_OpenSSL_version_num = 0 +} +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/mldsa.go b/src/vendor/github.com/golang-fips/openssl/v2/mldsa.go +new file mode 100644 +index 00000000000000..d608947c8b9ae1 +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/mldsa.go +@@ -0,0 +1,448 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import ( ++ "errors" ++ "sync" ++ ++ "github.com/golang-fips/openssl/v2/internal/ossl" ++) ++ ++const ( ++ // privateKeySizeMLDSA is the size of an ML-DSA private key seed. ++ privateKeySizeMLDSA = 32 ++ ++ // publicKeySizeMLDSA44 is the size of an ML-DSA-44 public key encoding. ++ publicKeySizeMLDSA44 = 1312 ++ ++ // publicKeySizeMLDSA65 is the size of an ML-DSA-65 public key encoding. ++ publicKeySizeMLDSA65 = 1952 ++ ++ // publicKeySizeMLDSA87 is the size of an ML-DSA-87 public key encoding. ++ publicKeySizeMLDSA87 = 2592 ++ ++ // signatureSizeMLDSA44 is the size of an ML-DSA-44 signature. ++ signatureSizeMLDSA44 = 2420 ++ ++ // signatureSizeMLDSA65 is the size of an ML-DSA-65 signature. ++ signatureSizeMLDSA65 = 3309 ++ ++ // signatureSizeMLDSA87 is the size of an ML-DSA-87 signature. ++ signatureSizeMLDSA87 = 4627 ++ ++ // muSizeMLDSA is the size of the pre-hashed mu input to the external-mu ++ // variants of Sign and Verify. ++ muSizeMLDSA = 64 ++ ++ // maxContextSizeMLDSA is the maximum allowed length of the context string ++ // passed to Sign and Verify. ++ maxContextSizeMLDSA = 255 ++) ++ ++// SupportsMLDSA returns true if the given ML-DSA parameter set is supported ++// on this platform. Providers may not implement every security level, so ++// callers must probe each parameter set they intend to use. ++func SupportsMLDSA(params MLDSAParameters) bool { ++ switch params.keyType { ++ case ossl.EVP_PKEY_ML_DSA_44: ++ return supportsMLDSA44() ++ case ossl.EVP_PKEY_ML_DSA_65: ++ return supportsMLDSA65() ++ case ossl.EVP_PKEY_ML_DSA_87: ++ return supportsMLDSA87() ++ default: ++ return false ++ } ++} ++ ++// probeMLDSA reports whether the OpenSSL provider exposes the given ML-DSA ++// algorithm via the keymgmt fetch interface. ML-DSA was added in OpenSSL 3.5; ++// older 3.x releases return nil for unknown algorithm names, and 1.x lacks ++// the fetch interface entirely. ++func probeMLDSA(name cString) bool { ++ if !ossl.EVP_KEYMGMT_fetch_Available() { ++ return false ++ } ++ mgmt, _ := ossl.EVP_KEYMGMT_fetch(nil, name.ptr(), nil) ++ if mgmt == nil { ++ return false ++ } ++ ossl.EVP_KEYMGMT_free(mgmt) ++ return true ++} ++ ++var ( ++ supportsMLDSA44 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA44) }) ++ supportsMLDSA65 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA65) }) ++ supportsMLDSA87 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA87) }) ++) ++ ++// MLDSAParameters represents one of the fixed ML-DSA parameter sets. ++type MLDSAParameters struct { ++ name string ++ keyType int32 ++ keyTypeName cString ++ publicKeySize int ++ signatureSize int ++} ++ ++var ( ++ mldsa44 = MLDSAParameters{ ++ name: "ML-DSA-44", ++ keyType: ossl.EVP_PKEY_ML_DSA_44, ++ keyTypeName: _KeyTypeMLDSA44, ++ publicKeySize: publicKeySizeMLDSA44, ++ signatureSize: signatureSizeMLDSA44, ++ } ++ mldsa65 = MLDSAParameters{ ++ name: "ML-DSA-65", ++ keyType: ossl.EVP_PKEY_ML_DSA_65, ++ keyTypeName: _KeyTypeMLDSA65, ++ publicKeySize: publicKeySizeMLDSA65, ++ signatureSize: signatureSizeMLDSA65, ++ } ++ mldsa87 = MLDSAParameters{ ++ name: "ML-DSA-87", ++ keyType: ossl.EVP_PKEY_ML_DSA_87, ++ keyTypeName: _KeyTypeMLDSA87, ++ publicKeySize: publicKeySizeMLDSA87, ++ signatureSize: signatureSizeMLDSA87, ++ } ++) ++ ++// MLDSA44 returns the ML-DSA-44 parameter set. ++func MLDSA44() MLDSAParameters { return mldsa44 } ++ ++// MLDSA65 returns the ML-DSA-65 parameter set. ++func MLDSA65() MLDSAParameters { return mldsa65 } ++ ++// MLDSA87 returns the ML-DSA-87 parameter set. ++func MLDSA87() MLDSAParameters { return mldsa87 } ++ ++func (params MLDSAParameters) valid() bool { ++ switch params { ++ case mldsa44, mldsa65, mldsa87: ++ return true ++ default: ++ return false ++ } ++} ++ ++// PublicKeySize returns the size of public keys for this parameter set, in bytes. ++func (params MLDSAParameters) PublicKeySize() int { return params.publicKeySize } ++ ++// SignatureSize returns the size of signatures for this parameter set, in bytes. ++func (params MLDSAParameters) SignatureSize() int { return params.signatureSize } ++ ++// String returns the name of the parameter set. ++func (params MLDSAParameters) String() string { return params.name } ++ ++var errInvalidMLDSAParameters = errors.New("mldsa: invalid parameters") ++ ++// PrivateKeyMLDSA is an ML-DSA private key seed. ++type PrivateKeyMLDSA struct { ++ params MLDSAParameters ++ seed [privateKeySizeMLDSA]byte ++} ++ ++// GenerateKeyMLDSA generates a new ML-DSA private key. ++func GenerateKeyMLDSA(params MLDSAParameters) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ if err := generateMLDSASeed(params.keyType, key.seed[:]); err != nil { ++ return nil, err ++ } ++ return key, nil ++} ++ ++// NewPrivateKeyMLDSA constructs an ML-DSA private key from its 32-byte seed. ++func NewPrivateKeyMLDSA(params MLDSAParameters, seed []byte) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(seed) != privateKeySizeMLDSA { ++ return nil, errors.New("mldsa: invalid private key size") ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ copy(key.seed[:], seed) ++ return key, nil ++} ++ ++// Bytes returns the private key seed. ++func (key *PrivateKeyMLDSA) Bytes() []byte { ++ return key.seed[:] ++} ++ ++// Parameters returns the parameters associated with this private key. ++func (key *PrivateKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// PublicKey returns the corresponding public key. ++func (key *PrivateKeyMLDSA) PublicKey() *PublicKeyMLDSA { ++ publicKey := &PublicKeyMLDSA{params: key.params} ++ if err := mldsaExtractPublicKey(key.params, key.seed[:], publicKey.bytes[:key.params.publicKeySize]); err != nil { ++ panic(err) ++ } ++ return publicKey ++} ++ ++// Sign signs message with the private key, optionally binding the signature ++// to a context string. The context string must be at most 255 bytes long. ++func (key *PrivateKeyMLDSA) Sign(message []byte, context string) ([]byte, error) { ++ return mldsaSign(key.params, key.seed[:], message, context) ++} ++ ++// SignExternalMu signs a pre-hashed mu message representative using ML-DSA. ++// mu must be exactly 64 bytes long. ++func (key *PrivateKeyMLDSA) SignExternalMu(mu []byte) ([]byte, error) { ++ if len(mu) != muSizeMLDSA { ++ return nil, errors.New("mldsa: invalid message hash length") ++ } ++ return mldsaSignExternalMu(key.params, key.seed[:], mu) ++} ++ ++// PublicKeyMLDSA is an ML-DSA public key. ++type PublicKeyMLDSA struct { ++ params MLDSAParameters ++ bytes [publicKeySizeMLDSA87]byte ++} ++ ++// NewPublicKeyMLDSA constructs an ML-DSA public key from its encoding. ++func NewPublicKeyMLDSA(params MLDSAParameters, publicKey []byte) (*PublicKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(publicKey) != params.publicKeySize { ++ return nil, errors.New("mldsa: invalid public key size") ++ } ++ // Validate by attempting a key import. ++ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) ++ if err != nil { ++ return nil, err ++ } ++ ossl.EVP_PKEY_free(pkey) ++ key := &PublicKeyMLDSA{params: params} ++ copy(key.bytes[:], publicKey) ++ return key, nil ++} ++ ++// Bytes returns the public key encoding. ++func (key *PublicKeyMLDSA) Bytes() []byte { ++ return key.bytes[:key.params.publicKeySize] ++} ++ ++// Parameters returns the parameters associated with this public key. ++func (key *PublicKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// Verify verifies an ML-DSA signature over message bound to the given context. ++func (key *PublicKeyMLDSA) Verify(message, signature []byte, context string) error { ++ return mldsaVerify(key.params, key.bytes[:key.params.publicKeySize], message, signature, context) ++} ++ ++// VerifyExternalMu verifies an ML-DSA signature over a pre-hashed mu message ++// representative. mu must be exactly 64 bytes long. ++func (key *PublicKeyMLDSA) VerifyExternalMu(mu, signature []byte) error { ++ if len(mu) != muSizeMLDSA { ++ return errors.New("mldsa: invalid message hash length") ++ } ++ return mldsaVerifyExternalMu(key.params, key.bytes[:key.params.publicKeySize], mu, signature) ++} ++ ++// Helper functions ++ ++// generateMLDSASeed generates a new ML-DSA private key and extracts the seed. ++func generateMLDSASeed(keyType int32, seed []byte) error { ++ pkey, err := generateEVPPKey(keyType, 0, "") ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ _, err = ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_ML_DSA_SEED.ptr(), seed, nil) ++ return err ++} ++ ++// createMLDSAPrivateKey creates an ML-DSA EVP_PKEY from a 32-byte seed. ++func createMLDSAPrivateKey(id int32, seed []byte) (ossl.EVP_PKEY_PTR, error) { ++ if len(seed) != privateKeySizeMLDSA { ++ return nil, errors.New("mldsa: invalid seed size") ++ } ++ ++ bld := newParamBuilder() ++ defer bld.finalize() ++ ++ bld.addOctetString(_OSSL_PKEY_PARAM_ML_DSA_SEED, seed) ++ ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ ++ return newEvpFromParams(id, ossl.EVP_PKEY_KEYPAIR, params) ++} ++ ++// createMLDSAPublicKey creates an ML-DSA EVP_PKEY from encoded public key bytes. ++func createMLDSAPublicKey(id int32, pubKeyBytes []byte) (ossl.EVP_PKEY_PTR, error) { ++ bld := newParamBuilder() ++ defer bld.finalize() ++ ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubKeyBytes) ++ ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ ++ return newEvpFromParams(id, ossl.EVP_PKEY_PUBLIC_KEY, params) ++} ++ ++// mldsaExtractPublicKey derives and copies the encoded public key bytes from ++// a private key seed. ++func mldsaExtractPublicKey(params MLDSAParameters, seed, dst []byte) error { ++ pkey, err := createMLDSAPrivateKey(params.keyType, seed) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ var pubLen int ++ if _, err := ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), dst, &pubLen); err != nil { ++ return err ++ } ++ if pubLen != params.publicKeySize { ++ return errors.New("mldsa: unexpected public key size") ++ } ++ return nil ++} ++ ++// mldsaSigParams builds the OSSL_PARAM array used to bind a context string ++// (and/or the external-mu flag) to an ML-DSA Sign or Verify operation. ++// Returns nil params when neither is set. ++func mldsaSigParams(context string, externalMu bool) (ossl.OSSL_PARAM_PTR, error) { ++ if len(context) > maxContextSizeMLDSA { ++ return nil, errors.New("mldsa: context too long") ++ } ++ if context == "" && !externalMu { ++ return nil, nil ++ } ++ bld := newParamBuilder() ++ defer bld.finalize() ++ if context != "" { ++ bld.addOctetString(_OSSL_SIGNATURE_PARAM_CONTEXT_STRING, []byte(context)) ++ } ++ if externalMu { ++ bld.addInt32(_OSSL_SIGNATURE_PARAM_MU, 1) ++ } ++ return bld.build() ++} ++ ++func mldsaSign(params MLDSAParameters, seed, message []byte, context string) ([]byte, error) { ++ pkey, err := createMLDSAPrivateKey(params.keyType, seed) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ return mldsaSignWithKey(pkey, params, message, context, false) ++} ++ ++func mldsaSignExternalMu(params MLDSAParameters, seed, mu []byte) ([]byte, error) { ++ pkey, err := createMLDSAPrivateKey(params.keyType, seed) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ return mldsaSignWithKey(pkey, params, mu, "", true) ++} ++ ++func mldsaSignWithKey(pkey ossl.EVP_PKEY_PTR, params MLDSAParameters, message []byte, context string, externalMu bool) ([]byte, error) { ++ mdctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_MD_CTX_free(mdctx) ++ ++ var pctx ossl.EVP_PKEY_CTX_PTR ++ if _, err := ossl.EVP_DigestSignInit(mdctx, &pctx, nil, nil, pkey); err != nil { ++ return nil, err ++ } ++ sigParams, err := mldsaSigParams(context, externalMu) ++ if err != nil { ++ return nil, err ++ } ++ if sigParams != nil { ++ defer ossl.OSSL_PARAM_free(sigParams) ++ if _, err := ossl.EVP_PKEY_CTX_set_params(pctx, sigParams); err != nil { ++ return nil, err ++ } ++ } ++ ++ signature := make([]byte, params.signatureSize) ++ siglen := params.signatureSize ++ if _, err := ossl.EVP_DigestSign(mdctx, signature, &siglen, message); err != nil { ++ return nil, err ++ } ++ if siglen != params.signatureSize { ++ return nil, errors.New("mldsa: unexpected signature length") ++ } ++ return signature[:siglen], nil ++} ++ ++func mldsaVerify(params MLDSAParameters, publicKey, message, signature []byte, context string) error { ++ if len(signature) != params.signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ return mldsaVerifyWithKey(pkey, message, signature, context, false) ++} ++ ++func mldsaVerifyExternalMu(params MLDSAParameters, publicKey, mu, signature []byte) error { ++ if len(signature) != params.signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ return mldsaVerifyWithKey(pkey, mu, signature, "", true) ++} ++ ++func mldsaVerifyWithKey(pkey ossl.EVP_PKEY_PTR, message, signature []byte, context string, externalMu bool) error { ++ mdctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_MD_CTX_free(mdctx) ++ ++ var pctx ossl.EVP_PKEY_CTX_PTR ++ if _, err := ossl.EVP_DigestVerifyInit(mdctx, &pctx, nil, nil, pkey); err != nil { ++ return err ++ } ++ sigParams, err := mldsaSigParams(context, externalMu) ++ if err != nil { ++ return err ++ } ++ if sigParams != nil { ++ defer ossl.OSSL_PARAM_free(sigParams) ++ if _, err := ossl.EVP_PKEY_CTX_set_params(pctx, sigParams); err != nil { ++ return err ++ } ++ } ++ ++ if _, err := ossl.EVP_DigestVerify(mdctx, signature, message); err != nil { ++ return errors.New("mldsa: invalid signature") ++ } ++ return nil ++} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/mlkem.go b/src/vendor/github.com/golang-fips/openssl/v2/mlkem.go new file mode 100644 -index 00000000000000..17444fbf258584 +index 00000000000000..1bf7ae9aade6af --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/mlkem.go -@@ -0,0 +1,365 @@ +@@ -0,0 +1,368 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -19500,36 +20051,39 @@ index 00000000000000..17444fbf258584 + +// SupportsMLKEM768 returns true if ML-KEM-768 is supported on this platform. +func SupportsMLKEM768() bool { -+ if major() >= 3 && minor() >= 5 { -+ return supportsMLKEM768() -+ } -+ return false ++ return supportsMLKEM768() +} + +// SupportsMLKEM1024 returns true if ML-KEM-1024 is supported on this platform. +func SupportsMLKEM1024() bool { -+ if major() >= 3 && minor() >= 5 { -+ return supportsMLKEM1024() -+ } -+ return false ++ return supportsMLKEM1024() +} + +var supportsMLKEM768 = sync.OnceValue(func() bool { ++ // EVP_KEYMGMT_fetch was added in OpenSSL 3.0; if it is not available we ++ // are on 1.x and ML-KEM is not supported. On 3.0–3.4 the fetch returns ++ // nil for the ML-KEM algorithm name, which the probe reports as false. ++ if !ossl.EVP_KEYMGMT_fetch_Available() { ++ return false ++ } + sig, _ := ossl.EVP_KEYMGMT_fetch(nil, _KeyTypeMLKEM768.ptr(), nil) -+ if sig != nil { -+ ossl.EVP_KEYMGMT_free(sig) -+ return true ++ if sig == nil { ++ return false + } -+ return false ++ ossl.EVP_KEYMGMT_free(sig) ++ return true +}) + +var supportsMLKEM1024 = sync.OnceValue(func() bool { ++ if !ossl.EVP_KEYMGMT_fetch_Available() { ++ return false ++ } + sig, _ := ossl.EVP_KEYMGMT_fetch(nil, _KeyTypeMLKEM1024.ptr(), nil) -+ if sig != nil { -+ ossl.EVP_KEYMGMT_free(sig) -+ return true ++ if sig == nil { ++ return false + } -+ return false ++ ossl.EVP_KEYMGMT_free(sig) ++ return true +}) + +// DecapsulationKeyMLKEM768 is the secret key used to decapsulate a shared key @@ -19833,10 +20387,10 @@ index 00000000000000..17444fbf258584 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go new file mode 100644 -index 00000000000000..43fd4a209ab821 +index 00000000000000..212d3979c59529 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,244 @@ +@@ -0,0 +1,240 @@ +//go:build !cmd_go_bootstrap + +// Package openssl provides access to OpenSSL cryptographic functions. @@ -19908,14 +20462,17 @@ index 00000000000000..43fd4a209ab821 +} + +func errUnsupportedVersion() error { -+ return errors.New("openssl: OpenSSL version: " + utoa(major()) + "." + utoa(minor()) + "." + utoa(patch())) ++ return errors.New("openssl: unsupported OpenSSL version: " + utoa(major()) + "." + utoa(minor()) + "." + utoa(patch()) + " (minimum supported version is 1.1.1)") +} + -+// checkMajorVersion panics if the current major version is not expected. -+func checkMajorVersion(expected int) { -+ if major() != expected { -+ panic("openssl: incorrect major version (" + strconv.Itoa(major()) + "), expected " + strconv.Itoa(expected)) ++// checkMajorVersion panics if the current major version is not one of the expected versions. ++func checkMajorVersion(expected ...int) { ++ for _, v := range expected { ++ if major() == v { ++ return ++ } + } ++ panic("openssl: incorrect major version (" + strconv.Itoa(major()) + ")") +} + +type fail string @@ -20069,13 +20626,6 @@ index 00000000000000..43fd4a209ab821 + return err +} + -+// versionAtOrAbove returns true when -+// (major(), minor(), patch()) >= (vmajor, vminor, vpatch), -+// compared lexicographically. -+func versionAtOrAbove(vmajor, vminor, vpatch int) bool { -+ return major() > vmajor || (major() == vmajor && minor() > vminor) || (major() == vmajor && minor() == vminor && patch() >= vpatch) -+} -+ +func bigEndianUint64(b []byte) uint64 { + _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808 + return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | @@ -20143,10 +20693,10 @@ index 00000000000000..47bfafa9d4c63f +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/fips.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/fips.go new file mode 100644 -index 00000000000000..de987d68d364a6 +index 00000000000000..138e1ab10f7f75 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/fips.go -@@ -0,0 +1,165 @@ +@@ -0,0 +1,166 @@ +//go:build !cmd_go_bootstrap + +package osslsetup @@ -20200,7 +20750,7 @@ index 00000000000000..de987d68d364a6 + switch vMajor { + case 1: + return ossl.FIPS_mode() == 1 -+ case 3: ++ case 3, 4: + // Check if the default properties contain `fips=1`. + if ossl.EVP_default_properties_is_fips_enabled(nil) != 1 { + // Note that it is still possible that the provider used by default is FIPS-compliant, @@ -20238,7 +20788,8 @@ index 00000000000000..de987d68d364a6 + if FIPS() { + return true + } -+ if vMajor == 3 { ++ switch vMajor { ++ case 3, 4: + // Load the provider with and without the `fips=yes` query. + // If the providers are the same, then the default provider is FIPS-capable. + provFIPS := sha256Provider(_ProviderNameFips) @@ -20272,7 +20823,7 @@ index 00000000000000..de987d68d364a6 + return err + } + return nil -+ case 3: ++ case 3, 4: + var shaProps, provName cString + if enable { + shaProps = _PropFIPSYes @@ -20314,10 +20865,10 @@ index 00000000000000..de987d68d364a6 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init.go new file mode 100644 -index 00000000000000..fa00950e79da39 +index 00000000000000..a2e236bab9fddf --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init.go -@@ -0,0 +1,160 @@ +@@ -0,0 +1,169 @@ +//go:build !cmd_go_bootstrap + +package osslsetup @@ -20345,13 +20896,9 @@ index 00000000000000..fa00950e79da39 + ossl.MkcgoLoad_(handle) + if vMajor == 1 { + ossl.MkcgoLoad_legacy_1(handle) -+ if vPatch == 1 { -+ ossl.MkcgoLoad_111(handle) -+ } + } else { -+ ossl.MkcgoLoad_111(handle) + ossl.MkcgoLoad_3(handle) -+ if vMajor >= 3 && vMinor >= 3 { ++ if vMajor > 3 || (vMajor == 3 && vMinor >= 3) { + ossl.MkcgoLoad_33(handle) + } + } @@ -20396,12 +20943,15 @@ index 00000000000000..fa00950e79da39 + case 1: + loadX = ossl.MkcgoLoad_init_1 + unloadX = ossl.MkcgoUnload_init_1 -+ case 3: ++ default: ++ if vMajor < 3 { ++ // openLibrary should have already rejected this. ++ panic(errUnsupportedVersion()) ++ } ++ // Any 3+ major uses the OpenSSL 3 init shim: 3+ guarantees ++ // ABI/API compatibility within the same major. + loadX = ossl.MkcgoLoad_init_3 + unloadX = ossl.MkcgoUnload_init_3 -+ default: -+ // We shouldn't get here: openLibrary should have already returned an error. -+ panic(errUnsupportedVersion()) + } + return + } @@ -20468,10 +21018,20 @@ index 00000000000000..fa00950e79da39 + var supported bool + switch vMajor { + case 1: -+ supported = vMinor == 1 -+ case 3: -+ // OpenSSL guarantees API and ABI compatibility within the same major version since OpenSSL 3. -+ supported = true ++ supported = vMinor == 1 && vPatch >= 1 ++ default: ++ // 3+ guarantees ABI/API compatibility within the same major, ++ // so any tested major is supported. Untested 3+ majors require ++ // GODEBUG=ms_opensslallowuntested=1. ++ for _, m := range testedMajors { ++ if vMajor == m { ++ supported = true ++ break ++ } ++ } ++ if !supported && vMajor >= 3 && allowUntestedMajor() { ++ supported = true ++ } + } + if !supported { + return handle, nil, errUnsupportedVersion() @@ -20597,10 +21157,10 @@ index 00000000000000..c4981aef84b42f +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go new file mode 100644 -index 00000000000000..63eb1994606e8e +index 00000000000000..991e9ed5ba5e21 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go -@@ -0,0 +1,74 @@ +@@ -0,0 +1,103 @@ +//go:build !cmd_go_bootstrap + +package osslsetup @@ -20608,7 +21168,9 @@ index 00000000000000..63eb1994606e8e +import ( + "errors" + "strconv" ++ "strings" + "sync" ++ "syscall" + + "github.com/golang-fips/openssl/v2/internal/ossl" +) @@ -20617,6 +21179,33 @@ index 00000000000000..63eb1994606e8e + vMajor, vMinor, vPatch int +) + ++// testedMajors lists the OpenSSL major versions this backend has been ++// tested against. [openLibrary] rejects majors not in this list unless ++// GODEBUG=ms_opensslallowuntested=1 is set. OpenSSL 1 is supported only ++// at 1.1.1+; that minor/patch constraint is enforced separately in ++// [openLibrary]. ++var testedMajors = [...]int{1, 3, 4} ++ ++// allowUntestedMajor reports whether the user has set ++// GODEBUG=ms_opensslallowuntested=1. The "ms_" prefix marks this as a ++// Microsoft-defined GODEBUG so it will not collide with upstream Go. ++var allowUntestedMajor = sync.OnceValue(func() bool { ++ godebug, _ := syscall.Getenv("GODEBUG") ++ return godebugAllowUntested(godebug) ++}) ++ ++// godebugAllowUntested reports whether the comma-separated GODEBUG string ++// contains ms_opensslallowuntested=1. Matches internal/godebug parsing: ++// no whitespace trimming. ++func godebugAllowUntested(godebug string) bool { ++ for _, kv := range strings.Split(godebug, ",") { ++ if kv == "ms_opensslallowuntested=1" { ++ return true ++ } ++ } ++ return false ++} ++ +func VersionMajor() int { + return vMajor +} @@ -20634,7 +21223,7 @@ index 00000000000000..63eb1994606e8e +} + +func errUnsupportedVersion() error { -+ return errors.New("openssl: OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch)) ++ return errors.New("openssl: unsupported OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch) + " (minimum supported version is 1.1.1)") +} + +var ( @@ -20721,10 +21310,10 @@ index 00000000000000..fd1cad5692a0bc +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/params.go b/src/vendor/github.com/golang-fips/openssl/v2/params.go new file mode 100644 -index 00000000000000..aae278e743a73a +index 00000000000000..d8843d2afa94a8 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/params.go -@@ -0,0 +1,180 @@ +@@ -0,0 +1,190 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -20841,6 +21430,16 @@ index 00000000000000..aae278e743a73a + if !b.check() { + return + } ++ if value == nil { ++ // Short-circuit a nil slice: don't pass anything at all to OpenSSL. ++ // OpenSSL 3.5.6 raises an error when passed null, and expects users ++ // to not call this function at all in this case. ++ // See https://github.com/openssl/openssl/issues/30728 ++ // ++ // Don't short-circuit empty slices, as they might have a meaning. ++ // For example, in KDFs an empty salt is different from a nil salt. ++ return ++ } + if len(value) != 0 { + b.pinner.Pin(&value[0]) + } @@ -20907,7 +21506,7 @@ index 00000000000000..aae278e743a73a +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go new file mode 100644 -index 00000000000000..5f87281d8746a3 +index 00000000000000..2e34d4d95f0733 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go @@ -0,0 +1,54 @@ @@ -20928,7 +21527,7 @@ index 00000000000000..5f87281d8746a3 + switch major() { + case 1: + return true -+ case 3: ++ case 3, 4: + _, err := fetchPBKDF2() + return err == nil + default: @@ -20940,7 +21539,7 @@ index 00000000000000..5f87281d8746a3 +// It is safe to call this function concurrently. +// The returned EVP_KDF_PTR shouldn't be freed. +var fetchPBKDF2 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_PBKDF2.ptr(), nil) + if err != nil { @@ -20967,10 +21566,10 @@ index 00000000000000..5f87281d8746a3 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go b/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go new file mode 100644 -index 00000000000000..e366c7a7a833fa +index 00000000000000..7709a5005a8cc0 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go -@@ -0,0 +1,239 @@ +@@ -0,0 +1,249 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -21156,6 +21755,16 @@ index 00000000000000..e366c7a7a833fa + algctx unsafe.Pointer + } + return (*mdCtx)(unsafe.Pointer(ctx)).algctx ++ case 4: ++ // OpenSSL 4 removed the ENGINE, md_data, and update fields from EVP_MD_CTX. ++ // https://github.com/openssl/openssl/blob/openssl-4.0.0-alpha1/crypto/evp/evp_local.h ++ type mdCtx struct { ++ _ [2]unsafe.Pointer // reqdigest, digest ++ _ uint32 // flags ++ _ unsafe.Pointer // pctx ++ algctx unsafe.Pointer ++ } ++ return (*mdCtx)(unsafe.Pointer(ctx)).algctx + default: + panic(errUnsupportedVersion()) + } @@ -21575,10 +22184,10 @@ index 00000000000000..963c3ad733dcf0 +const RandReader = randReader(0) diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rc4.go b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go new file mode 100644 -index 00000000000000..28e846829f29ea +index 00000000000000..390336bfbafcf6 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go -@@ -0,0 +1,68 @@ +@@ -0,0 +1,74 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -21591,9 +22200,15 @@ index 00000000000000..28e846829f29ea + +// SupportsRC4 returns true if NewRC4Cipher is supported. +func SupportsRC4() bool { -+ // True for stock OpenSSL 1 w/o FIPS. -+ // False for stock OpenSSL 3 unless the legacy provider is available. -+ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherRC4, cipherModeNone) != nil ++ switch major() { ++ case 1: ++ // RC4 is not part of the OpenSSL 1.x FIPS module. ++ return !FIPS() && loadCipher(cipherRC4, cipherModeNone) != nil ++ default: ++ // On OpenSSL 3+ availability is decided by the algorithm probe: ++ // EVP_CIPHER_fetch returns nil unless the legacy provider is loaded. ++ return loadCipher(cipherRC4, cipherModeNone) != nil ++ } +} + +// A RC4Cipher is an instance of RC4 using a particular key. @@ -21649,7 +22264,7 @@ index 00000000000000..28e846829f29ea +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rsa.go b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go new file mode 100644 -index 00000000000000..2aa773d9592e06 +index 00000000000000..2e0fa35a3c63f7 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go @@ -0,0 +1,711 @@ @@ -21692,7 +22307,7 @@ index 00000000000000..2aa773d9592e06 + N, E, D = bnToBig(n), bnToBig(e), bnToBig(d) + P, Q = bnToBig(p), bnToBig(q) + Dp, Dq, Qinv = bnToBig(dmp1), bnToBig(dmq1), bnToBig(iqmp) -+ case 3: ++ case 3, 4: + tmp, err := ossl.BN_new() + if err != nil { + return bad(err) @@ -21760,7 +22375,7 @@ index 00000000000000..2aa773d9592e06 + ossl.EVP_PKEY_free(pkey) + return nil, err + } -+ case 3: ++ case 3, 4: + var err error + if pkey, err = newRSAKey3(false, n, e, nil, nil, nil, nil, nil, nil); err != nil { + return nil, err @@ -21839,7 +22454,7 @@ index 00000000000000..2aa773d9592e06 + ossl.EVP_PKEY_free(pkey) + return nil, err + } -+ case 3: ++ case 3, 4: + var err error + if pkey, err = newRSAKey3(true, n, e, d, p, q, dp, dq, qinv); err != nil { + return nil, err @@ -22366,7 +22981,7 @@ index 00000000000000..2aa773d9592e06 +}) diff --git a/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go new file mode 100644 -index 00000000000000..38fea6de0c33c4 +index 00000000000000..1f7dcb7cf38f1f --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go @@ -0,0 +1,156 @@ @@ -22388,7 +23003,7 @@ index 00000000000000..38fea6de0c33c4 + switch major() { + case 1: + return minor() >= 1 -+ case 3: ++ case 3, 4: + _, err := fetchTLS1PRF3() + return err == nil + default: @@ -22422,7 +23037,7 @@ index 00000000000000..38fea6de0c33c4 + switch major() { + case 1: + return tls1PRF1(result, secret, label, seed, md) -+ case 3: ++ case 3, 4: + return tls1PRF3(result, secret, label, seed, md) + default: + return errUnsupportedVersion() @@ -22486,7 +23101,7 @@ index 00000000000000..38fea6de0c33c4 +// It is safe to call this function concurrently. +// The returned EVP_KDF_PTR shouldn't be freed. +var fetchTLS1PRF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS1_PRF.ptr(), nil) + if err != nil { @@ -22497,7 +23112,7 @@ index 00000000000000..38fea6de0c33c4 + +// tls1PRF3 implements TLS1PRF for OpenSSL 3 using the EVP_KDF API. +func tls1PRF3(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { -+ checkMajorVersion(3) ++ checkMajorVersion(3, 4) + + kdf, err := fetchTLS1PRF3() + if err != nil { @@ -23242,2035 +23857,2075 @@ index 00000000000000..b17312278da948 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_amd64.syso b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_amd64.syso new file mode 100644 -index 0000000000000000000000000000000000000000..5377aaadc4efef055c3ba5538d00394e067b2139 +index 0000000000000000000000000000000000000000..7d9406cdef877632dc046249d921ec782fe48d6b GIT binary patch -literal 176512 -zcmeFa3v^}4SstpHU|TR5B3=-lYh{F;O -z)AxH+?Y+-F`$#>uXJFkmJxfz{s{Z<4^;gwj&;84P{s({cjDdkW{?-8ghrchvUtsL&b@_KUzWKn{N+`JZFYoBWSCn+@%9S_0`N0RSJ^#wJx6EIC^y&jwu5`epVovheVmAAI@x*SDyz!A&$DX1F&$qtjO;;cN=b<8M^S|TjYp*@{ -z&#!({;G?2H>c3EOg`Y}&_Q2NAd&z@unt%1R*V=qzeh;39Ui09?XdBG0u^ZBP8Kim; -zRUnS~;Cb0q)WCz+tpAE#%}hh!e)wPdEmyC}LeG{Lvb^EKqpx}J+N1sTd+}TU$%C5v!osz=s}Em$@U^k=0WRV#+40LbV14Vu -zk34+!WefB3k31?K30LTeeW(>sQ~sOSAzpj%H4nZK3Z8!TYu~_{xZF%WcE}?4e`x60 -z=pp&LdHwf?Kfvzjxt-*L&EzA>-@Iet&f~kb$xkzxJUt$KZb#ujGo3tbUcWI+1PztH -z@QRlK#W*s?r_#$~Q|bMq&Gi0}sdQm@DtX>L&E&p&2B+{p{CfF4BhBO`_l$}Ju#CUz -z!auwJLk~RgRYT8yJGnBxZ@ch{3zsjv{AJCz{r)x-IF)2`e|78DRMMJ7&`f^5nY^os -z*u~@{Q%Sp_wDz!qok0d*q?xqF9UVh-z|m1eM;rwkt3 -zJA_*y+zjDH2-icn8p4$jE<0>3-nw-wMCXg>T!;>RTW9Fr)---0XdrlQ=R$G=@d3n} -zH(UE)nWd4^K@`CTg~(ncl-ctcSfOd-w3#*<{&BrC)VzLh(!BRZGdX~a+mLZ8`CVrw -zk2RC5BL$#L(%N;jz9?b$2#`$fbz|5sFdUqR;m{a%BZjFoquQs^P!XAHDO8~bp{==zJi{28lu^z88)TMX~lj8 -z&@+muK7nGUREV-P)3#($q4~Vfq6@M1QK*?0f*Ct$qDcB+Gi_0vW%>u)MqTUElZpq59KkgX%( -zQu3=)$-9;n`+3Ax5Cbe*2D*ho1+5ceOtMoUZVcbrYo-}-G*eLtB+xP@p8KcoV~=)g -z4^~Hd03;OvT8*te{c20}bd5a1OerjSp97OQWPmQSnS8XFyk)SNya0L^3t2{xOUbTv -zfld;t-$db13tNZ|wT9TGrSCN*F(~k$ET<COm~ -z(lvpmnc+TMgRixvvTNIUS*SkSQK~D|7?aktXsyjCa8Hx0Z5GAI*+kA+1F^`9Qqwk* -z&{~?MoN;m4W)hec1z1@Lz)9_Ll0}l}k$_d!?g)*#tXtEAsJmq)v{y<951q7c&;tYp -zwehuW9kM*9&zr-=Tu!%-&{_fmtxe#0?$5GEAl{_4X!QC8`{u9g>i(-P+;`#r3;*oG -zmHR&g=GK7{V`ujK|LZMx47~5zu)d$730~O#V*Fo-hwds2b<2py5OBb4jUy7pXJR>y -zir6plTh4ycG(!F)Pq$Kzeg}+2{{W3;6rJrMI@^G!#CM$CeM@`a%1S(%g|r$zckaQ@n^)na8EP!@YrSC -zK)BmX?iM6CC|sEb%KnG>Ju%CZC(XwWzhULEl}l*!hj(1N>v-TDlefO|&TG#){zh@V -z4b$SkZ)|?iO)-1?Wk^2+?vv(EIg5FqJ9!XTc-^3~wqLH~cP@(h1E>*oUeLwcMO5PJe1 -zC%n%4$KY{}!sCS3xrAQ#>+hLLuH7?8*Au_)yJv*1CzSA#d&XP`*KbU~^<)$6)j#n^ -z|Fel969df%%y}yL5FF28#4aYk1jlm@rhhT{HTV{4|4Ey@4BI3FaE8`92w+6V5#4j@ -z7@~)cf}P-YO^zViaq2Ll+l>Bod82SRXJNK%BWF6Ma6?bn$nW*Ic(b*QUn+HPYZcMx -z=Gi@RPbqiJeN!JVm9FLr#qV)7SEV0eSa-AmRc#;|YP4{7QzdJB&Nk}+ez-g#pRW}?|ng#|nR_ev%XW(C+2w04sI@;rzUQ9j)z-eje -z5K;^XhsOP^D8gx*goAMA1zwNoj+*XRA$@SM>0HhWhFmT(mhBK)c;K5Y -zBPsZ1D~JxY-e3=zl?lqMc6i8yifWx#PH@QN<3O#`Oq3-JDn@F*3$ak`KT5!?cVotiViQr<=ft2f^P%1C_Qt}x3tTE;OEMnt` -zRs7e~Zn8Z&`)pCU;wUvo=}wcF)3!xy?U|STf|twy!KrJl2wa@OahA$4&vdC>26mjM -zlFyt9BX-sn(rk@TQ^{jy!@lzjMeqz}7SW;Bfqdtd@TTnnB82NMnsSxUNXPICmByl| -zhE0*S_nUg)&kAoACUE$dCV}R2f+!V@02u=!n1UckC<~JsLA3W2?Cd&N6^Zsbf>_0S -z;%H3(=r#mrubfuJpQ(^U_)-$>DD}XR490v**j^Oc)-nQnt&|n0Sicc;#7VTBm^A35 -z;Zo9;lU5bTdW_H-ZJ#*(6oJ#nrD;vwBGyqSjTK_I4k4M`<9$ioI*_C-{Yo?a>T!?R -z?&Kc->xaADB`Gzd -zvD5v}BzDrG*hhb=Jk>tx+_n&GKcle%d>wGAfDJ@cb4r3iF`f6FLe48!!Ht=z{`gR#U&L#LblPk^S@-o=AkJFlmLSrj$ -zPOL;b4hf%WkBCUS~{7DlNNV_#-`bND9L0Wn6D# -zF&L+$OuVLsWqKl!+i=iKnuE<`5MJB>)skf=$g8ZkZ2kA|^L8p&FRSd;hcA{c62 -z^ne~16h!KU@O)Kg4uDaujKkpO86-P1LG4b-G!DbquzfgXQaV0!`Jw -zH$Sm$uaq}tKE*t8@e2mJ#)Hi#G?qbZa0QV6qAYNI1K3!$jeDF{-kMy{6z<( -zq!g{&J<;n?Pv-i~jMr}lp>MC>3?Sz9n|Y|f>o-ldma59zglZplHEf@a283LNkT%=WMq}7j -z;m(LQR(b%m@-hn&o-c1uQ>CRI?DSE27z3zIth{U!Aau~4kfXz3MPcQIm5P-YR)<$! -z4g@Tp=+My~pU5jO4as;2DNY2Z9Z0Oa>=vHM($*)nFE}8c+F~tiK__eKytF>_Km2jgXz -zl~5>MTSm;wE~AKDOt|bahFG6v7m@d98?<@Fmnw&aeV<*a)JOErwE2x|I+@P -zveGuQKyX{Zj%Ux>`bXjlNJM+;h|M(tq?y5Ucg(3m65&fpUZ6RZWcdP(MC)GDp+ZoD -zR8Pb*?4*%W(twi&OGz6}T2`P1HM>C8w|5!5Iq!6J2q07vZpRQ|UviO>yLP -z0L-rzmI1Yga9CdDqlmt5R4QGYKs*4q1d?ixp_xM8I=$1)tPk|uL4-3!NnwGbQ&4M~ -z+6Jgi7jP{l<8T6VMPatc6ha8cBsfMADb?wv$bysF^QAJ20$x}SAgrjR)n>ZDih~+3 -zF*?0)KdosQ;>!L6*=1iBUJeWEU`HCv4iaDDvns*BU}y&{jBuZ!4Q@*-W=PYixuJU} -zv9DEjJ2gPq>bBIM^|QKd1(V^CNXb4`jnzd?!<4x2aIyfu5Ou#<9@06p{wuSRcb+v;mN*}MK^v7d46boVnVk?JrkT9ny7ub-I%#?a5qBRbSN!q9ds;rvV$_Nv(_+v*)5ksFoVPI -z0ICDT^1)AtIjn4_KE9gz_-fhADRmf0W#(*1k!nX63Nz>Lm{&uYMWdOQh#$YL?mhs| -zK4CmxX1AVXQbuBBU@9lNJ8IK?tQ{lz9!GhEyCLi_^r*iY+)N2@Q=2==yjNBc_R_F_ -zHUZ(8fhaZ1Xp~RHG1($3srhqdVN#Cy_My_%dL*icdseLxbdBarzL*@K*eQyg3BVfe -z0nmCDD;=v?`5=!W30~@@-RAW_8yI@~0K9h?z4fTk1oLEx@394jFej}}c8p#&JdY%f -z1kH@6)790=mJJfmRPQWGST@_`oPVs7DYacB3FSIdb)I-bF*e&3#n^0D6@%-SEUX72 -z?vB$nfv27Z;P{b8+~=!ya`#|aW#Arc0#9hRTZj&|z83csA;0TFO*L;WJ8mxU3+xHt -zFyl2G74#2}XUBIQH&M$6O+jQ{g76Av2^&UOOQc>Zh!Py6L(E-u -zIzFu37)3TMIa)Ie!qg(!86Xv07O;$i_!VS~Ien5~RHG3%2+g_9Fwtej#HsA%C{KOz -zh@gryTBvy?rNW7t9%}vX9CmXqx4c*qxZK9C$fbn}+l^5SuB}9XbrBVHAT+2%H^?L7gpS4Tt*- -z?NuZP$Z&kIMO$OPPPTk_;P|_-Kuc~vCHzKw^D!)GRPq0Pm|=%xZ$5_1YOZ=mDJeT( -zP#y!f#H^0FXbfDR~Ci}&97{qPgz55Nky!8gW!cCQG=5qwy~4TpaY(Hd*&4$Xw=7DoG; -z>>`E*i&#@u7gXKdlu@s}0jh%d{+RH;1Tt34b2Wx7$4kYdGO5oo2YjeTO@S-u^RAU+@)$jTxQZ1nviT&u -zuSi(p?mm*0TMTwIFi*CYoxXy=#b9>qd1H^Ro2JmvDH4xg6|6Bp)+`lywIv@YPSlCJ -zFo&{jQp<<3axRB5{l;{Tg~~(OCQ33mhkPGuOm;p_)mFAT@cRHn^Ofj6Q&oU%2e7RWZZh=Q3N}Y9SFdu( -z8lx5ck7Dea_OFJ6aR+RetS$5fw4G3C9=o(mJVsu<);;cM!$8%6XQH-vqbS}yt2kGR -zrU?LJ>1AT3z%qLl7EM=si_aIu7tbnACe&V0*}YiUgo7ql&%&Y|R}N7wwGF1ayMg``X95Ob2|>I;NBdMXyHqf@ -z?+q`k?q2R-NdZS@C$~&cb~7TVOPd<9hO!5+)R4Al_?Sr#wJvL_6m}B4M93M`y-p^F -zoL>6%U2>g3m|Y{1p4W=FpGB#&m*lXtlF> -z$589gUXi-=Tc}K(BMW)I~uW~|T9#SXPbTuZcF$uabwPOG&gyROz2 -zCz(7bjjb2g)}Dg3X^EE2AP9OXS{7<+J<>t-GmhF?VW8StRZP=hxE&qiZ3v-OfxBwU -zvgu+SYKy?J9=2J~7ouX4c=SQ9m}IHiZs4s=knXCje*vWjRZ;!aUQpFCK!v16Rm|%# -z>`e(mRXL`!Xb^DTs#+|mYA)i2s`5AxG7gbu7)VvKiutjDWNpK$nzgF9j8vzpb?HT~ -z4@4z6Nv|)&B=P8TO)<$*wdcizE=zT(Y8oaKROO*~sP&n)s%ezyrz+<4sA?rwm1Ehe -z5-wv-aVf4MYF$8Bp`?jO0jL;g{wOw10ly -zZ%I?~$HIDi1C<4jXVXgBP@wl5;PJ3&CObdLv~yPFD~s~|JRPKOkl*e_`$Z9`S+r-P -zhYvLBKppE%jXT0|Z)vkV^^!H}J9P8*dh9g!+u=Vg*Rcd=@d3tMT)OYK0zlYdl`0$# -zNg^gj3M`|J_8F0Br@5gC9TCfB&BVl6#R=O`smX(0EKL{X{M^>rPZKi$>@7Z96rXdn -zUIsETPXIU;y;znDEGuVW(N=CKF3UrIzJUVpdNvWHwnMz0f*Tq}j0u*b0Uzu` -zGC3?K{|hCz4Xq&#Yc-1i3iRl+@2XSdey0ab%CW69E~9WL1CWe9k#iJulc`*~rb2O3 -z!yce-1joIAxQU`oWEIBB|31)$Rh0uohgx?)%-}ykj@8H_lJYn@RmRb&sxH;3sw#aN -z8_aHq**IT11hBhS)*p&VTUh=f6e<-#kR`68my`Bf#+9pzH7=>9Ydn{$qn*!9(Qj=b -zI2wVss=hV#h2DHdT?YD}cDGzVMQ#3|lgV${-C70S;8MK<>Y|=VQ0~@BkvH$WU<=HU -zyYVc%Nn+$W#U2~hoH-ja7IlzzHAb&rI&r>9%C3s -z-9%%UL*ZZy^N0?$ejco%=I2!fS|2cI`ra8N#Y$rwwc2DLW0+PhViJzO$6$l`LJ?d(4S$=|k&tpkrgO*ySO)MPYi3;V!wlRCHK27-~IEl{O?>*`e)G -z>2yh@O>hxZI*sU1>q8u0)AtIEudYRvjsbHNopGpiM8r5{8C5Ksph}W(k3Veum7L&i -zl?oV#{ZJ<2b&?)Wib>`~+l!zx0XltEN@03bO53#Uh9#Gw*7F{pl@3cbUdFtHGgkd} -ze8)gMXmT9Uq1Fv};LxN>`*pXd$q6HF|}F-o0+WH~8{!eU^BHijNylfSTYf#B#-CdC&J -zbj2Sz0|MCL3FnB-r=7cY<4V~sQA^;NB2d;Zgr7GD`ye2(4hl*c69K{`@Oq*^j2*qa -z4%M_#?E+4y_7Dk7``kN*=3Z2vS%+%esJ0`jP6-tg!4;D#T)iJ!#dH7@f`-p;^G=3t -zihagCW+XhP`4Z0$g1>)&;SnoFtOUCKBCR1g_c_|@NKAHqnpwViw$JD}GXUi8(k(~W -z31RJGXPg2cTn}(Mse5yBCH!1=c+T^d*urBY4zOHk2vPRNjCxgd1B$~GBFrQ>_=OeI -zMaiU-Rf6_x0-)>(xbW&=+JQRFo4O$ypifXf)VIcEb~fQ<1^ex;xjr5@VO^)C$pbkO -z78+HUg2;x>nu5q|OUsRtOIQvHEQgNPyT|0k=3a8&b6!phENY%-@xq<~lYn^0y`-06 -z=2$Nyj`rte)L3?VwL4Z|QJXo7mkDF(^kQigSelMD(D%$DYS_}^IF1Gh%}4QM9NNdU -zeq0LYocqJg7%nWS_J^A@T$qHE;Nm&&c>zpr^a`=e94mCi(f$fuHI}$?qV^s9a89m} -z8*WCXq0wvdf$RLZo4;Go+3QCKr_hjfG5IaP9}pX!J582Wnz~t0e(e+;4p*hn{doM< -z*&xd%i#;R->?Np`(s$0@{Mnp@u`ALfY#+`Pdqcv7y*N(7e$dI3q@3JRava&#kxS

484Dm)31!$v;RASR&#xiztbXOoZw -z<=Gna<}Ij>LYArzrd`uWZW^Tmxfw)!*&vn5&9j65^ec=IQcWNL(`B*4^Aphpty -z|E)TG+370?oNkr1-K2C1%jxr$hV>Is%k=Q3Z;{lZF62Uv5FFd`2#yx;MSyx?o_yxu -z=uuP{Rhh$I#b-UD+e(Gxj%gX_#{g8*u3zb7b_?a{_%I|7)A9c?tb$DObbPSL`#I-@ -zUV#~!j^8PyfFANW -z{N3(`gecu1+U{;>O_Z?JL`;~Gk&Ae6Hk_61o+D{BMqF?~2c<&$JV11)^+PrZF@$p~ -zCP%0s=9)N8GXu0nO>S9Dsq5M2eEo=dk=$-UZcpUC59H9Q#Wk*|Nrjq=Lr4P0g4;#G -zjtc&~3(lbgK$%_J9n6=AZv`AftuOf7taqPUN_I9_7(Jl7gH8UzJIDUTH3LhIA;u$B -zU3Z{DsW1gS#qPk!Gh@xWgFuq05uTFNbqCf-d)TTOLEvU@mFX%k7#q*iT|aHsPegra -z0cjy2sYPA%bO#UMV?4BAfp-b>_9o*oms@hJzAoDoe#~}5XtnI0K!(qEh`(U2* -z#NiUUh{GkKL#>Z}rgYTZJ_r>wTWKFBYS?;45Ix&2sa8klPKn%dL2gCl{tL*VeTeIP -zzB>aMVDtoze9jjI7gg|?=%-LHfHJ$beQcG8&jlPf+O1B`4{_s0C<~`vfy8q{{DnqC -zQ4-xKv*c&C4;8`@LVI%2As -zzSB=F%{lFZy69;iFZEJvjWAC>bM@`x-54xF`#?+^&X2Qw?Au^RJrw)YUZs67FWOxb -zdJ64h8quNFR}9v)4?=}{thA4g$qksCPoGrCF)xyvD9ANL?pYuQGZ)u5&S@iCnr#Gb2Ub~o*XetC`l+Qkr+rWtJ?-Nk -zcpo`VKAjNs;82xau6vVkMP2uZ7S`YTsOXt0Uqe8)Z;F -zk$L*(kz5U~Nz&sW$`MiSGIs=>s0xhjV -z9wHKP&I+VFhsX%WK31${Vib=R;n&ei*nY8OX&c;Cuyddwn-P(04{)-WeMD@6=0ZH3 -zL6rr8o5e7MmZ|z-((t@*T&rC*)uyR-BGuiTs@eJ^=TR9Ef*Yc%aMM7AJh!8VVK)u5 -zA)wZ_f}Je{QB1~Bhr_XJgE5w}U81fIk3M7#mkb!p9LPvot3ax1TrW}Twd;&q;5L8*LLiMVt(m_H$aG)SOA)PInY9mr@=2Sl= -zFDfHKa6@zzZg_6ojisXHX={0$tWe7nh@7Ei!hr&zDijtZp?6WzFwBKVaI%Kw9VHQJ -zc?^-qqh%HZRTisIy+zD8=V2{-&<$=$Hg2lJk?KfJb>HBh+*q6uA!rg^g`4jLMQWM< -zRqj*aJpK4oa&?cVZhW5V1TPfeZvh8M^eo6>b*2)&5Hgjr6lTMd`+W8^!Pjo^%`|+o -zqWZm%r|_SxpL6!xaNB(XPCS;oN6{r=@q2{*WIQ#tHm+ZK)GyijO8)R}Ta(dqZWthc -zj~h`4cNum37>#9vF=N?uwEynLma!c6^0HlE>70jU*H{jEvFsIC_Rqs2&!lt; -zu8`=Yz;b#XmH`?-v5n?uA5$GR#C{Ep2>UfOsWh04Ov(E-6D(`ZH5~2LoKL5Ezh;`) -zlFPf{?Q9%A+QP96yq!I{fp@dl!N#gpqS~DyN}Sq2$IjiEFVk{U_#~pQ)p0xKvz;t! -z51)Nw^8fPjD4BOD`8Tv8MElQIO#h)zdXP5}FCDQ)H%av<8Pmob1aYe^?D6|xl&?u* -zwP-t*fj2kufG=K&XzyithPv0QXn -zWpo!Zma*>ec{Cle3tjV6_FjTUn87k@;q8R*$&B!bjXsPK!5bvz=Nx0wxtz_Kv$+!0 -zg0p$i*Yq8n5j5f*R!&fwAMXkKq51bXW(sZWOq;WEQZHxz!jV5Z5a|q0R?Rv`5i}C5&n3*^rjYLmK#4<%y -zorr;0RRoPN-9{uheA-aN{2GkkGmYTRX%7M*CP|31IO~|R-4fM;v%N0P2paJYD<>L} -z;PCppIooF*wvI|{IHz4s>g8-ldhUAkG`zLk-WF!<7Tbspl;GpG-U{e4BEC2lj3}> -z6`kG4hI8bk$E0&P8tY|db4X1A+C>zo7SaFAA8F|Me$4@{0jPAQ0O6Lj^Bk^uW&-)7J -z-RG$0>rLKI@AnGf-{Q0wyi6RvfG2SJDSiJioIjh#5@X&U`c1OrkD<>2R~`GmWQyk83F7GzeZ`L~w?AC?s -z6Ru*;fPB>*-pTjJ;{hK7f2$w(0!aOSjwAup4`gD*1A=DuqBlPMj)C`&Aluif*M1}K -zg+x~nyU&rGL+Wk1NO%*qFdC5KM!s;Mo?9l0X2rd1vPcEG06IA-W+%~ -zgX~4ypK-^)RCf2jLhycUH4nV6s7`#ulB;~aa*9QJ@D%uqPhi>_HS3A`!O5a6a!tpV -zCl+hV%Upx4MjOs;d&aWQBFK?;`<0s{kkCh*BW&I?vt;1VPs-vbtB_rSw?4Uj)G$j9Cw;tO8Vz2pGO}q7EnO#sBY2B`+OrCf_{*3n6pn8;_GOj6+8x -zg=$+?U_U*%VO-f#IL=pE>K6pppKjEz&wN_@Pni8Q)_dHg=@t`uNnU8WwC%+l1ef;Q -zGag_C=oHn0a3M~Napx($)R{^rQRF5Rzc&@yES7`zu>drU1)%bM!V8zDFQ%8FtIH=B -z(@P^kqc;XG;I+)~{a0jyO#0SAXQuJxAHOG|XB~Lq@Nu0_-tdYEYZCprDkNU)_lt3U -zwJzCtrz%Nb#$aEHvA|qZ-eN#{*GdU~cUbWVYtJW#8;Z#8I-ZQ*E1}r3!*k9jdr5^I -z9F|QQ2*R?-jChqb5)U%jun@4bL$HS+s57`jTvoBuq1OlP)t<4e(xF#TdIdogHGSV@ -zju!{^9PM2kh(}NNjpd-1mxBV!;dxk2j3vJoSnzUMU>TrF&N|CGNPuENq@GC^SLy1kI&?6h!I`ojp|)iQg|I8o?Vq|-ur#E -zG*h2|p-fg6?%9`*?&T{?yi0`sUWj~%6~hmWGtkusPch;fAb$GdfXw)5?l3kt^FwmX -zQ(>GrqF*1*RB-w*)cTD<41?)=JAmP_AEZV3#AXfQN1ONqZJK -z_!Wg&HABLVmu-Z)ILK2Ji|_^vJaCd(F>7)SN~bER9sqbSu0ceHT2JQ{ -zxl~_VhpLzzYj%T}^WJ)w1+_G>j~L9_OK!PYcLW_j>`rKyb-q#uv*zkvpv=X;q1NwV -z2G4NIk2||uU_oZzIl`)*t5`v4=Bg!d;H3b -zibZ$>8j}`HD)wwS!{@{Ggn{joS^)*TITgaW -zEd-R{uXXxcnqBA8Iy9qjvH_0(%c%6(@W=}nbkU1)qFhdjidTvJOjDUJo=e-5AfXO@ -zq6=#qz^IXR3z3MkSLBRvV2x1luf!M4VUHji7ZKgzlJPI2 -z_@_KNK-NWbLv$5xeohrysnp8hus-zb*ZY7!J^H$1NNN7g3cZ~i?HaU)_YSO5t;k2R$;mJGYyyz`&v1E(XKzN0W{bc -zKHEw4Xfo}7LrXyFJI-3_P!CqR6kcH2pz(*3HIDX9`{NSOmKsWNDZIe4U0~^)hh^7T -z_F^|tVA(6M?4O6_z*zFdn*z&Wf#u{pET_iO>E&fWW+?5dk2_1d!>W_XeDS8>Wu(9| -z>S%xMju}f_yeZZ6M1iGo9+sxDY)T@0y>=SE@wwX>mD6M!D?xKg%;uG-VKWV_aczZZ -z$%mT$7<;gcbph5aF@_JUC%+B&O_jWVBUxIXO7369+RzFXhOii4hUh>(oiC+F3#Bhz`1zrYe4IT0wb5 -zD1uuz-tEQ9$OiXF5w_>bU*z-424NEzt273mH+J>{kb4Y)u&0@NKIp|@%Le1JFTl8~ -znJ-J-)I`T46ply{5Ff@>(548Oj*LrV;ZwkCauRT+UWvuYD87#tH(%a6&hnYpN3-~9 -zI7?JEX2R#>;Q*STrlU!FjK6Rl#&i!61f8uJE)zg}SSDP?_UmNfa}fC&*E6ghgxqRlnXEI;6WUuaZLe1AXjx}ECqU5$&^nJaCk?nM1Cg=?p^hQMQKY$+Q -zS~TN8VMq0twpEXw=zDrM1{m1&Aj%c17CTL(!cSu+YH374Mi`+Bua$2jx$;^$AmVG~ -zjDiU<2ku9W(WrKe*!Og?=!lcRc7g)k2?6Viy-weB=~bt%BXD}CPF7PCl-dRB)OAcM -z$sUtt3^iMVYC4G~8KA;F=@#$ZK+U|7bM#`ZOwsD|m8sje>_z(6iMRN|cb;*028klr -zW!bvXka?3R^9zvp;vGPHEPF*rcXS!SAMd~-(Jpv}WpfP1FM8iWrZvN50!a1v5ws<0 -zc#BKm{#;IO*-TVns9+yxgJmBeI@CIWI)b(_%cbs7<%A04DwaJi0>%5Lw(L`BK3XE70ceR$eR(REqhB<7A>1FDh+zG1-&`ZyUw`=4r!u9tngC51(RAq -zjxBo~FpG{~KB8<=l%U%Zy-IhHKh+x@@a+zgSh5hmiUa>YR=Av$! -z2yCK(;D)lb9^!P00L^VXy@SB%^F)B1JOoj~MT34iOj?YAcPbWao+!{07DwL)bMCIn -zNWY}vm^5RSW)Z}srjw?NBp;&9m#Ip`@c6Nh#QE8SVkxT(LmlfkK6*huv#W=%%D>e) -z&J^6=u>cJPI}->ZJB*`QY(;BA$6Ly7sYJe(RVJH231gBa_(81(e_?+a7`5gxS|ao5 -ztQ!)5Ohk{mk%TzVhF?c_u~p;#n!7;{@H-yv!&@uaAmFrEGK`2#Y1B1BVWL((o$Qh# -zm?FIjyZ1rq(BiHD!k8PcIG*zER0rxDK<*R4772hYqOY*^GsW-$?mU=y%P7sZ4Sq=O -zc%SS95o@s{DW0e?CL=|#OL`S{|DJ1mQS?Lq-dYu(x=Jf89-!P4p~Zc(Mf4T6-YTo| -zgM_jF(ke1K(m88!7p0`dJw%?AZjBV7MbfLVy9bu~eeXrzBRyfi7rt)fFR-KA;G_&I -zN!Dzi6)B&z>gaRhU7s26`W7)p8BPSfgu`W`FvXs5w0?OY9PZAcB?V)f^44Y*5V)xrA1s@8F*LNxyYZXA7n7fXj#MZOg(kNE5Y{oe&Xwzwp$Ae; -z8IX&Hj8 -zL@SoI(lt3U*f|zNzS-*3(g(_Mag-3LzNLp&J+5E+!hEW4ULkE7X~v!(-Q$(YCt`(OU4?O!})&o}(>$9Z*2Pxa4F_0Rq9&p*{a -zKjm*+J@Jh7DSrcl(9Owx4MyQW{!{)lweghyO#h_Md5I_4-@su8UJ1c$P*bWtPjJ|7 -z%XbektI@kFn511k@Js{GCg2B7$xrSf+z-b9IGJ;Pn6TjDRG1Ggdg9W+%1AL^DcxV< -zp8Vu8{=5UOxg2PuqOlDcVNV-dodpq12sMjC(YRN!gs(k%?uOYQX*JUYkL?v|ws>xKy5MT_6B{TqE=M;v#}*PgOBPE9&P&Fcpz&3kXa9G|kc -zPv3m)DSLaWe|s{|BUbGVz1sm!WhYDT#Cl=ZC%^Ig5T5`a#8|6B_`P5Gy<7R+sr=rq -z{NAek-mLuIDF05E-if=ZK6GrS#<4M+7i%UT#m{8}mbx_#-CEIg4z4e0`167(2DXrld(b0MBt}yoToyfs^Mk#Hu_ympo4h4j04Ay3NLsYWh{4NAnz9BVyUG?2dO~ -ziX4?k{TaFS{3qye$upl$;DNFlp1o~Po(F)d%CmFH^Dyc1Hg*@!gE{>w&!?rmNyfo5 -z31G#Vn4+Fp9y}YldH#mLGslWPJns^pY-1m>D$mX(&pdqqo;%$eB`3 -z8VP`BVv0PoJa{&8^ZX7dn0khZi07A~O?}{5HtG-Ja*K-U`y4ej;By140q*BkrExB$ -z>5y)6X}4RN?VPh}4Q%E)=?>$l0TO^T#1y4rc}QdAmgc8n;+W6wv1351-2-Rqgu*)O -zH8`REk?47V7#Z@PnLMpf4D_*%(zpykK!35a9s}9Qy;l#$b55;uDYIXLk2X -zQ9@5wT-bgA050eo7%z#}=I~@AAF&9p6rjuaGT@?$(Q`b070;1<8O$PLRTVpzDqa!X -zrTuOdFC(?yVCM6jcx`iy1fXJKiYjJ#h+^bc@hf>05?gOU#q2|82^CeWAJ_v!TCU>v -zbZS)0BRjn+{5)s(L>3bcPFjaxS`2?95^asX%e`tw3?` -ztw5cE%CCRy-@SLP;8GCzM562@G(`~BSsF+Ca_9URYGa8 -z27|?Z?gxG^w20-n5yAWW@xGHhm6Seziv<<}#Ad2vn)uZ~V#$dtzG8(&HHzpTTvw3giYJBu@F%*cI87Q8GHW#}$({vN-|oSouaNh~ms7mnAF -z_4#viHcK>KH8N+5OfQPSIJM(PEqUF!mEEJi -zz_1W>{fuCrbRD9G@U~DGgIAiF=Y`ht2Gtl}SHT+Y^_@lVWfdzgS8C&lU)afyJtkdb8$B*_IgC2_KTKHrd -zUumA?BRm^r4bFjTRQY@!_dCU4mr2s#(t1^W$M@0gYPb8jUCBY|xjoK)dY;?6h_Z0G -zzL+SwpW7R{3m=|-+YOFpd^@cBJur5P#rc$b!j;SF*a^D-&>+Kc@42 -zqv+gVdfSj43p-l~lARm)fB(~cwaTR#&zpL#GQhDj2~l#_`^^@6^pMFuIz;zERHr=I`M_1+fLig;IG|QMq4nOR)!wA}UR-m%P_w;BGrdU@ -zy|~7Ep~iZXMthS6dU4TVsmOTJn{?QlwCkk8S53nk6|#m@W}vr17cjfLTsVTiseVJ> -zDaQ>KDIec?Br>cLVvlPbQJZE!=y!RrdeB4;pAh$}6q-K34`X6nAIxU*!ll&+tfL|M -zV)8LOl!*R*4nN>@Qc4sYo=W}*GZ5S{$cySiFq^aHh*+g`w4o(PbxY>2L_({OtAz7y -zV#W0MhCtEjC^Ni?)%9UkTtwLixZ#rbY#{Daoj>|aj$wY_B#93(9|&`MLV=%RPW0q* -zP}$BlbHe-Bsh-Zpvyw4$T$w5zlUAH$aV4tG6o=k-hswfo!nA_$z2;vq#EjF(u+}Jb -zS?=gR!ywX(eL(JD*Vedf*fl;1;J}VeD7>GM`f`+Nd|wBnF<}hvz~nW4kRQM=RR>nb -zket`}34Wl)*+$AWUeHygor;7mDGx}ru;`o(=KPgNsK!SKr^3UEX*MrWILru1n^e&I -ztLO2siW(mVD~2ncUm9xtKSQc+~9gQx>Vx< -z2}{Qs7pw8ZI>nd&Bqq>NS*URp2tFoRvC82ZKj2rSUE^`$Qd{Hd0bS#~ -zw^OO{S>aw&pcnvf!$3c=QX~JAEjc;|4*sdd?8s8GbI -zuGV-5tcYv0@qH9^jsLM;QShrt`Bl>0P{$(R?GgCTu{^3M)c8CB@Q{$;@;2_&u6vAP -z6*FeROH|i5#RNJk3pKvt>~#i7sPR>&k>OH}e-^k7H69l*ev`|u;dzLgdbh#zYCqwS -zd5-U?-<*(TVb(uJpZ&VF4n4b8cEA)~{48eI$}DErhV^z=m)(0Oc2Ju>5+K`kVlh)_4C4~9sOb9mBLcEXc5eqSI8=6tb1GOny+uM<7!Y^u4cnk -zRWzFMG=9~XF@bV3p1=>7F=sJlGcM@L5=V`fB*q*?#}zKNVPjku8ha?wnt60K7Fl9PsET?8*p=qiXSr;Le~(^TgV)VmRX8 -z`)*`z?SjU=B!TAE?o=U&WX-q9nmb$jI7|96D!6Lsm+K^0dy7?qC&js{Q5Z)9HgYtg -z1z35maT)2?%N9SmY;(s-QMShQm$1yC+kEjs79X;@u8jiQx-a|rQI#Z{P`P}uPML+R -z8`cYc!Pb8b`nIhzR@l1IW$TLd+WITeQP-`3RBfFz?qKV)y|zAsBupn1sLS3~f^5B` -zXtZ_S60ETt0_C>8g&%awsDx6NUC@=et{X3HeZx`O`W&OO(M`m9C`DUe6__sK1!HkZ -zyh|ZmYr-x(i*qG?bWd*eL6~$=lTCPaiO(2T48+vv@ -z<4(Omb6a<+5JY(MZL;RhwoWy`*0&V2w-vNHLg$`6e1)~n*1r;-dg$E;F*D(ke!I)o -z>(=w8g&W5iy4LfQ8vF7~E2Z^3fyEL*W&%YG|3t+(uw -zPXZ>lgIVwYS+4x(iR>W>X01SGJxrTxl{eru~epELQpn6mV&uO9u7)>l7>pt8P-y=i^UL~~tK -z*$l=H4IPXWFM#q6O7*Y&y$2psc_QztK863U_j{|d@Y4D?&S&!E2bvB?fMjP1|8Mr5 -z)Z}@EL3F@wAlcGh<#+X@<#Km^-FXC!=UrIi5rq;V-8iV=;>J%`5*#QbrQ%&*JXtvD -z+Rlgn@*C$&LO*R}nrGaa9s^yu -zQOS*?56Wkwa`V+jZU7gY%^<77*`RQ0)h9UJ=!)t4jv%9+vw=J(=Zs0<%*b?r(3}wo -z{L7=Ug0r|P*3H>004tmwdMe97;>6Lw*=as8tm=#tZu6XT#w2iNWI|-lh=iPd9~{Fp -zlg{GmO*dzAy_{*f>e}2B`Zzpt_Fb>Dd@_uVy&+}k+#fhIGR>;ZnWpgI?Bn1ka28h? -zx;dlQUD4U5*`dxjeJ<>5yDw)Oc}~t5lfapgg(r<^XGB7seS5)KoDIK3Ge$olf%j0u -z++e+#;oPz(!Rsmvmx%Y3t}m^4KA_YzJU!u0dlYkDWft=R!+K5;yrv%jQhQB|6}zBH -zm)E2icR_yyhF9+=y{+6vCYLKJT_oSG>}5xT8Lr@0ePz$*Ik`%i1eF?Di-=s=L=q-o -zM}JFhs7&!0V2N(%H*~4B6V!^cJlK>CYYRf)&sssPTi#Zl6S<&P92=(+y{)XA!VNXx -z(584(k2CFPQ0NSP)ho1-=i~}y5)^7= -zI%;Tz5=m6(Pe5Ox1q}v;zOYN7he4r-P$<4jrPC%8LV#1J{G`?OrF|<@snJex>bFp+ -zatehS5L^7gLcb2^tWd@Zg(_VNRg4Pd!}7Odp?ejDj*w$p=%}MXp=0<}uh8Kz){PZPBtfC}F8^Zfw!O=#I`0xk&$)a5I-=>`y|;G>f6~V#-;O%-c}WRT_9w3Y -zej{1>c-4hSmp)!xwpjRVi=Ip#9=(l*aOvY=R4nJbKIC{*D(74ZIS>I&v7GZYA;-OP -zIp_02j(f$0=hxNdoyR4{$Ra*Xf!+W*2BW;SOh(=QZv(-PR1o|?Kro09Tz_>v2Y2PF -zIexH2-X}9Y|NHyZZ`a9;x75|`kN+Fh?FxcQ-SYf6o))@(qk*%n)%S43&QtY^IztE1 -zWgt&L{l4&D-&Xzpa9#cW^1o93ZX)=U>i2EGzY6r253Hhh3E$T{e?IVdZ)#QN2a9x= -zx+eqjp}LbMdZFmER|?VzuO!ibt|ZYRt|ZY_t|Xm836-Ri-lW6cq=Vk1{obU#-lW~$ -zq)u{jqDplTF+$c-V)le9lX1&;{5mbOO~m4Z){ -z&-vjP5^IDMESJ});9(ZT*$tPcf=^Li3MQd01q(L#A5ySMQNiOvlWi*??Low9XcM^= -zJOBVGn33G8X%kUYFmYfqX0kq4g1uoT#;rg~2nCyZuHZN8fQLSX7N@e^3O+!w8U?SD -zxpYl|7Fl6iBdO -z`(8t>ZUvv#E4XP+6iC5~N|1t=6_tXg8Py8M3Su=v3N|WuUeMv|&{FUWQlwxK>Qb;^ -zF~?I8D%hl`;8mq%hq;31kWfRL$gSX6#H3(GpkNErCZecd;(&rpwrv0(D2^6P3BiY{ -z=L&Aa>kbNz3k%%})t8BD1)CHV+)$cN|9klg2{p8d+zK8>ObTWM3brt9B8mzgQO=IZ -zhR65)(r{ETB?KR)o-6p}Iv=7gBCe0T0(}Ke3#`%rZfZY{gA0nzfD7!PHW_#VdZNQ7 -z;ekybV85>SCB0&z?10IubefF%x`Q$~8GXU=1&}kWHt^$o^pAiY^U1cC`T0jb -z2~K!mKv}=b8xM;8HyjwasgDN-R!7MrwrR*;ytk(xiQZh#@9n+gd+FL8bl*Px&vGZL -zw@=?n(CqGA1o9`(ynVVa#dw(eGC&5Nj-V(HKreHeG(QX|nGG)^1GG)Q0Ya*-B&ZKC{dqR`Z!E`g)L_!U1BDX1T -zASP301Y%hjy?`H0nK;l_m~8ne@Vqmogs?|b&rLab1}doceooR_CU~?0{qRReaw~Xy -ztHuicTdftmg`nBpA4G7z6)ci)aCVNhtgMCxKIQDZu-wolH*C6-8_f*g5O({T7XsY1 -z;H`%1ORH{HO3j3>6{{-B^Jk){V -zb*LH#XOMWX2OxCxASaZdHq}s6ZE9HgY*S6dYV2CDu}zH&T33-mn;Joi+7tP&9{OJpM2E;X^(2o9y8_FJ@5K}w) -zu{b<2%fl06YDbe>p@DC~-VTtQD^Wi%FcCDipg&%&QR1K0D)Dy+n%(`?Z@V2Ol1OYp -zGk5lDL6coAXt$;Xtq>1JC81*r+E#)`B}F|dDPN-!Vl`IW5kQ!OZRy8SCk{#Y=^+V` -zuI3{^3?71K^I26)Ly}^6ZbYutCVtgWT^A5f3T+_f@rX$QrB8{*wnH2oj}){mXUlwt -zwzI3O)*b^s`eGaXGZ;hVHH>9K#I~a!7>SUUSNorTcTKhPvTW~D4Sz(??Cy!T-cGfX -zNZ`vW;~z!o+k8sk86sbKO5i(D9xLPjm}u%&#!)9LnnB<-fiv%;VZVKt*7pC;{q}{g -zfFc?&F(`i;L8&E$6J|bjbM%F1+F}0(t&;2ErIK{K`&#ebmZ+tWx7XS9L#DnML1i -z*slH9uLIJs+l3gq?{Jw~>E7)k1b4f>r%y+D=kb^3)!XG~bk!}03>>`(C_?>4_wP5m -z -z3m4WTF}<+Lj^=N4NnAHXkAN}0KGD6SsnlHJ@{Xo*3W*I^>}Y;&E-_<;#7dXMic#Vp -z1aId`T-wg;mDpQSD{tx7v36}qeSKZ0`UNP9PW68+_H?S@vM_tfN`H#;V|ZF=a=4j% -z#yw%A`^Ixq^g{PNiBo#Nc|M#fkW&#V`QyeNJ+ju92aO -z$p@#BwG#npH~!SoMv%DtSSFWIFDAbQcrKgb`=M2XlAvbh;45ojgXNof=E=Mpm;5;MmVvpi%G8{HB!$(Sjy%=Y@m@|CQvyr8T}oO9$7P9E@HN+~bldR-Vda-7pNW{u&#H*ZeUj5+>j(KKRH -zc>lTCb)OBo`Y>)PpT_D0A2TeXFAfE#gPB-b7&nmtk!(%ySJxL9(Z7(I``JP#gApjq*iG+CJj2NqE;+DgN#3VFCO*jW^`DyqOOMlx=(at$`QstkB{_H -zi}y6XCMv9}uese1*FW%8mGj}F7+nrAx|}rAXK;3hf#vktXJHUMlvL -z@v%Q2ZLT-(_%J_@)%n0JFg2At7KF#sc7Wg#?=y+v`2F$yZsG@mZysSXPfw+d=`S4^ -zxN`us7D(qL(pfrSu8&%+pB>3z7R)Ax-5QKejWeU#sm11sq(AlkQ$G}D(t)NdZ; -zUimHa(EGleb@5W_AesEjTn$gB8t(s4dg(8vk8~jU+2rS%Z~HB(xS9M)^ZH}M&Fg=1 -ztNBI0(!66=E>vM3PxSfz;j`-Rb6_3N04w;Vr@T}lkuAi8m8g`n-iP@#+cQ-EgtnI_ -z0sqpk&9LZxl$LS<9el%FHU(?%X)`EiKLE4e5B-=TUGQeL{l -zanE#d2a0208s0ezA8^XA69?v6i;-9}`A|$-&eJfB5l`Xm-;B^x>AMI(rxO9H3p6@} -z%JiJ^lpPXuqNB~^3+|ap?z?AjDtY-m;hHXn4-CP>1)Je@;dmgQIDwFrertO4=nLeC -z(=KvH{B{Ml*P-X9%f8kea0Nkgf#>tIs=$PXzyzohm^5xnU;>7EIa}bbkRL9AqaS{| -z0++nfvcNOBa77Kz=4n-d2@Qb>P$w{H+?K$FBO2e2?o-46NN%_Uj&AsWy-kyz2Q%mu -z77>&MZsx)j0#D~@Re=c&feBD2FlpSDzy!RV8kQHn0&2C5Hng`enF-CHXKUnb}zFeNJiDPb(YN8*0KGyFQyP;>t_lKWQ|4eL@ -z*2~};G+-(iK-^$dP07-`F>s%vo(KAT{^+*H|GF74bf7zI^zHH2yQ-Dnva6lAu=toN -z`K;pOgy=_o;@skmvx+y*Ek1o#aV`LyEjwFI(QBoiMW^9oN|c}7nowZFpDKh)5xyW% -zK2ysNNqm&9g^jPsN+;j#oOR@$CYVu$7w~c`P5G|mCAcrReS_j_!y8qjf0HCYAxA -zw)HZ(tn1pryV0e`qvz0Bxb*JaQwS`xDsO}3Q}qy+wkj;2AUTpJ%lyq*tv{(1S(Y*2 -zLX_&PO;oW=FUuxmmcNU`Jy?!oePDUw_ENYl50f$8_$t+xc>X|nBQzCOE=I@R6p=jy*7T> -zeV1bCyl3vK*UY=GnWPKb>C%nvOA8BMiB4u4-QjLs=btViD{Mi(K=rN%X}O~t%k7<4 -z?v7B-tuil%ZnAelzfA9EVOQy;8=-0B}k -zIzU_4mkv^khKnzRPTc#`EU_pM#?6H{;GH((^rPI~^NkM=CE2u!hJ(nxwe9!6LYL82 -zFM=^P+flL7KHkw6YTigr!|>Oi@}fv)bEZ7cpvKPdH3Q^C%8c{oO<3(OQ~vjCEYeXJ -z#TKsgk@=xj_#5yJ;Iq^c94rxJTm<<|$j?Fh@bc@?^9yPofcjJ01T}a#lNFfChXoA>pTtpjRXptfC4je~wvCgY~IRi@_V{H$-kt>*lRy5{_2uT*pX -zUIe|(In~QgP4DuXmABnsv-MluZ>NqmKT%$}|HodtT6g*VkT7?^B;kbR5E|vDXDt!v -z)&ttr5Uzx9*`a3riq@GD{pSs8*%z}n9c^Idx|P>M;VOsqCZDg{t^?p~g*ZLNW9OhB -zQ4QfHDi=n6yH;7Po-U$xQQ*C22WJsIB=>aS`w=}MfQibqOti4?E}}Md5-plr2_Q=9 -z29FM}A5nWWTA>|f>oL)>yit{KrdouvddKSkBGCyo!^!&bvh)IsD`VPZPf@Egjj=cp*HP@bIsi>a=ZPhm+)pqWN)~qWsn1Wq&R`=Z5z2!f&*Ux~OXdiXRmefxwh!LaQJIBwHKXQ3BeLj?XrSPE0Vyl(eq_i -zlps(gc1S>uEP;z#f*;X%RyqTiOJEaUv(alM8R~8jSF*4XB$$g55UQ&hX!L*|R$wHO -zfF&Toyn;*XlEAQml1@}a30&NB!BqRwmcYd=!N)XGb-is9>R^vV;@dMjYTmg77!gzl -zGk}pH?IO}80s9I_;9}u(HZ&xbfCRG&F!P2L#?^b`KoMp|2?AB;g!gX-fyKow!Iu;g -zc=Q`;{YP8TrVx5p36~6wKGZ=cNYF&8B-lWtOM-2~yI9zoq691f38ocX+Li={4V22? -zIg3<@9c9Up>%he&foD;>|FqwT+B1vdOG!Pms2P-pll)ww>2{L22dz)@t&3&MqPQO| -z6_>_O`Nt!$XSj$nw7W!&H`#d|f1ERbB7cv=+&QPx0Jcdmgc~939zgqb;}cS!y77ji -zeb(w!IsLFm=N^G(0v2|~h}zz|1_LI0Fqo?Yh=akrz|I)<771XY%Z~P8eTBLGSYIu$ -zs1`krZ6LLVbtap2+FK7mWPM9uXAGX(1TgCzNBgk8%iMmf?-f|~0~Tog0MQ=KaL<teWWa31Kej -zPVVKK%9pouN5tpTJl*ul9cCk9HgJY9oZk?c9!B49Y2%tP9`+YwVeA$T^_QGqEv!H$ -z%OL)Nz%Lp8w3nwO#66zQ|Po4LL+3iOZ9FFl|%R#&{uj -zgi&Uai#{UB^rgW_gr)#2%1LiyOKaTxcTpWYdX*eDN$*9cp;nOI{lnU}rB{EDSN29O -zJ+q-Iw%*8C01Y`rW9bhC8hn>E_aU00l%x+Z$}FTGWJ!GfxI`pKuN*vE$xkw}nUIXG`YWMSzM?a!(0GQ6qEn@44>1D=+DMQ)a) -zk8TzT0HPuG^zI59x_(8=$1#)G(3P&|Ng`tbbiz4AW9jFNVqSs2KWoRaBz=IHCQKpy -zp{3_B#z-VcuN>TV7eHS3PSt7B2yd$L;UL?LnX-%ar5A78MQhf%Xziw4wC_Vu@1kW_ -zPr1wy&mW?Hq^h5=^OH~E*SXI8h-LMB=@Y6S*;~o~#!;ll^9AKiKyJJ%gOo--&eh~pV@aU-G6(X$$xNCCjajcR7}47*jwFv1grJa -zTF=X7)scot$-+vq^iIql&N&mX4@vu8j_H|()HqRcm=4qf$rU?vw2v2g!rXpXP75q{ -z5BQf6TR|MF?wRtQ(*Qr;25>zq6inc+xe?`@-W>78+3 -zPu3@&qUK(PviD@z!U3h8`I)m+&l-DkyDH{s<~$~Q>YtVeCR;33VU%XBdC -zId=ry2t1p3_0Yl|h?R-+w~4bVV-8(fRc+j#j!#4%?Q?tw@z86WO}u*iV7Ee?zfGLh -zSSHTjRd;sm=v9Gu=$OtXUOh?-K03zs0pwEcJh@28L-+UanRQ-0 -z60lt%&fg}^KA}upeFQ#&LjZhk4*`hVvG|2XzaF+{?dQ#Pz3hD`kF}rY6HWcvPngFn -zt%7uDWrJ9`@*}GC`zg5JSbs0`F0~HK{!Whv`8`mCa0BBg8qdp1^wRhi?n537pkKzP -z+8}*1@fn&vn=-traRXiTE=q)B+gn5TPHw~#LQ~1_TD|?|w$80|kK7+w6!A%KkK!8x -z%REkqaAm0VO)x|_v4jZ7d4E!!T*A*fsNp6{TX5{RbLwHyoo6o5~&v$EfnzGP#OnBwTggit1VR -z0YjnEy!!aXU{vxL&$$SG3c5kv`HMVZJ2^ZoAMOZeS5Ge7M-LWVCi>!?5m3_?V@th& -z5>bb{ksg6UT&wIgWR8D;*I&-t-`9QHc`ykc-SxV$C0>Q@V`i{0EnWIzKnFj!X>if{ -zy4ELQe#^KnFfS$Q>d^tJZ6DRPX9>I!jzLY`oD5UV9v5Mf>{MODWCulX7d9AgYJJ4( -zXEaatOJR(5ht+S4Zio*S8CGmEm?UoS3Ps=|e4x3;CE%#rcV%n>I7)2tr*^b3bb6;O -zy}*^Eagl0FypPtAeB@TpL>Oi`;D&<-KL@p_5!j3|`1uf&wPACg_(<7LD=o@ZARmSlV -zjF86b4ZOt136r&1@{ET~#d_!s^l_+w$=sx3B_@$ykX3hMsWrJpV%wrZzyyLwV@4jxuN)^CN7IZKVC{WvGAt_ -zPZFU94UhZKu}oaP(&I -z9nN11w0Hb$ux0qz0IpAo)mRx?eS;ltk^jU`)}GVp#o-lU2bCCyS^V7O&)5mB@COo? -z8KMKE86ucQQ1lSK(&Yss+@oTHg3^NZi6`8AN20Gzb(F2C)vlvxh^5wBYK3@kPR01N -zz&>JDVhKRgo&#bjeLkC=@)V9aO(mB)F5$C6=!Mifs&hV6A$HEHTwIGn=Zx!7dFSlD -zB0tg;I`P}tSQv$Jd;&nWS^5~2aRx4Uy7}@(V36l^U5+fd#Xg@pM`vj};{6984xJ_Y -zMS2lD8VFaU1KOe19|&K#fD<-_b(s#l55hR60mC2%g{SJ&*S?dPt(z|z(&v}d*=z1Y07hJAm$8gIxrQR*~-+0Zpg`+%4uydK%bps -z-|^5vAyIHufo_~Yu -zlJHaPW}uzBzc`9L49ocFB8pY`K5t$$KLF@g -z^uxoip&Rx_OL$y09!od@pb`5`5Ba)Y3fF5Y$8X@%H~}{*aMp-P_fw!WgW|ClFA)Qo -z@>+XoBni*0==1f^kr$(PxCkAXR~)@q@E_80-v7tmdB;~(W&Qg`Kv7g;1q&J#6@}gj(E8)mWT6LHp_86Bc`b4~PWak6`CsULfl0=T{L$nkx61{W -zxfhBR$NP?GTspI;%)Z2v-ef|nF02My)wxsWz3b`9q4$r{xF@5J4_oK1%{Ndn{9n7# -z^M2GK>9n4+j&G55@7eplA0U_XT&<36(xh%axP&K}^TT2O*6aV?R;t%6>e`jOyx%lx -zVbe%^NtD-4LRs=1NUL(=?l;bvlsjtCq|{N1#&&gn&RW$`w?eJl4{y-KvT$)Db-?+2 -zxmUmTHSxA<#EZL97lFNK$hln6(Ysc9 -zu<5{y&YjEGc*nhS`Rne_Y^#Fs`_BuToo%xWXj1B&y07KlNv|e{zZ}RVY|E*-fuuZK -z+YF~_H)ZLZ=k<2J^VLPcw}W~^B6O-gj~tiS)HyQpD=d=UN9lwf5vDu8({H(ZS`_ED -zsYP$w5p~<7bNa}Z+a@JAy`&g+HkG=0=F+-$P0fU`nkEFy}!KG -zU+Q|M3Kd#WSv*yet;M>HLO!gC^UQ&n2*k9 -ze@$Wn^?LL`Z{;<7lK+IMCv@4eXtBm3{*~1GrfTnOnCMjN`CG`T_GnJE!;_q9r?x~= -z<|27r{_Rzw&{jCxTxRpCSAo29hheDktSvTrX>B31W6S&>IR$%9Ful`Zwv64+SFFF6 -zl2Qw?dAqx&-i``NO=p?FH^j)N~Q= -zW$DGV{uozyH6(2{(}Vpshj*3Yx#}2p73abyQEj=$`rHS5*+u300f+2No2x(FnKouU -zO<#rZo6fgqd{(dVv#?|(^SPTU7jE!&?JOL|T>T?!f=kd`89JH!PGy{!bt2fH^<+*C -zoFHnOtx8Y55;wT8g)FumF%fg-;0tTn0BuIK%Q5uhm)k0_mv4?l^^j7WNEqjAbb#ASf^Rv6K_+$N=ZgZt7CgQp%bhWj?tFS-T -zum4!T{$u_6kM(P&&Xr6Ef2?2sv3|`B&Eh}Suj4#R_+$P0kM--bnm3F*Xca4ff2?17 -zm*Z*PZS5cH*MF>E|FM3pW%xuZvfe}3&{|N$GWZ|s*P+MMk*ocGtY805>(^^|-ps14 -z9*(h$tu@Mp4-MsC-)cNhieLBE?4ozaYGV-(P`WDhlfxQhVM}(ltyd3G*Lmv<-s51m -zP8G>le?81FS&cnl_z0fXCD#*5OYYUfBCj5Jbm{6wCCODe -zoiA^}KjB{40t_Seo;kPP4zrnZ!B#Y$?eHvh@f^2j%FAMrJB8>G>j`e_lRNCa6YaTJ -zv{+5UO6lvW(uKC2+3g_CXi~y|&;qP}HG5U={l+&pbZQx@qZAwIhQ!GQqyK{VTDB!tzoqa$lbn -zv3~0IEx3JYL{RSq;_X?pjNSgVg{L+|%Aue<^Curw8GS)5jxGfOXpoV^RN#%70{$>R -zi**na9l}qg2XCv~`eWrfY7W3o{T){$f#)ihKSHi_5EC8px#}FxRfA{eJstO4WkZA|oB1(8Eh_3#peev+%wS-Z<;d9{};c7L>fJ-p?q -zqzK8ooc1B6d8PBuwCiyj9=&fylqB)u|wDNjCg5aKhtqUjL -z;Qq{ZM*at88{;N-(}0(|H?1T*OGTU)yqa0`kZPu7vyRSqS>6H9SGM~zK`1&^#XsZa -zDqZ-DH<)+&7M-n(_|=@wXCLHd08O?$s_<+zeSYPpA9whnG_*|9s$f?U-c?7V>c-p4 -zyVCoMZ31qi?!vEW@#WsJ$oD0zqHXt@+a1r>Hz{ZKM0>EeIiu&V@M~L~0-JDar@+tZG0M475l225nzAAddN>2s -zkTyI8Mt1%i4dl&-otHE%Pw9O2OVli5>O6Vy&FAQb< -zHx1ujkc$?39f7Zf@gnrT$b#(__?%?lFBd+;&65e=?*^ipXwhX};zi!CZxEI@)wX(u -zF2Idd?@a#ee0Dci>{QiD%kPEAm#bcv$2|%nRK0Q$Q@x*fXE>Fr<$GG}3Zt#@Z^SL- -zZ{-Y~i8=!|{*w;_vO^ -ze_g4gcBLh(f4T6-|LJTJM?@NGtAySC)5Ga9iM4wr)oK(h@dA#0_PN|U{!oJl_cj6V -ztSMxTm@NLV*dEfs$iKPInM(hOJQOO1k}+!eS5t|XwR;z5eU%RJPM-|eJ}QJ>19&J6 -zDdbImvw^AQiXlShw(ZCDzO&~&vSP_Z)P<@u^6HTbw`16FCBSB~mRFNoeh+(m?nv9(efCqeTa8@o -z+5Y#1smDC#e!q3(pg<~#7a!HVYgLz#XRMdBVC#|T-ce6Ccm2qN9$m2YV~;79K$`b& -zAdqbg$tM1R->C++(Dw)A%?QM0op*EuzuzaT|63^{#!%Jh*QxdKb6a;fu(=rNU#Av* -zhE&y6)>Most;sK(UEHtFp+%lNtF-2j>ba%UYXZXyYYNNKN~)?VsyzFlr87#ZYtqUJ -z>ndt%(q@-d&n~Pfnt51SAZ?#PX;@4uudc1Etf;CfDNdVNSUodsdTn`8O=(5BmsklfBgze5Hc>=(`j6aPE!%F#NsG;SMqST+St|d9sU2eUP1`sFzPmF}n9?prpJsu5*)e|l)SX@WMEMt(epQ0}>-S8af3xYI -zNRWTy{w}>YkH)FLrdIT8TG2O~K2iH@F#RYlUfKopy9m*r>>f@|ls?z=Z!k0L9;f|+ -z>B-Y)n|=-X$4j3YOrAc?^pDX#@zSSdB~KqT{Y4$(r%yd1dHOWdU+BzY>aVet^i8I} -zjs6j@{wqf~$Efv*@n7GHen~6(2Gb{M-$v6vi$T2lt(EBdtg&i~p3Kf%f3{YK`6Tk6Yx+d~8})_U -zd=mLj{j1X_@}FkjbmF0XA`ENFTBL5pqpU8jioyq+-nm&>LCe!Qt#pCtgw0oTY -zMCpU3Pn3R%-sj?zD1C$J6QvK_pFDl4>2GxtL`?s0`lm~OphJv)gXt5+7jU;xfnHn3 -zub=v7lgGEj^gVV-Fn<5-(kJR4Y40c3*SDf?ZbhH{L2~~MrcYEqji%2^Q2!e~OU>6=ZTD1GCX$P -zUT^xJxYCa|zc=jQ(kJR4l{+Q(zr^(8w~9aiXYY~Re}m~0mA}#S2fI5J=gg}L_fPXa -z?ogui8%&?Fg=Zg=KF~dR`c%`eZWn)iHXoQg{RYzqsUJQu`KKM4Jblpg7bTb<8uatL -zd=izv(e##cO#Y1nlc#So{p`fu})$LDqWE%6pQ!yBj&=SMrEfHSqV}uTmvi$;lzxfn6SZIc -zbeBF+{WO`r(90!u{03*Z^oi;x*Yt_vD=>Yc_S-N!d3?cgr%%*=&8ANjU!cOJPZVFO -z=^snbznW{4r{7@u7nuLzjbB@y38c)Q5J;Jqnv%NhRvnk%vOD#yn1i!e7w2Q~@ndM) -zr=GLLknP;*z}XGOuB+J{?%FA?U0H;`VSc+2XSKhOIldRim-7Eq^QUzy?-R;5_pGfh -z*m7})3)^3Wwab4M99iq)oZuPrPso1MS)Q%@>QbcM?6jWceL{9|{O(CTWS{2zCX06{ -zb~DXR>s+n*t-*fkIjzTgEp|)HPU~N-`F$4q;6={wc4ppE4<@T!zs0U=8|?PfIlB#Z -zL$OOMnZMo!yI$C(zTA3wCt}yp?6mF|Ro;kkehPMJ -z?>c|U`oT@|*9N<1vD@%Y>;AsQZl3wmx?og%5$(GtV|IzY!-UTaGmF`o -z>^7ReWcmJ#T~J#H_$14>JNJGw%`P+@#H+ufu*)^OWck)$ci#4`=X))7O=g!Y-&NQx -zH@jr{euiDMwm0!fR^FW%vt4&^cFFQRTw~kplI2^BUDi&{U$T5Jz^>BllI43hc2mtx -z>xxnRDq?0 -z_q?EURrbEl-+@*w@%rhv*o`zh{&b(vykVlo`JPNtL9^5PsP_rkMbz_9?9S`idO6Cl -zt28^Umqz)Em=Bg>H!s`yOV(c=#ICUob{}H5t_^nEa?zZY(|W#ru$$TjyW_E2Vs^>u -zc>#9w%+A(XE)zuh}K@cNBJwN44&+ -z2D>ZG&emn)miJohn(|xsw+g%EW@qcPas7QJfBG3QKFQ9jJ9lQhnVr^cy-%p$NA%Of -zv1^>|{3YwB#n?@)aCXV^y#Tvhv(tKRRK5}C-@CDUeNOB7zKva~zSo;ivi{eeYln^I -z&(?Y4)?Y7OW1QN$zlqqbJH^@Ax^G;6r(n0{wATIIgxyNB(>icey+q7I&tg|_X6ydG -z#crh8*}8Dt`1ag^_E^}uzoFP=nVr^&6UA4CUH#J5{Vm0ArrEWuc!m0(x!3r85WDQl -zTKD%Mc0J6_){*0ucU!LcDz9$cUmxtInq9K>p5xo-Z$X4Vty6lRP>BQA-QPs) -z&NI7Y{pA$wavya5lJ%FHu$yUi$@pbqd!PLLO)27Ng{ -zC9og%H$$Z>f)`?UER8gyA;Z<0?Muz+!y`17|HKYn1!4L -zWuF0MzZI1IvvZw&H5`w8G<+8B2?vmF3zOfOlM=vn`eRV~>)=Jm3rx<3%aGUd{393r -z9ndS6v8(Yp7UOmNY^eIJGnPWt?}lopUu8T4-iqIOQ1PDx75`YM_&Y)Qd$cMga4B{x -zq3r$+Ww#j0ZVZ%N3Z#kCH=g9|zJjuQ4$5v3lwA%Sgk4`Ke}_QXwTH4>Rf!$?Gob42 -zc&K_g7#_*-RFgmDdD7{~FF@&UhnFE=V)ATw8*&FY0sRJ^Uv+~|!QH8kCa8XU2VBkZ -zg>W~Hr^4;w?L042yk{8u88?)<`u))O0#yB;24&yhxUKQ=S?>7N#)0o5LF&UAKnz;>iN1uEYmcKkmxQUb>zPlBVc -z&xX6hokZ-nfvV??JpWWZH$c_zV5s_frNr?fsD68vu^Osg(@g)5VrN$h4<+3RaBuP* -z4-cYz2SS=IeSMLuzYifx)ZN~Is^5E{%6loKOQcVe9{;_K-%NA<-+=p}Z-Vky0@YrV -zpxWbT*cHFoP=2zWOJ}i;RPfI~kui!RhaUd*k;OsQ5~u -z>SG90`S*n#kavZ@Aa6Y0#nl9r&&^PFi(v|OrBMB?0LtGHQ03hYs(c$Lgv#{+RDXLH -zs=vJk)!*)is+UWk?50EYw?0tyvh3It?M+Otf-3)X<7BAve@`PRu6v9(K$Y(*sCdqR -zif1fTIS+)2e@m$N*G)|cYyqEy%KuiV{D;9Y$U(^IGJR{PejR}7*I!I={rV{=zqwHT -z`?JX|o=1&yj6taQyBl|aivQtB&VH`(C}RiXn-iUWDO6D|f?N)CTLAYVjsmE-w=w-s -zd9J^H1G!A<_5^&NboWEmM+H>9_7_Rl4XQrc!w+Hegp|Ms@HHs=d!Xv?GWZF9&V$Nt -z7F2sqhYyfXK70@khHB5*=j!)NsJM4AK7X{U*T;-^LDg#kl->7Z9dCu2KmH8WKQ4wU-wared=OOq -zc8A<%blVN8e!n})#rqP}xW56ay{nDAq4L=csvZMS{+5k#{w{->KQ4sau63)2@^du& -z7^XwjM+aDm{OahGzG$d`KQ5ka5DTi%z}zH -z0F}>2!<^l7Q2p&zsQ%Ufinc1Je-7W__~lUcr@)mQuY|86 -z9|oCP)BC~$3HcDHde|B6%khr}xpJ;HUINw6YD}IC)lTE#Ews;QxEvm0`c%_*g12(K -zJ>*`h+q%P@->0F{KMt?w_`~o9c!TK|nErHlBgf~#o8a-LKf?3_;4+S9!kghe15*OC -z@Y?`Y{})5m|M|ufpz8lkRl#EFZzf!Wz6dT=yznwO2FkuWyb^YSO1C3ax{grk+QF;Q|2!Zia1Hzv%6=6* -z6W$Az?oOz5%c0WU2p6Eg7M=|kLD?6>^WYSybQ7S`jf6@!1fGxnaJUHegtBiBFN8m2 -zxpZGcrCSG;?gO|4{oC+j_zaZ&U!m&#I;eWT!Z;nO-lv${7iv823%gUl9iZCb>;5T$ -zL*U!+BJ>Tg7P&u^eRnAPt)SZL+kVdeUAPea4N&$2pzIHTvfmo2UBB<^?3>|P=x>6u -z9|&dN1IoS=d=qZ$V=4dv%CsDAYzRKIF4{h6je -z6>411fg0C&rq48P2j!CLWKffEQK9@n&=XJ)Dpz3p)$x~qs{XGwo -z<)9;=&a0VF`J_YTa{yF6pB&)q*FxE^fwEr(W&a3N{41g2KLyJFTqyf#Q1+9d?8igZ -z%V_BJPbmAXq3plf-`TH)vTuf}?>C_8dnuItMNsy0q5RK+vY!ssj`>jSxHZ)I@=YcI -zogbbw-fg_exYW47SYs?UPBacRc7VOfZ!H%gs`po+>iv1+4N&!dsmTjr7vxi+;+zLn -z&nH3E^LWz_GkrExy$*n?*WFCNo#{J5)nf`&J^q_Q%Ks}+{?|a&+fz{WcB|?CZ2Bvq -z>gi&rdYT1QKgSuz7zY}A8uu`EGOpbxB`}TrRzcOnJy7**_g{jit24*L|ogZwa*-8?9}KS9|Ig}N@wg0CWXg0lOho4Y<+3mGbd-i7Lqs~}aA -zeht*TP;bnG$8o%`$$LSy({51hup?AEe7~nl_a2n~O{jK!39f+mn!dsG*Fg1yrBMA~ -zp6Lrse>_w_ngrF42AF -z)vwNlN0W{h&_4^$h7Um5 -zFNNp8bD`3m36*XhRJv+-KKe4K>yYE1><7bs*uS|0^+^0LK=s3?q59$fq^1N8M*lce -zf2o1JkbA&Ba8>7&zy-u2(N -z;eN#P6qNo<$W)YG1=TLIU@Csb!57gV2>%RU-p=`539m(72Gu{Vf>oqn3YC5aRR2B> -zs$Y+T&vEET_%GyMa4}4SnjiLnD#y-H<@jn_*MFXX%I7Yqd~Sit=LV>JYN7Heh3fw& -zK=uEzQ287N&xMCT<#P~JJM9bAPXF!X@_895pGTqcxd$qrMyPzwg34zu)Hs<1HBOF$ -z%4Z}z10D{QPk*R>6ol$W+d++o_qTERJP(!6V^H}#43*EtQ2Cq45zy=BQ2D&KwHtTOLXEp8p~hVkJP6(hH7<*w=J!3J#@9(5>1W8pq0WQ- -zq0WOrV>_tx;I~`3;~zntuU~`zL;8oH)+fH*(j8w5f8h8tP{+5h_p8$0}-ofPO -z00dG~Hy#R=-w!`I|BpcBce2U-q1wL-RDPfT=={A5 -z#W4wS#G?f47dIJ?DA=|(~Izvi!<-Eyeol~DeAnY`|+fY&b@p{`H=Y&_pM -z*H~;EZ#=@-)7aJ6!T9wC=kGn^v&Q?3HybZC)*ELVk2Q`k_Az!h?rdyt{Ps(i--pI~ -zU=iiL6l%U$0M&k{8grq>MUKe_z>U<`9#HMR_KQH^YvebfooV*Ht -zfqb9Im%^u!>)>NBA3g|&!8c(~_!8^_)z0628VHmS&udWetcHr`QR5P*c+N0+H2j(L -zLHI1`Izr8>pMK)v`Eh+9@ICT-Q2KkJ#_iQm@h@M;I~B+mLg}YNjk8fu`bi&i9C@IK -zekZ7L^T0=ez~k_GsN;1|<76NBFx<+Hzqi(ni*w=I9G?wkKMZOdeEwk|@Ctkh>iBI? -z^Kms)eH0kS8V@rbXx!P@-uUeY*58aT8<)XS{LhDn;Qu7(UEf1pSM6@ccd+Bz*zx<{ -zclLjWvR?sZf2>{MaE31_T10p$C?A)byy?p -zPMnv*{oqWfxFbt5?>YH?Sb%({$-|)f!#+^$x$zz6e=U^%)lmMg -zfbxF^JQcquK=~g4zv1{UCV%vHAn+&T+o1I2Q2l8Hl>cqta{hmO)A@fJ%KvRp{x5?k -zlkOy_^kd=Y96!k9pWX-rjz@k3N`EF)e>@J#|6Z><|DB-X|Kc_0{|=akd;`?=$~CYv -z*E#3Fr<5MbUvD@GdE={2egLXJ_k#PP-wn#|&#ySY55ipJMkv3x!tL?96#kRrrBHrz -z-~{9?O@8WSHy#dy@_QhZ-)*4k+=rCS7*-|6rl -zuo`MS91WFj7pQzvq3plHSoUlA=Wh6hWb}7K*`Ew$KL^TwiuBlx;h#I_USp_XBsCN -z2OAGH?rGfG`2Axp{RhT1#)ph6j8_;J7;B8h#)-zE#y-aH=o}{!_svlK>+C&E-o^OIqb}XGkgk$`Ce(GoOh}ha9{_cIxd&7~+#0GsyhtaLzx$x_ -zz0-KEaR8LRy`ionIzah*^%3W9B~<^s8OmP;l)uSP{>B-*8(*b!%HM-f*Bv)N`KyMC -zZxU3$9RlUABb5CY4`Ijgmqp}dQ1<6S_1B3|c85V-m!v`2ef6NTdkLzaHbB{(19hEJ -z24y!0%HQ5l{qwU2oZX91*DWid>=r`V&4TKeM?m>I5b8Q+J1Dyk>AbRg0;)f*fa-@= -z8_ze+H=bxb);QXDnDJm^2Y5XGKfNyyIF0%1U8wo%4Oqy${5&imzXwcz4Wy~NT?l2j -z5dH_d)1msoEYs(~ees)N+zV>{Pl1~Mn;Bd>e?JFL$L?mRa$W+*aQqyo^TJ6mo&QQ8 -zT{C?wR6dzd_S-_m_u0MV2QPyK96uSJLY(DLahAe-{N+PkZ;Ua0Pe@nlwilG$Zty$o -zIz#ot|1gP3{{d8a9yQ(pRi2BX%2Nqdo)h4y*!6>oZ(peL>-Op=Q8M|cAMzJ$8Ic?(Ma0HmvSy93JZR`?}$e}NhY -zi%ee)Ri5$2BcRH&4^(+H8LK>>-{r2ao`8z)PN?$S3{{?sp~`bMWN4+&hRSCGlzlI# -z__l>A&pk}qf8zN0Q2x(=x~`oMHUAET6t&wSQ1KrGpCO;Up~ht=)4%_B7ysSH>!IRb -z02TifsOz^ea2x#fgNl1UsJJ^p#r@w#cb@t;l>fg$#d$JR{3D^R@7De;5I7F`eyF(r -z4!!GlsJLfAirDQ>P;nmvSCP*+sCi34*x_Yd!Id;u!%yP@Jf7wY=(WVki{rbES@ -z2Nm}~sJIV>G*S8vQ2yWhtBd -z-*2sOaW99uJ{<;+!ESe``rZL5?rosre&*IdfT^V0!%%VG2j3!}zrlB~zsB@cP;n16 -zW6;N>xgo?W(Y(`#oQy?$}xehAd>Bc-`wlUrK^o`E$ -zUgJ&1i;brldmGb?+Zlhl!KMG$xWIUl@lVDv#w_FK*SmCY8lN=YZM@!igt4cwtFeRe -z>jvj%1tdqeuDmGcp&;4p^n$UU5RfrRJv@~ljF}{>*9RSc&qVp<5|Y_ -z*8~E8!S8CQc&>)Ea1Q)4$4`Xvdkj=OSy1_I39m>0)737Xr=X5s4HZu%RJ!R<@qBlc -zi|2jg^Tr2_w;DUch4}sAN*7NPtS0@n@LY~Bf%1DgR6Kuz%C{F>ggy7w!79f2bx`xh -zRq$xacM;Tld9vw`gEiP44P`e9j>qmusQi1Hz7w2--7ia=-H&jh>Jcj6x1jWYf%}sG -z1;!nWzg*;w-(_qt?r+@D_~eDo?r!4%;{nEZ7rXKIqVW-^@i!bQ-`>V8j9*^hjxRNq -z7$+EiSmgAtLCuq^pyth6Og`B-5#Gu1AZ&!4VSn=b_xWyo{sZ2@@fFY;e^C9Y4yylU -zLdCbYan(X6UuHbhc%X4BsCd3T&&Bf^lzfx%RCq1&G4N`b1r^UWuok{|F7M!R{3WP( -zo`s6%2B>(BgNkRQ@$++>{IKyhW3Dj>m47#=`q9H;$Xyuiit9aKEeK*e(=)OgD?ZU@J6{K>Oif3JsUqt7?_FsOdKo5|mv>Biej@LAH` -z0k1*7*yNc|{dt7R`$CPk6qDaRgX>M!HkD2sBzUBs=U2mI^4tbADJcInr_Zpckgajk%| -zzYfa&0x0`4q4Fz-vOf;)%=OS%sP_r7pwjIRy?mh3ZJ6)Uy#@D1ZiLFG1MH5gjdiX) -zzJaQT&)~uEEhzmxum@ZY)owRJ*n(OSJfoh*epzLoE(VqilUk&9q2>$^)!oR|wnRIW58{psITG)vFc~Jgq -zjnj>m+{vIg%bD-jz4`n}1M4tm?e+ZP_r<_b0;A8L# -zcrUyh-UhFN4e$=^hd}uc8oL>{f%5YflZN7Z9xA_kq2jw7D!;R!(pN&+=Rn2R7s|ey -zi2i3zg0f!^Wp^_?AD#x!fK{*_PKRf~Bw$PQJp}$GDI2#aT}Oh;gVf!}zZgo&Eu1neiCo -zyQNP5jB%!Ml5rcT>*!yYOvO*3&g09V;=IJz#n|3>{S2qS&^R0_{b9xfq5LeF?(9xA -zjxzQ$zE$G%w;QiA9%1YW)nB%Ung^SU9UI_eZfGah67f5iCHaW0;ZjTabCFpf5Ud91U08!GNcpyIyRI36nQ9H@8>gM7Me2M^=;%g6AY -zGH^9i+>b)pT>%w$2^@s}7}HNMeGk)rGu6f2XdDE`lkSTtZoat%9!dIhOfG~2kh4wh -zYTPi{*{?QU3#VXrvdNR->BxOePK9;IUruuAo`#np-)iy#coA}u$w$E3kh__@abm!G -zZ~x-FKwvQO=0Ww7j>d;3IJpXH+)g*^BKFjgZQ2i%pawn+%^T{Zue;le`+-CAQQ2nCB -zt@H_8N%}d0@Y66W;^}!Q0;V&$xEQxslw#ZQ0){nxf4`7eR8C=GgLd> -zX7V{u?R3u(J)uRgu0GRJkAS -z@3<7IyyrpH%PGcEsQGK4>3`_w>_3FEd)@drl-(rL_k{AdxAD8aF5NRw#~(4?Wyi0A -zIzOEwqA#)I6QKHEhRI!|M{X}-_dy@W+o0;_La6$wfU55kp~{&Hm2QxT{BCa-#}YV% -z;|rkbeLhrs9s_0fOQvhDkD=P@I5-$ifNHNXQ0WeYvi~~6*}Vr9&p)B!`3t1$re{O7 -z&)&vgf=+%24#V#*kSa^xKqV>eccAL|1>>Vo^*qP)V~kl)_0$C_-=7X4F? -z(BA~r->!j*e<@V_l~C~ygeqqbC_kN`{H&)^6#sot@h^s>uFiiue0oF5XX! -zZ$ia;5tP2fIKg-%RNQ+(<(C4L-}^mX+>b*YUk-JAp&dUCsytaR8}10@=evU`2fPX9 -zz{8>1t2b16dqI`ABUE``I>?o`2`Zl(q4GHcs=QO-voL7vY<#Cze%~`*Yg}lYV=OY}8iP>f>;_eCHJaqxaCRvC3sigV1p6WX -z&puB6C&V=UQe!`;e*I0FW25mjn8EQWkS?6w4=UY$@K}y_f$BF~L*?_{-cElll)qz) -zU+v}U{Tg^2$16=9XFM2Ya{RG9X@C6ZK*=eP(9^%z!|^ubl~DD1fw2y%UT4E{>_@{UmT`r~e_8^Ncc?!)zc@hbP-P+jwS(_aXc -z{v@b$qhTL-5LA4xb)}rhYrD95dJ(EVpMa{*l~8^!gsSi3q1qwWj`xLXkA0!)`SV>J -zR~n~4_45>{dVFUWCqDvJ|2LR?8GHe|C9sVCy%5fZBX=f0j@R$x>TS01U}G0!d*fF- -zy7pLWd=aWW{sz?!S3|YKWT^HWV$_$0Nd9~W$2X0CGhPH$f2TmzXTHhXz!KzNQe8dW -z2+NQcn>+@p-u5&;(i#8qV;o@I3eMno^Y$3?-y=}zZii}*2B`M91gbq|ntp#MfA4SS -zI2WqE_kpV4@3(dGE5=4Rlj9edTn=X=x9i0HB{PdmMJ>kiw -zp9=e-A7?z&`1h@y|MOsf^rsv1jU8Yw{BP`N>!VQqKZ6Irx1jWQ!rr7G1=TM7jNfeK -zwHekO5s=ZH!YVZC~e!3g~%|XfkFy3ff0@c11CQpKD_ru{VxChjD -z+Z8JA4)8$yeA>b3KY~jC6jZuv;EC{ZsJLdp>B!~n$sZmE)xP7P+BXNvZx^WcU)#?0 -zi#MQ-KMd7BZi7lc$CzV$XA9Tf=R&n}k;%iL`olgZ^W95cyML78?B9Sd;P+*C9rgbl -z{0lrUzRQF!s;zHFyP_1}`#sA)JGJ27DKuY;rYh -zLY{4M349Vc-{dLqU&!N49tD+t2$X+f^3wM;nL6>((-xkd>E27vH0Q|-)4*ub(ftCw -zA;k-n!bdAztIvhq1#i@^5s-vg$>?oj^rgYt7ARQiJ;2<#6Fm>;RLEwhbjM$MZ#-b@9H -zO~wXey|KWUZA>!;jLl^1r8hPh>x~7*Y-5@+U~KMe>5UD>dSihx+n8ny7&Y&D`5QIg -zO0G8+7_*IO#(=STJ4ICW5C!!;jLi%zFTJtBSZ^#aW*gIt0b?^A&P#7>FxDFj -zjM>ICW5B5MftTLcV5~P57_*IO#(=SzdE85HY%tav3yj&uG-JTn%*5!WH#QjSjRnSR -zW12BwY-Yaq(icd^A9(4F4aRz7fic^d -zW(*jcN$jOJHW=%T1;%V+nlWH(W}e~CEt`xD#(HCcG257C1YWxR59WOp9E5)7{1?^_ -zB!_<2{KX6>hknQW)u59@zgvD4CnnGSba~|2%7IQUFnLWcC#T-x^j!{da`UZDo@V;c -z???|!clyxpKHq9`=y#fTF#D!|yY$OBktzSQ_nmx7rlmKz-r{dId4a_r`rY2Dp3Xk> -zJF)+=`Uw55>vvY3rg3D#=QAsB=yxsuW%+57r#`6%Ie($wrR;R7#W&UI*Y|dE=yxg4 -z?BV2kE^hQW`4me(!^y{)eUs_0HvggDO}xVVHnOrcbs0HOKTzOn5 -zc$RQd*XK@?H}vN^$}BPx{<9!O5ZD0seQclS99o`}tTW -zhkhr1Xr7Zpze{}RWGAQ5@ATL?4>$BR@hkiHo -zLrWj}ozrVAedu>r_pW5=e3?IO7*YCn>_Qt!Ir-M7AN;KeeMb; -zAH)EaecE50{EEq;-?d+E?H~Fb_di*G3jJ>S%O*G7>C(Sw{zJbzf13GgxYy}FILhMZ -zrb?glLNc44^ts36(C>a9XL9Iwyi=_HLcdGi)8x?aH1BQo8T#GpcddVC*L&{yf*7lx -z51d?T<1O?%^2>0f8wlD_g{r{9C|ru^2J{=cSAGyP!GuQvSw=6}r+m;Rg~ -zE`2=@iS#+KgY&LDd -z(m!bWnWk?D>AC6A=fPnv|J5P=RxbZ~9&+jPel~K4`oQZ}pYK|I7MOiUtG}rx>o?LA -zf3Eo-GTixZGW~&8zBKcHLyq&m#{6HmhqKQ$`-$d%q{&%U|Mi_+d}o>em8PFz{+oFC -zug`zX|7!F9gZa-k`=71+ubbR#<j-#n8SSbVA6B^+0Dwc(d>7z@?2^8y@vbxdAr|j>rmwT~9j(4zd600Un_mU;{D9@0h@oHu<_n(=~r}c{+n)g -z={K5wo$2)(qso8Dtxi8C8@WS$psUr-2y4$~%de-!*U{w8mVdp?7iXEitLbN$e#1YU -z|F=xv!}O1szQE>-D$763@-Mgi*O~ozD}R>BeYbM)2cLER=Ue$UnEp>zzBO#R(C1id -zpVWF!47|qmh05RbPbV+7{<^`g|0>%#eVWzR?YlWS+vN6Vnr!3a_A{KUMIC*5nA~jh -z#Wa&E8Hf73ZgQ@Tr#$7?p@DQR{R_mg_f`#ojV5nf?__PJ*5_)|H=91)GREgo$0qj?wpbqXt)XId@?AXVaSJ@jO!Z?@}$U+SG4`W^Up%>NR*{+mgA%U=`oo<4u)f64WX -zYkij2JGp_yTz$^B^v!nt#BUfld%OO8kos5pw0c>ycFF&qe>>l+7GSt&HFfc!6+v;9^t72 -z-7WtOML5 -zJC|PFT(Vwv)8~7W8$NLIOXhFGr%s;0c$9s;jn|ImZ^J*GzS-;>?EE+0%HObu%kLYr -z&+g&uwJ%=&g6U4a)9R;Tgp>bd=^F>S^z+R=m3cs)q1IkOtB)>cSb3Z}aH^%(!vlRv -z&A-0HUY{#XZmxCm0P~-g<*5UGxz5|WeSJWijP<$Xa3^;(xy1AvZN6G#`fE+Uh3RiH -z`BIa6nS2H9CjWbxyyKBhPBnRZ(_d)vV$&aH@>}Mw*yQ)jezM8On*B(VPcVJG$?urH -z%H->rPhCm9;s$EC9*vYUr$@`r&yAMfV*ZV^-(hUD{Ik#gmA#_%pAL?ewf{ZRUpnm_ -zDZjFJw0y2l{@LgMGN0U&@f+#yqyf=#(ZFc=yqakF$L`VcN$sQMVcSK^BX;r0wbAmp -z9i!#zE28Ch4v3aZW=6|bcZrraq(;l1%#N17_T|5$&;K^NM%zEbK5Uzd!owx3BMfxWZSzxBKe%O<(;!>8sy$ -zzWROKSHHswqwDWjU;R$<)$i`U`RgfP{T}3NFKsl4Y@f4z^;_qw-?5#d?ThM -z;H&SGeC40v%WoTBJVn0pkN4&GwJ*O+U-`H4l|Ro{{%&1VKiMr6a=kY`!m{48jMT62 -z#z$Dce15e49B({@^{Zw?>yPusM_B)yH@?F1jo$bO%l~N?oxZYHL!$F*9vm%y?7KeS+h_lf -z&;A@={7?GE_w%erM3(O+pZ;QBe24nZ*OyL-PJg6N{+HLj;qvJ{+{pZn^!fkA>u+KE -zuDA9tv>r(efjO`vp>%#Yu|We{Ac+5P50#=$nRdA(RWBy -zU1d$hn9`d3!r8_B`eX(xYp0c!7L6&X%PXBx{nDB_+jv!x~*cR?jV+PQlB{ -zDvAbI%=5BUEJv5jO;Fr;m6KOGr?57GeZ1;PY#&oWX6nM6QBpIpuCios-PpqN8D%BK -zM;Fd68C5={qP(VLUQHn13Nw7%gdxN7j~bUVG{3t$G-@2J>s4)a3AFm2KwUVA%A1)t -zv#^S$p>lOFp{xACwWVb>rRDk4%PI;nbb(DPnNeDvQ&dz^T^%}9QeGT=ptihZUS&y9 -zO-b>vs;Y{r1l5(GdMgu{C#c={=J6^Q%Y-8bXL^Xjo4k>r0R|_NXz##`f=*mCR^>XOt1l?32tY -zv(HF|Pf2l3ZOu$ZT4|9t)`nCRm&D{6?5&aAM+19Y-=izai(*ZB=M2jm*L%c}v55@& -zj2xRYB*t^UypcJXefz~6&l*);T~fqUHLmyAp?zc2O4d88Pu$~uGcse2hu!rdWrnA> -zv6WXlTWyk;IVG>GdP8P<4W`bo -znyC%O@|)B&vPInaBWFn7>`=whtdRy8nL5MdR#ntg6jhXkj3O<}MNv+0a8?`ahUB$) -z36JU|BdabaC)5HXa)#8+8<96L6h&Lp`})+cbrWi^-;!Pp^J~+Gi{UzYVm}!&@H+U= -z(itVyH4MXewPt4Y*S44udK|MjJs~2mxY{wB+J4dPpOX{pKbDhm;SA2U!C&J`1JqUC -zZ}$~$(BI}Oe&e?0Gb59RW*!SQ41;iJoGS6mBAPjwSwu4@Ftglp2TWrMAHt<*4Ht4V -zj-7a-cO4UPaT+t-=LR!^b4zPxPAac1oL({{Sa(u!e!l+Cn=)qVurX!B@llpvRyJq$ -zA@1T~c13Y*S&4TAo#ZlQXlZq2VNKCY-6-3MVWUEG1(%CO>c_4DSeAVHSMovHvvcM!&75#u71X4 -z3>a2kR9IPE>$2nOm^db9WL8I980T;%j5>GEnGs!~k(DzbucVNRbZ#pqX9SB%D`%Ee -z={h|&e!r7&-Ti78@h<^0g1J@Ps??NlZ#Oxke^ue!=v$)JL+g{vND5z5ZVrcxxy|da -zZ)V2kbQr%XBd(@5M@9a2cTv^&+ucP~;%{{q_x|EnRa^X` -zbJsF1*xv@q(BN+wC!61^T6yz(Rby{%uSu)7pSu_RZMEBSXPePy*pQ)lIl9sH7NTgf -z;u7wYBUgLcGPOkwq0QwqY9MVMr{UogJ^yBDacxtJ9WkOdgEx16@b{&N=FXZopkMDz -zjj>N|yng@Ny~gYJztwAkD}dfLg)>_3gK^LNZA_Z%8itiryRs=MZas>qp&K4$krxla -zer};|cra&J(5h^BaI*hOCfVgen_WZ?%U=~m^dS5dE)op6P#L(#8WO68VX@VaXpFTn -zc~pD&$5zCdD&&sao0djlijChWo5N4MQTc1)i8l`0=Es)X2D5xWOOF*=7PrH~?82fJ -zfdzC<6(jA@#_)kx)Ghv7GfbXM%d%TS{|PNxckC_SBy}9uBDv#md2OLCVFs;Q -zX7;tEuGnV|`IS?~6{$<-X&rv7_h6QCBfWu@T2}kZee~MgN2aV?o&; -zb8>I~WmSJ_|FWuERgG&Et`(eW?KQ4dxLOiewKC49wdK?mb&E5$Fgi)HtJPTB#FwS9 -zwu!Gl{kGxLXVOq3PM=Bbd{dl1w^q;Z{sg`%ia2%0T1Hh+Qp>37Nn#nUoFqmORg=Uj -ze8~{8#_BIa%+QZ9h<>)Sk -z2x6F#Aj~9d`06ZZASyhZH=f`a&o17>DX5`LuJ~6!DISLvW{KzsIQAA<6xsKb>pfO-i5^ -z-lPPr+%oz@N?Mfgl8--G{E{TIk5`an_VLQ$w~yJPmyuaiSY0!*!VT5@%$kaMu@?~e -z^Jdos3kL^-!-Es%mkpnnH)ZOu>67wx%8PY4AYz3mv>7O)uXm7}<=l!=J&6lWAJO}$ -zlJa0b_egBU$YAiq8KZ(cuna%l;@GTF!MxJE+`8(%lX!raHF-onVr5;<=n;9PIY;G{ -z)(l5Z5=>^$AB;8~{a;0sF@Oz+p~bV7s>#q&Yp7a=d$kf-3nPNTQfgv=t0-!a11HWJ -z8Cx$oW5RXQdcF7~@#^LOB9x4N{w;(3*;X~DWYo}%{*^6{7(?|_I@)y`w`6$Ym|$@B -ziAM!P-Do;;`Shcxo9e#wm)@C^^CLSCedcIaM`P(fHN#^&da}Nh5oFV0VR`Y$F++!E -zWNK$;Xp>Y%u(E1aD8iBb=+`r9W(NC|mQSysOV1juZp~AK(m5r?v>%7cW{>_~iZO$y -z!c~PuHF1LM&3-j@2gb%(U07CQarUMlitm3Zy#A^+_OsP7phN95hw! -z8UK}G-@TcZdQl!E=nTS_W$CAZSqk5KO8FwI@52MC!ELdsWQBH;oGhny*wIP$w+DxUQ_UvHImzU -zD;8SgNNN^Z@JMPD-u|D|Oun=flGG?%2DdJf+}JCG9s_0cnWo3kI@N`D{Kl`sHkgKk -z@G7z`DO#$t4aT8LZG&mJYTIBOs^B)5hD+$GIbo8#$}H~%Jsz}YF;5g0mDbd81Hu!J -z()^m?$Eu3+W>*i(sH`Zhn>WwfEM1c~djfl=`wuJgHuR0JL&zCCp@xMJ&pzDw!%KU8 -zDk@9L^ZV9Tv-3EkPhrFhOvn*iw(Vt(VG#?*`7s-V=hckK85JDW^0tSTV0<}8t~+jG -z-a}f=dqncQ`{-VCa(}z=%;@LcigBMimO8E~EiCJ!`^%i1Rv!@!XxRwF)+35+<#-VdX?sK!x$z@%{h*&) -zB+2MoSzS_FTrq(KlZx5&25&Vaqp!OmZ<*J4JQr^E5y8n`)9_C)KW_#rG*LCrUDb87r&aLwahhJ1#9>-^q(-gb#@md-&Yi@m<32k|nj-##q@+nA8`v5r -zseQPECa|vas$oP#EhHI|Y2nwv{JF;ZaXU{oDM|9I!_&EU!rFugHaTVTKtiXsO^BfF -zNm|cZmlvCub=#68&pKR*?rgdVA;c!#q_>ILk2N9sGAHg>i#3Zsz+&yF}3T{dwB2`qVJklA}kZFLQM7rht8cy*eW?Q2R|8LXa?>s=U5$(v|@MxL1L8ZIZ! -zJ};N9uI6Yjd8xw`53wFN%ofz@+RDm`s+wx=@sM|fCs_LG3SM95<#q3feQibPNXxt7 -zM@0`E--eCW-wpSr57(5}+2XzEoiK%Kg|;MVx#x-ZuC>p9XwwojIXtY%j2P!@YvH_HMXm6vu`C-S9+q?%i--9VZ`Wp%#dE8G4h_`})+c -zbrWi^-;&;&Wx}tx|H@+6bd%6e%)TFcH{6$9%+8&pW`u5AYa-3!^aS^AxR+O4t=Ao~T6TBO~$#I1n^tZ(o?xT^7+nP`RCdSa)+`eLXW|TVAe#y)tnmNLZ -zlf<0DvQlnoOCq-3^D2UOZkSP0UQ&gMTQ0qx;2mo*4}EJ(i^e@h$5wmx&6`tlQmNEa -z>(FXRUEOeu)4fC5xW!; -z#ZiQ%=Q^Hs%u3$?nQQfDWZK}hyz-_d@Ho+D_r#v -zyT91LlNfJkUQWVj$T_1<+jENbS8?>NmxyL@8;7)cC{dn$qw^dY$}$+* -z!!)daXyZ-ku*fY;C1hV#GA3#}P;}1THn;e5@9+CWGHwjN_k+l|L3neA_r_h+2#?(K -zld$Oq=zIKXVrGXnrOgP|R_Z+b>r!WxmY2GWBj=8&?w+8#WoEXV(pz@O>9ifw>xQ@V -zx)Z&fg$XytCCVtHC8Nk|hn9RoukQZFZ2k`)mB#H)|2JFx;)n8k@92vgMP{EwSBfoN -zA$FphTHZ90u1;pI%bsD`3tjJwZ~>qL4FedW*Ooi+*mTCxubhW+a`<17S5r -zUS;)!(){^VWy3Opnz4DL$$bgeZ*}v^%_R1&C@b=MzT0byR+JAfEG^^9CG+$9OfM}f=~Gr(Ueb4ZS>cT8>b^&pur4{Snj1-d`D~F}tz@Hf -zUe3t8+UkCj+{W6?;xi{R)@4jt+1zYPlza#0Fz-7!Ba0dw5!#LGJ%zOkKKJ0%UF-#W -z7Zw)tXPGX-Z2$j69w&2Xb~(p-^L-cb_PghXF9p@kHWdp -zbpM#Daa})Wbb_j&2)2N{8QROWO>nlFiD$c11})|rifWeV|5Y2gBltJ3lug)iXS|Hw -zQLEg)zQJ7M1k2P;L`a*_WSb+x0WDvd8#)JOg?q4hz8rVdz|n~3dw4y4ZF7D -z*KB5JZ6)@yHR8@ALA$i9Tm0$`+;M}lRhiA}R4YlF*JI05h0W{MmYFuM)0QU{o7b&k -zrB*kuQ*Zrl^SaE;O7`6(QS(V3y@91$aAu^4rIXycoZ$(lrvdWba!(X{h7b1UirJeA -z6Zy=W8@}T3Hn!Kz%dg2Rn=n5VLTJaCx7AFeCcN_Ld%GdxRZrIPa9-#u%<_9r -zuc*qKmNP8o?bZBw?8~ynMr|td=fSFC_}dTvm-2{u8{&T{4^~ve<%oL6J-qIuN{UlO -zGzrg0+FD1O*>_akY*ydlT@_JoGyY$1*S4HC3`F}$7#h+(8YYt_q?vYK9^*xd-X?3w>2OFNSrPa!ov|4M=?n3F;=xN{>2sjI&sCJb|HFx?DL`G*k!Z0q2 -zojt<75ljs5W$)5LSMr5W9YD4>oUH-zTp+0KewX)#5;-tR5&|1gOUl!j-{W)3yHvvs -z##zFAhrb=lLn@(uix9wZ@T1*~kE%Sp$yl`DQaJ`tZe{=9(%+K;py)n@2AD#tMiLJb -z8d;pk1MjQiB71~1>T`WUW78rr8|srgrox7V#=KLX&~(^}-%!5+beV>0h!OhBF-E~A -z`PneX2mflfPZGABv+VB{pLW^zH@1?W>kp`baGm8fy!9wFX{2c(7N4?@5^fyQ5#sRq -zqRbTG`oc=ZBgWOJS;Ur$*6jDgk>^~(YWbB6r2M)032C^c8-eUU^3{(WZYU@0m)@-v=n&h!)BkY% -z2I9)t8XvB99piZ-u9*is4r9%W_LZ|0kacIuXQQW&@W9jbQu_;$kTYPEON)Ms+Tjb>o -z5EWH^ko)(~0&94>Vqy(WH%zRdsSsMNkI=DrMTBvy&lM5KE%K@yHWM?bMULU^lduXz -z^FC~Oxih3IUZGLzhL=&vY=IsK)~@0=BbxLX{Jm&IX;{OYjmye871|?-?sjC(jyU#? -zuma)vL$fCOgfc9=-dj54V+rNX_;@ZXQbh`AEzwtFW?f_p!9+V`W_8edz}rW@hxc^V -zyi(#ZTR4D{sAb&VlrEKr=XA$CJZ(MEdE@EhwLGuzR8!jhIL}P^aMt1Z=c_Kz)T@lUJxC%d(Z{Wp6u=g3vr8XOORInb>9%D~mFGXNBxmWn{xH3(U$ -zMZ?-=s)GbMpN6g^r!%)xqN=~<%`%gSG><<8R#8Nn2 -zCDz<%{NGwi61H21Gezl-R9c=XarzrLXq=OzkI -zE-n;6R9tABs<@&yd~w4dQDu1nc^9WG9vbF=pr1EsxXI&Uk#*>ulI|QEmK^KPF)@s> -zz8n?KXmtkjo8sa)HeXCu3;HDP&}!1SE^Y^m?&3ZH4vOmv>>^TAyBrjXQrss8+}3?! -z8MW>!%|a040v#t3Am@T$HlOU!p@@Jh}7g7Z$xIN -zDQ`roQinDoGV-$#86;|`KIUM>?BK{&F;Zj#is9A;?)=aN?gY^V)bWky-jO+hR!`8) -zkewUu130DTky*2w{W|03iLbM#C9-{9&mOaMj%^Z=DsTHuDLDn6RZLIV0@a21tNO4& -zvf`KL{dE4k%NEn;^$fN&oZPSS4bQiZC^w1Wiu6D{i+ruR%4x8&vg};)LH_;&)OD@o +literal 181384 +zcmeFa4S1zlT_>380gbjz;;!yS(IF~Inh__h;)He3ThP&4YfAD61#zUO(lphih3<~s +z6$#^$HEnUnyu4h^?86=N?0^$TTI1s&(e=6k4cvl~3iuVqj|scu7<7gWRbV2%@d(Qv-zs~=h^FN>O?|teoKJ$freP{k&AO3^Cufg9T68eVm +zhksvzzZqs8^KbFJEY;UH*l&RNn<)7A#ZK-w9#>--EBd +z=kCkTzIgdHvzH#Ybayv@OKV1SEs$7QKO=qBMsDhRYECwbUA%bL{r5eX3*3!w@)wNn +zb)m%cFPp!iTW{+7+6+q`0lo(>KXA`|uLw!q_;v%n=LLBWfsgu&|89zr5ccv{*5Al4 +z8qrvQAN#+}-^ep>QoVMei~75G@BJ^Ix%0sp{GOP2@%bETI^Y`&NwdIr(!Yxr?|<13 +z-gWVwd+&V3rF-tX`~L3woelVc+4U{<;)|q2hVtG!d*@x3FV5Zf>U-{cIrzK1NPj-y +ztKH(%r6BJ#l~j1~;-#63cRz6Fy_cNXT^}18mTxO?vDGQt-_2-NMf%^2A4B+a +zDKPP*uT(aPGJXA7H}%0Z`f8Im_0?fkDBm|Jh`zq3A>`i<{{AcezWHR;0;2cdvye25 +zKNfw~tJD_0>;Ad>(8%t&|30SSZv=nj=UI~b)%QQ}%Dxf|vIH092zZ`<{{xq@@&)`C +zZ@=>aR7H;BTS9r#ISKBz8-$}yBi}`QFH}RCeBl1OE+(H6eChdtk1qXD|GAR8`01+89@q+cx8L*N?46hIviZjR9z6HH?4JA3 +zHke;wH>C4INOcdYKpY)|=Y^M01NU6E{=4jIY7zn;hyT02_tIrq=*jXzmRFvA;AQt* +ze&Bfho_oRf+!L!OtLH9xGnnJ}dEhm(m+$YwGYa0i@J!r)*PX9AJ9l~J(tVfjxhpn4 +zz(u?TJANSttQXvO|9zKUI5#_c{{!NYaJin?hgty@<)6ecGW_|ZZCZ5@Su^>qBGe&yQW9q%4^ +zT21B8zU1tS&t5qDq8HX5`sfA(oJg88pLyhwiKH=&pq~6zJ$X|dv2)2EO(gA_(%ORx +zHv1W*PYG3w|DqJ54IBRb^h5TZwaBiKPi4;j5azD-UMZiTQD!i^BFhj1-~t07zo +z;c^IY()$cX_IQ7NJB+5T}z<~RiP8x=k_*cd$@!&;WPGunv{-MDoplBsvA%+yH*2EVrWw|y%SpxF59leyRG&aGRVYMR +z>SG?pj5tDZI}PCX&HB_Wj&)SH`x7LOCj!^_AycjeP) +zKM$`UI?%We9xUjK!E}=xPo#nhQne&RY6;SYE37pn2AabRQqxJ=tE%lUw*_tzBx*)Y +zDQ&ZHnUS<1G1I1GOxt5(c$4OM4*f&gVEs)btz{*=AGJKJgysqo&L_V=k-TY9vEM>$ +z2{FL3WuRN=SI{^l#-w>9#I?akw(Dt=IO?gW1QKW&W4Ha)+t~v?vJI;vJphsl0IkNx +zwtlrGdfFn7FjESP-e=cj_86dxt0y0qb0+fCFS>6p<)C6QTT_0*{|F$;pTKE(^c^ +z88CDA-FJV}z|&p}akBA$7@g}LI@iN``i1o?M|}ftfFp3Ve&vH_>R0~y%)lG2_P_tH +zuAZR-F!#m50T`yX7E~a4PyOm=hU+W!GuPolVDx!kP{DcN1fuPF@}+Vft}RD@qn&74X +z#+xpG<-vD~-wl`+|9xluYp#pUgJ&Rp54aEOZ*vy&KzDpMh_MhNSFS;5Xzv*PL3U#l +zz6AKv3;25;#_RE;cc>qm9EHGh0}>>qwiotf&*OV=senA{2lerJm1pp=te>KPIEEn& +z1Hll?a3Xm(9K%7x&LzJK$8ZKFdoKC+82i;elQw$+wjT!R_!wGOKY$S(MReP#BZ%%f +z3Y`VFXnY9Kj#CE_-C*?ddJCPdUbmLn(_WVuP}#Fva0 +zJjXaPvr;gWZxJB1kD7)GR&~RHq-kK#VWpl+eiQ!Rp@7Bck)u7H9#`Q#!gIU>p5q00j^`KQE6k&c;KYk-n}H=?vEcT$DY;Da`%jAA-NF{&6{#4)3&nWx;jOq)hwx@m&~1H9mI +z<__Ns^U~<>Wo{-$E)h=KBpie@FYroCci41Ca_NH$Oy_S_FywNcvF0YBg$KUVB9emd +zw1ntD1Lgn)3!xyY@3&zoR_8ng45Ml61X^nV=I+o9_UhA4D8rWBwsWU +zM$~3oNSiG}O(a*%hJD*9ir^W>G@=8ItMY9d!kf1Hh!C!|Xv&pABOSpnR2qw-8rDSG +z-f8NAxtV*LFoC^Kn*^HAA)-_?0%Y`w;Hy9oB$S0ohalS93O2VKEQ>^Y1wpLhZE@5R +z0J;sq*=wd%@ngep61L}swy}u7UL|D(D%NiV9dZ(FCnohfX|RyA +z?xbY}vK}L}M%#x@KSJR2QE6IJtB7^jNh7(~jXg*v_jN}SH+CgyL%-6de)YJoY=Zd>s|I$I0C{WnM4p5 +zxdy4#>y14qBX}q5Zve#p2Ei(V`lDUz+D3Jh9h@E2nnwLyM|(znEt7HZ-BV@eYh9n` +zl`2dfxLP&00bgSsz6N{_u2x-u&v70;$M{k`xv&Vf?Q=9{q0ra~)Tq4ZB2ctRCdjXt +zQcOMxI#qfovCy;&%?N;nX0t--*s(^yIxDVi!Gm#9?p$D^cKk9Gp+ycI`7*GVmZ{$Q +zSuIo1y#TMH46tY}{h{r5;jb`kQAr=KyDi$-9*{BtBC{0)fOIxClHYW=JPLj(Ou~|;(BPJCX +zjY&%+mbRA*xb~d1qoA>izz)HfnHW~^sMopHfk(sGJn<%B$P3F|%|#~mI0`EuB}d@{ +zKUsDZ?k_nC+bkSrY)NC7gwVG&Mi7Z&G7-kJ2ZS-{b0#_Yh<-sqc&&5A{V6oAVJ;3m +zR_imx@qfze8U2vm>luBBc|Btmta&}djJ2i8M6;lPX<0yD`3s1G4 +z!8!&k*E7}_{d}!weAbH?tI!PmgGH&TxUD7oiP#me7~ONU$0zYh +zL`^d8L5f4cX~zsJ5nH)uu(1AF?PK+cr?yxNTc$}%ormVjgOZ%{Y2jb(c%ZdlsF!Hkwrk(qf_Qy2y{I)HMWiPA}* +zVx-ouSk*EF?FzO-yF$H>Drk)ohcjWGBwGx#;o_!F&0m`d6@Bm{gc1x<>LN+Sk1St^Y+EdEO3`hn+# +zo2%lky{4eKte~-iAmdPp(hEp)8Xb7zd>d7AhyWQ!2nHIjus@}&w9PCK^el7JvuABp +zBXJ2NqCIuQW=jBRn3QJjkW+;u!WWXfU~weLvIPr?R$k+vLQsQLPsB3lq@hAmpOg9v +zNvlp;RG=Q$E{OH*Rd;VDJ6#kNHI+8>D{bmmj|;-a +zDHr6$KVEi0eyZexaFPyGE7EU~@xYGH`<(Lo>;)X;Assk%>in;d +zA9AV>mqXO$0gP|codN_WOMxlH-D7HY=P}(gykqt!8tmm`agQ|UEzd7wR>f_z6@=Ae +z?7djIzxR-C-9)k{1p3cJdhb$Qe0g?_Sh6t +zn}#GVC`u>{K1$HG0UC?(i~1NdnsXa(ABN(%DH>=ul#xQUjk-V{quMn8#FH+ +zoxKBlpr!p|p8bNwtYU`~Tx(QF+WkZm3*aFi8=6DMFZpwU~Sn{AOJ98C)9-$m3imi$X5+rLyzVR5Mnj&3GL +z^+Q2p_cmETO0+Opz!9^Wa~+Hfeb9w!Z6f(#P^)MCspt8syTL*oNO@^HPZGuvs#NDo +zMiryOJfzqsFlxy}lLag|%|(-Hszllncxuy2&aYzmX{{cXT;dMVf^7!FUJV$7^HfK4 +zpz#sbYpPRi@P?^OG!6-lbq)SXKK97u@UjGpIpTL&%Hg`fied|k;B6@=AXHOJKsePS +zh^!s5N;8c75lb-+i(VHv8{&py%|!*RB?RS$IK_-+dj{z}4M%xyID*0e(t5jq2DuFS7bQ%4^Y7~DpFCFp}j84F?+BM!x3Vgv80k5k9H9_K7SHOO- +zI`FhbHg&C+yMGvU|Ii2QFbUb@qv#(B4O|$oOCv;Vh5d}Vfe$)*OiwYL6>+<%Y`DV& +za>E@#w7cOdJKbbfT~$1WSgbnn1iw2=lBrA*RtyTHq>m-1F)x!*uMI}@s8|dlTcCI +zKEz?l%1K+h1V{@VX1eJlbrZ1+*+H3p1&u)jwp%F#GZOp`pgO=QyFDc4uu_`(_+aYe +zgGIZg)Uw+xf#-Hxftn!EZVT8CR&~6ma(p|q{T>NMy9Gjg*xMJ!y9RJtiPaN-faFjvGhu%mPhmy+M3+%{6J +z&eAByLL4EEquGPo3X#0hu^03XKLv+&)CKyU{2c+rETS +zqoL)vcoapWWC5e>M2%(`u=RwEMn;pc(a>(tXfT$|tpz+s72_+6RzE3_z0|KSPLv3fciCVJULn6C4n<@u1R +z5(n_beoH17j?sJ;;{^r?_6rEun%<*M4xPoLyje0R$-O2Pr(CHy4DMjGK=JEAV1okK +z$?7;-9ZR244HKo_LjjJ(cn#*F(`dNo7M3e}z^PRC6Ok5$mg<$yp+4 +zwx=N9>D@Y^V#Tb9x~4Xf`XZAOP0Ub>v|9YCD=1!-@c?)ZlWO0I0eKpFJ)AL1-WPYl +zm#!{;@XV5Cwz{JBlyF6@F#|#eH>;~q6mwQhp`Z=%kO~4kOaai`m3t5>0cAE6sEXX@ +z9y*-{6yywNH+8-3;8~%%qYiq&ud@OnwQs}0n&=BD*fejMOV)JZlL=Bf&pDdAd1IJP3tYs5 +z?@P~rQdRPttzz=GGZ`(VPsyVZ`sqxD$K~Yb#pGM+*E>)OBm_oOBzh8`z1R78txqli +zS+e;_slgKv@1+CAoVEnVXGE{J3+QC+S%vO6KW@(Q8%J_msq%T>!?F- +zQt+}~C&#jN5*BTo1t!8Q*w%;r6O>DBpQ+9oqi@5WT^|f0RJ4bk-sNrU*kkngj+d^n +z{&b;(!3jso#@9_ycEiyK$!i(_2AX$cp+9Y~QSc5=T1LP1LtQaWoC$aVrV3F+1^UBMz|xPf$&+Cg9%&RIE3~(dA0r +zkSF!DD<0_c4j|6fOGs@5yGPzF@Zp;Rkb~P-5$_%u!fst5Nj&<9bA*zLkwo;V=9WOO +zj<_EL_HRW`cW@KBpV$}4Q{DfckPPr{rGCKkM(XBm?C0tOZ-tHNgwMcoXYI^DW6uz~ +zx4Dl-ry_5cHC_EY#LYq!UKDIH;<&mXV2i-wR_JXPwqX-qMVqTA7uVt!oOlL)4*t1sE +zd_h$+5jRwo#etAjRHdGIt7j2G6x>PeVv_hOpTV;veuyB|biAmZ +zgKsT2_=BhSb^-^3T`=qs`pJFRARD+D|9jf)UjJS{!>!lX(y`Eb_-Vhx{BabOlWhK~ +zbP{$@JY&FiFB0M5tTFGDS>&U99Knl|%VBSKUIa9QAoFl&reXXD*vJtKJ5Wb@U0q@T +z+eN{wQiufg8@hFSIX-M~+~9XqtkbM`A7d^qT_5M4kkp_`mSIPaakXfd +zy)wu~&4lgu7#YY!%}ng}VyWj$*cy+)Qkblyo4E|rdGQ%Xt7RY)vt}aO{LZl~=2(_a +z!lGG5kRi-JZGpHYfpV#BG_FO{%jx8pw@$>o&0JhfOcvnbaIf^j2AVvM#*K$nT~*nR +zpw45-oTFm%SH6H=4jYENoZm&?h32;*LQTQ4_kV+v$ssz?Ecr*29G7fYkc&0gc?1?v +zKKhnAF|H(RE5@bg4aK;RTxXT +zJ3t#27IqOGXqH7S19EirX +zlaTpgHQNz~8q~r(f|4EKbcu3&_&Q#jEc(Vh#xM$HL}Qpi;b082hz>OV1z1JR&q^(M +zuYjZ}Bn1PES3B#3k}*swrl%WF{nKQr!k-StVD1qK?AQl&M?R&-!{R61EuX&qbyl};i$&`7`m^d~gF%37%`vJZ3HMBUo!+ua1&rIfC=>BINsn*DBy-Xp6-9YX$EuXV +z^r)1!Y1<7;Dg%vgeRNhjDA{;9={%18cqb}$R$&bvJ=F+^2ThJ5I?#9>JZ@-GrTsck +z)Z|e?V#cA#Jq9w)L&cgy3R=VdMF#_Vok39Qse*9|7_Y?uII7J_?P8KS3HMp$m>sK0 +z3e&C0gCAm#N`Bn31Eu48t%KTW{o29bhw02yy;Z#)*SLJD-v`r+%Y(kyoV|>*D>XIx +z$u=jEgNQ^;FcBlu5y(WAnGKRiK~AxwJ!nEW9Wca(x(*RG`doY#u(7z3s*3M_4>6Xs +z1QBM1!Dm6q+#V1IRKBi?brBy}3`ZMDdH=yGRFg)v4FJi>Basmm6G4qh5UPl3qzcuj +zQSm6IP;C`Z>3k*zvtCqx44u)9@7)gy{`oeBGx$2|z)oLWL^N50`F8ZHy@DXw{0;u_ +z&5a#KPx081zeP9tw8co|uLii%duG?imqPNQ!&9C!D?CtvC>H`kG4`H}dexIhOmokl +zgH@a)NG5Hc2-*)=0F-?of@uen4%EqA*A1rteTed*W;Kp_uCUG;v7f!+=mB5DJzB?W9+(~9Y~j$+~El2*}oRUvHIWrb$5Lh~-9uEUS61iDQZ +zGNn|Dt)MoFo(48H#-PiI(d8!4;}hL9M^O`=pFH-+dx5ikxyqD;`w=DK8P8EMnl;+ft^im4Hv5&%<8fiCyjPg{2SqSKcUINhph +zZ#jKCOP{qAte1#-+DS8cQiD2>t2e|v90fwKe+OPxt`_EV&m0^ziUeaSa`@|b4n4Y; +z6g+bvi$MPpKo#xztdsXpt~hNTgydmr{1byJ$P`bT`}4fZ&Qq&So6Jxr@sTf*$~t7m +zx7DK3SCtgIfxZ6*09>b1P~7?#c-oX-gj1ac>mzzxoRb1tV+gXj_LJTH2vNF8wB_!n +zB}&)=A|{-3Cl`31Qa0_A<=x!?^TY)gUQjBu%Uwiqh2AD1hTtQc9HD}kEpePS4WK*G +zAh&38OANZnF)xza%E@hu+!)BA8xYs&=CD+#IWvSLa4fiy7wo9uoD0sN1VEWx*$vDV +zh_4461C94cNT1+KHdk3VoJmjGYy5@xEG1Fll%Qs9-Q9qIaZU?mf_`E*V5CiB%esL; +zim4Hv5>#~q)OBia%Lqvg>Y%3^criX+02V5Q +z`P?&C-3|OIS3T8cvIUbz*)IC2$3!-b_+V+u0B*a>b0 +z^#bvkfMcNXW$H2g&?>HAv2ZvOgy%2#3yp=Mpq0e()x)EJaZ?p#qA{+s0&uEdNSnr% +zwTnQCsS%zMRJ99fHf`@x!JbjOU079qRV&qW-swjocv`!l4tm87yZAgUt^JowlrWjBsKg>+o*;ICwJB$^)z +zDk)oj6dJqj2fu*&pSNhU3gY$fJs{I6-ytGV;%R}j3zLB+;Xr{!!LDscvUf +z&DLi*A!-sKxFNbOZZ4t{ZtM7^Km)A{sL@fN&CejFld39d{|vha9I%r1WrCDl)!bMG +zBGuCxB2i<#t*=Qqlp+*(+)&UUGy7Wku=@uhBd(`0YiwIYn#+JwJ*^<}D8@n+1XUL6 +zqWTfZ)EE+-;F<=fz1cC<#YlB2qiVK3OOLflgy4qgy1031R!?18Ua^*E$qHBE=MgzU +z%Y*|3LUmF2lmzwOKzOhdiwD;7lI5Ky5x%lMgUF-NG7Ew#i*-?bt*P$0-R|0e4iz-# +zO?5I-oyw^Gt^A)R5rP|{>*D6GK-jIJOUskia*eD|%XLIf&@$mbflyr(-XPH$9GYOu +z9;m`A5Y3w99VHQJc?^+9qh%HZRTk@_`u9zB!&KK51c#zIYO2GL>PSX)r^uvOel*+= +zA-EyBE^d}Vky_TKOYyuE&YzD?B$u|itnTwkhq(HOzd0Pt(7k)S-d=Xt!i((_DNAA3 +zc6^7=>Lqx=;L5ep?)M9xz<;uSblyHZ+&+vB2aC^K*F^OVDrk)=(4$nz<~Q<(cf0D0 +zo^k>o`K8;jr<}k)Zqp0tOWIG;w|QpKLb&tfV9)`bY9y|MsjxW}Hn8^4*<`Jj9gmjK +zm(&I6KCOr06E<2_R4PAHPmIR0nqygW^!VL{bz|A<AoKJ6h +zzhsiwk_%hm?NuBlTgNd5yuCWUig#C6(0MFdC92&iqQof&blW^q_6$wo!Y8PFosrui +zPjRxWJ$z<|$^XU2iDce|A#3a0zsY83wIs}TVwtx#s+P_0lCSgch +zBn{u+ie;=je2ykuXH(ZZ(R>R*BTRphwXhT$o(2motB{0yC0A!9LS*bJ1l950k8D +zh&rY~Z|5Oh-oqkF@4pobE@@Ln6wk2-BifC~%SOcZF483^J`NBxZ|2oKSPJC6E9 +zRMf|CQ6DXIllTIcM7?&IlUu4k{-ak>Kzq +zfjQe@9=31_Y&fS~OzP!qQ+h5v+85pmZEpy(c57`!yGro!RBsxWjOYhpI>CtIn%F;d +zPqZGnDjU&COoriPAc!*^l`YTPFZtsaM_1Hl;T}X+Pjmzi(MBZCT|JRe==cweNOQOH +z7uxLPx9Rc+Er<8+Tbc!w?vBQ4$g66SJlP3EPgE-yXW57Zhx0k|VRh>TRYiY0qI8a2 +z@R)QeXTw$qR}N#DoU_pqX9SHfWg`+CR_Dzb_rJgyeeDSDoOUs(m$TxR6=FeEB6ikg +zGupMb5wW7tY*(GWhM;If2P63%hehNa3>|#I!IR2&A(YM)9!BEb2OgLzy$^QUeTVLR +zy(#(FejjSE{uts5=fBpm1PD`h-=dD8U&yaAWZs4!6_O|B^;Sd2@1+>Mi(35&T +zvkmukOYZBfo>qsfW*Td@y#wYB^oupt&??- +z99bxjudTaC8pajf2Z>WLZ;;f(@zKOD9~9qdHKJ6cu@L>Qo(+yL_(g^T8><;(ehVT{ +zv{J3?sE3TT@KjECY{7T$oB2b90WPEb4WP^;6J_~}-F+b*^yt(5cubdCFMs1LQx$Zi +zk--ln1?*SPp*u`=uh)i9O*rFM8$5?vx?byNUDdDa!_Lsg%W-mdqIt`65xfICwS8~T +zs*;OxUU>Ive1$^LM=wKdQ7<^j!=G|=mr13nyq~g*_Zo}pMK|Q$NL%(mvtDx|XW@Xp6K_B-ZBZN@DnBM_ep3cCzCJsXt>H1ni*E3S>m +zMGdDJM!hV*h`ie}x@>rO<1sWmEE_DNF=0Z$t7YR$LaB!b##igjh2?s4ZgC=g7WhKz +z{>VhKA736|W)KBWai!yHz#t*8AF0-w@(r)>kj~r&b_i!cIFxX&0GD4n@RyeSo-QUr +zdw@fepOs?t3>Peb4B!=nX(XCOf465AuyePf3W*#RHl5LEE`(!p4_#x|ls)Ih61Q~% +zA3g8<_=sz%zkVG0-$|_BxC_%QAM}d6@N*tY;^GW~^V{wTcd?>#gla)J7bn8F6O^9s +zOr+x|avk8?6QQkQd1nU;I+Iw?DXtfty)bz$y)cMMK0KG6AF||EuJxbA^LE+y2T3OV +z(f**8_(@}be^1XE6uxil_v`qGG!ERcDWS4#@bTTjRaQo#hcA-NH}Z#9KsFeCjL!QW +zbKEzsd>~wu&0Ig_yss2pe5W8RgG`B6_2I;WH4+Xf2-toQY$J$PBv?(P?L_#MPB{`M +zER%EyP&lWXW7%?1)O^@?IRVR#vF!HpvYTVsbF>yJzx-)s9!Wejmh7Bv&dX7brH?8( +z>1=F20dRkzWC7jF+UyD;s +zPv=->PQx;5ETKaR2a8g*7W8*Z$i>3XGJ-U;mewkMc;RP_WxepT?r3i<`nsPNemVfc +z!q1vtgIhtfNB{0mLZi8ImV!E9-)i+rmMtRo^SxmO=<9X3#Y-f3ubTN>>iH6%c_DY` +zZ08ZgN?KHspP2F23NR-M^Cb^)`M0Fgruqb|z{u+K4FWJ#6K}dIpRE}E1_pZc?)KSr +zC=|mBt1{5l2k9`P8^A9K;jl27@msag|BCl^v@Nf~*w3e*9?mXsIxx_9xF4Nb`WERB +z$7+xk>Oys~Q1|IIKx`_OB62+YUH{B6OogcK>y0zOclM-LG6EOeOp_d=!Ev21bOn=d(0UE!}D>Bxz_0 +z&&$SPLf_y9rJB&jtK%>XDuo<4eFlN2Skx=hZPHr8b9zC!8LJjz1%Z;hp@d(kwn+s0 +zKa1tX6NRNJKS#`AY6zCtu<8X4d1KY4o*hwpl;-R{OrHyfIoqo$@9dQB%#MM0Fsd4& +z1C4h{NB(4d`Y^MjdJ7tdIS)crHs@i)V9vt;Etqq^R2i2w2n{PDjL@M*Mi38_M-d%p +z{G2JXph?P{2ZfgAJfv7SKO>hmfL-0_beS`8qaIZP2W9Xp3bAZPgcUEh2xWdyCNCD@ +z4H#(i^5O;&B$+u|Oda$_W*;(bo>U4ru-qEIoUZB#FE(K3J%cYOHKnXSuO16khyAe{$_9(%sH;2@enn*rBrD3l<~yg`H*m>7jb%e=TYcfI)hR50X!I0 +zKce^`2Ij-)orwl?m>tzy&^XL_iv_i`utQK^yepV<2dUtfnc$w#Fz0Ng4V1Y$7btV_ +zZlLjQQ)WSvlsR+l$*Tied8)VspIqJO;~XsZ&LHPSD(z-R?t>i*UHFh?oPL8#5^=Ez +zUr4I#mMvfSjH|Bd+g?io%d>R4>IEdE2z@`=>8n=IS|)Y8mZ2IC+-NmaJMndb3VFeBk?uJq+84Q7PM%^wesU#rXjr=rN5y#htiwMUAV-$S&`k575T73k{_)^j+QvHqeMl*JnvOt9h1*5)P#Zg^@*^ +z;LT+Gis!v%+~-Xz2m^X}il*W-p_?6puPJzRBRd-Gs<~O~<>n6q-n^o~b`0Ve33+W&SVLZzje0{S&5MK)yvJkO|M+9{g!o> +zZ17CYJR&E^N;qIARF|x&uy>u~bB_@24C`K+PcEVOW6(ADq8m;$^>Xt!NQ&QI;Wv}I +z)}x>KPF}UOoLs8X@=y4Q=_*z}Zb5z@=9*Zxh^rNUNAPjI{Dt^H2;cv}jBFP5l1(7O +zry}j4C;G->vgy-bmQ|qB>3Ht%C3)BzU7GgRpwtG +zFWsI-@)DB~E;>AAIpqegPjjw^MHCMA2!kU%LQ%j|RG6GgygcNlk9m(ma87PjJFwiu;K1-Ppo%EbgMTu(L*UK4}?bUG|<| +zdd{(IxG0xFI;UaTGL~#HCC9RzW7#y=EX;|vUvL-SU>6<3;dm>JaH3`Pb +z%#0G%MA37z#igM&ww6@>-F1H~H!RSsFtJJl;RCqIp8% +zMf3q&oMDfE0B-V(f@5wpuM0`>M)RM0#b!z@_>DfU*!+%@DG5YSF(&`27jg`(QysBt +zrv<4aFtF0PD!w(TptwR4!DkI_bu^|7K5cNeZU|D?^ze%YVUrcBCI+81IC}wrk022C +zw5guYV;(XV4aQyqzlIQG%S6{T5ow4njvx^bA5K)zrU;lWjFM42hRv}ahZ7VukCd37 +zJmRaQakJwsqb%R_dS%l$gqxZic5Q@&&;7!8GeJ!kllBOI;TnkP?jZ;|YZ0!|WDIEIBp=a%#-)Bu!lWIn$srBW5-O03_p=3n$H+vWu@zBr +zn=1OKUR!8x5+>3c%;^n@-s?dRv#_-Y0|#35h|eY?A4WEW98bSS5QAO!Gd)`z+pHrM +z{wp(4ON2%t!iZ#e(Ru^P4iWN1y4W+{20}Wp;XQH{uL=}b#c7Qfm_Aa6WjrT(x +zLEA90VA+HUja&AiDzsr8)txk%C;5n$XU4ORS82K +zs|>ygMn0RD_I@Bc{V>K9l(qmh1-jiG*l8#!TXQPX#zzwE)8M4Fcy81fV6y;Nv^Ft< +zNEGX_R6YrSX`+YnB?32MuTI@&U@z5d(fGwi$V(UNU;{&+!XrYZ3wDAptAI6JM +zN7=GoLC8XTW$srKZB=Zz!29j8)2OO=tM) +zit&N1Nf+zj7{pfmc;LC@H=z<0N<*P>996pz)+I{ku=Pn}4~(-!m7U+5=P#Twn@Ijr +zY+!UXfZrvH2iC?{Cz3xG0LTA<#*#)0es?K+`)h6u+8z{_k0p%;=O|>{0D5KKjHs!LHh5g|A4~; +zJDgYGlNOvv9P`A4=V`^eb(n?d-H<&@e!`Y_>BUh^*7(VA%%t>Wz%~GP!qz +z$HBjSOwZrweUvBck=FBsJ+fE&JfGis!XD8JKG8p7fDHZk=h+@HTJPd?bh7Y9tRI#> +zA&uXA_@s1y#%gn6r|b7t*Y8f(?~ShC>s`Osx_++~f2Rv?#9dDxsyP~Hw7>@k`%G=P +z!mB~=5G%7By50#fqEdOC!nydM1y3~bQZSB%$qo1*Jp-dDjJ(+juXAv1NaLm#P}8}k +zkW8O~WAtys6IkB=CwPM>J^#k+e8ii3neSvSwySx$WAphW_3Jc%ht7tXrD3EGOM$99BaDkcOC|G%OFRF>=?y +zZ@|Pc|JY{7fL6N=&Q=J8kE~pVlj$FRj^W^?T$rjiZ<+Z7orGQ7!@6D@RzbW5@e&}y +zV-S4ip^n!ep2o2G+&c)`yyfQ*=oyH!8_z+;S$)gl_ISVyQ+z%O;n%p>Wjq78sABXS +zk6y(yWM2j|k65>gol6xj3GVz(S;dP;wYs`hJe%dj>yj-JfQpGJs+i>=ijiBz-_N6t +z*oq4(hTil^sZ7PwEP_2T1euDT{Be}&R`FexD*hDqQJ~`Iqr~YdCK2_@*T4-`+#ggt +ziQhMD#iPPPE3P5dtzzd=#gl?NzgJdq9jVnS9?Np#$CZ5s4Vz(kPB@PiKEY!Z{}rtb +zv*@5=ayCNR(Tep0=N^!jsrcV~tU|^2SE~4@2->`57s2T&CK0Om;N^IVCwfEW%14LG@2Jd)cGo*9Uxo4$&0GGwbl!@ +z(hIfN3pLvd#rD_5SG^l5e5@1qb&-Pu9aMj+nkg*)U~t&U{Jt-Q-J{bXAmE1>Bz^>v +z-^zMZ2cyx8V86?_Zr;Ou-mYyQVGL(1>HA7Q@yz>h5SOI>`;8#&I +zM>s|kdXW48JjNfUqu%=fZp};+jn^`)nK4`*2%14BqcOEoGixkZ(#%UK?u}{Yhdv_B +zdBRx_@mTC~9UW(*|C8%i?&^3vt*CldKt)FKXsV +zoVU3(Mfbc?Ge;y`(##0Oy)n%^7xsysiA%1Jp=S21i$eweP>|obD{5vd(}v&dQALKKs~U#-s`$`V^_o%aGHL#?#jFR>Dm)NKJuqImS=ER +z^bA|y<*!C3uI#K6=RB=`WvuV=vknGgCVzh0!FR-;DK4vPJ~!}&&Qjx@z>c2yOJ1iK +zI{u-9r`{IRKeB!%K$}NEN+hRR)K->Qe`pZz)aW=xaQXFP++0qq_ +z^^T_3L0rqLuH|`gIKEiFvdO5cSb13$*9nqWu`=^2HY}@{aH`^eomDYoc@-;NRje4R +z_<7*|QB?7)SSb#ScYNrEtN4Ncq$>Vz2p+>Ko+e8^;D<&t>0eU_idDRnRjVH|icOj6 +zsHtTHu40uhG-XxsQ{nlBD((+Mz`re3aXvY2Ug*?azl%i8c7go9(>A_1m +z)B0MlTRqb%y;k}Eph@(+R{3im)GX^K5lGa0mNjtmL0|o$Yji02{GQ*}tGNIE^l;@p +zypIwDIripz*L#0D&pV94B-y+MIdQ<0JrxFv4Ft!Z=B>OJ?p@<$T*96~Gl5B9W~{}{ +z5M|?G6t}QzY);qpzG%o~=NY2x4g;J9((8IDHe_;44AJcn)gf+nws6hYkk&OLqXXA9 +z^I7RlTJBAn?Zq|I3q_Z=3;k4Y(pWF9(O#&L-lXB)q`qEUbi})uIP6W@>rL8nQa(3L +z!&@*ifK*1Iw{+)r>)6oGCVqdSeoDg{ZlFo|_y`n{VHcpDY_1?0J40Jkc-y2^M-HFZ +z_veJ`7}m*=d@lJA9u`H1JcA#2U6)d#;NV2^F|05Yzp1M8 +z0<+HMCHi?s0}1wu=C444o@4knG0%}Nu>@|9MNrH!mxaWy7=?4&?$ql|eSlghagl8m +za6ZNT3t!5v(GLhE@uBivVQ!Bp@Kfc9o+J+{+uRTxzaO9KY5Bs5tWjmEbc7eHxK*nh +ziK;UKO^ONXR2Ce}NoP+pNPgQ8)HQ|$GOTrGU3T67cQA;w$sQq_&{o#CY}hqE4B)^{ +z=tIIsd3?E1HNK+@4_FWi?<{3CzKaYOE>s6rzmc5P_#u9v#@R-SHJ;N|jUS1G9vSG9 +zXwj(pGyV!BRO3U0Q{h3yv|1-_xT+u|ZBjv3ubwBX@j7sK%Lzh7j&} +z4C$A@Pn2x31&0gfL1nSV4IW`d~HNFTK)Hr+CVvXl?RcT8ip&DOyG_>)RDiW&kHNvUzs$yCKcTM89x{&x=h}|__ +z2P=k49^L?)+xYL?q8eu=YJAe=Ctb%=BH$&XM9&|_8VqgR;NkmtS&auIEFIy+YWU2% +zuSU8BQ%ux2m4zC&!o#aRp^eWfE4<*8)%ah2Nmk==0iv?TS0PB~)oVFBvBq`nFAbln +zX0LvvyH=|4e$kCJ-j@|F)i{B&8Xv?D)HuiIVvXl?RcS-U%Wh=Y(NNrJ)Tu1gxD_5=P6#zlU89YY;X<$eX)RN# +zSC0!Tl{LPb*Z6kMPOR}oN!wDOHol|;)%c2{vBr7P&axD$13P<2&T4!WKTzX4T{WK5 +zRi&*NFKc|=(NNQ>gJB0Jz3Kj)hFRwri@|m1)#HNEpI}0PS_I)6dAzr{1Tb~Anpy6oiQ@qoQ7poY^);E+OTkj|uZG8*BDlCUUnXRwm +z2i-C%p)mEz>B?MJjF+~)>L_h}hEdt*8e%<^qOC6rOc!s1C@zVM`@+={cHx5p@E&)vkMw;VhA*|b*BnJgg4(N +zYwm38R0DeUbp`DW1>sx49?KhB!d+$S-w01V*m{5P+1n*suUbEx6uR#9L#0OhKEG60 +zKU7Y>erQ0hA1=wVUjTHrY{qiSR=O-(v0lsmQE*zlnpp5juw=Ip%zEdqGv!CK-bND4 +zT7k@Zl(M-CA5%1%bq&8<6D3cCK$%&O;KxLAFVD+m%LzGA+4P{1(x!(TrA_aW4cX!_ +z5_`x*o9<_cWZcilq1RF|>@EvYOQ?n9FcY-Is|f1$!5#n#2F;%^Xd@^ZG!emgj}*|L +z`@{hZ8g~bhcy}OkQUr(1TmfaK>{JzvrfiN)5N}ri-lk0HVan7a_;Fo?kLLzct_gRA +zDf`IE2Y&mwh18xSD+8Fa^em>{gYr1C@;ss`fBGjLS&8q#PGS7e(7{Ol(k`#LcmEZ? +zkMelmk9-3E$=}m`-1YO&M|qMf*_?n)qrs@(?>%|V^GNJ)-5{C^+g-oAPfjnE^Q+Dq +zY5Xo>jYp6Qgmmwy3)dt#EhWKWLQ*Ob^hKb#!)(>|$L;BRIMb15cCHpf9oz`z=E=`+ +zxhq?sqbFmyLZ_s8)^L`S#)l=C#3MKgG_QDMas)k|+@|E(KEE}PHmT!mb+OFZ6tcQF +z>lZR{Hs~n2Ui!L2_*KnWUzU?`#w2iNWZJMbXG8*ja(^V}EUto;IhzJx7iXN%1f9tz +z&UBW$#@#yO1lv4koG}TU8JRvDWX_0$oc#nG!JxCaT2tn1rkAs=oU?65gU&eHuGU#L +z`9()wld^P<7n~WHX3^%1NXXeI!B5~Ut}2u{qZi$!v$dQvPM4v+z}d#JoULX#8D~ra +zXGRuY5~rOJ2|4>GIcIV9d%I?czT%Ddi^E)CrQXCn1WyE3R2VK0PEuljb;> +z=`K1NRJw#;)s;P)#qr`aYa1n@FHiPPq2}p4?6~-!BYq=XaFU+6ijKSvh=4 +zI;HdPd}eT5%18O7yn1a&ouRfOI=oy?B6vR_H4b%N5FB2VOj2j0%16 +zv5sb0p=(_Vtph<&=%k}Tp;P!(tWGq4;i_PVET$rWlqDs)Q<{YOA&g)){aROwQv +zVpJ$U*l;5jy4|JFA#!XB9dx6l!GJsG@BF +zQLvcvijd<`sF-s;ncBmX29muByuype*Wggeb~0 +z107`F!~CFzv+3R6--W;VM19Ht9*6ooc*hOZ=g(Bt=Z~T+>T`-H9!-5d^wDLY3m=+H +z{77+EV@2cb_U|92e&JUu5VY;5xUH- +zq{H5%z22nV-lU!0r0w3Mt=^ggYwPWZzs8hhTG+yM +zx!NGg*O9{WD{T^bCm0KJ%lKiumdIj?hA-Nv@b7V@Qn4n5Hti|IDrghA->sNLOvhvx +zfmjx%O++q-hkBJ${MapMO47K~LfB9ULc;zIPCaye!LF>}EkNZCL8jn6ZtP&* +zqx~H!cu45AG(D`S6nvrNWmsW +z1&<0%b3*}X_ajz8o5-!;J^)C;jAUL)n~0)ll6Tkyh_i+s9;J61)F-N;8*K_ +z2ET@xT@EfQco$g}3SJ>|X-k0?Nw<_B1#c@V1+Pj53b}(=g^+@c3hoGcb4Q%Yg4d8D +z1(Q%o!Ggv7QAKFMCPfABDy_LqG@8tBAfbXbkz2v*h)KbWKr9QR?~z3X69*J*vf)s@ +zzhx8^ObNkoQUvP>eSg?Jofks)uN7V|hn-c|6@VpYF;6+8H;7LX$cR`4`pQZOS>u!Yfk +z$x*??0R@|E+WpEsubLh6e*a5N(vS%*0WTE3N|S!xTdrw2UpV`LP7;?BDaDE +z5tD)$fr2een~0)m)kmkbIw?xz9!#&uv?F`%nEM*l?p4^skDOU5VU#Ak0ChS3P>bc!GV^E)zCa6 +z9%y`fv7wExn(6V?dK2H&_JYl<5b%w(@f9rCEW24LHEUMW6q4=8%}SYhvob8372(vZ +z?x*N#R*aRJm9o^V6mzqh$rZ{d1ezvWQK9;Qv4&V$ +zMifdSQKA1A28605fhX^O4>Sq$PzRP27d^xL +zFI80jM=C4-fS}D=zV)p)Qu#+Zz~eskO>&eRDPhVg(AeTSaJUnqj*uxWIYDW;q!xOVSJTazrG`=1h_&V%u7s;6t^#cPF +zL1PR0<+oHQ@#B?B{5gU)Z}}L4)4L=Ri7jaA*j4WFQVZIum?A6@4@M=SV+-0)f=4Aq +zJt`?*qY`2jR@@Oln1ikB$3iC#N%-j@36WCs5g-N+!L#`+E2beyG2A4RTepT^6;xLQ +z#FIX&hQb6fbp0Vu^2gf4?ZOhp(-=XbnDXX!~fR8fSM*o^#Q~9-;MMA{3qaPTF +zkd{^Z+kdg5+CN=c?QbP$^Ohq7r&l|P1irk|{WC0fV^4kDgpRi7+{A4tkJYpm7rzuKz*z%jf<9j4`+!ld!Bp%LymKd`f2jt5K(={p?~%I@-sU +z{4;fZ+Db!=>-hzm9OREJ`3reTQ12?qq5asBd}*e%Ut6R(ds4|~=OyF(;zMi~VZW(* +zKb4*^?yGj~rz$n>Q+4mBDl_k^4NJFY9=N<)g-F<~LaeY`#dPmhF~;4hA3LUFyy@WU +zv+6DR6{Wfbk-q)s0!7eRboc(GBzM(@r~T;e4Ns*;xl0?K%AwG{r)xkCP~Px-MkX<1 +zxx`AB#EMbkWi-huXR0J|VYf4Et%WDQB{99Ot{ut$P?ET6NFD-Xd>y8|BdOF(;^K~^ +za&n0cNQu28`M+ioGnPxNbV;ljCH`sfcB;gM?Z{qT(jN)@@W9n*~UjA$K>sOoWiOJ^e{E_NI&RQ|N +z?$7NU^R*p}S6fgF$E{8XOZRreeO-1G7(5TLq=1{bebBWA%L#lF%13~So=g4|@FM`i_iXo)3%fXv2%DLM<8dAz-Wl&q +z@Bu*F)%KXJSt_BCy^1@iYxO2xQcj;Oi3&IB=@E;t*3eZpwZgo-p1lgjXR9u(WM`t> +zlJ(9PP}G6Kbkp*4UtSmw52%G}VNEd+*wlh}j4zRs=H^U>&DTitJ{cY&lpDc!vp9}V +zN{AM-p=RdbtA*&P_7JN#^$E>-ilxf9MbO-w%BYwkpk`t%?mta^HtQ)nYjvX%d(P#D +z_$npd$Oz*b)nvQ5xmrlt2FFE-JNO+X-pb;c#LR}o%(28Q4_U-USz;y`lPQ)YewKP` +zNetOFow!knw{+hk!;CQINrKWEc$8`b92X^C!|#~4p2ahXnGK1VV~JTF +zvWShc#7v43?}%`rj(J!lZAxPM0s{^A)~8$bC=3M>k1?pM49M;n>u*Dh{~oD7XN#-bBs5k} +zXZr&}%BHsyE6%3?U*WyQg`>BR08v-Dfv4Rb&L>Hh@1hLJ_@^^5zJOxf@$U5erzKC? +zm%KN5U;Uv!rMmbsLPUNd0TxUq7=Y7bfC+oWBxgY! +zYO)YxR)SIno>t4>r%azrT}RuQdyMT9)%SN7KfiDDLQLwn*el|z(daqhkaEz&(&e54 +zpSDff9O#qHPczL9sYazPPZSF#()B5hC>+$a0JqA}j;Ri~qDNc?jqqfQsuYeX8AHcN +z9?-e1DG+}cTgYwNB4c(;*OjY-;~S3FFqGxvY3Y~-lkK0)^Sikiedcy#4 +zKKcELO4}4wWm8v#U)P4C%h3af7lCCdb9DbBG>byYOEu1zF0T9#JZ-pC_DmRLC{R#`7EtlU_wJ+0#pf18aE^`0dGj)e;_wk0!KIZMg^9)Wv8zw@N_0zk_kMM +zrF9ETXb4PzDuGGkh6EK?99`9zjvy$xOIh;HfOFTVO&% +zU;f05OsDlWpwF!B$R02>?3Fv$DD@^N~*_Y0F-|r;<;FXRoG=Y;rV+1ZTpZU(P!sf51f<(C}T4+#Z_XkC384_`1Ts8KV}57HOt)^IwG>SoRg +z{*DsNK*9@cnN_AZVUV1Mzk%B#xSm+yM5GIE&K!fERY%aKV8x9&Iv;Z@7-_{Wy%RbV +z{+I?F7u-P3g|z2k`Y8*x)mk;=Qyn2Ee)Y^clq(X;fKd4G+W4Zb69;!hm-P0Z#nJuz +zo3o)ku*|Bw0hW){4V+)^V)+oskvv)EZ_XM0A-Kr0i~$#TRA+6Xie-9PHX*b8&p1AV +z{(0vWM +zd~G6~+ejC#l@H<1eIq&*uJvzKb@u53vceYYb5zfI4V8PHvE24)<<5k1ZiQJnbc?;q +zyG45MgAh|`|oei5b&U6W@w!*!&>Y5 +zyV?%ipIn5Bnt +zaqg9PC(Jm*C-HPmH9mY(dJ?*-cK!ZT=n~rMB`}6IH$9#dJ|6Man#hsUFuWa4d7iT2 +z?NbGfSq2q$<(J4KWp@LltYU>7v;CiC-uc}#ooq7K{8=_?kZSkeY$<_h2b;yQ3 +zu}U@$>X91brnX*`&CT~Kmu{%}9#u8pU;1%1-ycWN+k8{KJOtaWWr9C+jm?%1Lzmts +zdFZ1&icmg}6XpVN>JOn4?gm?$$7Zb#=vD&S&%kY +zCETsX?>jQrJjahzia=n>GaF;j#`^v}@Jvc)#|9cWKuaN9SHZvBl)^J1;FU^<`6vYI +zxFiH?55l>akw^%ZfDnrc&M!#R_8h;@c;iYTj8LU<6PdOaVrQw1r4Xf?bu?1S}$v1S|mwrWIf&4J(Yx=fnY_ +znH41nRGkyvU+G6}xVRe+) +zbB|+vIme<}^SDJTs$iYT;h1<8KxBPgU?&Wg8w9YvI*uO0`WADKV|_cvvJ?`daAcPj&*mKGCOzsI{VMTs0UdXqvS1& +zQ~^ZRHNarFK2~2IXKd>yvR-Fy1?wKh(aW;srlB>n70nnOO>s70Msyz03UQe1rPalr +zT*|_4OOJ17ySNuNGRMQ`tvsFd${S`IVm5G=%q{a96_bPL>n&|u^TnYt69|+7@%G|K#A0K`6cNmk_Xl6#Ko{R&E5!psKRGK~R=+xr%^aao}R^0jr +zTVQ1W`!Oh{O?Hsk`s;xQ7n@m&h6i!`Eyg4RJTIAvYrE7taDn%5?N+O)7|Do65*H`$ +zV0uspwG*Ao9buH2WTFpIz(o5^kqAuzSd92Ztk2?ce_aIcSpJ +zi%0{FAievC)`q25e~?x7Y9>9iAtPIFWGsM&9HO!GdjbuHAsI +zhj1g2AiZ+%7_$Jfig&8cfJJyRh`KLP?ccvc&Yh%>u2GPFQSf>x40XTc(xL9xGU?}) +zUYN_Jn*lWB5RIi@Gm3Qutz{QnQFgTX@MMOMgyz!gfLzk*18kHgNUt1!pfWBcqWw8l +zXR0H-sfM$r@-mgGD1fqHKx64= +zjAB+nYtq?M2nux{V3e6lzo+AREgpxAM1u6n@kb~N(mSVYy_#grM3bYhF4!@%vU!oX>hKOfGw04C4n)@$c;UwMX@y);l0*_4{aV +z4mn|6zwmU~>q3sZtGU9HVh<9P+i@{j-*EeRRM#?Kygk +zmw3qB58aPXQC$)95Hq1WrwDF9|+0sg{K)m8>q*z_rO +zy!Oa5hE1F??7bb6F1#`BYy40>#ce$KkHIAl?9OqKe--0RE*-9^prXUDB9D{5dp61C +zHEQfnTh^ntOz<${{slS^=ieB&HclqqeW+l&i#UIqIIA+UMVD1o8~2anlf(Nv9KS(4 +z^b#i%?>-)|)kU1Ydv<{(xvaCxT^-r~fj~TTL?;vP-stai5$A6crI}N*=nq`%bL$?k)R`F5>)c;_MTO#MMWnE%zzDJSe_W5+vz9Yk)vLbo +zKJ}_|2)cUJxRw*@NipxB8+}BV$RYON_Yc+IjqVSr*HDqqF3-&SQ^?_T*SK|qtiR8mBr>=O02;FhT +zUc$Lu-5=+%?j**&eL0a_TIAt8gi8aBx5Lojgc2ek=Y2kPVhNx9SHnye)-fsD$f$>P +zcAl9S=8zPA<5q(|P9NVc_``cC`))nyzg{CC2B6x|zxvl)e9Ioyc?Of4&;7`&7~Jyv +zD4`lVyKx&b&b|#jK;P}j`+{iKMs+%Y-6hZ9&)viery%d{!_N<;I*bHQT~Ns<>SsQM +zPIVMT&_&Hbo45t2L(=0b#+voQgi(*EjmL@Rz2Wp!HpwQLSVlVSp6?#d<;w62-bVRTVTLHOtVk+<){91mVBiQFG +zD=^Wi8K_B(F&x)F#!O+MTDr7_cJOlpb%fV0Y`vuoJ(%wzj^EFkyFKV1#(;BWIA3N? +zz0nQA>IP-l>K1Tu1b151b&PjV1a~`w@#D)s#D*{b2r13GPYD_@-Ju;f`qr`{gNls@ +zlg2$Sp$J@z!$9!%bcM^n_IB*b7;C7&rYejQVQBTvSbCN#NuwfF8)M7sOaADQpouUH +zaX=0S3*HB{s3CeI9D}nz|A7OxG$*&=ho=x7XxxNR3eA{e1;w%%yW?jwE{sQUMcqSE +z{$(@VPty>YYS_kYqJhQ>(E0*aa1|J@dAV^l>&?459B;$o0dz5f;%gaXLZ;SLt7OVU +z13Uvbv4Lw!zefO)e-TYH{O;*nUULuacK1g5mYs0Cx>eH1*vhi;8zdC}%1y#3ZT;NovhjxF+~v +zlRNH$+1|q$N54E09{VdEG4v-I-i!9JERB1!=PHaY5JeYB79Ka+vHvNMKNv@Sx{dmf +zC*HDzn!Ji}XyMuF15Xm60u7J|X}HW&=nliGU{Htma=nkBZgMHd9bQ0Ph=YK3Xe($P +z{GZ`GcIYo_XcMSwVuA@0O(HRcc43i=s@Gu +zpbLhnc#tPJ$P>yX(zh_D9)>Y@L12tGjOW2)L^}o`q8(_wLHKk#4}F6Qr}0otKSwS= +za<|q``lfa((NVvC&*KC+ur%uEhe%ycsj-Nj}IO`Yyq{^ZL5+Pq~RB~I`DXGy)-{fiwuforyv4SPNFaa7PC($MdRp5D7f +zJ&eAe)NhQ@KfhCq{vJx4&Zzh*GP(h7f*D}rV&41`3Pv%;Uy*IDV3Te39yGJe7Sgv6 +z2mF8)1r5pvfSTaKIYzn0dXzA_M>;JTjj0bsf{pegI?%Wsm6&nmXNl8jVWgJ1Kb!NU +zhL+A1=``FF@Hv)nq%<2uha<;0mzc-l#v4OTfuF_3wcgYx4bpf5W5?OM48oJBn_Diq +zjUZTKgObRV_Y!%7OWp^s4D$`QVttVrEroPFPEQKYqog#3LUG_J5QFI#*We3-oIePU +zXD_KL>ifEaICf$4q_yv;+&z|FdF +z|4pUyi&z@KoEBZe_@3t`hnP9zZ|=y}nKF;-U6_aPwl^;Oca@(+d3fvRI~;@p4oqQC +z%y^KDIIjNt=-5us6%NFw7dq#XPCeX8#kHA85^ok=n>^VpGLni(`xpqS#E#TnUwkH+49`x-p2Y9TquuW@ndxMP&4NgEiE=xxg39O>qen +zm*aq2yt#JbyzvNy3vBYI>=d)bv|^f=0?7N%gP-rD3Wb)~0T8OLo@UUA%T$7M!bM&mBxf;$Q$zt6Yo +zbh`VdyA#y;zyIfX=|}nG)H!wP)OK&(d#i8jVwhZZ&Kbp@EoRU3@jQ$`1X73lBxVtm +z6F!aLqlfuuG5bNyH`}kt_dRv2(_-W`rUBQJ6v-8nUb4n5vUyd@I8N8(_^BFJI^FX!WFf9&iZiln!k!5xCc0& +zSH|gUUGsUHhI@wQZzT_(yO4TwPI8yHD>+w%@471A@VPPT0KZ%rG{0zJ&bd#i`LyN; +zpWhpG{{O%H{NRe=jqd3?hPj@;oE!;znx)v*=Lb4GMIA7=K0ny{{D9@h|Gno2Jx^%# +zvE}$&cWmiSj)spdpX-btyf4Fg*RQj-K0k2FqeeZu2(Qu>szv!-60r68!LxnWu!_*L +z04)r}RmPQ~zm8u{@-m5ApC7E(;Mw~8fMxsE=Lai!4|sTM$`Jz_efS@8oICvYAV}e!#F>;GRJ6+?M+l +zTc00neST1Hy}?3b>+=H^r~aO1qJ3vupC4>}e!yyc>+=J*7GLdFM9H66^uQ*3{pW7= +z`-c`=pC9-~5nG=h{DJ2O#~jn>74@*A-HN&wITEg@|Nr{@K<~fb`uzpJ$?11~e_;<^ +z>D9<Z`SwQGuFFho7;(Prjc(LESHX-eg*4Bk=e)V +zn)i3Q4KMzpJkt$Mn!iBhL_fsz+r#GvcKz32<#t;vEkHqNQKVWYKNYS9`JLp@!_yd+S!YO8PxLE{E?ax3|vqR>Hk?wa%dmS?OKZb&dCF +zQRwYCzhiHm24d9SI*G~l*463#?pA)tXxhzp;f!2U$2& +zWr;h-`F1ZEK`{!c#q2}f7a*J!li!sd{z1jS4RNu(|IxPM=_0Vp;`}yjol_PUgjCm +z*so@K-`aNgk~{r`3t8?8_up^j>vNHOD@>ChiD|F>UqEM +zD{k!CTA^bh+gy8qg*K=8Ql6^s+a_vbDb1pR$9SFy!acXrCoT8R9|r#9SmV=|0W)>m +z^4+G(8b!$4X~DX24Aw|-e?}4ElUGzJoG6_%e}T%3K2fe%s04Pm`j8eo#B7gLQXH3V +zd!%Ydv-rCDchK@>H!`@hY&Cy`N0<^RMoCOrS17-QjuhS=8FP#XZ;zaafpb;HAK@1N +zL!ID$agjjeFc8Q$zQ@$LbzSW?#?n=z!hz&R1=9GgU!eSys@#E6XHZ=1_X+tmKpxJz +zFMF|`aJ6OYGiH80p}$y9l({h7dSbf!)2%0}_2>Vm>xpM(4`ImbD~PGEvFiypUHo?k +z{a4%ODsZ=+@CTuK>j^)>>>I*b9Qf(%))O_Z0TSJ7cirTcAj@1Kk-hrfr~3vYD;T$) +z@Po|#28Pd9_w|ABPV>lS`qj9z6aE_hY%%*%cM0P+$n(Bl(!yib^^5I<5C10f6AKY%ztECu9%FD2)CO%DhE +z9VK^7vq}l`7Nj}&m-_J?HrI{r^}UQjE&3US&0L~iPS3ONUfNe5{JD97|EbXh{&jN; +z+|_r~?^g|)_Z*9doOw;#<;?5Tu9^Nx4Y!Rep07A73ciCgcXl`aYL_zC4J>DLp-Y-O +zyE}??)40-8jj5iCKm7JId&8-{?96Ys_6K$v&94#sPX*Z*?ictMCoZt>R`2W<4)f~P +zICGz<{vc)U0u63o@P)2;HViab*W4YG_Et2z*qcAx_H(^?!d`o3Kb7itrTe8pxV}-{ +z5KdBk$hz2Jb`9_+k-0v7Au!VgA#bCxN7prT@VnZ%G;=!tcD|?`o%S9&dsUu)GUcD( +zx_WGgI;5?42dJ3iztrL5e^hbnE=hDfq>GZ^G00z|@SExWl@RW_C48*#HM9BWj|TZ} +zxM}KXHO$;}o2w(scD*M@?-$Z>piCD2wI_b3eS+hFzSe7Bo#i?V2V6Yx^Wa=W*lul2 +zdW`Dkx$V@RS5)ICdC{_}VI0GKA^!K5cOAQ_lI><-x_zS*Qs6S4;Q4L!t?!d +zGP;9YEt$H`N-vvmFMM#llS5i~nD|jVbGgZG$s6vPsDjpAF@B+cAMyYB_staXGMPrM +zG0!;2tuYJ9(eN76^;Gm;8Q1*w?Vzpin_-%CVBChsW)F>PKc?fnZ)WTLT8=}^dA{iq +z{sy(XinUqJ3Mb*M5;bh(sOV2-}0Cxb#rVjnb|6YiSI7BOG))tl{r?{=4;ltxktpCTzW5%MyI+ +z{aU*@p5rb+w%)JpTdM=_*88UR+_E2pq +zZ^WYObDTH-{6V*oPI1ZMpU%~dH|Jvh0^d>gRK<3k`o{{HE0ysRGa +z%f{6P{&|JFO!h%JPwr8}!-{R*Ei1uVy=v3f&HvB?6}fxMDx%J#rK@RL9=7;>Idz++ +zs>AUwqcDqKw}$-NwuoQp#P7$4f3r6mh#DXNYPQK({M00*j@ZKZQ+@nABpO`zP^d0` +zdzJOPTNX#+uW|8bQylRto%ox{NqFmI)SHbPZ2#0q{B)>`|Bfwd{|$=3y^@L7Ck5Nz +zKSH9j=SJdR=;D9TZ*TR71^cnl74j8-;7~`oaL>9P<_~T>Yy7OsiyiVd*8Ll_o_#|7 +z$mEUAu)n=XQ!^tcu7zf$%Q4??42-&cXs-(Ouc5VHiR3L*;Zmy=*t1XYZ?M$6V#A~a +z%_1t158R}f$RFm%|HSHizYER3YZ1#b4A#z&>zGN7tL5HRZrIhRC|63vL`gKnbO-P1 +zuz0RCwkRtL_@{#W5spfUxXN)RF|Iyxn&?9hb_<=Id-1As)dM-~D#K-%t)xIyi%Ckb +z|5fj!oVTK*Yg~H=zx#28EjnMhQ;MChxaFxs99vj*_+r%8oxz-yJ7}+Vkv8H@jkOqB +z_52ov-+uy(lgjJN#V)inBM)s{^ +zzs=)*IKv;3TtNN}iB`Tl1i3@fLKmWYQ_R`{-i_wtUFs_D-0I&0=?nW&ksVs>z3h-zjReTlH7aslAUpLv9kC_@n?(KQ+)jEm3w~uGgh4V +z<)U8vheYBJoN*f)f2|^D@Qj;1IWS)45+l3WwW6 +zNp+`cSA@OjX#o{WbFRY|=^b45$Z6im@$#-c-W_woFQQfR5dTD%-EEq3k)RuP0>AIrE@wVpNYo)IYL9_ViEJ6z*(vz(D)vEbU@KlKZ>bLZ +zJ0Um6z7#O~xvK4R7C76@uZ}wLNnT&s2Y`jQWkrRkOJ<~vFRhv~E^SJ2N!qlD#U({)Ra2&w7nGG1PnnQb +zFePnBnetKk)Pj<#qPqMQ1>=i`7EC*~YW(=3^4!wmDV0U#Y14`;C#Fp)nov+#JhdpT +z5WoD=sXlqC#o^O?bQ{yHOFF(wiqa<+6qZ)_>bcD03kt*DUHteTTvb^xwqy&6@rC`4 +ze@{DW$whOUy`BEVq#r*xyKDdUa*?(DHvCke{~YDPsW|qNW#avG>Z_x+t*6i5(HpF8 +z7GIySo7dl!Ab$o=O7*!dLH^nUyxtveL!o-*uWvvfYL`5Js_7465w%SyrJnyRc17y5 +z566X;p(ge8`Glf8lM(^RG93qVjX^NS=SW=|7@n+|pP`rG{guGfF5k9vK3 +zk9ztn(;v$`J);8RbZ)zl|F!I?VV{0!~v^@-YV^)6n& +ziTv^AZ`z*8^H-bx5c0>1Z~4AHzs7$&{mT8keiaMBc;jc`{$8K4eS-YDd&lRJ9pdND +z=<4;>awfPe?w^cqK524-_N_V6>l3YiYE8c+!SSv7XrDhl!TEi8Z?C_M`o-(N+<{(i +zr*SVt!VfJpeSuG_rwJYSR}uFLCDAIG;aJ{Q0I&)PBoPOJ4qZ(B1d;P^AUjE$kygpHU>t}g= +zqWJRXd3~bzmS5`iiQ+4}((4n&7h3G~Hz$}M%dhwPs}juL-Tk- +zxalSCQd;)9{U;lqS8+D_AC?p +zCmfH7vg?RlvqsqIkg>kFVSgH$Ys^m9Z|)N=cfbPIUMlxy>}n@@f4Yu~u^V_%Q(4OH +zMfofBcDkNRWcLGhW#!&Z*L8{P_Ql8a>E2G)cZuxui;!tEy`5d>)f*>@uLQffW~b}D +z7=KaqU4&ig9Pck|794l-_ZW5?W;bm2F?O|$u-l1tTxE8;9*l`Es-3%FmvyNxSJ#D! +z>_%fZ_YQAo>zlakG7Gzvjj+25yA6%7djq?SI~y){6Lu5LPS=ky^@!?^cJzJq0}Z$H +zAnYbK!mbj#+(y`4i`^Qt)AeOcd{O=J6uR0+tUt^w-gx;EyAF?fyR@KP@5p@HojH+Z +zcHw)B@%$ZyUD%(lKiwxhf1~0XCx0*ca&;XVV>jshZ8d}2k$4ey%ii;LwjPa)mneVt +zV^^yu27Ho@t9P;6`-6u4HRWKQtGxyd`0I$>T(e6S-!SY}e$ueNv#{G>cFFwd+?Mfq +z!~R~xZlc*G^Y;UGHD5IBZ(q(eYs~H=j+rt27BxTmV3+lk_m|AB1iNK=O9`K3c8jn} +z{m$Fjb#G)GSQr{Fk72j?S8vze(<OkFl#UJ6#96Pk5Y0)ng|Pwi~v0;ceFSaEx8l +z`0JvBa%*pwZ2XPJu16#6W?@&>2)nzmTh<7>H?XU1gxx0W_TJCe!>*s>wsSkK-7*gH +zc25S!fi;u*V-R+0+Ba-hiCy)<-p;P8(WGa`*QM|KF8bH^=aIC^ucbS*%g?(c*mgf3G?#-G_G>yJU$ExW1V_$skmX?Dr_ +z<67)KzuEgs7T;6Y)tcQ=HeBM3zb~=dV0Ov+ZTA+Ok8bnj>bgGB_&W-_hwt=uy1q|j +zHx9enzj-@d=O?ne2)pSIdplk4C$hU={{HUmlGWo~>_$E2?UL1_DQnl7mEJB{Jvw5y +zYL&N3R*zxW<-g?ZlGWoZ`Fq*hX^oetzBgl+`%iDD`xx=;{(5Ul=o(ffx4_++gnG?} +zS0GP^2Q~?%S3u4wy-MIV@MP2P2it@~>9617IoH?=?oYlHLfP#GW%tdE-tJZ?yF$ndRnkv_vde?AI~>a2 +zmp7z@eue#^?3+UNnx}85@%G=s6zrdcvcCw*zBB9wcY#abyGv6-e<9yLpycb|3CQQ0 +zd@7uP+{ffLa3=CO+)q-uU5sn5^YZn^5m4<`d#z8u-*`Gam;4i<>Qw+0XD_HYH(ulI +z{|YBzw+zbe1}M9kP<)yo+Yid_hpWBa +z{ZQ?5I#l}%f@+VJa4+(OOn!&^Y$K7MfYM(JCnKL{@+t6q&4sp!~gdh39R?MaEw6G4geS^8ef-Z+A0% +zl=KUr(l=l3{XS%zYdi%izF|;yJ)z>;4=TQ&F7xp{4;9~HsQBh`|59t^#OYaSTM&BJOzOOm3?2Mm(LY6vvyllM5I0vfy +z61Wkb2vv{vmcFy4|GL1Z{{zZ?8I=7MmcA`~i2D9=kuUcFD7zEk!=z_f`ls`Kdt7BK +zfe)ZBgo-yCsy*96wO>=H{{H#Gl+aT69Xy}o)jBu}z6=%btx$Gnz(>fJ1J&-Gxv#8t +zJOC=5XXkoeYb-PNHFkn(zk{IS`Nsvm{ceY9zZ;FyjQye7;g>lnp%s+-6}%t54i(Q5 +zsQO(B<*yW~en&&quPv0_?ojn>0ad?dQ1x3k+t=?&D7&km>Q@9+zvpN9`b~zaUq|CU +zQ1wWKDt7~uPUYSRH6G?c)#p6pNMn1b`fLXuq@2&sO9}lQJ_}X;?NH?(2Gy?nL6!T$ +zxt>?RzoNegs@$`o$}NWKr{kggbb$9^x2f9K<8ml})lmNSH~xH%mp?WxfcKK`JeY$2 +zeJuTlvr|I%kp3oA`Vgr0+1|KjrkC%AitlD9yLnLYO@WH9A5?rTq2l}eET3=9nLduY +zjbn}7jqQwYo#E{+hpJDO$$J=^K+WHO&+vBl8J9w(Uk=r87eK{#G*o{b2-RQv8NZ+I +z<$po7*JDuqb~{u(rdj$amVTV2?`r8Arg{5MpzMdkJE-pfsB*W3@_YN#l+c}|FN8|( +z2Gy>gRe3%Jm!ba~l>Snv_BvZdy^LR$dwHet3gdZD?Kc%Fo?W5Z@0Zhkdwpko)_4_EyA6QLDYqBA4ITg$ +z_ZMZpejh;jdmO5M7sLCoI~~ey98~?rK-F&)RQ-;Gs^4xoCYQPwNBVuEhQP1fTv0Y>NCh*b4m|_$~Hl +zK(*)LQ0@Qoc<=w;Q0?{<{2sd+_#M0o%DxJ!{fEO}NbdpFo`*v9`$6zh%4q{HgH53N +z{p})ecMtrLd}l$G+uPDNj!Ox3COsFnB>e!WerO5R56z(ZVR@l%$Frc?X#i9^zB|_Q +zN~rXHCcj(Y(=UNKuAC1wo~FSR>N6PjqugDg+HpI`BbwG5^L;zM3j32j6>9#R0@eQ` +zjE5Ru8sqi%L+S4}o@YEBD$XuY?b`~f+^0|V|$ +zKb?{i+5o?Ts>f?k{qhi0dtU-&UkKGtnNaP$d9+V|&v*$`yT5d@Z?_dtaTXX`8ecle +zr(bV8!FV)Odv=0~;u&S3#9O1OAAd3im=@m*>a( +zhfw2vHPm>Y3sp`jR5=rky^PJFjyoHNdag6RV_XPz+$n^b7a36X+t&EV30|&*(ziAF +z?OdOJuW_QWm+{vje%yWy_oRJ4f;#S8Xz6D_jpqu;qk-1_;2YHU2&i`a=6K)k4?)Fq +z9aMkMg8#xUAN~`LgtG4n)$V)1cS+wc*tg?4xRmry;XKNDA6^Lm0oC72pxS#1TtmL2 +zp!$0oOMi5bAOES4y$$If4fOr+HdH^Xg6fAdsCGOGs-1R#iu>B*JV!vKZ)ftg1AO`r +zsN+s=sBzRCsy;hI&HvY!%sTEo1KBdy`cbHMycBBwcZ2Hx)=>Swr*R!h$qS(Ll_pO% +z9&6kMD$XA$Ozry)RJpVHN99&Q_0tr{qsG?xkSytk!MEVfQ0@0gUw_jpIro5Ej_PdeJy|3AHa`HvZIhZ-+6 +zQ02~rDz_6eov_KA2`yld#1vj@HYXf~)sy${wwciM+di5|iff`pIclYVfK=sQL +z@O1j)5m*kdH+{9~&xCAEZ(Rx5Z`68}>5njdS2&6E!(a*A)$~7f^ZvhqlS%&^PJu5% +z#dVMAZ-=F%-w4ZK8dSUg1*+Y5H2%A*Z}*p>(pSP8sn6~38h8m@1gqeS@MQQj><@Jw +z*d3mN|LvjfV>W?wd9Mv!=ojMo9*#l(CCrEKK-u393*l{0`EG>Dw-_ql<**3-MQ}Vk +z6Uu%V91QzIB%bD-?Y +z;PIq)fwF($aBu%Gl>IeO{XQ4Uz8sDty&IJM>chPK3Ml&;sPVA?%Ki*^D(QWo>}%8g +zIQ@rl9@Ko91vO4)LXDFG)Au(0(NOcLJJfvI-Sppg^!{Fk^7934>j$J;^8%hE=8?Y5Jj1^L-%He81yhKmM+P8fS}) +zg;3*fn91$nV*J0?Atkf}<8>^QysybM?Y(>wl>WVgyu27n-q+;U5A^axsN+z7;~r4) +zr$Y7L4p9B~X*+NCw6O-t?i#56Sp?NTr<*?4cqo+JK~U}A2CDrx9pL@FV|)FvDEsZ8>{FoHjLD}yK)qgFZ`tR>;{Q2-gsPn)y +z<2d6mV;^G|V>{#S#-_#}_Va#jfokt7q1yWr<5;Nn&NF!cY=&JgsQ7w7wQnX=`~JoB +z+nPQE)tTHBWzSW$Ps9)=BUd>~4dap9N5M +z{oz2;)8X03ZQ=FEKeY6A_dwY#g0edUo`pOGUWJ?uA0e +zy?pgKG64d$c1lWY@o#UXc@0!Ej=zrV8uP1(ioO*kG168kgp!73g8{*F~ +zc7-~>?hUoxUbDNuo>~RfUQfWkkZ%T5zN6ux@Gv+4zk5O1y}O&A*Q;S4^sAu8&0|pG +z<|>$mJQyl}FR1(nLFHe!tIz*FRQ@-i#?uQ>vrOPEczm-@v%E>jr>^ilu$c3435N4f9T?cE?(&3g<5}fgj#>Jg0jDF +zNAGVbyiV<5ay8U=Erc4c2fz(*H>mdC38s>N{SGOi8qya*#WfvHfJIRKeu=v0;SGt{_Q4>fLHf-2`msB$iWD(8Hta?XY-=LD#7`a;c@o>24U +zV5oBTgk#~3P~~h3HLic#){pCVpvqYaHLos$npYRV&CIK6sB#KTe*o0Hdbg>cM+ZTj +z*Y<)sucaD4+Qy&P-hfJf2I{>05c~%J*Filmd83I>e;TeO{Z6R#4=GgkufvZ>|2tIr +z*CC(&KD>qW`%S(DsvplVc@k86XPKM{)h^qa{4-mdr`%yC4>s;^y!Susv8J7;LACd>Q0LzilUHmC +zxpu69YL}@{{!W1^cZBg!Vi6xT%KP_^-rrMD +z{#F<-GY%`|rHnqfqJRLzR1s$s4~7xp8zERD35v+3gQy +z_uhIhFM%3gnNW7WeB;xffU=uua!;snxB6>uw;0M_K9t?QCa?L*kH;FQ@wmWvhH-*% +zm@(UUn6Z_yneoRjy`K+_uNWUQ-fq0oc)qdBc#82jV|QaaMJ9r<*(ieu+E~s@y%`r^q{+{Kn_(fkb`|N`Di)5qTcG +z2A0A_a5#Js9tod@?VHZlA@V&?`R72*r(!65)kp68ed#Ad={rNsk9R%{g|357K&4*| +zbzIGcSHkv|zWD<`{%?aXlfD4Tz6ff(?+l-X-`D!|7od)}mqWEfwQ;iXBx8SL7h^l) +z?#8CZAKv$V?tq-q(rp#0B-@00&TlMjJikiYq-*WU*< +z4(CJpKmHBx|41nR`$74C@AXjVQ0!iVT7SF%Td;0<5Z<8tP~{cEbmR^uuY1jpTY-V_ys9_bs>!exHI%NWWUd?sRwvayOHIS?%Y+X;6MgLis%c%I~kQ +zghB^m|234~&*0AZeGOht`fX5t&w=fc`ucF@(D&B2ibNqh&LMZeU=}$uW +zy#~I9oNw|0Q1ke;=l%S9+<2GqYU3PZg)!ea*m#7oy>WMAit+2`y#IHMtBemAZ#3Sr +ziuNV$#ZcEbmqX3xi{Nk6>rB&+hC2QahMKSajQc>%*BwpX^eo?LM*bPf&pU7t?eGd* +z2%m(Se`i8HKN}0>?_^_!aT}=deZ(`~Usou9dqVl!5nc>`d)m*pJD~hs3gz!Y;~3-N +zQ2s_f<^2tX^4A&4Uwe2FYy~yHo_*5$y9dhOZN{^VgP{DC{=@q_4a(m@D1XPmYSjmfj2*7YSO7a5N*e))I5 +z&V3DP{qiteLOacaTJKJRnm;E(jlcb&{Otf$ZWH614|{nYTulB__&NE8L-{)h%3m|6 +z^VLred4G>X`MVX$-%?|x@gTUE{5wIdkG^}*`+E|~-z`w{=W?j{MnTyh4R0pB9aQ;0 +zKH%-&gqj~WL)l#jwSFptvdf0@djQnM5DwsY +zdo4C^e+({!*F%*v70NyrD!zT;ugH(y8w&L&zI&kJ +zyB&7N&r+!M(0tQRf(x)a70T{J_!)LXpvK*irr!&y9vklQ`~<2VtDx#}8&o|O!5riY +zsJKQ$)gu?G9zCGy(Ggw@cY!MB)4RR>N~riQf~v=%urKlL2NmBwuq%FAK&`tr-sSc0 +z!1>s{3}yEm`~bVhp~m~2roRBH9utkjq3Y2Csvdhm)uSowhy2lah~49?PKW +zaV@+Eo()yb2&j5zK*hJ|4quN8q5Pf;wJtvc>Ueu3JcqasgNplLcoY8HK+U`6rhor- +zANT#n8=&Hz1r_&5sP*JPxFi0$LB)FjRJ_gMA=qtR=FfW{K>5EHs-4e-iaQ5tz4`oY +zKHevw;(Y`v-ZSA${7-?3w-{cF|1nVWf1v5xK(+G^w|ag674K6}@m>WxU_T%3fWN6w +z@fJeGI}j?~W8m4aEtLOnZn5zV74KZAb?lB%?VAD>@2@xecprsl;{P6~cyEVS;D0I9 +zacI8j$3Vr~#n=`q-lkCTzIhY*v3~(J!{38Y@!kX#?|i6u&w*#b0x187L$&Y58-2X1 +zpw`F7LB*R574H#H?Yr@YQ0M~ue+?DyTKE$F--kLLzF_*LQ1Mn83!vid0~POH@Codj +z!|n0+Q;m=JBdB;^fQt8VI2Yak<-Zgv-Xo#fw;9yB`@*F*exVz`(2ZX>8~=wvH-6zW +z_-_MsTyAdq_pkTy-fz4CD&AR8@s5OAuMdRV;jbHX;}tEaU0MQ;h?SJ&gY(h&IIW597VY +zYmM`aM;i|{?rq%G_}$gs&n3pQjK#(g#@@z_oFw;Wyqp77eu?o!V?X1r#?4oGyDyDz +z8J{tBh6`xNUEyK)`}oRG=vcTC&L{nTsD8N#s$b57X)qUFg1!&j%>DJC67 +z2vol1umkqTK*ih9xQ}r=ZA>?|G(JAd+b@M1$#)Ul1WQdGXlw^Bq+a?`-(2|q`F@=J6>1*N +zfpbVd18%0NE1<^B0H|@+1S+m?&huPkEHVx?{(P?2zX=u3Q&92TX7X9a;johOGGRGP +zg&OxCR{MGQ5G*78PN;ZphKlD5n1)?vsCd$hPoLxED~;zHI~bcm#q;CYKAtsD^4-Qc +z@Knkh3rE9jsCagRN5ju&hC(Ni{w~~1JpY7>=T4}2#=>7=XX96A`FV63)VR-wr;z^` +zlUqWK+h5M~`Zr)c^50Cp7*-%pHaQ1s{I)l_3Dms$;0&MtF*pzT8k46&jpN}aXF$!X +zlo_-W3v~)=0y*vdC?iFo*m(~u$AfmGtIa67f|E(71)vd +z&sh4c@E7DIuqpn=LbX!{lwEtMbl!zKJwTiUT1RKIKk)ef7=SwF#bQ2M9gf$(7wyT3u%-36P%YfS&|(|!LvZ+ysj +zGu%XbRKbmuTMU)|1h_xx8Bp!q8n%HuLfOAl=KJRrDEo(?`sYe0`}3jfvf#z|-5bt^ +zJHc5{n}sfbKbCU-z-}>=|JlZJ;}|GE8Bp=HgDP()sQA`R@#U?7%KtQ!{gqJT=Rzp^ +za;W%DfQs*ED7%f5dAA3CUx%geSvUng3Qvd2rN=H0%72zI-PjV!&$<#H-}_MIJqs1z +ztx)A%4wb(e%KikX`1(TGr$fcJ6O{cglf2!7a4d0L3{QmT!BKE3JQ+@cOojBXPxHs0 +zd*Bk}2~fwMekQktI6FChq`s-u`t0al>z66UOxy +zFa<8L^h+)MLQ6lw(lagn5KDi1y!Z1el%MCJ{G0~WP9u%)7J2zO<9K79v8nOfao%pK +zvCybZ+w%8Sq389+`NmY^f5v+K65|ENqo9s=KNWcWN5+Z9;l}Usz5adURZ#gtCVw@? +z>;G=N)i}_&uW<+CJ*Rs6YoNx<*-*!~QO3RDVe~^YsPU5mx8XSO#wlFyl70<53tj>@ +zbN-qOWp^q}!%s(eF8Van?_>IJMtl7Yunl$>8#^1D8oxc+>#sDP4>w^y9&UtLMr}e; +zoa;~W<*$WJi1RTxk@WN7csLCz&N8St`$5IIJDh~RndwtZ|K^EaKMyL-sm4~uFGu?vwNUyGq4WCcCXJInae3H~^9He5n_ceoe%_cZz2 +zT{^Q`8_#Fk$f$8vE +z*bb`wT0^zpF9Ur0Er;?u+gJ|erzI>R-!8Biew5?K`I}IFRzvx@6{;Ujf%4PI*apha +zv;9M%A>@A)=D~$f<8T&~pP5j8@}T^rLiJ~EKkx5Aag#7ow-Qf99<6|0> +zzcMI){h<6chw^t#A3rWmgX+ISpvFb2$?JOiaq&Eq{uVeA{d|+hL-luGlhdI3dpnaq +zIM(;~N~rwTK=t>zCXa^d@2|3az1}uH3stWwsD3Mk>bFxY{Qy{vydOLd?gnRI|MD^3 +z&!fg=P=0cu`mGOCzxA;64M&GUry+k2OW@~l8umBAHgKVFCX}B8q55qfsD9ho(qHPu +zdkT?P!4Yr;WGR~d<5AwvhsIZ+{7i%DuSrn-HOA80z}=Bs!ad;wNBaJm1=W6ip!(+! +zledMMw;vzj^^ZgK&n+fbL-o%XlaGMvpEQ#<_VoSpHe7=L2cY`r8k46&^-uR6{yEDB +z-9w?a$d^IQ!&9N!X&@xz^utYV3Ogci=;rlz!~Mv2Bh)y&5FUd5B={@r58LAJ5V#*~ +z4!e;4ZPySPxSoTuI|Qa7w}qP-*Day^{e*EE`X`|5?t$`mDU`ob*opL`q3YRGdi>OO +z_VVj+Dd{i6BRCE}3u)Tc-J$CD6`93BT1RYx1|5-tH6Qqfq%5nmo%m +z-O^8m8_^Ghs>dOgz8Bnt{8NU{|1Ol>b5M56jAc;u&4a3M7f2P;4~Hsu52$=ipz6UKLM&8e>sfz_#>}}n`!U0Q1(wl`B?~MHxsJ-e5mq|h7^^) +zGgNzjlJ0pkY>mHfX+*{K9#lJCY4RlFD5!dOhw|GJ%J0TQeLsE<+u-LZmEF|x}C4ri%|7?7VZmgfr@VqR9qz{_lJsWd&tml{qq4l_k*87ref>+ +zpyC~DJi_?%{yzO<k0*;l|$ +zq)&jG84o8ym2`(oojV-Mqj +z#$BP>{hPn|_I?|xy|0Aor}K?j#&ly#<2R|^?iHwZdJL-FmYRGV>_xmsL$$|8E%@CL +zl2`B3dM+PHZa-yV+{XBhj#W7K|7?Y4PmpYKbkcCUqM_t&8OE;D@*{1yBCjSubQ +z+pz$u9lM#lhjD##?l+UJcQUKJ?}2@h`|il|LfW+l)O|Gl?t;qc2)BW)Ouu0V?$f9} +zjjtF_fb!b`wnyK_xVf2^Z-EEne=(H*%c1;V1b?GmXPSN#JOKTx+xvF^ALE(EiBSDH +z9G*t}dVjX&Q7fo^eRDgX??`WLE#`w+VVvk4K^A&x25L-U2m$ +z^s~p(&w4OBmV0Oj`~sPQoys{dzL`l;{` +z(g#BI@1DjFns|98RR7V|uHCmW`I8ji?@vJKZ-VOIIVSTg&&?;EMT92OAFN?R#gOUf +z_A{-3EBVU)1MqL~Zul#_1^yde2cLsi!6V=$CeMS%BcBUb!!u2;fQykQn_L8!B9Ae7 +zB)k>*1d|6qJY!+ +zP&XYC>u7N;av8i7S^N^2w$b}lMvLo^^C2;h7S|(>f~O;kKO*Ns>N;Bd2{{K&LKeS6 +z&VsbTXz_dG9TZ;?B|A;{ua$Z2pmviLRf-tc5(@f+k+cm%Te8FDko +z@lro^5c(7usJ};xpChZBy_$q}=>YeEX>boHf4f8Z*&8Z#w=r+F=VXe_~Y^$YmC*#d}Ed|%@{J)?r8aqHO6XVzA?*~W(*l?87QuN +zV~w%em~YH7rWr%VS{lgZH`W-djrqnbW12B!tmU}n@*8W6)y8~dmNCs3GS+hZa`}xl +z#%g1}G0T`{3>j-VPPzQX8e_FF-#xx^v`O*({>)TMxc%^WUptG0trA~bcGQFH{@=_))>*3H!lh2#% +zPxtwENcVF1_hNrBIsE&t4|lZuH+%b$rVsx<>#}hEJG{Qo?8Co5y4K327M>W*H2X&;|IBb=Y(ge%YTA7uJ0(?7eN*QeTeDK>qo>36jJWftH59Jl2! +zgNp@y#+sZ)JLz*WC-fF6X`%4%haP!??2#*^<-{}4^xb^^Ur3W)iz|IbFfZFQN#lph +zz5Z&_q^~`IKlp4QS^D)X8uWRN|D_NAUb)so(r+;RJc}p%d*2I=LEp4GH0pMrf0un_ +zUmZ%b^48E_uD$6eeI7sB+vl5oRx5Ac!R+-LD6(J8$yT4w`g{E-)6b<}q))xj>vzfV +z`driBYxp))0dfk#<4!XUIMI7%Wb{?)!d}k=eNFIztHk8rQcNk`n#Mu +zoSm`gF7UWtsms&Hr*PcJ#R-3;U+kp)&KoC)e-l +z-__=?zxB^5lRpo~&tg%Zsph|j`QOXxpKJcV&hq{zn*UPszta4DWAz_p`4?JztF8Wr +zS^njg|6Z$qhS^_k@og}FUBdlu?fam`muvPTExt1I-#^>OS8e`RS$ylw-@3NwY0qk# +zzxP>xH~{|7PP`>mPk~%JTjfoBaZ_-`nDO(ew*VKiJAoHT{7W-(1t*YWilT +zFR}c~O#hYn?_l~lmcPdI+jHN>&0o`ZJlxkWA3J?=4l~(~e=|*AX8J{@FEjnirmr@A +zt?8>xKd`qiugu!#%Wb{?>YIIeH<^CA>HBQw^;x%h{YKMQoBmqUhwkwDW2`?`S^ZYp +z@utk`w~y&pn|_Jurv=D))H=bQii +zEdIHc|8dJ-W5<`NreAFOy{vv2c6@o+^vg_NYWkIb_2m~?{Z?A}pIZ47t^7VVzaF;y +zpIH8~RX+b@t6#O*?_%-g+WDXj>kp0p)EVCXJkCc>e$>mocJlIiJ0GrV;^i94zsAnr +zD@|@*>GidC{P-K^Ir+=CC0~P`h&?Yea0Kx^W#X?Ytn~*zkFNM=i7R$ +ziTO_(l;RwoOn=K>*LnJM=?_4OTY?X&V=FISly{=N8VIX?gL9^T&oD?e?bm&;5}ZRh0`R^RaNU3WA&{QJ_c +zTYb`O{rsBcuRYS2zX$W7MGEV)wcejnB`;s+wP&XXDj-V{ebew~~jp`sjv`;tT&i_I#7W +zzlZ&el^6c~?^8_<|K9egR(@`0c?*T^G=2E@#9Nvi{{8NEkEBhu;d;Z4hi@L?<;5oN +zbd;Cpnmpa?kFw)Wf0O%|yobphO}^daE+!vg{vI=bNB8pn?=kuBCfAt!fZ6Y7`Mc=+ +zL%h$M{yfwFVDcQx|Eb9-X1~VdrlwCdf3r;A#NT$91bpiV}X|ekEvSa086JzBx##6NaHf>|&R|Ed~1?2bJ#M+NNDOP@v>y&8! +z%X-Gj6UN8NZ!(Xf?b|kum46JhM_UeP(e?*Th?OthHCA3TCRTp5L#%x5s95>yy<_E0 +ze~Fdbo*FB^8Yq8#`&j+Qfp}-`9IO8*(0*?XiPdZ0XLNn{**{j^VOXrZYL{4f&gfYA +z!UJOEPMmL|{r?Zg^=SFK6Jq6axk((YpV2l}-u1v(`ImtG(t!Q6fPJUH{CGNG|4_jG +zu7G`qz<4@pzu0(k0`V*kwEv_)`+UoJEG3i`3V+7B`4EvuxOgJ+1p)n)0sUP8{ZE1R +zKQd6?ubh3T?sHUNe(fEYU$>8ot?#da_UIFsUq=MSqn@{>)Ro3>&W?|jwLc(Qf3>sE +zs>^Ywo39c1KY{vdUsH7cPJ!`u^`uz+oq_RJ7&sml1?tmgkJ$Xj<;Tk31?GSA6Jzzg +z_KB4*3C#aRf%$*$X|eVl0{#!%D^~x{KzpBXa;*N1!14XJ!Lj;5f%*Sc;COd>VXS@s +zK>xosC|18;i&*))!13bIz@8LlEwhs6^>G;_4rU%;hSk}$a@w^pi-)VvN?H1^-$$|DAc}lFmPXg`x +zLZE&3FNn1t8ff2l0`2=!pnZ=FjE|B)`wk4uw+jR9dw-yPrv=)#O<=r?547)tf%d&Q +z(7sm%+BZ9J{JJgBzDok_`&giT9}Bc^i@@>fKRd>@=j~l%<*Wg*^7t;X@~wgM$;A_6 +z^<4w!|1$%}r_SAC?I#DydoNI4dSJb^Dp1~>Kza8C%9|f3Z%Lp$?bD1N-{%L)Yf>Dm +ze>hOy^MUfp-TEnV{6A-`@<-&^yT{6lb7SS}^J3+il32O5n=cW6j}490f9Tdj5&iY4 +zvHH7c2kO%^P@iK0_30d_PgS5k+7B1qK79lAIV(_~;eq;` +z5U9_of%?o1)MwHNl^6N^%blMi@*9Eip#AdE_Vc^M%ButOVdud3)JBTv{FevD%Y%XO +z**q{lhXmreJ1{;o0_Cj^l=oqvyhnz|#*-PS|IhAt7a0$`y7hQOzPLd7Bl4H-_!W@{ +z1p0S%pno@xjLqLX(4Rkyi`DlG^k-q9KhJXQ6Dj{$*M1TC7}sAB`3%=z5xLB@Uqo)@ +z+Akt+=lUliZw&ZNhgr|KouF>jVDp4b0!F +zK!5%mn9tfT7~Q`w1p2dg;P^9eRIL4Hf&SdVt)C<9aciJIR|ooYFE>6yb)Odl=jSFa +zo;r1CV_-ha3appU+)438KKmRSE5Du{D`y7g^R5B=-TgZp8W#nuN&R?inK@bK>faGB7a$R2Db#{bDPKNs{{H0 +z1QVTqgX^z|zt)pu^@{@bEU#kfQ|$D0;pp8yG5Qq&{p^;p`W@Z)isWbSTTK3%fPK4w +z{@8&2{(w9+Aa8Q*5h?G3fWOd~38iBu7F0~^U0OCHG-h(qQYEj|1ih>bE<;CN%YFCk&(XX^>%D95c;?gNy`V>?ajL7UdW@u4ac~M2t +zluDO8WaJP`E2b5XuN+fQQc_xYZ0Yp6SdK56=G=7ctq4j77GpDcT(>TrGRmsPmJ}Bb +zESiy5d`3~VQB*XpzNrs$LQ&_2 +z9!gtyiN>3lH?g3cl4)EeCUiCC*s9`^%HkWaj{HT*T@h`V${2|yeP)d+?5xN +zFQK-KzcEvb$}1pF#*8VPIH{s?(wK1t<HLH#|&73=U-IF?i6xzJt4W>ygZ;``|%+ +z^0Iq$Z`h_=*JL(5U16CSow_8m>eMBN`Cl|HyQ*>`)3dnHP0-$@6F6yCY`hU<_+oGzxUuo23>LnXZNn>xm#XNcBii0>ZSJ>Fr}iXkO@4b^WZ*R +z>#3EkbB``@)4OJNs+S&d*M*#!PHz)3k4J0tZCb +zyLa>u-mN~;HQFGvlTJ&y +z<)xLSg{387qi73rQJ9@^Y>!6R_0FsF5;-~~nOQTkv%@{mKfCvg>HYJDg`;R}{=k^} +zy>7xC_DAxoV}5V`NHzRGPwXdC25x}&DV|VNQOPun*J@_Qcx{Xsp~o?cGZLc8imM&C +zrTrJ%|Jm6Y-3N09FPOk7I^*~F(ggL5_s4xjI`ohEir={n`ONG@M{^ttcMOxTPn;%k +zW>MXo%q*PQ_Pxjn~n2=C4MwUUM9gp-Dy<`zFuE82R8``nDojA_M{6NgW!C>USV +zJ7dP_&G8-5^1~N?IQkCGBYE$oa>v)BCdHx +zWOgqvm==2-)o^HCa+yhywdtSXkU96~I_%mh^Urh`zbT_u<$p#){&9CP&G^UN#Wdm{ +zbr<(K<##n(yo;GX;3)Qr=XW`Ze_8aqT*ZvE%uY(*VfXLjk^n~QE;!n+$rblJF~@-08u#!Tuz%W2Hi +z{&Sp0CV1=_p@(jPZE3aZ=J=oHi)sER_==k8e}XrECJm19sA1S+de3g1x3ulLL+QRz^2}AGBXa +zcHazZvVIvOf@{8H3#&%Eh&^2Vt|(#;4!^@ifhhEql@t|J)QPdT-eXindT22;)|}@tBa17i +zaL;5|!Pt^WjQv=E>280_&3jhD+)=u0?Xkk^0&V*MtQm +zu*}mFlEH<6u^)SvCHh2M?}k}+b}+Yp6yP3R)O&Ifv<=@k)t#N#XDC6-Nc{e(OT!r= +zPdXa34R>oJ!f;;IQw`h7YvU{3u3b*TOHT8O}q@Q +zZ<~0%8?=p_T$6@ccXDlnRdA^qEHdikn$%n1rgYFvgDZ((hCp*io!IMJ#x!As3uP0DY7t$x+5QSRqt?A&mi_mR8So`2KQulf*pv0M)jUY +z)-zBck$GKD?H_wargS|6bTEg2}0*AB60wtI=yc`LpN1EO5T#4(Diq~tt@WP^=LyeL#^mE)C +z@zNt9_$5NnW6V(|$(3s`pYPx;%Ag+Jq6`gOyaq!`T9wFcuVA+LHA!Y4uOi9p)e2h-R +z^&EEU#3em@H^Vo|!n@GeN12y9qoV6@p4;{q(SJ-{G26F_^U7vq_vxQkT-lGmlX>kN +z$E&uR{Xw@1HtMck;$XvpW)o+rhb-hzT#q_*l +zor6mHS*O)I>tz11S>8GRx$M7k#O;)ztUp$RL|*?J=Zwt%N(~Zt{k`jn8UFm15kJ;W +zzjr;+fZN}>o@l_UJ5NTQJ=X2DufO<-T~8!;`(GK|3EKM)&QI?(a;T16BL((Q#@-nU +zUoa&#id?$5tEc3)?!t(p=ZK_c;p?iTMv*<~NzLR-S6oSrB6aYWU&)PKC3FWov&&dL +zchjLZvJEwU6E?y$5`=5W#^k7L&PEuA8?_Opk)~~gakzmSVH&BSZ{~zq^2&O+ubS}$ +zvIkc}1%<_xGnks(>@6Ns+3zGZao*&LzL{mE#WSW)cRP41^Ck~vBX9S@T} +zWDKbL3WBcm0wqV^-q^yjdpB5i|Kw$N(Ivu&?sid<*{yg=Syd&w;0Dvi<;4XhT`CGn +zDzmd2ygS~rZi_A(E&Sf;2{GGlW52MWKB?CZu}_0?v$Okl(G^A)J$AOu-6x!(ZP{bC +z)N@qdR|X7{aoPGu8^BV5<;PsW(M30%&{v`p|DRvG}=0|O1Ftl{RWm@#>5DPI*$)7SoRm=>9- +zF}I59E-a#MC9|a=aqhUcx|8OJci+1a8DejOC(RK5j(E~6(L>0(KdF6W3M8Dt6x1w~9Ym>)XYdq4kaGP0RWw +zNjf8Db4{RS>bA#d#A#XDKiGE39Y?y#O|p8q>-;xln7o+qd`Rp+p+&=vHQJLqj%$(J +zaiqR}_$MwPfhG5rJ9X||RZ++$)Q@k5(}<*DYg5<_)tyqfeu@;>?b- +zA;;&NQF*+}UhFZ_p}q%_xl>qCRaRD7URmKTd|e86*YzBOM+kiX+ojm+BEl(kU#}h% +zI}HO*!yEp3bs&GFrQBeP_g(3PIeafPCQIEFTD-3-2mFU;O(RVGb&)P#8(|zC&5baP +zTyHhPSbjB_6Pnf^1@`r7SMi3vUhRzHxCnl|I+30KdUc?Ulh3no4@7;Rc#HA}#?brL9|(%k>I~x?aGR))z_;7 +zk!(r-2X|m?xi3x71YfV-;Gin{~zhq`n-5h1c +zNn+~%EADEW+QxzKUy7gv_~@hoTA20@_n7AH2Sm7Dsdr^|9YCc_DMQl`^t#}t60xYP +z#NY`BbEwV0Z@<5?R~Pe@X-p3Y(|E;#9Mc_K8nx|XGU^8L?pl$<$vnw7 +zPm64pWck+^fu<;;Pqev%_rPX9%0x1H#lO+(Mz*{^e_TEyx)muNazH7ROF3!&N=q{= +z#09C3#6TyexK$epTVtE58E~ScXZk%`J3;y=s~9j!ze4RO_gky{K1<%#i-{Oy%WMP1 +z8M-Hmy5B8}EV(#Org=`=yqD$GG+Q7fPLh0>XN&a1B3q_s^TqTz&(FT3*b08lF?K1= +z)}z`W0)!ApH}N(f63zpl1SR%Jp3zB& +z$*?TfJ;}iIVCrF6+AnkM7fT;0@QKhQSfSf~qmFr7-=_V?wl{mz>K4!^a +zI9e>QiVSf^}jt;jg+FVH!hm1PYY}&Bd +z_%@THS(d$^d6GJRRKXMD8LVx|uR(3;-=ggEeL{br~G?20lKlqU^3PvQ*Tte^KH2qPam;L)xYrE7IEiTlCLuP3`QMhZXJDM#}e3 +zHBwsjk|U%z>MU_)qC?3|D6GpmG?d-M&dIDjp*i9(M}+p|&Qb3`LbKa%PiP8kIVH4b +zfFg4rgeF3N>@`uuxA|n4Z|C!Dw-+Mb&f@gf78=g<&$l>J+x7)=AgFD14u5?RI8J>3 +zIejEYYKGsH{Jh*JXUGjVXFBKNluR^NFKZcb)TOOo)5NJ-)9&D~y`CIPb9Yr-BBKup1AKTS*!_b3yIPh<(~nb()*OgXPPQN!TfW +z*fD^CCp(ivhlk%$p9V1K5%obQWvFyz2`KU7G{O0UZy$|!kMXzg8E!itd($G1zACpn +zU;w}{=j>TEuuJn>H39%ZdA0bxL)J$5Px6tpB)i4=%TCau)xkFjC&1Rg@I+Pe*KAEUM +zsI23Lm)k@7k`-#Teq@;~nLVKgBDCocMF`b20m6@mYl@%Uh08gR`D1VT&pSOO +z`uRm^kh~)VFMhMkRHLig$ox@g{ydr13U0ou3p6$W-5@XP3zT^WV8;Y5~ZEipjbIuD3!{% +z@Fx)$8IOQ29eAP<986##E^6U_o3k02rj=b9Fd3L@YcgN1(^U%F?($g^Xgeq)GiY~r +ziQ!$Q-lNnxgu83V5sd6b;s{1$u&n9U@2FpQ+(H{gHslT~o4hmU^asLA(_JB+mk_y5 +z%jSw>ahdyp_~SSqh*K+2{|J6IhU!ElGj+9;LJSm&LUF#`%rEFFpuYf1ke&HF%cFSw +z=~En!R)o0#_(HQWoz5(()`lvY>~FoH9Nul#WOX-)!K`cr3m2jC-YIqUQ}%C)4_cY& +z?>~?Vy%*t1sBPo}K{v_=4KgZUC{tbeI7gI9^$-ZxaZLP=Z;@2Fxj>eqJ$9@39__PR +z#rRmS-73CE`|T2Aw7tPUBW}2SV&B*m3ry=Urt>pep=SnpNYi`&S2&ZzgrxqPk4R2H98c#uAxNOj}S +zdP5+Y;sF!9{D~+W@_$yKp?brlQdX}(@bEIh +z9RX#6I|RxEJmP*`CV?l@cKn<*}R1Ns8E5W2Q8rOP47+{CVjjAmGj5$ojPk&4L2bfaObyc$Sb +Mn^_f3=$l3V1Jj|5j{pDw literal 0 HcmV?d00001 diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_arm64.syso b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_arm64.syso new file mode 100644 -index 0000000000000000000000000000000000000000..2e3e6e2fb579bee1985980e6a3d4e1b676fccb74 +index 0000000000000000000000000000000000000000..ae6d99aad314a9d30478eaa03c171729fd988441 GIT binary patch -literal 169880 -zcmeFa50q8cecyZTTo?`5MrZ^`!Zs2!DMq*ghSpzEQUS&usETckr?XqUR40*s@MP@|-Z -zt#DNfz0Y_5Irp41XJDkr>RNf4wa(mg_SyTlfB*LW{eJu3`Qz9A;>LS}AQSMXe;r)w -z+W2=L7k~F~oywZq)PMKwGDU;0stkW^?)f(Eb-hQ4{B7E_WAi`VVejqpXa3>mKhu2n -zcjFtI@LEXxr+YHNuY+JPEqL7L(eI{By^lT`N!YaM6RSS6s+r*NxVxDYM9HwVG+%Do -z^l)KEA^IGL=ka>N75w~{GBJ3~lJ;)XrboY4-m>H8H|_YfuWsJHdCR6vaeBX+w}75@ -z1uvH}hX47i8N>65@QT~EKH6kp65is1g}2)k{N1v}Z}C_rSdaw9^QKM3M|W&5Z~c;c -zmxT9+4qn~8zppQY2%3MAP4o|V3H;*x%lBIRe!&&`kHC{W?*2i>=t&fo?j8R&eP!Fj -zrNW~no`2<6*8ihsuHSX=X1k=eN1R}qSz>paHf`(eD{d-(rSPTA<*i$`CH1B1;5ju8 -z?w$zGS7qRe-miSMP~5R;=hm;4w>}JhpNLlYhYsH3?Kbs3;ECRK(EF54im`Chrp={I -zTecUzve~{&%HwBuTKfL8eH{$^x`p>w@n5=cOT8}$TIQSdrTiBm -zT`y*W-)$wCd*%Djf0+p$;NkOgT7s^MZMW-4*Wb^%>wob3GXT8j=B!qc34cFL%6(ia -z`qN)FZDaMeom**i2h##+qQ2G%SYgE`b1$n -zqG^Koh%2vpZkF#KOfjE$?D3Amd&o4bb=$WUH$VEQYho$%Z^~`kTHLvP`{u31Uo&v- -zi{tgsuRXeB^H)gIUrKpPo_(E)NB7S1mv@x6ZrbwYZ3W+Rq`-Nw_tDMUcR4|%zVF*y -z+)>`OIp^?5@K5}2GC6@yLY@=yrquU|@}plZ>?m4w_U|Xa`ATnjD{V#ZQ}jmlJOou` -zL|`zQ1kOX7kwAHe<$pr2KEDovCxgFw?dBauLvKzmv^=tEdvAHi_R0DCsRw_#?8Otx -zIYDojXEJ=Y|Jqk~Y)ioTS#V3h`IT+O!k1U=+)>)Rbw|1A8z1>R+=w1OBm?%~)@@ri -zKeY3!U){Fd;HZ2}KB-T&3`i-TQwO=D+*|%K3|?0#J|aoH{`F^SuV;gPZl8Mn>))&X -zyX>Y*Z&ZTO*T0^ry`BsDAILu5b2-~qZwVg1cqQ8+^Yhd|5G)6;Ig5kGd&X}I8rY#Z -zZM@gL(l6iE)p-5ut7^dMH}FOTuch`n&&S@=)u`Xz)u`Ut)p(J5Kb#2~OQr{n#WRA2 -z#i6_Q#)vKV>gWE?+7BND4_Ee$%FNNfrc8cM&?xK<8odXDM)7dacz7siY_125En9=e -zm$nCuDs`0h^GiLY1N>4~X;;vArt-n-&t$nOAK;g(@_v4~D)af}s@%gbSLJSgxhi+@ -zt7{(jT-mw&&b>YtTA#_bbKidbvFC%vW0$y|<2ujvtfAvcXz7O+PcGzFbhSOc>3ZA3 -zu14GIU4PQ{OF{pPzxZbd%iTePzW>SDEnSVE<>Qyi-Cd1w=nFD4Udpcy8uyyAk6+Ah -zu)N`2J--23)&z~VZ*00=TFY+|W={fUkA>L=%+h*bW`h1Id=O3{yp0ZCZwkCE33yu~ -z@cJA)cq({XwsygP@wyAybRnBAWYdLgx{#NVcRjzSt5Mz?H0}rg@;-jS|9*IKKRo&S -z@Z`npd+Sl2^zA4Afv(0&@a2)rdtZ9w1U!a@W5|%S`Z44k4|%fN!Og?-0z6k8eMc#K -zoU;3Hq&Pq+E)gRpMS5VeTT|ZPI&7w&kKS^p(AMIFY!xzQhM(KaOvo3ToEn%>uj!=0r#yTrz$f#*m-q0gu(A1GJkBGJ0(=h3 -z9Oe1AtLqT==z+?sZ!ImdeQSPE7yX#}({B34Rkc??H)8ti{5el^&_7O}eU(02{c|=G -zv_CNI@tz;>ELisi_x(TOdub(COJLyVTU?#|=ATcby^VATAJOs0Z@h6AeSByWE@L;Y -zyeDY1AurjQfy%wtzaIootBnj)HeDC3-X@IGx6jCQH5R^}|Lx#=_kS}BZ?0yuhPD^6 -zJL=OGV^aj_{V$xq-}c8ULCpj6u-av?}FenDq9`dbgFHJeSRO$q9^!K*FnjK`V4HPWk^Hk -zjeIU!{GL+zC@+#c4B&;}s0|3mtMK#z>`oP4wA};GTpPyO{&~T=LOse?g~wh8oAfn# -zo~%c*dPnGchh_H%@Z%UhLmhvidYAQ2{yw_&Vf>RNGobl>Rvu9qO!QISV||nZL8Gug -zX!Pz18pYlCC`X--vIie!FFpx%l@9YOALR(Y@==EPrQXuMzlE@KXEFW? -z{k!#9X7hW;^~Y{tM_V$D$FA{9Un@UG`jg*iX_U_A>935Bfvqm}&_1!%G5=+K!Z)A~ -zq+Gx8H8!O98iLmg9KqXS;mvTi|9<&HeQ|hw^qJV}{)L&DFBP^1jgR9G#p>T4&tKji -zssCKuH|gC)Kfb%Gv1Jc-iauBU@5A)B#y8pTe3Jv%wu8<$ITZIze%kmZ?~C~+j~wo5 -z^c|thkg>J>|046gm%e;5Xnc!4;}7spWPktQ7XHaG{F6HVNe%xb=6`@&`M7)r>~3y7w_&AHm -z51;bzE5sdnlvg<1cZ1_f;eH3Ww>RlSR^??bk7Tx7d1jO64vWVY>hA4oT$8SDMHWi} -z^aXx_UwLWJ=(`a#%ILWFYYNN3VVT9j_%M220d6ZPJ9JxrUpM(*4H~7_EIoa^EAy_j -zfqcL(bfZ5PR3~{~ChsdI_IdK32VIS^?6mryXIqUO+PT{CVNKAOJKOnst1TZMrhEZ; -z7(ad~@RtCu<+lFvRqA~qXk?L15qRQLetys>EO4+ofHlj)%FhSJ0Bj3*T9QmHN -zIQO=r=d+x@H00orRv=9<%lquTY2T#FRw}*JV{t01rHy+Z2HXnZXmDA^J^V8Fj%TJE -zGLY|4=xvrO9U=`H3kREN`7=D9b>)w9f5P4y-)5e*tND48_%@fkT~6_BW+Z%@R_dM^ -zSUhKPf310MaDNAAGJXy;{onW>r8VeJYtVR(d-2xD9bT6^xLW7~9j{9*Hs60t_(p%L -zczMLd%X@=HVNcNLJ%lYf;%w1z;^pnwqFv4w9dNejptD80-=YnY{h=@OHpto@VrBY{ -zXNU_PyNazr&%Mo2y!_Y&BP0B;Da6d{6Mg>rE@N{{%)Eg<-^a`wt=vO9)(fvAb|+>> -z`VuhvEKFm^w#Mz)mhIS&UC3%T?e-9D?TE7@(&;_Uj_gIY`H58M^n1(U%@DeOxXZN5K7M60OIxj7s$-XGQM;H?L8G+9>ZSVC{1UFK -zl%qYEzNv%zMM1nj?*Pw5u0KCud7yH>UoPz>2A)Zoip(UPwMY -zT&;nvtJT%X?*RRkso$rq01x!y?V!Wh2_i{-f_NtupKOiWi9Yn0c4gy}?J4oeu6X`3eOMSD -zosZj<-rcmRJ@}V<>1XzdFW42@z~TjaMW1ngfUdwZ~3gtL%*!C&*&Jc`f>Tfr88=4^sCqa -zjirY134K!w{%|EtQ)g1B31#A?3{UCP4w9WJ6d)D<|7wE4pS{d)WBwVmh -z&tac@d~ylzn08p^h`_4lm}OgvL+%@{n(ypwIo -z16#i3mW$MPj#%Qgpi#OpNo>*+Fjg5f3L6|RHWI7(7^TPZVzb~NlhO+CTn_y8z~8{N -zfU+H2w4=f+wDk_^dV#vGHR}@H`9-{6;@~e08h`3-;UZux;c5rQJg(=-ch$*}MUzI?Sa7@a|x=p2$w -zTX$W3Z-#lWLE5OslEh!Z9jJU3Sod7FFz=oKvxW_c!mDL1tU17X8vpxSE%Gzw)T_`i -z01dhqY+X-hzi@p3zkCq?d;r=84Q;_wLzU0r%YXj5<~3Bm@>a8-Hos51-)d#ub@^Ze -zJP+Z!U&WUntZ6_XZ>(|)-5dERX#)n;>Sk3l;N6+=POjpB? -z52@@>_95oY9s)P@y@FxqvZ~q7kpD9-za4X`WIEjrt|^VoF)k -zqGgBB1C@)lm0U_&F=>`I#lN*qi?5$IwmSR)BirHZI`m=o^+EWdHsy8C%AI%Ut<^Vc -zGY8N>UGMlqHI0eV&tc`u2@{{vo>aR%EPKs&frGg3}p;#(hT0DWl2+iVD;R+ -z2Or^|#I*@CW8Pa>8B24;@c`UZPZc}_Bc!KjpVhb2I-QOdTa0e0k5RiYe976gXkSyU -zWL+C<8P(XZ^xn(8+L?ux*{0vo{CJjo%Rfg0`PJ^E6SbV>vw6?`4B?rzc%gUStPQsq -zIas;`SMLQ=^oWn>9lzBP@zT}9v*8tKVLg=yoMFd*(hOgUj`umsds7!_Mn<*&iT+^dbLAHzPlXWd8Zkp1>` -zjANIl)}PAm!b957qzlQZCw3AT<4-|v9$K;9;0(rbV0bLt-*Q*9Z`Jmb<@I^ -zUJ5?Hre0&m>NRkY9BRW6J6xH>4i|53OMgmsI2Vlm6nK3rX@@&g%97^ou*!ZLKB`>Q -z4r@Fy)?O-2`>S@AY%fEM1rIY8Jhs@bk?{Sd_hC#w1MlXF50w^c6NYD3IhclzHPpSHht{Z*keW=gbNWVH_^`=T%*k_Je*{Q!1O!Z-dMy~W@yfgj1c_*2n -zgTU50E&0jdZ^o3P_P#nSdS=s)%r*8&Hu|$2&h`)6HZ&+Wv=6mQ;TzifG5b93)|5y$ -z3_Zh^2I`qJSABD*!;5siuaC5hK0rN+=heQ{f33;5bsXe1?Uy|2&uyETN1rqAI?K4{ -zNCwd~BNIad^yZvDG3@b<;LI8XW{+%J9MdQO?L6I2Nv5Pp5vY+Bwa%b<=0(rWu?po=O+bl;-?+w24OGYAo3HRpxuzMf0y>w-!U&n*KW~VzoD1MyY -z#J@N_#NW_15_vb)d{;H;&}PycZSLO4&A%U>Zu(9`SJC+=q#6CI=p8VM(@no;@{neD -zMw;iD<#7a$Tm+9!m*1p$9^0}85C48_S`&|~Eu;DdD&WL#6@4~14O_mdEgHFxS)a%D -z1)fgF`w^=jchg=5)Rx{Nyi)M^!J30L9ayy2@Y%FI-iaq^epj{P@XNLu85&y5z4{Y7 -zr&e{(=3NRs*vPQHKgUkWM>V>WYn^&q>9lzb&nPE+O?~cuz{m2DcN2II4Apxx-ain* -z^$fU1*T|_&jo-#t4{aeMKLdFr*Sk&0zZ@Z6FFGHf;(UM+^>?$cOHZck19UncfPU5b -z0rFRM-SG<=;|ISdx%zG27ML-ew6)fL4OFPd!}sF_6NsN@*E)s!8VEa6Xcn+U9xSJh;8e%^~%5SHbVY|k!Q}r -z9Keszc%b};+L+ZTKhH9tSfbP6!MLCIBMg3|8$M*6Z&JZG0axprH0Mxk?7r^$pUX!9 -zzWCtRKWR;`=GO(!v^C1#$NSoE8$3>#dbp>|skR_!Z)2S^e%demyU5;@+L)!+*@KJz -z+3Ja<+tMuEa<;zH`75$RMd0)6^+A6BLU53d_!vxnsqnUKz{v*~rX6N2tUHjM?OWV? -z-zHpH)nV+1%OBb=_iXUxUiGBfFWQUV#c&;K_D!9$_rS3x_PO^KEvj)wXh`ve -z=!@bs*s|U)iPI3NBR5GMohfygv?vYMZ}4)kZHT_qv>|>?8&cmI@wsSs_tEF8FV+}< -zp|kUE;d5p2xhfwxm0VwE`cm|IfY@K-irANzmi&zK8Nh-5{nX<3*gnhqHnj?4bF`7c -z87?3A8$00Azt?8dWyfQ4ggl!#3p$N08MATLn49mbj!ZLsistm1^Lf_Svv}HZe{+vK -zRHxQN*RpPGpZIMFym}FM$BLQJ0`HFzzm-X=(`VEw%p1zrcXK1cL33DD%Gq)ENNh=( -z!IAQz-vGWQ4Lrj%WFkCdE4|$e>wvF*T!8&G>~Oc^CDn?vo5Qw$>fl|Hx2rlV55;Ts -z{nwc5T>R^6e((NYpZR5u$yYRED9&fp -z91DBG=CdEHook-fmpy(lKhv%=lW&oqxytOJm%T0R2A_maQQnhS>$s=OtaX&nSlDaV -zMoO1LSo?q>So>389Z0}BU}33WE**@on+)L{a_|nPz&nzFcO-(_Pzr8G9jtl^tm6q- -z$0N9%aJb=9#ArR~;GIcZ@a##gg)kHWmxygx-EROnTxEwE>UlFhV{!z;8mWr -zsv*7khV#8j;ONu7cbhG&_)eg#(u3FeT+;53>g6dQAJoojuwV{{5Z++0{ -zqaBuMhu*H{;co$2dVApYdWR$T1$SS%0q)dMc&)2h#^Eb^#IMo@>WK7z+JB+6ACMO1 -z)x!5%zKBl`(6>c>tnyl9iGOuvq06(DwV2j69n%_F<5w-TewE?%8t_pcaJS7L<#8EV -z<-6hYYOUX8eh{1CU_G)hDVx>M*KO(U8mHq8yY#RL=J8& -zaR+5e=bRkeuht(MIq)2=(LG5WD)V?4_|s3A`C*?njc0!^e?xnc(#HAJ_vCw_ua9efVEd{04o80T*l*K!xis3+ -zLACGy##mpzo%i!xnR)OPf57DBUcWx?74mw#%^4B1Y?;z5>TC}hFGt@mBWO><1%PtuxXd?fiv^exHpwft+UhkYe0TN;mbb1mTN -z;JShT)WYwp{JzHZGS@3ySGk_$y5M}Pa}nR_9DTEFr2L^4=t=rk*u$8uq@Txr_Zxo* -zA1ygXlNUT}qk)GVnE(&F5`#A{0uLRswm0I#2p+c1!0SkXwm?!Rxi~qU(3dTjKEgwyZMyitcBp9ucy_Fp@a{kY-hl|bgI*SPy<_j8RkZb0 -zwDncA^;NWW{F}PT&)F2Y)1?!xo|7r{oJrJkCQ{E?k2h=bD|g{v-i3cT5C3u={^i{3 -z-@&#XrR}ROrERQtLI#v7wAi$C(p~|dBx@_ -z^IpDH=`652Zf9Q(zUj4e-*o3S!NEU$nX{<=k)31RdClSWJa*zaYZLnTmCs)~2+VV{ -z`um>4Cw+brm=_$(i`e2{aWF3cQ}|H6wAa$R^SsOVEN4Oay3do3_ocnFG=Kjj7xVd# -zU&Ky^{`AhZ7H0k;@XiM8bwwA>1&#c((0Re~poD%%M#rW(U-KNaoVB#{@>}HDoFj!U -ziTBYxKBZpZfT(M%J+3h>FmbaK$WbVvKAvn}`n5nO&E -zb-jw5sB1hjo?3dvrg7x#oKi$bGrws0BmKl?#{K(~*dhG;@2z)vPDcFu6ToNOv~9if -z?~kCjC-8&t?^peT<9V8H4@u@uw~q$wk-L*IeY;n$yfJq=Uq_zD1KJpS0`TSWMT}3p -z>JAGtY&S=d=aAD)ezmW$v;lbx&F=4;*TUZBmeg2m=V7OFN6`0Qa=Llg>HBeD;=@W_ -zef*m9)7Aj97nrkv***!(gAV2)^!2o~ -zE1kZ#cB7Z@XJ$7(C;EN^eaF8r`jyo8ebBPk={vvL-yYL<(&V?AveI{Oi0ON`#l5hy -zsoSL<(x9oZwwY%3X2UnZkv!!48<LB_qV$)r|+E4G)FolJyskwC7oFT -zO+$C|_bo@hD<+ZeZYQ@r$ZeUE@9vxE%o1Ss0&^)amrVk5yMwul`0QsL%To!R*z3p2kOo#{qr)}S-1(HY{JLiZ#(vl^Z0b~?jv -zk>{AskQR=2sGk9cn9j6V+zU6FF?6Y&G-%Qom$$#S(izUUjmOwOiMpK5Xf8o#GkRMQ -z>-S!*u;af?|-HE8ec;`hsM`* -zCYIi73{n1{X*`4dZw^Dvqv;3Rtn`c>=zvE;U(y)>A -znJF~PwE2HiIM9yOp4G0)>%pP5iNmBcwA%8&rt&w?kC~LGuPCpjd`q+Zo9ZiCEX;=; -z4SwwDjckUsZ`s=GBj$Whji=OqbQ@zj*?Sr5xtH~f_u`A*d;M~b_ndcm<#w}9EMn$NXBeKYf;uh=$V#y!-> -z??Okv@#f}7%^2QZKQ|W{a}&IM4&Hu#lVgGh5_5C(Rp4RA1P`XnLkiv@2k&qSydw#C -zM2p9EW_ -zvlexh$(Bpl3T&N`(^=*vuey3(NU7&qqMmD!dS3Q;zn^iV`HUOQXWWSO6U;$=o3Z5Y -zWbbC&$gV|E?5(prw0}fn5`BwpEL#G%@~d4YW*+>IO9M}zcE!(Qg0oLs=+esI?qlPH -z@3m!jyiDJN{g18z3Fo)myB+7ir7z$tvw*Ro3}unn`VkNoEKedEKmPLqY4EUcHIjy0OWT9SpD2bv9zO02<#EEoi^*fi -zrfDutb?x9;=ld7dNI#fgW*$N5y{nPOnut7BM&!|rJm`xwE^TmM30~b6p3V%?{f=`p -z`tvK0$I65}T4pxou`ICVX%B{9_&L2x;MZ#SwbZ>^!n>t$*wH$7bW_g~>RD>*(K+X# -zJoe6r%L5;#cRBEv1Am2sza020Qs6_s&N@UaPM~TtaFWY_TB(vz}mxU8ppEx7Y%RbgVzE_ -zle>R9mmT%{C6veW$n2GHbJhO5J>Nct*w^0M8Z?I4+g_X*SXs3KduAMVw9coAOSRrx -z=b|V*JiCwfVD^uamVXu)JP)xKUuWD8v){fr&%tl!-Mkd|&|iRl!PFe8#&Zh0B5h$m -zY49*Q7wYA~_m9jTJhc_}XUtI?l;!espKXd~cxPgw?eUoC$J^|g_Uh~Kt8TikO8W@> -zSwhtFWLrl2XW!=Y-QR&aCaeX^wvN_1?LPBi`UtJvt@FGp!Qn6cFX_8rtnukv2|%ltmMsu_=Mzy3pDO4e1*Tae9q -z{B~<&?!7Pjr%$-=z^K2geZ;J{K6Qn9l|OPms2RI&Bd^|dkhhvM`yx&mxH-Gt`{^<5 -zThbnA+wa+X)}``ZYXD7N^s~yGiyvpv{ynXC_j3Y%zeTtQ*}xMFv;Rx=8C;$K2al)r -zcMFDr&%Lipe5`ibwXq=&JUmmc*38;{W!i(Ov$PEipC=cuQ*#&Q{fJZ~_doS`&tiM7 -zv*E#Xc<~+PR7x4ki*e-h0`j@)zRf||e#J#PTSDu#Eq`p?@|ldD7416zkUuePwu(NDianI;YP -z93p$huAQ6Io;CI$J^56N`q<20r&^LoURkOi$Hn{3LL+V$w&ixvBR(&J*?^?(AiOjv%KlP1!1=Hw^VE=rJ9UD}A -z;*0PR4LavR>z_BdJwO9FXd{2xnib_$8MTRf$sfkwm3N@u2Cvt@K8^2NW%LaXjY!xheXSNf0m -zUc>8O|3vMLoQw5Gg3%uW*YBr$5!rWemcv!*>wKTJq2`+{z+vB=9UqAB!0f-9X7eTY -zTdQsR{dsDuT4$UVFHf)`ITtUlZ8@!VioN*h#dg-t%wz2gzWo+_d;0T(Z{m9sr|f<- -ztu5AmH0?`^teIiX+crO9(xPx~h1>VU7 -zyps`lXFPt9xL5d{b@0xmz&oFScRm8|S&v@=-USEmVhX%V33!(x@SgMdMb@qezvmsi -zt10kaNWgm`0`Ho~F9Gjm2k(^>c&{ely&8e{n#a$c7pFem=*tZUuO%~4Us@CEK!^(| -z7hgL?954OrWz4cjeEKl4>E`*YH(?yLz!<8jXKnZC5;2d_OX8jhdbuo74{=Xe&vL)6 -zkwlF+PCs;+R%4sLr1ZT!l4Ae^TcmD6H`9e%#T>xS^~E+W7B4?eVI)& -zW31q(a@hWQ9^A{j0_tV19U8PwKlVKkXfWT-+e@5-AEUFskG$qS@31AH`SQOV0Wp-%n|-oH{*@Kaslj!E@@Gp}BH&KtBAG -zWqz%Tn7H{(w^W(0bu#Z^?(wIb%-14w%8FJa^XK6Gg^0{oM`Zpi^z**J``*>IjFI^o -zzIoE=WKJH#!<7MJ9mpIzQoxQVt?llF%)5cN(&q2wx5#r$=A`+t6C-op8<~?H%KRKK -zs8io8@veWkZ?Q;r)?_%$G)Fei)j0U*LW3(umBLG0%OMlR0^e%ohc; -zsQ^7}j&Zczmyr1q;4N}8=eNjnOy;EN>}kO>GUwjNob*uUjAiH>6*_M{lVJ;si`2b_YgVNGtGv60oS&b9oM%~> -zC!_VRAZ=z!{WEReW6FDkI_f+RQTH;g)=2#)csEr&Yqc;B0rO^KVr?#_8^70n*H^OB -z_Yc)pxF`0r@?A5y*^zOEGHr))*4KX7`|gogO7LEB@Lo-U_gVtpYY})id~A_`rx-x^wWj#! -zGZQ{K{Z5DvyY*kZ_S-9@5|V4OYi3w -z{k%W=eaQpy`uYw;_CFkK?ti#hjQ0Cx4AY+1pf%O`!;01H-hgW>T&xDJ<-@B?thUgn -zfwxa9e9XlrJPfxgYC^E)(#ALfBC -zS`PCc5J&_U&1C -zP!I6^k>l}z`91vllNMIE9{V8gWDC2gubyFzb|$v2WamlIO3Zl%-_fs^J&7+0e9imk -zFIk&b=2v@e`&xi=2)u{D`>3s}v~iW4!#va##c+l35eQa-IKC49EIuJRhOygaeAHz4hsC)Tg1Mr!-g-k>HT7+ZYcKEUjI4hxhH*&tp9+l_OkE;p&*yHqLFY%;b8@uNw -z`Y{BYUhuvI-p@JxSnBknH$^|TFxKJL=I#I&;b!z>0kUt8=*Py0egIGF^t2vAV-hM8 -z>IZgsAgUi5BKpC-(GSYyDPNk0er$jb>m&NHhoqfD>?M?Kfo4p~+ -zzyiA;W)y2oO$%mIl^aFTi-!+|!=i|OyvjSlf2FJ0f3%`A;!{gRKj5EV$Ni@DW0BR5 -zdFspPcYGf_mA;35@Sysh+bBC>%>d~pPTfDXI5m%tYxKLr>iJ>^+r+8I!K)6QXSn7E -zZ>=57r|bgcrdVztJUmF7q%STXhUfE|JpWtu#q(?(f22BgfiwM{_PB?!?WH%_cH1qy -z?+PCML7sj={X=;RIM0gUOg*a4@bAsmG0WERFI5L^Fpn;o?<~%Ii+rAG;XNUE=%{p6 -z=WyuzWYL&e^}J=BZMAi5qmC)fuT`|}Mtj!oU_3whO(J4B=Bl4zu3F!~{jTQ981wgM -z@@PM)_&UUVwf|nw0CT|lzMTAT`E$wmO5g8}`tvouiQ)ZueLLLx-ybyd-&*4_$XXAr -z^H4qHV;-OHix4ZCGhM-L5Zv@m-_g+gxm}CE8Ntj&M8Bn>xd`PO*7r1+hu65h&ZfVD -zKj-_=A?7la=V{*SJ5c(*mHF05WIp*%vvyoh--8;+YF=C4g__O1J^MrDhnTw_uGsJ3 -zm@}+N)BOG*X?m}IfYu|}MCalMLxBq;%|9sc~WL;%o_IkYj -zb=!Z&&dASYM~8?bVrSkHkC<<^5|h}yc=K(nV%A$OAZD<0IXcr(-~HrVZej_gah^SK -zk^FxX$H4n4Yp6_|MBJe`N#DDQo?E0dMq;rNaYGm@5pUSJ4;vdP4zcmi7t9)Tjkga( -z;v@gv9epRa%6DyT{PUSu{3G0I#8Fk^9)0_Ei0|G;=N`0IB#KX+n1wO_{`)xNN&c(W -z#`^Do3)UdzHJ;?Z4eY-S5{=9JH+VI7t9VT1Ol(B_rF-Er04{>njFl8~eZjnchIOUU -z@9@5(G15CYZ=4n@y{oJ5>gtr^rFV7pPuhMd=%4Wy|Lowq{p!2@Dt2PhJqSPEcDCmC -zRNIUc92uk4x5g*nXncn|EsppqqBVviKF2L_ -z#0Ls-#0SzhriXwlob_$y0sIe-<5lKu4UX?i!I80Q?UR~-BWYE}V=W)GrhxCBJif{J -zSC)_3cX%s4+HcueKH70xjd2?sE7}j%6XJN<<9J8#tA$p(?!e2sTC{uO^sBu`NnEvm -z?mp6M^v(JXjBu`X>ib-?p&^cUEvLNNLwR%DYr__n=dt!Bn*C0d<~}^_dlD^GV46Kq -zoi>l>`#<+I%}t?+xKVq%>|Vwcns{$$>a=_93{4}BCfZ3<7PYY{(v-8XLYjCsG*O4a -zKdbLDJDPxL(x_8;JWUUJn(l!nckaLgZa-)XZPR>H44&j$gXNl=3uQR$=;b$6hNK&M -zM`$58+u0^y~7cDD=w{Q^LTpigkI@eHLJa{|CqgW=vKDH -z)IaXOA$G{iOgknnZvw=HiX-t#JZ*F~?Wn${GGPw^NwSV2Wy~WYJ>3=O6XP@HTQ&sNS&z!oS`hjgz -z+fV&T+IezM^#C!rkF$Tg?VK5Bj>g%vBleQ`8UJr}iR&-9{*3ECas3yr|G+iE_3yd<53YaB^>4U_xqgr9TkPGyryHa` -zjq&Jw0<~rEdZgg?j{op6)}a3eXE#*38b73*WOA9ZS13DPnbtr4HTd+~Jpb={XZ^v; -z+g!d!?eCRs?9+YJuBW;DwXWD2!C$3MfAMd+!gXw^^@6*p7yPe)|9I#0{_#hs_xE`| -z7OA)B@_otGTcqAExq2Uo*ZYvGw`Ay@kxnoCGxfs5EAVi9gnBno@4w~wnMl2#bNRmL -z>irz`e$mytDPHf-yLz9vS-pSe;Qc4+`7hL4Z0#R^hx(A?t3pUqF0Ma(|N;Hd}Y5@wu=Ak`>1j9jQ>s0(At7hCU{zFF?B!A{Tn0OVIkw9=-b?tRGRGy1&l-Yg_~{b5eb# -zto50q`u{X-PWs^YJL$Vz;~%9BWwmBP`~IE&|BU0$M;w2C2L61+@#mv){s>?BX8)Q? -z?O=Q|J~1|`G0vLeDEthaxe(=(#zr-+81jjG&!;LeNR8)^PoInM>2nD_@h;>O_nuEr -zycs?b*BL$$`wbEs>Knr2A5ve#cZ(Ts4f%Ah<5Q>O)4lMi)A8v;>3rJk_|(Rk8QLp3 -zQJ)mQ{$uD>46FMu#`&Z;7vC}D6ZavX7>}*-9P;U-5k7r1!6)8@eB$2oY2};Y6S0HU -zC%a}s>vG2Ll0MmS_K;7vJ3ig%_{4b!W1MrK@$SoarSs|i;E`rujsD*SU95Lj-Q#z4 -zo&NLR0-j)fQ!q1ijeqa|+T%S-GC@PAH&f2w2F-_O|f -zM%v#541DkS+RUkr|E1a833J7{d(6I{Ue<#aSaXnLtF>B4sh+~+Q+q< -zYZupcuB}{sTpPJIaINR+;abbZ8Na2KTr0Sib1mc2dR)$n=DZ+mHfIG@@cS8$8FaB< -zslB_gb3wN$Bi+fj+BKG%uPE?NXKUnHhb=!wv4PfO&sfMhJ=Se2ZqOR;=vYko+N#F= -zj4v)>d{H{_bIgf+t0m~a%=)rCYsYthm*z(FtnUftITKwvp?Qx2>&g`un|fGxuDKvn -z2kXyo6_=D+TFjmm#drA|8AH3^?$BCuTZf6){2I4Xw>f+JshzC*{n0R)Bwk(|eJ%-IrF`eW=^$&9ip>dQ3L#dkAI2 -z{s$u)_EZ?YvA-fFo8vc;4SO|qphq#;u%9E8&B=&t&O~IxUXfeM=DgkiV`Os<*`TXN -zHs|4sts^cQd&c!sJ1=A!pZ&6vjn1?_oMG)ZvN?im&~tyLbuasKiboQ%Ax+=kFtRxV -zug~#(G9sI^$mS^NCrBSk$fi#Eg;k+!mV4PS{x(52v`HhIgDJAghcb=t -zZgR5eMK-+|&XGhmTaXR?Qi1+SaC&=@&6b30NGp(LWV07u@8@|>L^k`7%~sNPlirt* -z&34icHD&Y1jNh7e!?@!F*&J}P*^nZeWf9pdcd}XOWV0e6o0T__O*gWkpN`39Lqs;K -zBeGc&kJBY)I3Y)kZdJ;B^nrt0S^mi)@yY-c9rG@c6WP=gvgwG(W>!Qt?Gf3`n}Tc>L}W7`*&KDU -zSpZ*b9SPaYvF&D2rm=Iilg$xi^GZPfgKS<6*l&Pr4msJdpQHF{SKQu^Rv^vDrX60- -zr>;*ArnY`8&w>K^1U(}RM#><9r;4AK%MrG{%cy>m;bPXR){toLd6g$-` -z+0iu%gZ{pk*?UMlqjl|7#{S!gspQ9*Z$n-~MknBPhV>hyPj~5hX7BjZIF5WHku~`z -zx*PW^&Bb4(3z;zfDqY}AT;eZx-eiy7d4E~=-e1n+ujH?CZY%L=S{!!yy*3V$Z&PJG -zzv-WkT0dB}v-df8&O6yn?WZ*QHAKuRf9CnbKII|yohJO59hZWJe43~6=VI;tsFh9r -zS;l7s`<#Pacd#!cV6$IkoH_;ne*C5KamvA$(s{qXTJa%gTxeg*Ib?sH^EIAzKGDfI -ztUmU?$luZ$l>7^y`drzV#XW+xx!01W-B)WIT=^lG%if0qL -zN1D!0F}epXd2kU-@6YsJ0LP1@Un2dvxbEej?=txKxYfw-xlALE{7m1?xc3AdJnVE( -zaVv3Xz1U)P@QC)m;$NGXc70O^kDz~tiR~F1i0L5dF&*StV+S!ETpH2Ar3oG6U8sZH -zCv|YyRCJJd!06zH!0^xL-~o8=b#R~4ll4wd4#s7xGxsOx;C`or#2GOi++by-v!RR* -z?sBjZjy)GtNIj2iN+3(9Rvza~Z3HJ?aNF*RAn_FE(|s2OV6C4l?c%(?QZ>I>@ueWnwyb -zs5x#>I%LNU!hVoAN)Iki(6#7B!y(hk#7163|Q5oDMS9Gsswq(ZLRMa8W`BNh^?MbP!zf;G#3LLmgZW -zjw?uCNqToe2Un---~!}#?E5zKc{oOn|!qEKRh36*(t6Y!A^_+ -zp?r(>d~3@~tw|9tGcjIj9gpU=h38(6Cvj^GPv^%OJclEAjwSG{OcBqK1fIZY^3< -zoWK*<9?#EvJc;4H=f-nu=!;^wdS}b%1MtAaahktio-PE$}_M} -zl_D{o&(m=8Z2tL2Jj>6y4;s^AykNSG@vNR}zp~Sxiq?%dJs+`aRYLtKPH~OP@WeGP -zpGo|==W2Vo_&DdUM6>!0;+qNb$!44KkuQlKSx2@;K4VTk%;DShlpC7z -z;hm8W<&AvsRbujS?_=^I&B%wn+A;auY1WN2<-_v?`M5lxeB85_&nalUrF@M4=Hyef -zYe!5!Ic(Rhg!0KvalK1r;(C`*KD;yXDQ4sC8`w$tXnxYj2j72!e8wX3VVy&@@=vbU -z>Fuf83N0?~HsXZ`%)R-_#~(E2jOp_c8g9X4}sfw?(`Cx~`_LG~|Y(JH0F*{c4oHjK(QMBd4{uel*e0XQ%lbaToPp9g&{jYC7 -z_ksIlesT4;r#096a4){3`p3Wd*8OAI(d2rcG@pla3bq+l~ -z&_R8Rj&IVP8sJjj+{U_@!N9MVWu44>g2t~>?~C^~*S93!m)-l4DL-RE`GR}@#3b*( -z;NDj!dH-qm{`>Czm5jwNt(_0JvyEgEg?l$;2eO;4>;B^o&iGq^^Rp2+`ZlQe5zgPg -z349b=Rl#Q*d~Q0weS2hn`}VHW->Gc8ZsxbmoVlIfUh-R0pWnXBIg`>5zJ{^!zC)RY8QZQi?}Cq> -zr*4fol@2n0r1|vYtIV8*-%CY`qAE|RL8}BrCtoB?y37^2(jP(yC>SSK=#jG1c -zKVs`Kun#*JN9^2D?+~z$0u$J(cN6&d@t?v8(oed1mNS{gzJ&rfX$na*1;m>~U;?`U>=evd -zhv$X_p34)wS?PGw<9LHE8{VvNyjh>%4dr#7zs_Uq<(tO52~U;?`U>=QWe2FpC!fT98^DciauzJ%9Z(eh}c_lGc{X%4{ -z`ej>>fql)vc-f6nzXI%6feGvauw%Swfj6y9-aPDi!04uFtM65uH2fbnb}LxpN8mA4%xkQKxfftS)FA)AUtCPUp@h -zbdK^mYrb#>ec_$X-Zg#Id99nh10G^0PbBI*8qvAq5uK|$7{{H?odEVp@d5b2j_KSv -z($9CvzwZ~H{yk$fR(5v1fRWwdi0lrN|4_Q@YQOh3%kGeH&NPO=$@HI$y-a8a2mHLA -z#-6`$y`FV*%Lg^Dr|~eY_vM@gzrNuh?cjjs_4FN|NIM`s)(&{Cau!5%jHNU$(hlY& -z+5zvvcEEkC9WW+Z<%~YV%Y6}E?t{L)>Ad{SfB81^ak2K010I?TI#uWJW;v@Uv{Z3lgc -zIyXkz!Inrn=yfo*xOUJ7?5)5Aw$9ItwS(QH?`gIJ_66E@pm9~kRE_Lmhd -zFK^inh_zzvU}>ZsEOPB&mTL#g5;{36(GKRhcCf_T1I7~74%%HiSej@DlrOcTr%TXb -z-sR`JcCcLbV7_e!9f>;UMcToFNIRJCU@UO$paa;8fC+5PzsK6aGSZhf+d&RKS$kmD -zO&HnDjL2>#`CHRvcmKfKEW1|fq8;3Hj=j~*vA3qrv5$k(V)ivK#%0#@F_)404OYL` -zL1STWdTkX*~2} -zv@7Q`8b?<4Ek5uD1q>(Xh)oXacxa{KSo;luyG;;50 -z+%g3kwHDxJG=9d>*yi?eO_ZaxV^P}`qtT3m{gWn*>^%=@WY1TP=a9ztM`(P1f=1qj -zG;;50ls&tZ9JS`*W;EV(j5@goOMBncZr>l-gZ2AUA8XY7#_L~SSNrj{2l@8xv`No_ -znXo@<lF_K4Sh3X^VWdxxu}0Kdy!8)Q_=Zw>Z7zLS!ZawZz17l -z`}4E&_-2p2%Jo`P$2V{70uJl14(MAPv^~~k%Kv&%YgqBS%J_EobGCLFU-81=Y2Zx#0ro8&7GBiEl`e?obhP%DdZ6K=#mn%l2O2Kf=X|$*9Sy5p+8X;?>V}5Z(69y?)=okL>4pYi -zdK$Jm8cI{4;asczp2c&>;dxWgLd>o2W@hL=VqL?(`4JixI2t+}4fCO40W{zn78Xq+2ht53V0s$f3k~L5dFZ^}>H7y}&F&uT -zsM{acrf)mU3mP9I@6Nui#sGR)=xFON%yc-+q)x^b3+>2qAAeHi5%^d~LAVJxlGir&7;{cFgT`V8(Z)YWRs^m1S1 -zUOq{Ft4+&C-V0At2HHfU?kAz|qUci}oS&Dz_EP?1^n3~H3wAL+-&WT*#2;|q|D%ox -za@9Ur;b`AkJf^xwmh&H&&u*!`USZ!R_2?VxZSYL>GH-qT`_4BSsBF5f@1T?4*p6}L -zJZEIO8Xd3ae>?NN`@iYGOE`@-Fy_9s{^D);PT+;lfX>}}{V!SL6Qz+ct47;<$wR$5 -z6SVEqU8lbvJn>QS=`u7$&(P3WzT)qTqzk6b-Voeqo)~PwoCc1;jf-vX`@})n`pa(a -zeO$1>Ju}_HH1&}-DJ<~xXMKoAZPRsLh~3{j;f!I{!1;63L|?RAhiGMwZQFZ^#bC2!4qKR_zxbt*T9wCH+K!CmLz@@wkl*VL=$b*F0Jq%}wK9qZuP#eID^Gx{mu$%oXs -zJ9EFVt5F{b?0v+atQYP3+4Qrs>Fa}*k6)^h_F>@E$gg!?*Rnx>cji4WX^%)Za5X*> -z^-1fUDKJP&g^`^E#+bz|h6ia$7;C`e*l=LhsBOa6t>f#)aH*ugA#I7}5&gu>m+D2E -z$N0)w#Z@1$zB01Xw`PX%lfR9h{2lz{qb6<(p3?b#TIVG`4~%6-Yxum{OJV)KxW6np -zX}y=^l;KzHT7CEc^3q!FLCpgp|3T!x*!j(ax7qnDtMpq -z`qfeC!Kbi6c8tjOSAK1%`dx!V#lZlUSqlfO4g=GkgXqtT`j6PW8vJ;``Fb~{zX<(f -zo__p2_HKILQ$C*Bj;Xsda-WUfJNn6M=qI0{pFDtcCX6b*@(O;Sh -z{os47=+|Z1xy+FMkqDi`k^4&IKI`T0=qI0*zoWnC&P{tO^i%e&(7(>n|HM@2FSa0m -zPruzC8Pd;M%clGz_u1&Zm;W>;|7lMC)13VO7W9MHTcMwRZcenVS1V5UXm9tK_F~&l -zG-jw3?b_2{p{#7iTijsdYg?G1jm#I -zuITc336EOE)-V4>=e<`)ERS{8ZFP7W167^2)PCmOo8`88_Q{KK; -zowg5ieW%BxV%OK&IytA6{?O!uPX@n~d~MiN&nx-5)uQlRhkcc=+FkqMgR5%(d-1o5 -zLs;AVUBU4FzUuy4#UI)KIp5rh?On>X;@8}BN@q_EAusFaF>VBIW^WHV(x!2wF}o+m -zeH-Ca)2~U4cUc=rmlpI}d+2Pzh-75^)FWLPy -z>~#SyuqVPV-UNOw1-?m(!0)u>CxbtbO~+kpMxuDjPGjHug|p5=n-m`F7PL1Y$qS8P -z#NcJM&&9!GY-3V**uhkItapjQW8F&#FFVJPrd@6=!d$)7bRfEok6!aN%Bi)a*$+ -z)#A?JtMUvFiEV??zXvZh4`la8uH&0FnYv;T^&c}ΠO(zPaptwbSaxGnCgji$CW! -zZ7kr8YzujAtGzyw>DRs&&QD;R(CvLm%w22G%QIQ+ec_y1)}(to`37^@+6yztJJE?v -zePqzjQM31A+@AONBsvnan`Ta!_tKp&!nfFdnMir<&mzxF%m1<~Uvjz=tzZ4@t;+wR -zEB{1Vd1$>=`47AD)wJ^P>sIA&I%lYPOn+`8^O%3mT%nmWWbWIa+j#BYPEALoAFqG? -zlQrZ%>0IF(mFc5Dd~goy80OYq&rR=_4SDf5g45&Zq|QCnd4gB6+4@XmvIhU@8uQxW -zJ@fD3x(4_jeqXBM$A@&DG4qDl+c!SPyhdfgDeZ4iKccgUy*-qDy!;!Cjee4`>tELV -zo5n0Y5bD=Le@-!T_v4&@`{F0N8rL|F@ES0$6k}a`kzApR_(~Zyj56jkPN^#)0ho{=~L; -znZ5!%p1Oig`uXhWJk3X4eZGB6S|5G4#_F!o57ii(()UPG>AT(4r!!F{Kl+hqeK&1S -z$vJq|iWnHb*lbVrXQtksuAqOH(Ld4u`qw{8-1V6nZD`W=6^l`_8hgDH-;{O2uHUT< -z8#~c_M!yuVB>P=AFMn#nygYHrGsw!eGtJR!43=vW-Lzv{ZohTT)s0U)BRYPH&S`vg -zHaO1q&Ngcri{^&7Q-`V_x4Y~voi%xlNP}<8^LoDyHFi##%mf|HnC=spTjBRx1`1Jtk^Rh -zCg532iTO-g1kYUaoQKKmU$wJ|XH_v^0>@5Cn%ITfX$(BE=_v%Abm+BPEFs>qx@iRxPAFK6!HF)LiQ|Rv_Q~9mt -z+x1!M4{_!^E8(1L;w<^A-o@Cs(68pb#hWurc&{;Si#y}z=@x%C -zW<|ZKU*#84KBR$sQ5ycp(NOX}lUviL_G5kTrY~-A3Ta{OvS_J9XrasmT6nK=wVXTG -zggl;}dc}_S*NdJe=BPvyc}(4;3!Xpw#K>jD#tVXXpWu==MjvIO^f8!YWb{OmzF{|p -zNnc{}SL~Q*Q&u*1tc^tIqs#>QcyH(fj_|0FC!{au=g2&LtjiO9Z^ZUF5x?Z^Y3D+>pL( -zi=6`;^YpRSOZ54=Nf*B~R~gcmvv|nX82ZQ?qmMFC`feJ_-Dz-d#&SG^>#16$r5Vc& -z%N{0Tx&Lcwenl9|jadAr63fN*6lZ7RSIi|Qn-d@V9I-ra`Wp86t@swHHo9WR$~9i+ -z$EMrp!=rt2H8*XdKVZ_DdY8(NN{SCh -zT8tmXNqo4R&Ywx}!=y#{(P`_oc775cE^Fy9`Z3n@;bQ!teNL#$q(%5KY<oYaek6PS7~|JD392JTE3r@%_j+Z$p|uk~av1;a -zu?c?UU9tT7u1ZKNWYr>cd0qjC&Ye>i;epnq$nM*5X$Lpw_|Q3>ce8C>q#0aEo4^N? -zUv(+JgW>8OaP>y<`mynYK6|R<`0+i@5BfS&$FQ5b9&>(PDEkCI#vJ{W3wh$o$hR{* -z;a#+DKh|3h`Bm5!F$})vNCO`Z!`5k{E^&32? -zKZ@tSaXfk=$s_Eesb{Rk>I^ngK3`L3tS=n4k51>qQ7+_>D^ml8shfAvy6yM|_zt_W -zz%V=-ap%89^@p?!^&1`)t?y-cG~#$P9N`gZR=z1bGWk_!M2Ci(^&32?D~e~I<54xq -zql#N!&^gWWsA&D-kVlM@#oATT#RZfLdF0C2^S`7Y_6#rIuT+Pf?>pwo0>khq>(2O! -z@`$vMN3NXhKU!UX6X8*|)yX%7N4yK*b#*Mlqe%URN7NPN(anAGR@vK#Pu^;M^5JPs -zpM1pfBsRbDM{mw2_rAE_3;6E()t}%x_DXZzwT)S1D}Tak=l>_vnL0O@Yo19rkmDQN -zZhY9DLl-=$wJWzgi;i(}&280k8$)|N7(J_w_aAZZz5PnQ*W8xM`@TE*zSF(;{Z{h* -zn;DD$4(GgSEPjBq+x*ddy-_WAD17o&n{MG+}+J@F)tO{7w5*`=@Xyiip_aWHijMbt7Xe4#6Ko2;_v5f5&v{X -z;-73Y{)yFtuP~t=lNPCGowM$Gymtuq2wttYxaGM}Qk!f5<) -zjPc$YF^FG-K12+%3Ehd6Vca!Vh8Uza^7&ILqxIr-;*d@B33bLIYFXx0(NFm?Ls{lk -z(NSxo-8v)mL*Gi&p2-Y)n%oOH0NlmK4+$RmhMQ}xL8Ic2A;zf(i3xPJiRJ{GKBnVE -z*2eg@KI>2E8#Klz4`UM_+dM?OYo6E50;V~l=>g{h4c@G7+S!D-FF!?V%j0!3 -zK5gVh41r!5KY6Z=qxQS{ORj!@W_dd8DQkRkk@~qe^`qPJX=6B4Y?|;0$ESzmxO~as -z^2AhdaXz4p1)Us<5nQ-8xQwLWLjNHA3@*Hvzg0s&qI~&;!=*YET!?)q$fXj&g?q~v -zTW_2%5nOWdaczH2^FnZ$bdAk#n=z=S56CmLozj?ZxW;D8#!^uq@Y;o`*%&`AJ4hQC -zaBaZ*(B3b+>3SRF?)Q;B!1pxe%cPyDxfni=-xf5qKfjH2zPhKK&PnbiOY<8h?C;5D -zM+fMK^i9^N&6*2bvu_7^**RqUy=lHPNnVXtSv?w{@6tG$&YhgtN5=c4v~dxgJP@Vb6NLz_x0a#>#(1Ohf4SBsRzJC^KiEBSkGSm;3eM%HJ7IK*m_r^kJUL%1K91s -z?48KMeoOUf(TWAMt(Jw9@y{@A`ZFdKiDjUdk!Sl(o%@;m!W6tlO_Orm+ufqj0axrhhj3 -znU`G=#P+zJtIqJWoaD=7jo8EnU}x5Gdk?>#O~pfsb8=*elR!~C^$?BjMW;whs~ -z=#|z$4KmJIqHP!*mk;ql_RgXYS6CzE$K~vJpVh<5l#$MQT^tz3PXqVwqCd86%(?!j -z^V}W<=+iiwp{;2BIXi~q#;_`OPEhn{FPn*%bJo{0Ww;kVG^eTlU2SRMY`gzT<78%x -zPGgJkfc>cbwN8zn%r>+{`OpS`X22iu!mQO8vvo)g>c9ND51o-<>gB!1+u$~0^K1Q> -z#5V{4I_5dcHnA -zg1wPWkk7!OoOoflPkz3iOW3U0zKCLIvO0kx1wz_nCkb!F*axx?6f}6^UBV7 -zpqKQ&eyx*ip!Vstz&9&5@y^L>*xnCdHzvHJjPgx}+jCRyPiKrux6J<5v5ejCn$z@aI%l0N%J@AGY7Dl1N52d+Xv`tWy^GCmu!>zqaT?*^e&!tsh^$8FIUB$ -z+YsuXsaNe*c<^iRGO?0rKlhPVt61Mi-{V%>UjzYGL)Q_m`sUK*iPc->P0+TOkGrkS|-+_L~%k%;8NqGBx -zp;0?vY)8@C4r|AKIoTZTg^Kp~A)TFX#%|d8D8U)Z{(tPoKZ|NDl9D0 -zqeDd-qf|^$a_O<5qM{^ai;63mhEXPQB*ny{4IA31sAwgnBt1G-`Aj -zlCnE7sz;umpQCHz`Z+T?SFom|GTbw&?GJDF_V%owNBx|!%g@=IJELp(c6+TodJjfU -zw)d_3x08PJ$;bIMhq0_*7l!uO>*9J%UFXWE&**nw=j2E0e3!omM%&BpI@WbOtY6PQ -z`IyaZ>-`?lxox|h7xX?XeST2w|2osV -zdy#`&`=WVZTQtUK``H$4|N8d_udj#E?K$7mXBrFE_Yc3TPBfN#d>vP}Hx>&!S|G$hO$JW~6>q^ErqW(#X`rTu%haB^om!sE>7~6JxjYFRmjqVK&sjjd4 -z=y%<-`f=^C&9n8f)i{36^=)X6U(bCmqt9vW(Q8xr+z)Y$+GW2-?UAlIx|6ho%-I&* -zk7;}w&#c;GKWSdI&xW@9d4##tTDo&r_V>2SgWE8FHHY@^JYc_TogLo)K9=>d*?#rD -zDSxcK@1}2^KcmmEuy!?XS_5b3*wFXr+@r_N_MJ9dQ~29_d_UsJ{LgdP`dcOU`+LF{ -z`JR#WzuUL*yKVk_K+mUd<1-CeJbs8hbcp&7QpY~i!sl9eKd+wKP4PLF+YX$;^IWI% -zePXAtE*^+|Xp#2QyeD1X=csMDpFV!U_nj>0I>C45Z2a!62czepU&MRBv!eHauRP{- -zzGEkgeq(%=qTsHxcr9)Fqu1Xre!-n9C%$l1-}mwtJ?^{b#P8|(;pjev?TNDwbUzZ^ -zr`+R@1Gnp3P5LgK>$Ju?zpu}0{w4P)sT{vg(LDAB3?xyRc0U2htr?lV%{D-7l2 -zQ^p^k9<=+4=pN(1`s2mJj}5(!9tZei(>+$^@IA(^zkIyw?{SXqRkp9+&-i^tj`fk^ -zF_OMVj`2pr*+LLuun~9-G>|O~L9lPx0#v+j982t#aBI+jZ{s^H=n{uL1I- -zHE?Ld<4}Irv8;R1=={v%yxaWmmFxTxT{91^-(OhSyLqgq@#wLF>gb%NaqIDd&O3+n -zSn`1Vt~IL1fV!8yjcfPe`?Y&)n~rs#bn0nG?vtYa_vl_Ky8cA_Wqn?vdpM3C8;jj< -zUGwB4_e9aTl*cjAea`y(J{YsLY1?}z-PhH^KkbA -zhip8D?+0?$=g_aIhy2`4pX>JlhtJOkwI6jH+ch-WzFl5^yTAWtk6o{i)bVx?*!3Z* -z!x+>~bgkZH_i{tq?cOeW+`Gk?j&f)81##o}qy=+f(zrglI+rG=T_sCd| -z-ab7izEzviJpldK+P3!_AM+mIpqIJF-;=z@=jnjWQ#6m!@4DvtJ%Gni9_7`?R^y27 -z0eqj><53+idVVze`)YO%a7gd7@#B^BXx);QpxrwU+CBErJvN@`9>CXy-ZNu!<@a;D -zHnh3je*a&u9omYgY-Q5o!lo3ai75VGxOLndcSM*7$eQS!LPYrP+RwNkFdx+#+}sB^=t7S -z?j^X7Nb`BR``16C$Nj@ExMzs&CHNfMrh5rKPq*>&nt#=M3Fh>X*99JVUEq<|1!B?t -zQ*{4$fXA@cKk~Z35ci6?Jb(De>jL_mn_v65e~7ME+&4tmE3Ua`a{b)&xc45vhd6lT -z9_f+S1-Q@LW%rrKzCZH&vh}%p!_Y*9H9X%r1Lu -z@W|@|kGw7rJtjY7*P2IO7x3%q0lO!8W* -z-8X(-AbS7fc6*P3{(fcjJ_BBV)$2j_T&g}FWUmA3In_H4ZSnaqp7%NGJ&I9U^qO+? -zI=8)dH2?5x-G|%f-ZuJ-p4#8DMfGK(S -zf4;qTsL!J4_3xtSJ>HLcvcD&ee(&Tn6MAj>f+ty;zDpv-SnM^si^uGJpdpXYuc2HUPIkuuhU2E@cW}whP>##+4@|@p6u`4#cT5V -zuC(>n`GDKWbb3u5a)9_XXb0d%^TQXnJjw -z?Yw-qe{Y-KYw$lFH}9)RZP&P;$hZr)9`_+1_o?=H`?egtcT3+hz2W_D4>RsIA9uBn -z`~LrzakF-Hj@A29@8Z2B`uxk5bDm@0(eq&b`f~;T7?C!j*LnA3ye9rI+wnr*j^@9{ -zb{zEWIKX!Bo@ssm=a$>Se$sJ&O`dN@j;~AFh_>U<|7<%r=J;C^N3ZQ%{)XN9T04<4 -ztl{Xrha1zQ2$`$EEjPMc32= -zHV1Z0`1>*GOY?H*SoIEhy@MO-@q5&k*ZbkI>g9Nudp6YL_l@HANk??L4}YVV0V^7j(; -z8ja3{hp#2O{P&D=zRoL0U8|zB4cC$!?XQe$iP~pP9&Z1hEv{9p-=o@((l)ez;277c -zX#5-6-?c^i+mF$Hly;>3+j5SK{q_U){`=_KbTZ&P&b;(cYuymm2e -zz0R?I?Rr_luU+(2eWG837=u3Vr|VeO`gcSg@bf!sOxGp7e^2lIi;jgHJI?g^3GD~H -zkMXwk_tlUWU8ABrz5j`8&cSRx3vHi|-12;LkFAFv7OkK2?eoj}Y}esyRn#wSdfPS@ -z_WLed|1&zr9Q0$*)4oHRwym1;=L38;q2%o^yZIS!f7H!)?eWhF{P%l)bHR3>6Vfzx -z&JViQeNyj#(|TIG_SPp=pB0P#zM`%{N`D6BG+$?)>eu}Z^K+;6<2^n{2km`)>(_m6 -z`|{h?uSW+q&$HeS6kY$L`hGp;_vrdho?ZXh7u)}m>!^+Y)b;nX@3Cu9Do6Jc8Ru{B -zZ@vG_xxG&Fs5O&$9s1vl|A1eI*pCl?J+=2v-TgSf4juCADQ!gO{Coaq+wl_Lj^@9{ -zcI4PvOECuze?7JB*m;U?#~#1t(1u;RtgXXq{bBaUsnJ?L##%YJdHtUpmD`+l!ZFgK -zYwRw&MjrDTduV;UR%ZRRpu^vHtM`)n>qODo@!$2H(T%Zw=NR~h^@2vCn>$k_5^?#u2;=#@Hp!bwU*T91tKHI|YQQ84Zi~7y1m*Zvb*-($)H`a@; -z-hb%=db)n=J@(Q2>{+|(?^nj;#`#pMB6urZvYoqAR9_@>wJs!OtHO7n0^%>%RJo?F$ -z&+JD(e=Rq*&wDdB{p`Bxy4JQUU%s#HlHFHb@!axr_C)dJ``XUF`r3V$w#8n&yKQ$% -zV((Q~U3pbhuWH|Ad#`RwwCuj_%4^yZSM0m`irsB{nqR{F#NY0}`kL0(E3azX -z+mvYDeRXr<(rfnbY1?-tfA>84`P=<_+gtbUA-me2gKcDG!!*X#dpDZH?A&))ZaxW4|s&wJNX?xv3pZqQQuPm~BU#mR4-27AhF!^;4li%q1TkW4V -z&(Ei4&f`bTZ`bKIo~`Qldw%5>^E12s`1Kb(pTC2C%>7gLwBy&W^85)7(qrx4^0SX$ -zzuNOhw-|p@`SI(wd;WlmC1OYIzk;2|uV3Q%Mf?GsW6ggRAMVl5R_mkoVe%UuCcoM9 -zx7xoQp0DHVSo7OaZR6Xjey`^@KknG|S6^rK{XB5g`fGUo@$)AhCcn7h`1QLzf2;8i -zcz%oF)d -z^!#Z1^N(J?V;l32vHjDYpUVUsYkY+~Fw;+oan$&doUs#&)=&3*&B}Eenp?QCPbmHd$t2J}f`l|K(V$PrW$2fl4?y!nm-G2;w{#NZzcz%rQ-?8SW_*2K{HeyitiH9uXRpXU61tod)c*V^Bze!J%v -z+m-#O{X6iT0j`)|SXtF~CbC679O{YuYoKl#}GuRihk_45iXzsfjj -z`)f}-e*GrTZ|3pOvF3l8H?bdY`_rCZ8Q=*@&w_X&>YCkZMWj=FM;pRd3b|M^N<|@!6E0ey!E-MGl!AJ*fKKX4r+#C+;-E22}kd -zs{T@aR%{RPBtDz@o-o56d@1=Yp5E-~W%wS_^E^G*(`R0j6}y%6VN^RqX4r~%lfK6B -z@J9NXM{Vz*+v1kHG1UHB`CD@Vwf}lh^_txTevx*I@Of-sp&1t7^NI7#aIwy|H-)NS -zj|Zt&hpJa=hBc^q)n=GL&C}e)R&M~`PrZIry*@MSMb+yu!)8>y1V;PyqO8~}sFz07 -zn>WKbRJ~a<96{A<#%EK$47Fc!6*Hf4Gn{!5XXNdj+wy{2c6czII8}b8Fu00X}4A}__eIF4X?2N7b)0!vty_EG9{(oncA-kQugl-0E>YYX7yJpA~DMy(-lFSGXmp -z`7c6k_wadUy&H390!wdqn^60u0X6=5Gb}^RXD({~7Amu1rxMTMDL9B4Z^{fCQT--S -z^d1*)fYiTpXCe(hdM9ohEwY_<$?OmzJ -ziaiczP~(|4!y$~0PYkJFfoEtusN*jeb^OK6aG8sNj=ynKKeediaPhe|&QZ6~&BtiF -z+?AcST|KDnDtGnHvS@vjo9%81>bNMz)0y9d85E+9zXCH{W@EKoOJ>-Qs@H=$p1RGj -z3!g$eon}yr|3SHGWU5-K%rFnNe`fec;~GJdb`0POcHn(Kb8P=orLk0dH@{3U8 -zDm25@XW9B$L7qygSvG?u{Ac1tGnhrKpFvdplo__*A85BiF|L$Z{<0bNp^nEmzJ~fs -zES4giK<&?Q)czbZ!$H*kOrrMV+}XCh4Q?K4|Ha(p9k&0vQ1cRV2TMsO?nj#1(T$py -zE;DREolgr<`=tP%%=YG+K`v^4#?5f?nYLXEW;llLpk5DZ-POB=sBx_Rjh_!t{dA%F -zX-Dnz4(X|EJD{|PrAbzX?0w!80XX3|}Js>Ne&qg#X8 -zFIA}VC(W=BHJ{7HHhQT>*nj)wx&@vySpj)x^w`-^5cgPNZd -zY96{!?RA=ABkFwGfI1%P&7cl-Jk**&1!{hCQT5|yIDM8K4}GZl&BMzmw{oV<+mf3` -z&D#KK{H<;iYF-*q<8Cm+8q~OpQS+0F+TN9fZSOojNIZrb&!`#pVsw1sYpK6>Mpmqh -z`m=Z;@c@<**Wi<}40$QGrqm49PS1)Rpxrc1QGOQhBX0HdI{YT-)%dTZFFeJ{PvIo# -zxuE#0_SUM73XOh6Sj4`S@kZ<(WY)juXet -zApIn(H*bc+sCq-l-@L3DG=mh55)YU`JF34nGps_@OXA&>t2BcO{5)~F8RVnt<(c99 -zX;yCzzd*TJGnm0K;%PJJ$1LJLGw4QMlB(%4gL-^B{a2vY%W9#mmo#d<%$vb9{)BlR -z#vfo0PGbu`fHimsOHuumm_Y*7Uy&Kakmtm9%sw$IHc0x68BC*|=a|Aa*1@D1j$xYe -zqxf;kkC?$Qeu8+&4Ej**^_oE=-bLJC2KA`+>rn02nqd{H{Ui=kzS0aT@KeO)W{^O& -zS7ZiDPsob(5igp-0;>Hqs{MI0oI$lejW<$$$_ys)CgKS*7)G@>WCrc{QQ|f;XhpT( -zf@;6n3>#4G*W&=?>&&1QKSo?*1{J9G%FQ5-DdLzJtetA@ucF#tF~dbv`wMtG<(Sqt;V3>ikoRT2CcruvTE_$3@AynMSRzF+2}bcpLrJ;k$_E9&hC* -zCGiky9rmHhci_#GFGH0deVmm~N#ZWldTm9Oug4ElJ`YvC@3B_CQxZ3!)^#nad?kL8 -z@~in)z6W)FZB+`RJ{>1?DDwN<2qFTwW#Bu#tf=a$3c}DBv9=X -znc>o-t==N)e7Rr-Y1H|0-V8=D>fa38J#O>33e|rSb(~b1K?UkKDK~?BR6BWQIG<bHop-0rU=UR=WrocjH+fu+>c0$i9F>|u3FpU(-wUa;{XGLaEh&s*+%wYLZ*3Oa{j-%?0p{@g?W-x-f -z4h)+?3uX~Fn?VEWyj*VvW%x4MiKC9&(Ua`B?MEHAeP&RP^OVcQ63VsbT3mvP`%kpE -z8Wm5RU~va3j(I$}&Ek60ywsUtiO0nruf%QpmQm|_$qW`z>wCcrCQsCy&gBC -z=BWv_P8-dj0kux+&7cg`PN^BL5S%nU|R>utmgx>4-!Ge~D!JM(5Z=yA&9R#ZDJsQuq;22H5_-)IK;m_?jt1~JtBU(1RN -z=J0B57wWt=j9LdRsPlInY8}*?K^1m!UQ6Qhxn5M7VJSxUv#4<;P~$2xgF@7}3d~@Z -zQK_97R6EmVIF4#(6xGfMYMzG8U7*~B -z`d>ippR^gwqxR378H}RJ524BrqV_||3)wO)VwClpa?aug=Vm_=Htg`{HXa$o54J4{^rb}53`7S&7d1KZ(U~4gl+U&ftt6) -z|FU_TM$Oxl8T8{kn{;Jk9Da}!eXdTCu^PNnc>PGZQV^uomb7U*W(_K>+o{gEBEv=PtQl~pFI2`^O$P} -zar_c-%nTO(VC|>PZ~|3t9KTGtF*6v&apDm(=tGUG*9==x^;%Htt=SBkQ0uMH3@TCe -zD$Fn+qj93vb*>r2@$dl$q2&&#Net~jBW-y3j#3?gq#Vq0$GiXGuzXmfX -z$LlmtsQboTJd^Ro%`k>~9&K$UG91MBs(mvUKs_$#$7c3lpBZ+e_Dc(@e6tzkVLAOR -z{HHl1DK~=8!3Nxi^{DkwXNEO+8tqh@!Tf(%{XtC9ULRghyO`sN-_^ch=50>ij)~I_?Hh$6d+{2T<+y -zn_&m4e7R)5mzm+xZ!KOl!y%6cJ#O;2(c|SM+yC`g#kfjwi2YY$2E|He-6Zg8`Y$rW -zd`we54~HqAYX))r6miT9mVRUHEtHxBrOluZ)o(Zc96LR3lZ?L+pM!OtUy5bKC8+gQY=%WxNV|n* -z5W`>4-r_G~vCrTrs-HppH1=Z>d-0vL*Mn-W+YDP!$3+uPVFT(ouf?AcC-GJ+L!CcM -zQQKW&2F0kyI|(z0<4($@|IPZJMfE?8>VFE=|D+iXq54nZH?bdee&|8<-+>>&7F7Su -zsCCk0292n7(qINjRR2Y&?axQ`pNr~0j_N;Vh6@YU|2*ovGK)H|OriQ8!y9l2)&C&s -zI7pen0O~mCH-ipT|MjT;Yf$}Hq54mv`mZ#@1Zw*WaT@bc=c72P|CK|r*qyk5>OYOc -z^fzw?bExBd)(pl_{db|xOYNxhSR3j*)@p_=sBtu#VJ)hBzT~*cGsCH0*m6|v -zO{nsXW>AUR{u0#o7n?yYK9lrCZthfn!3@&)SmJpzn8T=lGpI-Y+fm9tn*S0rT>Gir -z2aciAN6oMYHNS1B`Km$nTZ-zp#0-j2{U*$y2-R<)8R$hm)l2`_>dl+M9ID=|8O)&S -zO`Ab2YP`j$aV5-fWzNPsf=VAY!!Fc*Z$XW>3e|5hYP<^NVVEqnZ)V>+Eqwep^J-y7+b5ZMk?E6-)2UV}z3>#4O3O&8R)0e(y -z$Hf3@J6lopTFfwss<$>{>8oZqgF1dXQT6IPzt;1MQT5XQV)f?Da1?c%HKFQNcz(I( -z=c4LO{i#Ll4&r_RRj$+wW2ob4anj0--^04mcB0DlnPD?({TJX5arqmT -zzhs6JsPlgd{xep4ewF7JVs!ofdMvg?{vfLTlo__8)@?cd8y0wezUMDb*!pb8w=uu9 -zsQb$r)cs|(8CGF}IBAAUU$b(HsB#Ntm`0VGH^XjJdtH{_(rJbrmfzBDhQ+9I3CnLO -zGQ&d4Zz(XtiLY9@aa6x!W;lxKcf<^fQR^fZv)KP}Gl-$q$=X*UgE`bXnMAFV2{ULx -z-B&hB%?Ij!wG5+i;)lpz8@KshHN$y4iS|Z3ec01`u$B6Co?h$eC8%|mhgwgIJo%u0 -z=OyK*Q2h?0`W?UzlHZQn&uwN{k2%yY_4E=?&&B=JoB5)ZpEkomjMg!#-=;C^w_Z}d -z3e|53s^3CbQtww7qxx_Daf6q54hX -z9_&ZmxAmD}FFuj|)MEyn_+!e|q2{C33`=k?=}V)QzG#MHsN<~$%h{f!BrZku8^=am -z`$y|{)eKkg3G};c1`GIo%8jA=9W}!qd?V?#o?heWMX2L=ikfE+TL7AyfR|_PUFvsCsF-Q -znBh1U(C?TT4CAjU*NJMs!wl;%O?siH7kK)@XY9Pwj_S8XQm!7gy=C}&EJ5{KY=#MZ -zJpC4#K|cP1atoife$!?+hRdXPczV01SEH`CrJst$uB2Z*Sojg`tqn&8tEk7hE2#6u -zvKcO65%HoK&Y?f?=465F=8IGaqjUboK9Yd(~+l{K%fas~&p-onSNUK&+z -z-VCQu^(OG!IEGq3{iu4&ci8n~$qW|oB-TaR3`VhodUdGvQGvSNl$${rs(h&##8K;K -zY0%csq8Ut~?ze|f^#{!$g^wj3FoS+ndwph*zsQ&b%2L?U2TYs&n`=c7v`Jmbib5Z>*-Dc}_9@Sq8)n6xO -z(O!ocw4?fKGlN!Ce=TOPnzH`pF-H9{RDYvp*oNw_9<{EkQT^qj=4I(tWPeVf>P?zq -z7ph(}YCV^u$`_*U!&Yvw^2=s8f-2vKTF1?(^7W|uvIuNgL?%GaRQZ30z3A9dfhJYeOQ%y1l4eh9T*t8l-@kG;%aff?kZ&UbnEX3n#@ -zX1I2<-H)VE<>$>{7=J)KWCnw%`YAk_@eY__FKRutp~|S0i3YKMiJBi@IMbN0l!#13fACJ>s?g$Y2$t>j-XRUY5;p0d;s$>wDlH7`qMIE$K>Y1H*$7}b9ds(!Z_ -z)}ywoQZX*w$aqeFDGJ`t&7vfqos6o}Q#y?ZP -z$_y(|$7d0$e4!bve%R(^&YhO@GlrU%LDanT;rkhHD{8x1%&;1@UaC;@k~G5-)Vw56 -z*FC+NO8uw%tp2w+Xd<<&yE2nc*4-q3)AYcm?I#QQO^y+U`~}Y(Z^zvl-^&KQW#>Gss14cN}LK -zj}C4OS2(%od^v|IKWhfVsO|1?J0;~>P}^ONjaY?`pSTgjN0ym8Rnw4TPL$` -zVw!_U{Z68`yH7IyUNdY!-KXndYoYuc2fMa=7PZ|oW;l)7?kO{D#d{b}iy1Vdwz~aY7?rPWcMdc9)~JyUYwrQQKW&hBNQuaR=j>HiIeDc2DAO -z7|(bDEE-F1@j*P3Awrb(Z853dhUz8|&SeW>m3HNzg%c6Xa$8Q#lyO3k1IwcW+I -zz<3g7Sb(|?uXbDc6*HJdZTGO7l9cN~ZFe*N9-A3^YmU%Z^BQL -zUghaYPcJ}S$5!6z<1xcYoFaYD(^H<_hLfb%d3vp<7o+Y2%C3vWUaakF=ly}4kCx3~ -z33c9E#5XW+3uZWn+KzEl`7tx-Mh^X&E;Hyv)$hRF)NeP#7L1-RLzS;FgCgYAR#RvO -z1*rP@*hKw2Gt`GQH136Kt$f-HCQ<8c%x!g>+$y)iU4Dy|UvMYgF}Kxia;q@Ocq-j8 -z)Ols;8fz!*PPyZ5o7>>ly1DLhn_U+cP}hkWk4N1UeuMOGoWM4Wj%R!i+gpxbCA|!_ -z{!7iU1hw9a%`g{tQhxSo8}F3c={CC!Zh^aYm5py1HNJU|C){BiCcO{u!cNrq8d2w) -zBo2{Yi5g#p8J45QS7wF+Q! -zz82JZrUw6k^lH@js?0En8egRuCQ##Bywc7WlWq^{{7|cy>u`-3=HiEGcX7X^FPPyN -z>iFsR^gd5-Mx8gRJ-y1)3-ObruU=v8teD{x>Npzm^g&N=N1Zq7J-yD;OYrNY=X!eF -z)8|_3cp5{Ef7A@SQRj_`%VRN46+3z{V7)iv$;9RO6yhTMDe)LLS(O~Wqh>III(~;y -z^EhONgBTE}%&;3(ugeUo@dDaQVmTJ#vlvGKK8kYrX0Wu+#=B^Sk9z*F7IUdzV+IwtgY*K_c=X{<)mypL -z>Mf$`&EtvGn=^w+RJ~Cw)_tQH4x&CUoHD~cRC}GMaWrEz4m?5QFoPtXLw-JL98G&; -zvFDQCXa)_abx@C*&pI=##TO9Qm|;1pUYQxhluo?X6dA0d+F3!hvuuV-SV_EShBK&o -z(`HbN(K>ST+?Zs%3mm+s(e4aBkEt0$?bl&cy_BR}7iwK}p!#n&!)DaFs72MQLX|JX -zZ=y~PU%}Nk@_u1l#;@T5euMITsD8TL4!2cOt`0T6Bx-ymsD6r+kNJ{vE4yucOQ`WJ -zn&BL3d=sd8qp0%TID)PC32erXVsDS1*ahK8k7l5YAyQ&fpC=iC?9B9Wuo`3Q^~;0yCU> -zgPngzQ0c>F*onGtYxML6PcK8AXY)Nh&(qVP-JeaM+8H;)Uex)t)ze!%J&C#x>uumW -z^chz(>Tzci>TzeI88%>oxZVuosB-!;5tUneePpWDO9-u%jf&4tX!YvxAdA} -zC8}J7<+qfZVVUK(l$zoE>uf*GxZQ4tTkTf5g>IfZ`C6+#=61R5Zk=20>cin$7c2GV -zggff?q3*MK+)mVeR+Hz~yZLV1oq3J5H|Y+d+8JzuYZy^WCXeTRS7}pxfZq -zO6Ii^b-quyYwYYxiC0nUd&LZwa2w~NMKhSh&r@yyN3kDu-_d7=y{P&az)=iS<`6-4ftNlm18%Sp~hKih9#)_#b%g` -z+OBjh&tFr19#wwM3};d0XUuRERlWoDJXXCsd7+Je%x!h+-5NLUuD;T?a{;xTQ|=&Y -zJ5#8B2h6Y!v)O;WX3&B!qg)kMV-hv)N;9lL)h{>0Le#jIUlEJGFKr1`e$fmUQ03ER -zIEgBsLTzVH5J-yA-tMR3zmw0-yr?0%+>Mxt&gva9^_jugx -zaRXjPJC&YZ;put!LDH9AX6-GS;W)mB^Z`%r_w*LLgY+6tulDpJyp{B|ms&fkW;l&s -zCVkk`hdjLl?4wL5NxDO9^HsCH}Iq@=z+T=;HWt>W`8IFCBs=1}d+OIOh5>)#IsP;!+XzRNZb^p*|hDp@=F81_< -zr>|UK>w6Yee#Q(3QR}kX)4M#q9 -zbfvAAS=4%&LZ$cO?bw5Z*oj}GeyQ@Y(2Yy-Q|H?H=tHfKZd7_L_FxTu0F(F?>es!% -z+DW>llKkoC+d7y)t%FfidMDOk2fh*uaS!b*RM>o{&9ED_pPM|r(bG#%=dqZluRSlS -z7fzz~bIRhD0Z(s2?dM8Qukdu;bZbA)KiB%5Gs6^WKeu~&o2OTz_H&`97kK(Si&p!& -z2)TsqXkk*dJ^A=r(x;ze=bJ9ne7E8Oto1m7EV&(p9*;fS;uOA``hBS5q}L4FktMaG -z7InPjqK=o9XOYhNY!)kV1RKd8zzXuaQRRBdVzGL~sN=EA3_DT%beLfss{IO7y<$}R -zaa8;1b9jD}{8rTQ)?$W5sO?@k+tQcKa0c(E{4`$A5|}cBNqi^qgc(#~E#(rZ`C8s# -zPNL>%9CaQaaZ^esZt?soRJ}6KFLn!*Pr1ob%kM|E*Xy=feG3p1kpQ};(Yp^61y9iUL{XAfX{it^MBZ)F>Mb)oE)k~trnLzF5wWre#`8}xp -z+--*S9@lwX8f1da0)`pK04Ug|*ZlK(*6> -zS}zHF6^b^TC8%)}pvJNG6q}b-RQduceZtfGQTx9a -zH80($cG^($(tw(mdaT1z)b^B^;aZW6cOI2KXNH5Q{oRbOW}NkSG3Tc`GpNDc#QM8# -z7$or$V*MRB3`$Ykr!P^ID^E5j+);PP9YC$4KDQgSj@t1h*nnBIUvCDbsCEGNhdhFU*;Zar!pmAm=wVj -z`V5{=`B7B8A$$|*gQ#_yGQ)mUKYeD{jw)Y=YQM~#eWLBJ88hs{%gJx@^hQrF_qfdC -zIKGf_MNdH5?LXDxHq?AJyX9^PYQH4h0@QxV!%oVt7TEroN9~_EGZ@Bl@>6b$+vwK0 -z)o!I^TqPbCp!QQPz6ci{Z_h`iG1?DiI3ww2993=v)y@E_em7QO8*02&m?R#4oXuwn -zwI2ph`=Q?qdr|%Lm|-jKq<%GOe^z;Z((_AE`?nCapH?1g&bS?t{z{wP4z)8BQ|evYH|v)(*|;p)lO|B4yTp~{b<+V6GC -zCHtey3>O|{`)LxDK4FG^9`}0OgzdCb<>^UJFTl5JoF_54^f#Z&eG9+NnZYdT^@YJH8N*4L;R4x{=RGQ%F!`f5V0(?-v4@ce4jx-CbozkGKo+v0x7dh0X8 -zYSjATz1>lIv8S&xdAc6Vp~}yiA+M!J>#obwJ3YM#@2B5J9AVxY%%C1WOI&9LJu#lg -zpj;V7@0-V$6MqT|vtw_+1OJP!;QSc=3U9)z@Pi(|2mhYcq6fVDsch_h~?9W3-NYh`E=rZWNwS(nZ&us^`b~7h(Y_8yRum9 -zEMoQZ-0avXYQF*#SdMD%IjDA?hpPX4gxF4O*O%>*lb!cDoIZljxY -z6K>2+({WVaO}U+JqnmUSZp=+{or~(bDYw&Ybdzqvjk#&IG^+2W+)lUAO}Ys;=IVME -z)pt{Fr`zZz-Gm!+)9k6JzMFD8-9|U*Cft~t<~kMCcT;Ys+vq0Ugd20yT%V%)Zp!U+ -z8{MRvaAR(o11qZUrrb`q(M`GuH|C~Ua8Z3X9Ux&#`k(G&m?a4Se{Ot^jPwc@)VsQRbR5CPsz>h -z%<0O>&7RGfh$%5SM-c$Qd<@Zx3`FG?Aqff}q9zApH%-rnm -zvwF_T&0algjekeZ9z8oZJAL*7|IVBpg?13v&SLSA~UD?@6zpV@U_st7$rv1*Wna(U)y*_K;dR)9dYe|m2 -zGi&Uf*mWSQ`vA@y$eNX@uB^c>T0PgkTrY*uHKNfCa3zcru(q}!&w6##>Ee3 -zEy=MPv&L`4?whiDZo=`KvL@v6O<5~)us>_4A6NRbR^|LhveF;Hr7vYIe+kFGoHg-f -z>>1DM9asK%R$2~!C2Qm>*!R_}{;%TV53-hifTKUo8v8MJ{UodVCpi0)tT{RO)2yMN -z;>u66R^{Y;*3>-q-IvvWA1>UNwJ4{5mNoM;oLR}5UBT3YS%VMa@`G6`a^eqJlYhY8 -zKW6p)5z~LnT96~FS);4i`A}BZL%94<)`}eYVD{(-vuUp{d$tdkKa#!j5$wG+yYE&U -z8O$CX#Q8h3(|6+1UD?ZbVfSaUdp?8xBiREZI69g=Hj0yXXHVUYOJB@h{v!5%IlJ%6 -z${)`j8^`6ZWUqV$C%=|G^);n`J$vlyI5n9)J&E(*%1(a^SLd_W<}rOAn~r_y?EW;a -zrL#Nl$B{$Xqld76A$wo}r+=9}^Gh84Rrc7gaPimKOTWgM2eM}$z^UJ5PyY@Ff1f?{ -zdtCl~_KKYT&+M81#G#e!;T2q2$zGK+tJ$-wIQ&rd$V0gLQ1+VaeP>SJJ2}2m2XY1v -z;AB_Ml#aTkcjYX<3;W)k)BkQ9es9jmdvW^xIWzB9es9ilFHU?cXYyk>dP~mOEjWK` -zPWo1yN#)F@aP_vFwcBv%_MGM0v2QS^e-OLx$mzKQM?Ri2`f(imM9$DBb-PQX -zIKKR0#W%+1Zp7Z3;(a&a+D-A!eq88}FUr(M;)5T-o{z?RKZ+|Kjjzg)o8zN5f*0z#lR7P<-$qT<+Yq(#g4h==yEL*W>Ivx6Qp1d%L#vb>Z5(w{>=7_djgw`3D@k -zVcYl(IMTOmv=6)bw{`2mJ0R&ukn140exf>lwkt -zk!?$I;&5`Kzz964&zpN#z?}Z}Hzg -z+u{k2U;8YJiyJJz@BlIGrM%Za|kBd62z3R)Yy{DI0JpU$( -zFWzDC`ro(z=-C#pywCFgt<>Va4_N$FFTeix-b=mw>Jd$k{UyT$8&e^#%ns{H!jtKH`1*Z+R& -zpS=C`zsLGBZ-4#ow?4(!LlrM7>*q;4I8=MpA67wCC|d+Mbhn?t&*D_49I`=RYH>GgeHS`uP$6 -zE3TqX{hV1%oYNUAyTr=hN83^Py_TQj`T3szHP0XL_Rf5<)h}7EPrIr=(PZ^M|02t; -z@cgShzuk|Ihde*m^Y8ZjwAM5~-(~yNUcs*|el(9C6~{R)^m7`={bRBcu~MGz*U!Fs -zi>G;_*-7S{udU1?$wrG^)!ob-lP5#vF^PV -zpT>Da?XUm+?hn4q;sVQ#ea*+G$AS7e<+YYSU}3E8GK<&${`_TLKYfPnkI#7dYTw=~ -zF0}F`dLoFQzoVGOqt~tU^LW!Pv`%ym+`SuPlZvDKSC!RF^Hn0Ef -zI*Zr;-t-~wZ~gCM|H~^ZfBo-uzu^*#7q>^v#a{lm7O(%k@%Bp3*XwZlS@8U2-@X_5_O1W@;W?krc8+uX%=`Xc|NF+T@a^k3 -z-}3chp0>aLbc?_1<6r-K;^+JRU;q2mIUMjRU;1t<|EV`vJpCSvKh3-9d#g8EoaOBee#GKSeg7;0hGzNXWxy{BBj{@%v<$Ip+aJz4v|Ggj#5g9CZQ9PeGHTK$`oR=&c^-=y;! -z80rVa4)4@Dj`K_WYNfWclsB|L*que$Rii=NJ3_ocH`8&+qsAnVYTs^Zops -z_Wb|y{N~?yzMr3yem(lH6RrP&C)oV&_4%*$`P}XEKj-be&)c8z_$6FxG=D1(So`1f -z_A9*ocXC}&eu=mL)E5%7f2+OyGmD6GI%8Ab-jBTf36F2^_Gf=(?VsS=U*_$9!`mM{ -z)yDsK-hR^Cf2+4Y=Iy=1$5-q1&-MCUPqg}9_3iKW`d{+xFY)r*UuxrB_V#}6Oo>dxFOUe!p;TndR4d{zaZYpTFvTem?E>JH7s!ynddaFHZ3B^?Lp{ -zJb$d;+JA%Rr#$~jKK`bgE&oC9zu)`+ckjQ^`=9mtBVNDP>rV_@{r}efW&WDI{1>;` -z{B-&C_&(o1gO^+R*KvQL`D?qw;zeJt9iIP{cUu0~qUG=PxX;foKfT`at3Cfz&u?eD -z_46T*7yNknjP8H7rD7@HzV=Sy6H~Evzd!y*k2^iSz~lA%@7Z@)`CiXo^!!$j&(L^i -zuiN7jJipoFPgDOfS&3NTyJOMM1B_4c*n2GgnCI8`SbVR?tG+&aJ+AQU{kX>qzW-n1 -z?e+Tgq0Zxezn}Ql+pNEttgNVmI~cF}FW^H9`f2g@*8K6Dp<7tW_zPkXG-}e|xxb;mI*DhK7L656`Ve#*M`%4~W?LDT$$~UZ8{)sQMxL~Kn -zpZGhAyBjQ?^|-Of;;VhU)fLuWrH{8PVR7|oR==s-$`^S&@Ewc)9yI=0zu!8K<4y69 -z-)}vRW)xQrP>>&9V~*n1i71Snz25%47JrK4P34O}W$`CGf7p+&b3I=5>(8vuN2%Yh -zy~X?QI^F93#_-TFp>)Zb{%m0?|ujw;vJ|?fX@mVhacKG)E -z$x@bHYH=fP=F`uUy}y-LTl@_lPx;waek|a4i*r5k^UbLqcY3_&@%rQKi#;yzrQ|;gA@rOO`_V`0y{sga|pS1Fy^ZYk>{=CO;^!oqo@qHdoc%1g~ -zs~$Icdk=VA%=yx0A{PDp%gLMLyD!}wU&MXt#`4d7^yawl6`SLCWR$NzV{`s~_UFd- -zR^PHY9?8hBPi)SAR7U)cjP?sN;!kt@ZtQR6`J3Zkp1V0d`I^mf$5S`QdY{Y2_EH)1 -zaXaU=jrrfsXz#AaZO$)l-5fVQeRI6nyg7dGiJRk>KX!9`#s1ClH5v2!VUDYfTKb&&z24qBA$=-@%D?WBscivpN2L%jWpnvo^<1&6w}C7i`YI -zD5L#X?cJRJxs3Jl1#ifGtL+1U9mZTDC2neL&p4Ozj<@{Z)MEy*D~g}Cu4s9lrg{hewmH?@8=ow`=^Zg -z{f~_K{a(iW#xu@;f6kcSmW=uRY{vY)K4X4&UcGsIMH$Ceb>rsz!u-wg!HoI+e#ZRP -zWE_9{Gv@b?8T0$}jPuuQ#{AZ0To1=G=66TN@peu|`#UqPhi7H1m&-Hew>o2gO=ZmQ -zeHrts_rqr$UY&e4GGl&gGUj(UV}38onBUxt<8v)zeuqxp+~2RBw>duJ<(uQd=WdRF -zo^d^S_O+Yyf08lYr)8X<-dwS{d`(7wMH%C{^z_Z;TQd54X2$UlX7qP&Mt|33^w*rx -z-*`rUAJ6D7%;@i$jQ-BObn|%MmT~@hT*i1l&*O)U`~TjI`93LQJfD5b=JNlMG2iE9 -zjAtdIzXvkX_=^-qe{_mTXUMEA2t;?GCN$C0=;x<5D)KP}__<<;@c?SCnnpCjcz -z9<84v@!O;QbtL}B==eAi7ewplNIVhkuOo3)w11AoKgnqS!Ho7_5bd8M7i4T-Z$|sw8SU@NX#ew1+&o|J&e)$9N7v&c{auu?KVOrvKg%-q -z=S>;=)82o4q`gmN?9Z2H?9aDl?9X3i9G{=gIR7tX#O2ZbYV7cjzE5i7@%prk`^V?B -zZ_dAS*XDRnM*OCX^Xcsw`N@pw6bBj{kER_d`#p-<bH?_3Cuehee;>t1_HSvP@{h#3GxGnLjoFyr -zm9d`g%!tp;-dz3$hPrV+vZMBnjK3)=e<8_v>uPNcV|X_ -zcW1Q!^o;ty&d8t7=>L|C{$rOEU;V6|yRN#fwe8B6?`ykc_f=OsxBS^-1)5MU-Fu_Zc+N`eV6Uu-FD4Yd;fyc&)RwQ-n~tk1uwhulIGo4 -zH}AT#^}5(4SM0rFk0f#L{yiGnuIAnRS9@iPr8ez7R_fk8O;_)J_1>%YT}mmos_eyA -zUbDYxciX-z_m@}gZrlCpXYIV?qP?wG?Y(;M{gVt*T*PeAu6D(qrsj*AcVETMWBQf2WoMVX@S1%sZTt3La%szz -zyD4Zxf8*ZE_U*r5&z`+kU%j5RcYl*7_{g61tg~PIf1A73t;TU>y&r}10=;bKLUPtR -zKTJphP17*A2WIU*UM6wUZk)@+4kZ2br%JM{t7V4-X7<`ML+nziR8^8nrB5=LDm{xg -zo7IMqZI|(G9Z&LjI;4*q`z+{geVA3u4Xzn(YAbROS5 -z|ANvF(i@_3_J|rhivsA{sK9>dFs?J$ZeC+DB;1|j`(!!4>)*2xyjmG5=B+VkG^GK(iL3f{GDFFV?6EY|9^jn6x-r#K -z)<=a$+e%PLn-oE1gs4S-Qp=wyya8#C@I^H@AZ8Y6KuY=B^TbSEj?@R`^*Akf3V+;gC9(arsWl% -zdM_Jhuw%-jVcuJwH-kEQH6IrVh=X4y^Ek_)8=ACMkb%E8Ap_A3WCl+V>N38)In;i# -z{e9m#zlB*mn!|+byoVQdP^!G+d2xdt$IEQoI-afvhK6yB83sDxr9mZxOfa*JOfYi= -zSy9`4{~3nx0Yteu#5wc-{`f^g9U<=3hWmTRb>5QvC&Vk!EFL)fzo%h{{{&Are+_Ta -z5%5UEG<{vrI51qSrrR_o!MP<$xlFQkluv#tGf`cn5X_(Mlrn~C+d!qw+$D|f@8zq^ -z>t4pQXq)B%OpeR>HN?!D^(rMX#A6|eUcPt{Jar~a)2f>304%@fLt_h~pF6idTu!2O -zwx!iUSPgPKx?Uzk)IQ9F(%k(zmlY~1rys--#Q(5jd32pgvi=!E@VU!%`Bf%dckgCl -z4gp=~egmtZJcecCqkF!I-sII*y=d)w=t(@LJOxAObEjq4@!V4~G^@CVT@Sj1Ki|ah0#+?|&Uw*ME}dig$?3VGl~2zVjeTma -zR`qu2TJ$*WmMdGgJseyHJ}z`gjtfjSjW>r6ZBiFH6;r7rorWpzPV)HM!@S+0%@%sp -z3AoYuLG>lU+`V1D+d5Rn_PxpPkLPOg`(wFQL;$Tkn%7US#+koiQCkcHN!lW^iKq2a -zNL`orGBJ2?x-`W)a{QrFsBGjss*#K>TxiTf?w0S8Lhgj`U{TTKSQ}uCHDGEO>T0O! -zV-1T-_E7tlFjFyhu)Haa0z<6XD5v0K>Xq-2$J7s-@hQ@67qBz%f;$#vR-FG>M3eFd -z2 -z)|lIcMEGlzZh6H|nb -znb38tbmFjEB$M?z`S4mv(lE=Wwua`R#XOu!VQ0)!8ziMWR!f)s>j>@Dl?a^8ys!GeJPphcH^l7D2hB&ph+WB2Apr}Zgx^+rPK~_phJr+u?91D@48VeN<8H8M{ -z+6JxbYXtHhg!-C~cYWBGE;_wRr0qm$1Xv00L)vS);l;a;Mu6q3UvnW{2MFB?F)g`t -zLxnh)6(di{mYCtdfQ!TwA#8gG#-ogM4%Fw}s0ktTb`qk%L?G&?MWC#t{ -z)W;@qjUjqT2zEA>Fg@oY(CJv^D2)!5b){O48u*|BXyJnj)GRGkk*rPOsUfwPxg|Dw -zQ$uX@rgo_G8cNXhCQ+9ESkbN;diiRn2N2ui4IIKSrC4s2}lT`+j|a_t03aKFzwf5Jvz -z?{OT$&-LE_It~*5Tae@<_-zr!b5vmvob*pgNUQ;bkEo2RwUC;@|C&`O)dVq -zah%1kZw_;#8T?+(zJYGC4){yUdkjVA0iXF!b#x2POok*N3MtX -zKnA9Ao%QC0NqE%-znEo<+#qBN -zaBYAh)aA^gG%w_AK|@f!4-)SjwFbDiJ#=VhpI7M5W%oYRCdG{CddYIVEt@uECg`rV -zIXoXZd(jPwF=RYGv^JbwKdGu>X8y$5pk<#_8;KA;rY@e4Q6ob!q3=19)nX03gl{rI -z9@HNP&tX29O=dos*+gD))OZ{(Iifs{7a}bzvCjJ%dQyg_phU>qHb7T) -zT1Ld{-E0Pkb}!0yL4v_aIx38&g(F7{IjxES=ifJBd1gtEXnO_6f8k{9p1kc99No_i -zZ1*%4am>y8?7-G8&1VL-c1b)4wB!)`0|Q&TDF4E~QsGQTj1!b2pDKCsLV>l)=~0%+ -zuoCf{0!eGwX-UQca~xJOmhi9=@nZs3GUSD+5GxUH1I>%riAf`H8^~=x<90PpbsQON -zR$&8DE(B3zlMnk4xi79gSrU!XT^xpS}ZCrA; -z5kXPl?f>|VNcr$k&Vp?-z-$+`?JV(3nrdNRwC7GYs6Q;R1%HS6jpz_c8-M$MKRkpR -zM{lWQ@p_3wE1M)5G?!>~Zgo;9pJ{%ppS~X+}Nth7RE0Cnir|B8pDeNt8P}rUNu)DolOrAK`(mHsbj!nJ;-5>v9IZ5<_@OQ8G4mY -zq;(~o#G*h6;ia^u#Au#1u#4ni862^OGx>P}nZfMoo&<(Z!H?okabhZBINyNtqUHAa -zcTzl||9K++(K*0lfT|WZ5M*R~h+f%1Z_j{Z?r_MRJSlF@U{A_3Qlwn-n9gJ?{8_JQKuT8{xFBpm%)Ge)DPO@fAV$9E%$20N7Zhj6 -zNyF>TkP{*U3-t_n6&*c8uISj_&zJ>-L(>P9SA6QdY?#50DNjZjeiZ(l%_xSONZcCc6f~1PhV{|y+Gcvv+<4Px! -zO>dUKxd}L}0f%NT*|~hm+Ej)bs!<^}f^lNs8C2E4#+k;%=!1=j={$lVphWIEc%Mq) -z99nzHT!~#qEyEqkTt*WM>fzp{mZ4FkP={?y*o|p%IG7)1`7}+Q!z8;4;0iCi&&bce -z!AX^Tf04N1#T)$p;w?8jQXdmF26{Pc~I -zgBZH5aCIAl@bq>C+@!rjw3oXFB$JB>nDYg_dIWJ_@UvguuEs!LT=fF_3jjR#{GTdK -zb%mC}U>5k5(m>7b9^pAt{A((sUIepH;1Gg`s_N{>bzZS59fn~Vo-^Q0G87?9F;t(% -zHxe93u9?8x%wzB8?noMC`0R~HqYz~5AgAi29xj4@DoxkNs|0gxbZAu8b+&7qhu>Ga -zmn;)nu{d@}?q1<;o>xxkB|;9TZO!XOrPuu;$ihlsTvbJGS&jL75fy2diHj6h(1O02h?=o0O;{CT1nymz&bKqYE+pPO1 -z1=gN~r|;=3wYCDd89?^M1;0abSEtxiXUx#JWEZvw_~^zd4fdQ?6iwmJ6oaq=|NjHF -zli|@~3C~(^FNO*4e$PWewDTP}v;Rk7Y4tK>w^hhUlcth@BT2vlZ%+k8tUZW<0>Ynw -zx|almN9h7zgMeebhl#Oj0|CLRaOp8~|6*o^KF;DsgZDcvaDPoT)b;(Z6{>(H6bWRw -zTlH9bQQJ5RG!yLYf-=BjN>@a)$p4@=?#J-&AOR4zal~_5QkMJu2BXGtQnV9D2sQ(g -zokGGsS?>feWU)E0$BuEdr?}b?40hNWhaXa~X{Z5e%dAw!2BB@uZC>uy6?u -zBa)Chx!?Pv%HgSx+{-nQKEpdLh?vPxSj97V;}Hh|w(oag9;6SynFtJVMxbWcYk1~U -zIo%)}P6qr{_K4|W9GJ*eXJKo$+62%3P&>UE?f{onBpVS_rq%&jMSe@-2h|~+hWMa5 -zAfw9LA)RsOc_&noK}BE^*duAGqZ9L%baPVP991E)bs^|4(bIrq5Wrb*W!27#R8!qY -zKxBMa9cCDpRGn;LeG`lr_^b0(LRVr(uwOLmbm5jK`0xQ-zPsOLPM0DFE?ifD4X`ey -zMa=IxbBiK1I0mD1VVvO~yEI8f!f$d_a6R}@W}~Ajk7rqTt8nEw2B2K4{J;HQHw8dZ -zZAA$%g{T_7Bf_sxCK-9a`?C9!wSwa9(9H|-JuTtRhUUeUt-=Ef^6j1G1-Zb|{SD0- -zfXL!?4RrN&!ZtuFm_Bn|E-onx@{^NI$(B*mx6!3kRY6`7Cl1Li9 -z6eH~TR4qzybEv#Y4wf%$o5D;_cB$}YxdxQQ9dxyno@c(HPAzC3zuXobzrMjubekxJ -z&8|S1{`nLk&dM(6nw?CIT4?q-zbLbSsR-T>5!By}0dw;N- -z1V7Bt?{+rOhGg;cC}e5_25@{=)*o@cmqdI;ye -z#G9vKH%ythq;FH1=13uS`{bIH;aE#y8Lsg+c};B#>GkpD-133-NQ3f+)uSC@p&^nX -zYN=HX_qv)X1RU)c&-wuFhSNS&5AP9`t5i5KTO0rtZY{(8CV$ROc!oPX;VH+7ipKrL -zcbc!zLQ_%v`Z{BFhO|BBt&Y6HBFR*iXC3G{lcCO@ -zlTf6uU($&2esL0KU?@+Jvxv3@5U3`6vH4_tSMK;2-xeD;#&_lZi}7u-jUv3OS+I9f -zx>O$&r`BD7j|rc?BG&}?7jTRnkZwf_gSSqWN1MF(rqx^U8qCGlPtxnB;8A+5Yqs-@ -z$W_V>4jusJpsY$K23*}b27tnH&I+)74WU@&j)pYN*e?lEmWJv`E_&{PjO3yE2u8R8 -zVd)eHid7Sm9>~oUz6c%mFm5E@+ya~nIS-@VWPsOe5pxBB+lOx$tKV-6g3NJS()Zmi -z;4T1O%5%eK`c+~IdnwXa?)f&K_3#U_e*!>1qxb*XfZ)W+qSmg5RoeFV28ty*s+a+aL#KC^R96;W7$OAy8kY8=~x)s8(UjD#8D~Ag56?ph0eEBi&Fxo7-wi5EE -z+z%?sKU;oKG5L$<2Nh+XAw8%NA7c+H2BWTt9{kkeHHdyCmJ-~PxIy_s^_%jA>Nw;D -zdQOWl6pzRe_wc|C3O`7e5X-?=zu~w6WVP`o*Z9YN9piS!ZM2-jS46)@i`ajLX%%j^ -zd_1@$mVkB>w}rh!_5=S!0bMT16h4K#S?$B;)h?cft91lBaFFj$vK+tW4tL`SwCl|Z -zzfs?amK`;;5>pXfB9lWUga3qIK%_6u7xq{C%h~_@-x>SmwZG64b!Ta`2MplZBFPr` -NrQ82K`w#iw{{tE$12O;r +literal 176808 +zcmeFa50q8cecyZTTo?uvb(?**zaRJ~UwNSZ+duu( +zo;ti1691w<73}yB50iq&eIDI6YTGq%J<(pcuwttKWK#Kt1{Jy-f#SJF28NV_RZfcZhi>- +zJ{PV3goD>9UE}Y+IeLE&dV6hBjD;IEY%FZpv^DpQjrL_y9@qYjrSHGl*TIL;W9i?F +znJuPG+(ff-ugq-;|3A!SOM%3sxh8!v|3yfaa?iI0fsjzXg?F?B%lPs9KW+)mZw~_C +z1^033?-TAi$9*aQ|H1WHts)J7KTXQrTq^q0UpH-I<(BQ6X>`Rco0Z13kW2XdwBf@y +zw`_elh~?px$>-^Ea57uAZVbyu;BWX`ZY!dxgAg6Qp6liN2NTRE9yfz`ziC+aZQYXJ +z_{bx!i8Y~rLuSk7{PwL|H*U`Vnt^jS@FIBK|7(wI+xQLA^w*@kCC|QYibvP>;@7to +zH*eVV^({GXIhw$^x95?KTX#4?G=1N@F~6<2V`IkQAvs0x6#wf?PT-S}XG7j5^?k1R +z$S>!%<*hpV_YH8q(No+^ThaR_dZT*ohpHkXFc^&k=l+dIpt#NQKcQD&xetQJgTHdk +z#%)GJuTL+uJiKCSPjTDU@%j6Od%sxp;tA!Ppf}7j9zI)t?U%Q0Nx=D8a7)1X`7Qa} +z*H>)cR@k_CTQTn&ANf4oh+OZN1G{(gmdzXQ-~P+Lyk)DwQTgh8l1;S?Xi`2S1G%l( +zQ~Wv%zAu-5Sdw_V6pXz2XsYsNCg@w0e!Tm9x~Y?z6AW2IptfGkKnQ?Xj1G+GFRq +zUgA2#^+HgC)+f2}s=<@^cMUDc)7H>!4+IP;2|vhHHg2+>A!LuReSX +z9z(+sWJp@|2yz@ij)TZ?2swTaIes5G9!8G8gB+{Kv4R}S$Wb^N9Kfx3Ab{7YY7QI= +zhk{xK8JCf9m^bhVC#Cny1DE#B+6B?FH=e)H)7n>PCI5@$KWpQY4>1r49qvb`@G5+oD%-38I22n +zyz394ZDx7+t`ppU<@W+db%A=6Pki^fSf{Vf^JG1e;rl}0`yji< +zSmP!eYwQbZxxGQHXGc)W?|%{w#2UMaE#O_@Aa}(Yhqx=&803CC_dS1&m_zXf +zzQ)ELvrOz^;tuSzjXh>?zxCQX9+CXB>#fd6XS3KH6DufY=%(Gx +z$L2)ikhKXPk1eBIpNSdPHHjGnuLn4Sx5>hr>U{V;ifek~@OrU*_}#wwscEm~HV3uO +z64%7)-x|+f+#0F>xp<7xvjcm)v$M8o7ybs@DLeWQcGJWddtHpN4QWv+rM}KJ@C>j|a8y(&m3aoFPB@gB!#dM~E}3#2FRhj9452 +zZpEYW{rKN1_#PvUK(1xt4Yg4dk6`nQr(7OvO2|CgviU$UW +zJ7}ZE$K}o>VuDlTKW%MA);*W=#49flui*Cwh$&Qe0iTgO<9y!>__`OZ&TKy`T!>Z9 +z1-0!yRyj+ovVi>XDGR?s+>u9dnZtc2I4&3Nw}Si3I(^8hxWwg=%$6$84D#G+@z_M& +zJ)O17($&q#Vo`v;z%TGCE)HtFZw0j?I_~3>+){8@VsS9Bh<+~vx8;-_oYL3ZMgFTn +zt?-7Wr^)#T}P6jq}v(}LO`^DI6Z8N=6NJ69|A&hfR-YV-XO`5OGk +zuaQo4f1(%zpX +zCVvdwd<@<6enNfK$6ho%Cgzzye|2rbPOt4We!}!u*I}o9e|5c;Tj+aw;9101#B6_W +z0%os;X?)M-xbNAt6`Q{Up6{fs9iV+2a<*T3xXao8-N$sko`CPn^Vw#+O)N>kF)(b!NO*r +z32Lw3=4=)1dD~KWGl&i!wC%K)yZl^Xv-Krad`TthOI9X)2|Um3aAm8MJx1BR)Q|l! +z{mXUqFPFLgCHOtOoc^WymgwA(A^MkH^e^!T75ss>-zuM{yxLW=e_31x{N=psqF!+9 +zAo=l(%k1i)mRsZK?+$8T_V$&sYRknnT#JKRVUg8K*+SWr>_y7a +z9*iw(=XpU8x54e;xxm@reU=ANTU6Lh|8p8;&QkWAg=6G1&D%L!#^?m~73Vs6Q-5Jz +zP%FLwPPY9$CHpTwAY5eQ4V;-2 +zsr14oXx_~4p1M7kER2ocQ%}oQ$%C8?tb;tGFM2jMeu=a3OUAMBXFTnVHh%0w2^+r- +zK6G=n2DYwNbP_vd>U|IKHnttSoApC~QhlWce^7G$iM>HBwu$z=P#nCVISml+z<3@r43+{ +zHtobN>=Iw_1L)|+!|3WB=LgX1;y&jG_Q(A|(>}lfV#kA&ITYyw9CLjDe1Yi$+`tzc +z!51_gZv?l{)`O!ROH7P6(&mcCoqae;o>TY??7kmwEUHZ^op#xu#tve$HSQSp0iH|P +zZESJwlx?@Bee+z-&<8k!Pr)`1VE2tpI8DCioV_`NeZeLvefx{fo}R^@_&&gkZoCpc +z`SD6)+mJ_bxx*c~6uN}_OmL6%0d|sSsmmjoEmI!)3Fw`{qldcJyFNfKvRLf;0N|&- +zgCA4$J|wpc9F|)8irfqOy&PJ)DEl07{mP(Ld?Tn8-m>(V_@8%X9Bw7L^8)qlCSJcn +zo~z@;|Eq&qc1=*rbvs_H4QhYn`vI#hFE$DeGAS$p&&9xB0}kC>b0|BP>lMn=j`9~< +z`-(49*Ts5W#?H;-eY=Cdfbmi9yXFC-oogB}rgNPm-%FO3p6TfSH0PHNSsr9b(>SJJ +z7I)ic(@shEeFNh!=D7Te$pg*?2lyv`nrFvDJr{a9YuVGhTVMALh5e)*BW+(j&Fhyb +zU*+9V3(NS6na*F#9LHary^g<_neZ2_)csmu@q8cfH+}>BO`l*bGH!K!0(dB178Y=| +zSbPdC_WggQF907*Jgsrr@t%Kl?`h_>>|EK~jG6Z{Ch%-&9yVB)=BPBM^7z?uCKw4) +z)+b7y6@K5Hy3e#5#nff&wQO%RrY?5`BU338oky{0_g#}sO)(cVK-<$ejASOb{iQDh +z>yB#{=7$?#R`3l`c$Kt;H49iz69<2{MgD$PwG0jY(4c3**7bDytJnI8j|Yg8`=M>X +z&=x#3SbC6{`YYEowy*k?x19cxxj*gh<eKlWyz +zBQ-LB&1qx2TjSq@*g1_04>?;`PIrSxx5k@mer!c$2h;a6cXU6v$)*a1ozE$!A0Yn& +zF25bGDW|_o+LxhaE%>Yj{|CXh?b`+ieh--6-~(*~&}L{VeFfNG1@>1%oS#LGn(O@0 +zz0aBP`-XU7xOJpFY-K+n-we;{bC;T{oNMMGpFu8Wz7qaw&eG^iJ{8v)eoJR6nbgQa +z^g=SObhziF?xa(Vx?|Gnx>FtvMpD4>`XhN5-2`7#&rndWr{ta!@j*2ojC=tYF`Xi9 +z5qMrgN81@I97Jv#5@UsG4-L9)(ky=JH&!}qoqn#<>fA?+EQZqeA-@^d2H=I-fY%i( +zC*GlFRzIxo>W8)g^v259j-B<>{~Lh+N~@qx1L#j#`ZJuuFW(4Ne24mJ!X3N)4lZ;Gu7N?C +z$wQj*n6zQZLG?${N)}h?pz5j&1%_vySF%6S7nPTPtdwj!B#vX=%ff3mzt?YUk=nOx +zOC5%Ml!x&b&BmcJ@-65)dN-~O!Dh;a$aV<+0CkNSn=D??MvR}~p0E{)@nY?lc0##6 +zwLy(f#@bo6L+PzaLvCtg0~vIwWYfJq%cuA}Mz44;Sqtw<-r636ZwdbK +z+vrrL-qu5%BF*Sehs|SPVsHAvYe06$jWhN;8ueZ}Q%=v2eVNstz7M%I&IR}5hx&~? +z(UnM9>59r;X{skvM*4YI?yxqcoR=NpH*!*Yjq8qIJEOHScNjk;I%k`F8h?zBLu%cO +z*DVVdz8JXNO?}38elNRwErRKh4 +zkTJj^#sH0s@`1HC8SkG{BVKpBj+lJBH~P_0*AK;OdM8>3O4g3_)5hfE`b-zEJudN%6pD85C0MY526l}@S6 +zuJ-fqq#K>>u=dE{i%bWIxhA7`(cjX;XK2%^Lw-bl#rqZ$x8<>^Zk|fz%ENKrCA_`; +z`lHznck&p!KVaelhwas*qfaKy*=P4GTUOz{+NgY&Vj$sS@X0uM +z_#$inXM{E>Z0F>$a*X(obi{w~Y~BM~b+iR-uU?qu=J|(^-KfoL@ppbw_-Cx2wEV<| +z4MpA!*WcN6XftV!Huo$Zhwn>i(`GGQ&Nq=}WSQ4HwYzlPr;%p#f;8{b436mt9vu-p +zOuE`^J->f8c=-3j*54aEpj~ws8uL6$2b>h3K(B4_yH+g|&cspcyi1N+q +z=lR{jD+G`4uQ*uJUBwQYB&D=t)fRK3{I5QcoN_uKu(&IM2P=ifPnUsB=`INWfpWV+Sbb9k&aB71A>dB;1n=d^jV4ibNC)<33i`$yFO +zBv+qp*TJ~!8?Akb$N1jnKvSRQjnr?u%k)E?Pc?W-$879XPFq_f9vJ_C?u31q;kti_ +z^?!%{ZrXWc(Y^<520b01Ju3c=_8&q!+~I5i?~T1s +zyfs?4=h7L~TPDrhv!uWA^J%hM-tY7ihblhye(O(VQ%e?>;y*u^uk~e`cT)Rn3xb(# +ztgS249)2&fuG#lbL~k2@)&I7(#_?y^;R$SG+e&p`(odS;dwHrKc0(IUc>^bJ;Y^c_ +zL?;ACHcPfk&&F=KJO&@0$F+U<^e7&JCtNz5j%hupS=UV*QINetN22Tde7q;W@Sd(g +zLubz49-Msp&fw&EuKvKTVN={C8~G7vzjS-&NoegRrg?b4t+(^<^W_`cv5)VZiw%V*ojE(6r|6jh}#D^z*|3U55*kE|2m|Fe+N!;6H`%9CI +zT?@wm>*GBqnyytRRynS+PRZEX)-PSF +zM&_h +z8e}u;V~w^AVdG63;%?dy_mb^HOV=v2JN&~5jg^P7LPzshp^}cvsgkbKr@oq%&qwJ` +zf8<1R9f;`Fcy+(&yUnHlAH2HgXPh4e2W;|*g*RFI6vn*RW66JDs_!4TKB7ziVVg~V +zx+FXzW9a-gF*bBsA2-R^l2JDvULKxgY>LLb>*L+F|77t@)yMgehx~=s+bITzSJx^X +zlj%RtVC*$jJ(5q2^b+91|m&!WFO%lNF)BvZz}Yv)~(w=3E$4=eCgcK$MR +z0So{6>fgTSpHKVkYG$$-cW!(0H(s6J;bcIX?AJnT^N&>Wla1btee=6>7q$nVGW8BQ +zIq~iu;fV|{%yZ?DHRVsZ@(+K@%eGYKxs&Bg$->CPy^G0oNW7eJEtF|VJe|Q@$82P3 +z*McfG63?tmTOu;G=~kw`uN#$ViqbI_@LIeNm^fmI&zKij1D8avy=ieRh?+&MPw*6WCn-t-nO}G4; +z?@eYH9f_c +z!{cYOtihJtvYfz%|J;ieo+*q69 +zW!m#H>r*bWChHZ}f?PIvs@a!UoGe^%u&*|O{YC=z8xdUJ@_hUVvBI6iVeI#0{&k3X +z*zY;JR6rlIttr+vv4(*-Y}x|rn+w!io@!&T0(cc$SJb38-*RzQ0UUkW52x5N+k08t +zvliURp9O!(PJ3{3>sdQhVvNG|n~Lkm!`hg_TjU#T>nqMlu|F^s?mdi-(QE8RduFz` +z+cEBKlqtMqVQ+Ky0&8JpKePPqUG3ICy$F75f?6-_ut+=f_A(29bI{VW8eXq)IP$FZ +z>cY2h6`ZIeccrsl#^Gz;tNnIUN5s}?eW=p@gtREH=HF@gB0jCcjz#0C;!0#mEcL^? +zU7nS!H?n@{h}MBAhHAUp#!!aWUEm`d@L`)j%Htxk$}S67uL_^BSDNo|upXYDl+AMJ +zTV`nu_jkO|S?kZUXO>vCLL7`;HtVAs{a~-`r`+dM#d#ZiO+JA68dT)VV$=vI#Z)@7?>0=F_ +zHi(NS(gTe%18b*dl7`v+t_AJ`ebe}RqNT8 +zs^#~mY7ZSq)ixeX)ixc%)(QX1>|NFUwWhHSaZ8g}2fN|UZy*-(^U*%u(Kk8K^T$j0C;(CtjjEj*@MPj5=*jV{G#Yp(K +zh8PLI7W1cXMSLEyRzqAPc=$L24}Z`A5C0H@H+@BY4K+I9$1coz`W0pk{5`BsDE6dkpJks>g*YZwW>ccf +zrbwAySBAJJR%Uae%;rd$t-c=OqUfIA9q}^79T8f0dRlFtFXY`WN9*n;yxWt2wjEKGA9dFSI^NV^&Csob1YKNagR6aOiQ;D +zC*Dq+IEOfK4sqh_Yv0F59;WR}{|o49_O#+f#z2S{t6#G5NI~__cJU&37EiA*@yd!> +z?mamBv~S&J)3#qBUVITBK>jRr2>vC-anM+Ni5Q46wH)ONF9)^aYpGh{inS3Y&rA57 +zvo6oe*v)g~d4)WeZJr|Ub4ouB?2FS`Lr#o&v3ZQS{i5IyXTB2DX8%*`|F&OrxShi< +zob5EY^>SD2Uf2uF-P8Me&k|dn8wchY2lEADh%Y*rXMibuC|}rV>5ZOm@>@Ue@|`9h +z?+abiHAn2`j2}N6jmQ4T;hB8_c*lcU?nQLrRKQ+T=saV2P(VKoT{WBDWf#An9i^rQG6;`DEQ+2uJJiPNjV +zCr*F<0T-tqKyRzWGsNjD{*mK(Gu=KY-Eg{nNc%Z%V;tV@D=DtYoXid)&%*(2jCHfb +z(@pN?{F`p%(KDm3cX~^$IJ2c`pKAMlr<(`pSN&tBbNijX +z9|q>2gUP+f??M+a+kx2%%xUAm-0NWOV=u;M9L&AI6h4$MY<2p++vVHC{urNcH~Dy9 +zxOmIB`u@qEvoN!70dFV#Y3U+%MBlHX?{AEw@4KL7r_*=td49+AoixRtMmMGJ;1JXI +zWfu3`(zXHsgkJTTV +zkj^ZDrk-2-dKV+#CF96m%!R!U5 +z@S%L6*Xc};%eM)A^>z1~AvVnsn;IDiSVwL>e^Z7Sz*jq%)_~?}^}IbmqOT%jwK_ +zsY^OjcqckDb49J6@nU}lRr)0~37A_+^jNnJ$-aCHm^~b&-$vg^Rb2t23Wm;B;m=IdbOzL6gR+eANgWt +zD8A5`SYb(EuUf+w$jC7jce> +z)pk?V5A^*W18eSQ6pi6{-n=6pH`l`Sw1qV6Abm~~8s^yi&x&5` +zq3ojUqxLNqXV!5Tmxh_P{J&FqY^?DU*xceK%1^JCe@8ZVx`lbr$tR>?E$P#m&@j#B +z-zOYspK7NC+N(J)p|y^~xHPod^1D?2s%`s)H^6@-S4+LTU{2Tuv{;x$M}r?fdOMwB +zeObEl=CC=3P2(EX*QYR6lfH}boV!>je-|<4UDwWMc+a_H7j7}@vzmj3vn9tkZ*DwZ{dh~_Y}WL2JDzu%xyqNAt2`6b@-Hw~`6A~V +zoaKCjbJrceW1Mc{=dXt66s%_4jWL_Y+PM~R&E=XWTgzPK6|3)N?BWVKwF7#gLSXG=*>+I#+YUu}ay)M4#S&2MWN93_QB9AWQfh{UviwwQX!K=&BsUTb}kHIrntIuSM{S7%9Kly<5b)#c|ltI=6LE&m!tsZ0pfHWL@@C +zmoZGDJdH)w&rZ=<4LWDf@X0+t +zok_DlrhX2J=aJdF?BUOTWKQ>AC53 +zd6Y}+vx>BjLDtyo{NW+i-sk5y_%ne&rwM%M59eHW!Xx;kbGky_?O7nDO$H_iKK<#hy33kUsW})-y%-Fj3EwZ7J<(e~-`H +zEot9@JxAjwR>$y^k*g1WgtHnx%9$PWIE#Kt-`EDt8wb@(d8>D0UkjiuT|NIWu_tFp +zUf2@U*oW~Xdn)@bKN5NVrs5!-KdQzno0o%*xm +zbym)gcrTqPoAtuMtAX=1+Pm_EJ9B>(vbg}Cl}~#9qkGkMLR~lG@NMK(9?5a+KL#gT +zSevH&7d~V4?nn0`tIt@yQ(anDq4RwF_{fD!{k)-zpRbo0`;VO`fn)0U4THzjY6$zY +zHsATrTDa#QW_)2wXU)^3Ixl2sAD{0u@jyTA!=EFncTw0WV!ROU7aiO$TDWEQ?TtMM +z&Fm#Vf4_T2c|+g*(Dk5w7Q8?Grq29ikIEyRwLihXBGbM_UwFKG5&eUOQ-hO*l;zXs +zq2(fHnUBG@R~&EEH@WaN;N=}`Xi*#^y2d^ggmjI4iZ;le&}!Po1<^8>C_5$?ju+K* +zdgSuY$bNDDD|1yLZ+?b6pRlyZR-OL@d*p{%-|uXdXsfW-yUbqr3OZFrr+$_;E&d9& +zhoia;j;i-#7M}V2F^l8a#{;`&XR4hGxbSh&Mq3BI$F<7(-pd`*DSOsMHQh3D`7YtC +za}ezu--Ww6YuZP3zC(NYSqBZCPqoPQ&8m)a`F&J+Z*gBo*>xfAvOTXq3f{MLQqM13 +zJAYeH8z}w4wF|dfoG*#j8-T}o%cGo)_9xJ&vnMXo_Wb$~;2J#?e9eoE-5Jz=%boRo +zfimYQt9Shw_G58>^U?LR@n7Oh^YeCM|o97`NBTw`(b;)?afCgRo+ae +zbpE)J-Pjat41L`5d{^T<{ans_#HQ%npu5Z-fkFDgI)`U~-$-hO_z?Cb +zPuRUtTKmd65aNBiH_ELAp?%qJdf4@^!Y#WS*vwb?Gw~iHt}}g1Vz_(m?Hnvi` +zG2=da@T2Nm?&Ut8b`+gw-_czUu5Y>D_l+WbL5(9FaPST`fp;hY?@$EZpzi}E +z;2n1Gs!iY>O~5-Efp^T~7wHQMzvB+xsV4AFC*Ylqz+y@M$q;_$9K4sBzopFJxm)R(Ic-WyHe +zy_JCXRs>#)U*BNi^{5}k*xEzWSw}IGbrkg5a*QFGdX{&cEYP1cdP$$MK`-ee%)ma* +zz$Tk-&oFiw>Lq;#JLYi*dq?j$p>>#p*mmuq_#SQO`^4afiN$3@3h+C-lywxWuTWol +z+9zDU8QhBWE6g175}Rhm7{O2F6gy=#*0?#KUi!7rpm;QP?m0AMcLX)97x#N~6|b22 +zz*{WL?Zmy?dWdt0Q+2kfVE1y@8S;h2;70$dw=2b%umi7-g?$xEVgqn+ladbE87h%YXjz3 +z>ixjB8KNh6_2J2mM{A*@+ve}#p69ojgF(I)2DFl<=c44zvynG>7p4M}uJr*~>eM>T +zw#nqx9^E%cb9jbn3*ZlQ=Gr53Gdm~;&89B+D8A}ha@IEleoAw|)ah~jiPW_Vo>Ld! +zqnlMk2NcgvSmqZMFVw$5|c?!VRH=H6B!bIOWVBlENH{!B#X%Of&>4*Geo +zv-5kF+cHMxU6J+OXOV0??mRuka_<4>%O-ycI|u#@zU*1=8KUzWkZ<{!utaenJ{vPgme#c}^T8=c8H8SVf$ei?0 +z=FR%}2kUrx`4+0AL1%Pq=0-AKB$-EWH0MM^Uu-<#uUpqH+s@6}X!K7wiC%L?^;Y}b +zrf~{vf%aX+#wSQqA3^7>K5Jso#P^Wq$_~t|&rOow%)7dJ^nI;xUN5Tib4Z`-<|eO# +z6E@S#X|2bn%*0=Nd-_gn=S&Mz=enq!iB9v4f$2d5y@lyE?;j{H_QlK*)3%CTT+<@; +zzr?$X$m84u+VM0C^LL~5FCne9N&T%h@4r{x1Jp6d?}OC6h^r-1f0cK~Ca6;_7UpjQ +z^Lk@KZ7sGPjooFx9VlJ6n6~YLXZmthCzy|aazfu@iu6sAV?+OcuB)-%%Y!th;;c;w_(k>}C2>7rDBofBLa1_oG~cH-FmX+ZX9y?W6s@ +zgx;xt^)mNl|LS5QUZzciaV&9r!`z+VDUKJs*P6h)l7M$50`IEtA4K|Bg7=1l_f`{l +zEr~cAdlKSD|JLFc=?@9sG#9r|ZxXlD501s{#DyU|`o{(yV}@!w#$N~?eQ87Qye9D4 +z6Yz)yLwNKXEPj#xkl-zH@D?|LN8dPxA8}&{kA8y1F9DBu*x*P1x!?+V%x@V62(?=WlZnN#aJ +zS=^Pf-?QA!9sRr~`Yo(I@%noAMAqi-t*_0$UO(%1=v$R(Z<49j`)2p6zh&30UtVVW +z4O$~r+`q!~x90ma@b+oBPrLpF`Lf_HSf&pKec`$D=K9#EVp61&9p}yV&0pB4>F%Dtvg#47o8nt$-&@#Qxk2P+qDt?QP +zH*PzG-+B%n3QPE1j@fh)+ +zU(0!vcoO)zvy^+$`l=##?d$A)?&iMUec*i%ybsyB3Ts!`xw(Cv;reFVZh^a>u}TMb +z8@MPv_X4n1qLa&3*uE(7!9#oNF=`fgTF=|V`}|&8KYni}{mYpJY-@kyoGPtf(7X@v +z)mc3&mda5sOZmcbWVr`E?82V;cxMgo1b;O;=F@hQCO)yg%%{cH3PHPgA>6azD*Vke +z^35S<^NftOhF;HwUC_5Xs4Y;x?`pl@cU}GHxux&xo6wKf(2Xlx?YH#x_Q2;?;PYjt +zA3aV#HUWR|mb!jy9Y;T|LRW9VdTeOhjDEbFVxHOQM=yNY44kFB+lrhA**|d({dg&% +zA3L0W?2N1#-EkfL=mE|;@O}}z&pQ2B;Phi%6a84vc!gVwx(!^!KcgRWko~lXeyok? +z2k^AktcUj+S5TQyKk&o-QT^zS=m*b6KPZ=_d|^8J(G4HgMD$}G?*xBtT^G#w3%KPL +z)zi%P7vP`jRvURo`mx69$02l8`r-SC*VPZ!Zhw6#`oa3`Ue<5-vd+4934ET{!rDZ; +z4pwvI#(pdXKI_Lr`_VOyek^utYL~b*wUKq$;a=oc=To(9d?|3`W^V(!*#s-;qS~kfB#x`cc!i5Mb$yuR2$WvY3%_PP48F^(=EJH +zf=AoWVgqCgitE97S_Eh6@oRkEaUIia9RsRkIXI&?rcd4aE^%(P@cy;np^sVgQu?WH +zxtj)p#5N$W(kPwH02+LPaVsIL>yH~pT`JQm~e{yZ1$VU(N(IWtRV +zaw+aNXMGZ*DXvzWmW-?Q4bf$Lachsg0{YYG7#{!T{?Lv=%}2SojZ^m{i}& +zC^O%zZ?Nl~&T7|Ov(6pYysyrIkDk}Ac>?7dVxGFpIprEt*Lmj`h||1%9AutBd7kFI +zzNew@gqU+YBlEd`l(x1_-_@||wDf(A89du_BUFAceIIic_8SQP49w`c+gc}}v(g7x +zZ{y<^dtSOdZ@$^MlIDKj*D;LrPk!C=2fFxyE>37X?E_u>z%F7}Kd_4*_~;LO^oj~` +z!27mu=mQ`9fsg*%;-h2doM+M_gT(l;bIa)~)YmuLZ`G;KVAmwhBc8YOCw~1XXDbuu +zD~&VB>9Z(yH+>A^a;+ydeHi)#>cePFY;=8{&YXz#W3=|yt*APr+k?ouCJvYAHXZt1(#QG+BU!jjvcHj3K8OR +zuU=EEl# +z2k*vD>wZ?gw~VhYIb?5!=c|D#`d`F_v^cQ%)NxbaWK1o}oUo6s7=k+|W8I1kr^Sl@zdz>ze4pThD{bMbtC;_(e8MzVao +z^~N}|zcs{>u~L1HP-DmjN5+vghU{@X>2bU@_?29%ov-(@*0&$^?IzuIE_)K!3hCw? +zdtw27k3%?DI`q8<%AikCy!9Q3yGg$he=9>4md9V;EeNRFe+NXk==^=rQU<2*DtFjC +zo~D1{X`0=HCdRr9P28K(M7p7=!+zVu&@}95qMgKO8l50bnfmusEZ*)rQPg4Zr_PWj +zV45`Q6y2Vtdp%8eK$F`WxXSGdY@uzMZ#Kb`Y-_Mob6TMchaA1!o6<|Vp?5e!Z(iSZ +zkPH*_mXvn_G8|3N%WosYVMp&!gx-=%%iBDj-rJy8`c_VBzvM4oldY+wTTK09LGZL_ +z)HgE>+z#DmT)Trb#lW&B_fU4~t-;Alz1$}UwSU6z$*JJe@c&7!KIQ_S%yVb`>62%; +z`~83mr`T`PkHOnNqt1)&yI>j<&>VrjC8;`PgDwjP*`SZULz$E;zW$q*4eg5eMkYh{ +z8$m_~Gx}D9WK!QZDtlnRe>nk}3|m-XyW+Ru-4J^X)rLy;+sH;g^DZr8^LUvYgY5zddDb +zoxVRInS3;E7c$B_0htWdzjtN$&Tqpz>M%0N+i!cCcNv$~Ve@#Id?A#{JY=%o%4FEq +zAGQ;I8@QvE#%40P^o{peCZ;Ycle@uD`yc(+?0Z(vLY*7qarR_#^$cl~}|!P9<3wb_39(Y~+z<1NpX^{tL* +zUzv8qp37AA0&9}T*n2rPg|n&Ub8of%`RIPfSj<0s)5!V13Qk^ljI|ae_IUp~bKu~` +zx~#sjZ%3YgGxGeM$n(F^e#dzyp5;4X;o4n%jNRv`@fClzHTQIV@8aA4E2zEwmt23v +z^=Djv%r(mOhg|=e>%VY4%k>|*ewXVA*AUn5uy=v_2B=SCHA9Tes6B&kcrN|euXFao +zV_cMZzUA6++1XeA4SP(#!@k;Yn{yfZR#667eENyGPjxTEwhG2VY^}GUvbD0Ct0p^J +z$~XLEOC=M@Lv<7aJJ0La{{KjImf%0{7N*+1Eq%EJ&ST(wd3aLabg}jUlhg`N@5k +zABNt4$M63Tp*Qd7{hFgU54~S=^s-Od&$ElqQyjeoBj5UW2SR$$mA`R%(bX|@^>Vtk +z@A3xd9p?9ciqQL@qxTmay$?d~FF1PHBOayqKNBxVzE6xt@1OlGp!biVZxnimp!a_0 +z{jdD~?-6>x=;*!I(fdW{z1Puuf1KXmbo7?TqxXOPEui-=q3^GtH#4R0^5>!VRet}! +z5qdxC=*>8KKMTDXNAKt3^xp62ecsVK;9_9es)eNKeBv_wFu#7eOyA7=zcKQRy&crF +zE~JnOp4R$UbCv|pxAI&eeeCT{v&MSt_V3Oe`zGgRkgj}V-{hO4so+!e^R=e7TkrlC +z>wHwFp0Dxz2A9sYUDYHWzk7;}$9=o2V8{Qa+g*jer_LOyvY+zur*yu9Vi=wG=nE|%O{*%J{6aXx8JYAAGN=+@#Mppy~f@v8XF*XF4LEf%12}N8t)F}!}FMz +z56@-#*4lGy +z!prAV5&3*7As^m_^5NOb=NBg`AL66Garu~WvbopHc`3K6{V-<6SW?)2ZgKLt&B=$e +zIYw`D^0~daeC~w)W-+p{Gq=~z@fo|Fvu%D8c*Mwx$Nbqgmv>D3Y#YUNZx7$pr?~b< +z_cq4EHijkMBWBat9?!e8RkUZ1*n;>wzAky9W1tOl-I+Vg*^)h+1)t+A`0V0ICuL*l +zPnmJb0%u@rjiMc=jE_&6F-+Qs#vHYWM)QZ(hG5%_eVcKuaEdk6$GMJjRk;qgz_+$) +zUTee;aP8;X$F-Mh57$nv9b8+vHgolIt>;?DwU(=!YYkTy*K)39TuZr@aIp?u>(2YZ +zU2~p;>Zdb)>f2diW>;-H=X|S-^d#%ndTWj_$2*<*qWuW!cW8{P$i9TB^I4z}>F@CB((m!M#^1CfT-+9(sX4x~b4ZJiTso$ED%(iw( +zc28-pF~@!ijboX5uJTMhrj9pKoPBluG1>y_)HQ}6-N?Sho(5 +zD|DH&te@J>I_lSd)yDkUMXa-DFGP;@_Br-gWZ_#5{s~UcS@tlTTVeN1Pq#Q{Nz0L@ +z_l2vhJARAbSL%BYdf3lVxJdeIq`$nPwt@QFCc`J_&b>nVv@Y`vyDWP-{%x9XD=hxp +zNsSvf$Oai3*}P!)X~bm1UZGGn>=`n$VQ-P)8~co6vN?Jk*&IVQ=uu2IFId`)Y}or0 +z%H~u=Hm4^bn=^Kwn~}|P$Oc_CvN;1^Y#njgaF)5=Z)b1Hm%r|0vl7`HOtBvb*&ISP +z=y?u(H?ld1Yz`%4Lt2hBBb!t3nmt&#;}O}MMmC2@KSugsLN-;>UtAH&W~rAA`bd&Ay0i_97c> +zi;>Mf_+smb%ckWvE1LtU+A|xRYWJ6kxG$Whc +z@Om%5cSU5g2ia^UeJAO?3E6BV{Xktd|AqdfX*bLhG{|P3lg+v&vRM+5%~B_uWFOCOh7hkBeLm6HuwS~o3-%8))AM@MJJo}soL!O +zoosd?n?V*aLu{0r)`NqN~Y +zZ*#$YSE`7=A4^ZIYQMVTJIzU|KUyuNM^?`d`g&heOv&6|N%Mc~VW1x*ItuKyDzeY2 +zcnn^rSTjXBR`W^fL*2kPmCn^_Yf}?k5Uf46wdf_ +z1njpC^lc>VQ#R-Syx?M@<8fHMM>};sXrI=7Wsgx_u?BILU-zZGc%ofrXb8ui94P?>);{u?_ekI*n1S!LDFM7 +z$ZzSO#$-YrTpZEC#R(ncU8sXRCv|YiM0Ak;fYHHqL0t#;!F#WRdz_xEb$YTtF5BYT +zCOWv+=^*`#m=3P9GRp39I=I8ZUhiPG%J0>S%c93_W4)UDTK^#ldF{HR1)EN`>@1{p| +zunXRM9bD%0WSY~Hm2ue?r!~>R<=zgmrXt#>o9=XQiPOPF4)#n3duamp%!CfkaXPrz +z>7W_I;9M&56&4}e#pvJ?r-Sq2uzKf2bZ~AH9i*Jm!MRQc=bJ~O`l>&tpU*3t=8~qjJ`T|$X494#kI~vQ#Y}JE&&!$n&HB9`M)5Fy$>LG& +z&>ARk02i$_(;BlnJ`-49!TJG}32_1j>kABCT8}oL=SoK~($2k(-+czZa~?m&BKV%r +z1B$;bpX8?#anxEkt>+LQf8g$3de6(w`JRd9R39jkFC&zi2s^iH!%ga=Zmt|mkJa>CM>7&N*bTON3Z+R$!=V$`Y +z(gg7wPT&cgIzJtrLkT>A?eYAI$CLir58WJN1wB@Ot=iEtvI>1NeKyU9Fz2B(_1TW3 +zTSj_$r|;Kme~M!1Rj%Krb!x()Lf(6HC$9E!iq1du@0IoheYo2rX;V!Mt@zva<0_vp +z>$pxR##i63%x_?yC`9^mK2OcfQ~KXJyFxL|-O#wI$y{YH+4kqGo@=kZ)AN#DuV(aT +z*sdcB^(Wsl!L?4dT-X+Y6Ut>sYum(^mbm@^+snoGY5qbq%Wlw@X^>AkU6+sIMq8i_z-wpC{c|!TP +z-(Ef^pz((CF|nGHPu{NUGV&R+Ysy0TWG1*4t<<;{EtC)MjC}IxxO{+}l+P1hKE(MA +z@)?cDhxJG0(l1@BV(*N6hSRS7s1KlbzgU+K?~HsXZ`%*+QfU_&?=bDhy^qPqrP=nQ +zzJqH&f0>XEzZ>M^@`UnnzrB3!n}~ey!(sc$OoC6&kCi6H{8*)9(!|H +z@Xp95Gbt{g4%KV@gl|80gZp?faQQovScg0V^$VWTv-r|97JlO0$HMZX4Quf-^=~1Z +zzbjx4(5<0k{?tEfk0J5Seti#+?*g9a=aL<6W9`~N;Mc7OPo2LhsQn6cT)L~i)+_nG +z=-wAhdFH|s<#X=+6XU%9s(W7^=lz%5`{&*J3n`0Vvo_uD&gK%&g?kre`_mh)>G`t` +z&e*$v^Rp2+`tGXu;phI}2|nsGmBD8We6Bl3eM@AH`j*a<-!HAdX6C5Pytn=S%HDkw +zpQAp1Q{o#IALs~c`v30h$fBp-y^h4!=H6!37UWJd{<$ZOO{w>l3THSoSA8Y3*2V9A +z()g#wJJn~>xVy&RwU&T&1aC3#@CMgat}9%xab4zmh3g{M%Uq1J7S3^<<$96p1)b$- +z*V?ve9YCA40fo~m+&O^OcbjqYqbbIGSJ-j#!)}gjpPPp{7N3Xd-M7MwKd)vido^R( +zy$4b?GZtNCo`n8Dmbx`YRM^jakLJIRt}t^9niH1(6e(ZW&%8yI^8$INxn8x?{BigM +z&SpM)Fi|J-fS1y4%=?h7$G|@5U>ve@Jw1cKJ`7A?tKJP78~5|@$4Ec!=0#4WYL9EK +zcTeV|nTL<^23~r%952=Z)sU +zqrADC;LX|yZ`L^8EOmIUOW?UQ!JFldH{Fgm=(6F>GRK>>3Eoh?ungS0p^JCfF2|eo +z@aCecb9JK55eyx61<_j&d${LqI-Cko#S}31m3*n>YSIT +zb7q7$b0fT&<6z8nyqO2=c3=WqXYR##vzYWHb>1BDywN;xgg3Hbu{QM<X%0-|YD(8UmYautiTQ_fngb)ISO474!;!N8Jsg<>J8b8`6ragI6?hlUKk)459~R1YF}7A_EX}O#d6BiuZV#N!SJXV{ +z9l%KLeXIQM@9mx*eeX4UDpk7`UN((o+uVFGe3cK4>D=jv&K-9;cgX47a|!t$O6c5S +zr*o&QE@&*$=-i;wxzh=qqkLfyoj8TQ@Ge_*I(J6(PdnJBc{qI|D$))}kF^7S +zn|8pNDPcR96KMx?677I@VLRYC)(#lg)VB}~FZV=vxd-}oH|OQ0_nMcxEibhv_lE6& +zarjs}*b!+5n_W9t>)OH2gifwaw1f4o9c*>&K;wvt_13v|up`k9C|_8Io^C~ld6(^R +z?O+$}fH>E*gWg1)>m%)8Q=}dAI2fB;JLm=WW?%wa-=~eWgPo-Bs<#97-P(4bu~EiF +zjqJK3vg;=Qn&z_m!oPiw+rb*@q8*&aUYd5mI8{SCSn2&ie2l7hwfsSSd@5`Qt7!)- +z>(?#eo@3M1UJ6I}zFxR$&_C%d?BJE&aq#ew4Fy^^-&<^Yczy!AD%VX_e +z3F%Ag?H~i6tUs{p9E|LyMPxUP{H@Jp_Z#1Rk7d_NU9^Mi&WX3WIq}x!bKaD(*$UY?jwrI+|&4gqtTD$ +zHpPU`!{xr6vKXw|o6Wmnp;w?FjXKs|`hIbiK;k-NS>*L!hNU+?;$Ry-8Y +zXH)yu{<5IY))}zm4xHL2_Z4~q_K=wOwm#xfeXm&W_5D@P$Lv~{w$9!Q#Fjm4;psa3 +zGqJ7t9tbq1sV5IjrabB94$Ofe=A3~kdsKv`Ro<3dkA~+a_bE0ko`Qzcrrt&xT3Y+` +zy+eH~N$?HN)sduzq5;UcQh<^X-n)~Yxop1p^mN5c~nph4^Bd)w7l)!4l`Z?u7iawa`eSfH4|u79<<+lkKF^|#qM5gO(? +z8s<3~=0L+-Xdw2>wU0vs>4t^{bsBDlhTOrr?(2Ia2GBckMrgzqK=IJELmznFPPDktGXYmzJb~)Yttx0wd +zguauIZ3$}njs)j?(f^x48@21+ds=|k>ec}FI{Zn?ktSM%hoR{JY0#nPacDRz8e~(m +zGn=n-)EdX=*()}l>tt-*?loQIz7<)gN4Ce>0qsAPPqgnW9uwVr%6IKY-h8yB@@9#> +zi&KKyg_{&h%GPnNROzm8uXDMy;Tm5v-2djIT@}h0e=x>e&XdmvPkc)J +zIuC8pb7sy1Pkg>ax^z_M(-33C^2A^Z<|Ob8-a6a%q0jA?4?pkbwZ{Yt{8Q+PV4C_! +zi`Ex|1)lyq9Pz4+b6hUE`6J;KE0+mIMAt&r=!qWDR*um0cEwE`YCOV(1dzm`jV&En37=@iUqp +z<>ULN+Yy@nF4x(xe>~mB*_Ja-=zBCN*4JqLAnR8+13DN<>)sKJOwxTcH8NRuVwzU& +z;aN+ik8t)!qp +z9K}>xi`L0=HJ=*!0`L^iX|IEMp5Ixk4hQx*65CZf?E4wm^cmP>?ftHh_Hp1;$glNK +zm(xLCSL&u$tLfB87jQKO5seSE#!7X>V33xCu^Jdhh61w=YXdQ3m6$OGr_=-vX^Sj< +zCf=;(Z5|VIrqvhuh>bbnv%V!XM7;Su;?3_9ZytuvYCk&DQEQpRqyACiPGU#x4Zuz{ +z#GT@?)-;L7DefvS``8b!wO)BZ^CZY_0NE{c@#nx4JKv+V$o(Z-rovtGDb=C$$dL}e +zc2jdK^?3`Oi6^;R93#(}$n&s0%TRgK!Yki`j!E_{BU5zmXt8IxAsf+H$)`qsio4MV +z=$1ZU|3)N3`3-xnnYAnatU=jFgG0u_0G3^kXVyU6=km +z^bdLZiJRDq=wrBY+O8`!b&p1Ajy^m3$!q8*pP_%)(GP6NNo#@MG5wU4tlug9PdfSw +z6QRFD^7m^G?Ob0-e*b8sJ=;#y2GxF| +zvA5P?YJI!<8?yJarL(lFS=<$im!*s2#MrO5x)_^zsdCBkOlKsQ^OK-`1~!NNcCLS+ +z_d4rU@6=ut&&rQT&W6vXynQdenKX~TYv)n?D;bNo;uG06(QV4)ot=bM!+-Lr{V87? +zKF!msSg_n-*NHw`Qf$=4nJ_CVS05ZU=Oo@JUS|!i*<|GF5A~?fZv~n7mD!{ +zxN8kW6mR)e{BfUf?#CC83y*pDrtt8;F?eb1y>Rg8(~k=eztt2T>o;QXSjQ2 +z$livwi+cL0XMlRVz14f!yK;wx`TrPy_0=$532|nu;)XbvY<#RSea!*Ja2|@_%(JnB +zrS3S+{MP<7+lO%Wwi(XU6UF)8JDdy7$A&nkd#!4&%BS~tTW&$=*ANc=O6lgZP*UMxgoF9Ev6r#J=qO-ciBP%JH +zKgjcLyz*akzB-l+U%T=^%Om50_FmH)UaUv5?&e%+}2b?3k|FX!}QjCr{~ +zW$w$&fiXww=fGC~?!@##y71>ngP+Y9+2lU?hD*O5oE$^f +z#+U=vIdvD(>FP9ecQs=Kmzk3dpP4%j=j7pW_^mMfl${ULnbypM;YZ(oP-|)CozOab +z*$16R?fsnm-uYi=Eb;S<(|(chMCa?gF3nHd{``-aa~|W2+)JPDl5+0t#3)Yb$E8M6)c&GiQmpjBeyU(;~eYSl)b-~Y#cEszu-_`fT +zjq1avnlmn0cTqp%vI%|I1@L(40{Z9YVxw~qpK|q;Z&V*PxtdRnT*l^9@QwN|O;h@A +zarNn3P00_N5v}jKZ6`T@%sK}H<1_WPGws=lx19^<-+A;;^uPJ&m+3n_!1p63o3<3| +zXPB|d+lVh&yNZrr6Z@B<-o2Q$Eo!r>t>G#>s4(()_Z9eE-L2=eYco?5I?I=CHZRn)W~)mAFXe)%f9z#?mwY3yX|-E>328aG%Hp|)%MH! +z+R?v3`s(Ue#c_&%pRq!JqmGmR?)^vj_R&XZgLj5;$$S?B>l;q`2BXfI7LJ$jck1sc +zMy#am-e~nLlHZlm7^z}hjrRzK{H6MiI=fk8?&>3|oZgj5Q=F*xvKOjLbqZ$KHzJRX +zEp1!XI|V!!~f-IC^-8+;MSh0{n+@q9#0#b +zLRwf)D_TksS}4;%3-47fJkx_bo}OySjT9atZe_UG900gG7a?c-q43l5+0gU3hB$ZIi(>_ +zA9E_Ak35FAq#OFkC!7s^rTRRAp^v;V`Y02n@2if!a+1Eh{brE*p(cN(#p+ZjKikKu +zr0Zjp@<9#s@!rq}977*@Li*AzcFt_n)5kg`(MKLbAL)iZ@`dzeEFSVThCcGf=%Y-O +zzU%hKZZo*o`(ykD*AqIcBJ7V1$sZ>AW4}MK7$WSC4O{%5Mdvi1?7veJ+tZq!##rTS +z`c<>yW0k{}zxBAn{(d)cL{ooUvSZpNZpgd3u-8%hTh2^s^!+BSJ|1YtnXfa3nU2(h +zjLi6J!Y@>Ztscbu4{0%fI%LnhXz-_{bR&)?E#gn}w%+T;CmHFFi=#T~c*gjVZc>*? +zi|}LA+IZpFlmtcUdyyJ^24M>_|akOwLX2Ecr9(|F#0iC +zkJn=Spe;7Uh9)h-k0IHS>*z)}m +zk0V6K`ZYJ}dsYz^S(jxrGUw=&A&V_qDtk)CeM)WXZGdMx6s +z?bBBsFyot^j%XkPE0D=+$COV`Hf^LlYUdVxn)QYCIYoVk)W0*n&g74bZ&O!vOumynS{3-a%K7;DZvU`! +z*}z5@H5aORDf#M){6Ve2Bz;7XdGTMhYO@~bZ8cQ9PN{jT09UOzT5&zDaW96x^O`GKu7 +zbqu8}KSo_l7s@`tk5Ly(QZD3)E2B8h@Pv2Ky8YN}Iq%{$VCa3NfsMs#SXUcbSUx}tdYIv$miJSw?$03DMokMcGK4%?NR8wzbm-t_?}7xKuJv1dq0 +zKkPYB-ma8~T%0@V$^ygiDDBRPit>oGkVmeZwI8j{-b8qmZgui)!Xw@V$g(^d;ZdZ1 +z!z1d7^62{UcdPtoB>rxduAHb0O{&M=!9*CY-#`{mW +z_uf|}-)k;P<-MIwzVC4Fy^Tt~e<$PV-{-6_ji>i>{+FMN+WW%9+M?#7&NHU}=A)lu +zFIK8?486o!o#79k7$9EMTAd;K!Jem;QP&^vW9!5Ax9bBlcJAh*G#5o2_bm3+erMH= +zp=0Zw8tO4=k$Q%2&|ese +zj8~WH{e?I^P3p-jEmBYB2K98*>nW${pCtPNrFfs@ovs9g^=~ +zxOF}z{&wqph?8}Gh1O!5^*-RLG2440b0V7Ci}ovyFlJk!ZxOEZp>MGP-HDYc#rqaV +z=v!2Vzj8ulw9dLp|6&8SpvoLbCCxl2`f27t88_Fu9_xGEdLQ&d-{sSuy%c(y+>6%_ +z+=V8-2p;~Hn;We_qxuztj5QAs>+8%6&EeJi7LFHb+jqD1**HnxB8m4oe4pih+FkuD +zXBHC85>2aIY%_4Zx|yqLsJkOlH_wVcv?e=Vx6W%;e~G>Udeu%Ie^&EeSAW6P@6WSt +zPJ5HJHknBMJe&H_ZN;K797;A#c!XojLvdWb=5TppBDlEN&i3(~9P$xdcs95UH^Bw_ +zAp8t2yjL8h{QyzEe9qxgo(L}3!UnmNBDnBu`C{vh^Cf~yCO$UpWi%gL#$D_39W%C6 +zkL~zvV!Po~J+>RQeWYk?H|@oV`4d03IzSufcWuDO#y;Nj0Ag; +z$EE}|?fY(H9j%^ele3chq8j(Aq(}UBH@wf%p2P52;~G9bz}`gt)oki9`&5kI(t1;^ +zqnL{h_%#z&hx)Nw8XMEu?~V2`ZjYLcb=bXd*7l60XS4S3!`HrilU?8YH2jl|=uh8< +zeYy>PVvn#%#%^FkiECc{q1$JnGql>$_S@lyv6VyE9?f})$CuJU`2Fz0E8n^9_rn*q +zHhw=G7=32_5_J>;iyL$Qvm^ua{a{IZ??`_Yb2SQH1+xX +zI&Zi^k65p)e!kh?l-3;24EkCcAHmNWocN7igx}2sX7rrP*XhI9bDVUZlh%-Mp*I>& +z^ZKN3R}MK`%(xq4G_t)K#~et{z&5gH65G?x?~9rz9kS0_uiX%#u2u7PZd|&m-%%gi#`%_0Io}dEeP&)6{%JhUz{$A!kf)Ik^{CIOdiwD*1IU{6 +zhImdmX}n4GPo>U<)X_#AI$JGTcLiUgdQ;4251{X#wd3sF^;zRx8f!DO +zeIkAa<}{YgFem& +zf0DCL`U-sa_yRa5ZOX;;WWt!>snD*t`WtM^ki}JVirRBGgnbZhojg~;bv5@Rlzo`{ +ziquWtmd()_TLZK$#g`hl_OgF^82?J0nxnOT-pb3QVUH|d(Pzb4Zj4xCWM*6{Z)FP1y}O;?x@6yHbLXP(Z16VqKI|{ck?V8Aw7G= +zwfhC|BDCY9cFt`o_C#v|8v3aw&GsJ`xpRw;lu~A&X)ALxe~j)*2emghYJX(&e8005 +zTWs>>ZN8+h`X2OuANoa?#oO7%lJ#2^^k_ctjsNISyzG2e+CG=z*#Nu?%TvzKZOS?S +zHJb2W!xQ&kYOk_?p${AKKFsZbE!Fj1Ix5}r-^Ws0@O=`kzpZo#w;5qyP6kuyNuA^rBqSx(Q_He3)M!BVTNMLdMRa-^eeAzM#YA +zS3F^KE1hN!oyAA%o;0uf`aKROWGH$nl=+9cllPO{O*!5<-)HQ&x0$BxI{Y=RE!f*X +z?%<_uyVh8YY3K06_&scfi8F@nngO$JWT?f~tym77`r@75@1%Xbtjn_N5VT%FJTiEh +zXV)fpZ**hSt=o|;=h@VqxA5iDzUa=G4d*C^TbxguWY$-`Z$8b@+~Ct3u9Z?9uP-8p +zDtOAD{eW`+iu>x+&ENhX>1oyfqcmyc2k^th)7X+KHl><>pJ{P8H_$Sa&?)fJoWG~- +z2<7CPe}L}%7WaGb(dYT5&ymqdBUwjN6}u>3ZR8C+>7iZMB7fl4C=m~ub&IC2#=7JA +zLAZ8fpo9)c7ltR*b$`g}(wFBrUG1=XrZZbi8%Vo(E9#R@g|Q=TTyvQ8m#W$;D&0~X +zRUMr)vVv#L)9ZYC-#(rOUO6)voSnY%tTMJu`MD!E{{s%HD~uO1ZoY2V#TM8Mz4z^xC9ZRgg03ZD*+u7Bp%YEi%Pm-7~{_Y99A3pez`30zDp +zK$@u={Kkz1N-odP|Ht0_z(sb}ci$hF*#wm+F{DL{X5!L{$|@=D=MuMmns`ar4`$;(n_DDmR79f78Si|MHeF~RcdKPgXaEx +z&+o^E-GxM3U-$F8p4alyy!ZNlo$FlZ&zwIqmdEai>X_^Mwhl`_sGV6t{?{oc8#^&M$`?fzr`#N^SpS$DvZ0lNmSKQw3*5TO8@A2`y +zix1%c+?&wvn0(!z*I(y5Q+9u=Z}0c(+&!TCB!_t4q=3(Ni65P!{C`r$-Yw$&BA&n2 +zb^I*%N^TptjBAp>6S-u*6^Z}a}hBe)-W_@dos`JZ`W>%wPk&n92~rE@-m4_tVM&P}v# +z?A#d-`#Brib9@eWs=&_aPTF^mXs+lplfD;1<@R3RIp;e_ICqP$@gyIz9bfxl-szcs +zJ=<^RfSLol$0h$<5Vxy2rgkxI7mx4xtT^E3L>+#QfzQDwj{3hj?w@fV;P5`@adDiT +z$HmX`C#|f`0d&nl=Uuw)pzGHk;GA^t_sePB*m;@nTL#WNFVpuP`seo1$qt+Aaenf} +z+r%l$uX9dad(gR*&Q;Fn^YMM|UBq$s^m#IA=V1D-$9UTtIP<(~l5y1afGnSB^&NKP +ziO)mWcW~W3-q)Y89O}+|#f +zg*LShi;oxHu72xa_xPlK>oc^{@2%fw*AX9^sZVoh-_PeKE$#F%_^dwsyN;0^evI55 +zC$6=gICbVZdfad7(*EPS@p1aBa}wrNoF{3|IsbRoi9SE%W?KN$J>*Iem$S>hdrKr>Gmq`PO^>vkFMow4Ayxk^6Yc@@AAIlI`1xi +zoA+A3L%Ocx>z%;(a|iv?_fqMa+jltT>w6INeWn`IuT$j+s +z&*weYWc*ygfBV?an4iCobN)Wg`TIDWe{t>;UteLr`&{;?IuE+9>qWW`cKRCF(cNoc +z=kMd3;J6*1=N`3l>iD?BzvJ_;Q+_->e;?=keVp_6an9ez;j`2E`#9WxK79T@&iVT| +z=kMd_-dOy3bKv}a9DPPSe;?=keH>l4pX5GDeE!URl=xa@huxbxeGQ4Q($C+=`2}5% +z8aRI+=Zx=YI)5K0-tNxd$FX<0C%HC${yvWG@$9+h!u58pb@)BD^Y?LdU*i0Iob&f_ +z&fmxR#oou!bK|?udNiJYzbC$5eg6HP{|~<3bMnv~x|eRxf$O_hxUZt;#p37ve*X7* +z&VEi>_Z4(Lrsqf|lO>#w_%qSR?Osg$J`dZ9o{v8JeIDK0*ZE8Q40VU)Ieic4=+AKv +zh-WBI-vc^)<~^X@HtzF19{R7g@5eo-)9>-{Tuce)5+%FeTgr1NEbA@yyvYy6%LWzTp|$Dd2m +zGf8?6Zg<^IACJ#Xc^=K5;~B8=iO1xqUt>A!&!=_RdpM`Z^teA)Hely6Dx>cril329 +z+Ot@CRxiQ2(f2F-BHK89J>#r);%97#i?4~$_QB7;`uW%HGVt8giKBbog*m+ET^Qn3 +z-|2T@NK^QrKJ5E0%mDAgob=}>kNfkJ1O84-hrc6pRKF|5KIyQ2S4#WD#0byW^E)lp +zuhU_cD}FX`H~plA@AY|0-u-MLcZJ +zxP9U>U)}+K&h5B8gQha^vL4-i55eA1)Hv{*YpLEjI&<0ld*E1(c>kJA#{2y&p5S;m +z$?@-uXF2J!jp3d?owPn(y4xr6#C-{55#PTDxdZJgS(JaIg2#Btt+|2uAj +z^tg@VdzOcPYkAuJU0FQ?9{(2IDZMXFT}hjl`YiN6eRhvJZqf65leDR^JNGzj@2}YN +z?zHXs3KB*BZmfNefbQ4qZnJtXR@dxLzr(`6wLJ0oo$_sq`F1*Pz>oE8e>N6pem|YP +zD@ogjZU3fvv<;u=u=Vl~=6RMjf06a;xVKw>JdbHh{oVJO*5j6@_cPUpy=8x(XH&i3 +z_bi9+|4#0iSNuEP9;r+F?f9A2fwQ*t!@hl;+EdQQ(e`n>+sn^Co_eQcZ~LEBzt37% +z_q^*Af0vuB&;Q1{o8*0#y=_g=);aHH9Od1Nqkb-N*v}=BelBt9%-@04yAe8<_=TJs +z{6}f+r`cEQ+(6ss&vahE`i=LI$#c&O;yD?|`}qKQ<2gRC=X{{!fb)T)`kAd>k6E@?X5vk3+1J_!!AL +zQd?Ti_*i(-+dgUENvvby?Z*q^cinD3UU)}id~7`Z8!Pm|-VN3}>jImuYhy4 +z)5q%F@9m_|@%wy~i`!4$)4uAsNXtzf#qwmK9kY-7G5dHT{w>eApKLd~$Lx=?UCpas +ztap7URrXZ!j*kqKZ09&`-*%XHB@ZX!&tA7DOSV7Ik-Fpd4*QI}`z|owPZRHl*OM2< +zzwN#I+pniMuIt!-C-Lz-pdIyD-)9r=`{_eG=BMIw-#o{y2TwBp;=IH$uKCF?#N(2G +zm_M5zFFVVja}T`>5^qN*{ds{7d*AcJ1NM$&mi9i(d9L1hxUGZZJLkIkUD*B3Jvi@< +z+um(2-sjOa_2=jPJ9FZF?om7Tvy7$je$KSb;fmfSl!mX9aHw*M<;i;1+Qyh_Z)Oj-;P`PGxy_`{_TDD +zQH6J$-skZAx_;lq-t&6s8T$_PclSLcz2k4+3uf$m$f7wmhD_}(8rAN)Mu`%}ny +z><9Q9vilid^{7rAYxFMG8Q<@ddtj#Ke> +z93}0%boW|se7-?kd@gg!&Mo#k4oj=iF4E1I}NA +z)n~Tz*I>_IgSF>;OeoWBOk^}h4hVB@)P>ijiWeeV|6$IoAbJ$3#X?D=c3iCgYI +z%5StBwck1a0QW?=&Yk}>&&T+0m~($jzrCXGY2{il#}(bX`LsU^qwlBHekH!H%{AW> +z$vyj7=9lh66`lR;3+Mg1A5+3}5hecIpFRudxdQ6BWxr=lPS-!+b?VugjsxmHx=;Oa +z+@AUm>$Cbj&$8^+KbfSzx-LI(Zod!uoke?A@#53p4W{20ytm)X-uoPozMpFEIGo`6 +zt;Qh9wf^JDOXJ@^U&S(az|g3x9_ar{?}2RH|V)0`~LT?Ly0HF*Ev|f@iQdHcfU*1@1=Cuc|}|g|Bj!F +zIqJs}u5)BN3h%g`=dSeo+thQ;@159vMVlL!mf3wp`wo7dr{HADE +z*w1u=;J!Rvy^zQ{Hd?ZnE2wy3We8 +zxC4BS-~C>&j(hKSulKvr`~CI*Nxzx9x*w+R5Wbz~!t~n+2lhQ_&)V_bjGu_t?|@&U +zqKWrTeIjdcL +zFQwhzv}Lqy%#JF6LeoHp7%*@J0(0rXX`<~kE8FO+)cA*4}H5G;P+mRpZmR(yU(WC{LuGO+I;w8 +zxgU4pW1{{3@9F(s+%DH7<97YHqxEvs=K7-c7sq{j^SI9vr)6toU-%vUPQ@FZ_r6EH +z;r{Qty~BS0qUa|#efLe5`2;@jjY1P9M|vjP2_*j+!%PA5;E2{U7jS3hVK{kB#=c +z$A9jA_va};Hd062-;+Pza{PubN7pZ6Ig&QlvW&rf9~*5st}pgue1~rz)DbVoQLF1` +zT_2ambKTa}8FS_Mne+bvalSL-`0bW+wv%{nAGJBK@A2}~Zhw8AoZPK*&+|G*cc0g> +z&l}A3ckXVRdS1t#r`CDdo?|X;Y8(5y(tYmjE{~pfjE`Fbd)naNaa@PR#mC&U%OyR} +z@jd1E_ug{xG573phds~9J>~fK-f}wT>iJy#U(bZ>zWd1YS|dd~Q@#6Jw(|wHp1;BO +zX0wkQNhIp^duH)DxAuAVJ-7DUS>;dOKflU%b88)({d;HRO{Dc7{_5lZ-V^rVdH!D- +zfx^4*zWdWJdS#;Uhwk@XzNr4wuPbCqf12G*;aB3&7d*s+yrliThyErG{gsD47KcuF +z=(afYJ`dd*hu-F)H^-qjdgz8Y^coLc6^A-J^iotGU*taDJ!Vo^!1CSa_K-eqH*?Yp%b#Gkx_{-RT>;uIj!bef`xp +zTzjmi=c=n;nLc)P`UO2IN9(UW)_wgIr^{b=?8+-%c)5S5 +z?mzYa=JmbDUeWz?G-HkZH~#y{mw#dL+vVSV`t-YRUHsr>SLIbj{e?*mANJR5@RN;a +z{&{?2frnCAr{|>4u(Q-(JvHr@zVkp!pFE&^F$X{W?HrI^#EXCW^Eu0@=9zz`_mQ5y +zkMt@}FQI1k+2<@@9S;ZVuaT7fmT&NKORuE-e(5~l9RFnxSib&8S$gJx`a2(M>Ej}u +zIA{42kF)gh`|scX@~2w*LE~3>AL%vskzViVE6juamcRU2)_y%-fWBXPTZ^T48t07v +z?0uwHy!hVB58X%lhNma!|Hb>P|BYbvA2fd3_mQ4@*}a!v_Vls?)_+TfmG3sr9Uo7x +zv2=#`%)fFU*iuE8oI8K2J$;Ll%l+0**K4f4xr_Esui}HM{$|*C_AB4=CQJ8b&gp;N +z(+?`YI&kmh8wM@?pz_@}-h25)Pd}*q_RzhTZ@cN<+aJ97-pj9h`Yhwe|IQho%-gN} +zLFr|B`<%an(x+~<^a@T=OZKUMDc-Rp61A4?oc4?V#1fVd*uOMRT6zN;&wlHF_>-32 +zc|iS}_mST6*Y{pNe;?`PpSt(*8Bbqj``>ST+UKl%h3$FI8K1$=+ExqA@{U`gx_^;p(UYIE8dw4-f@nwlLF=hOJjcW?}^K-LA +zqPh5CC4XA*CxxS_L(1!FL7f* +z;sm|fd2?*EjZZF29NEH43KQL%X4t?>39p-B5mj!%jI#K|MB+%7TkY-)5>I_A?t&y= +zvs>k^4HP8aUXVDlitOsUSIn@Cmk?euLk=0|Bb}&v%8^xjqzqNA)C?u4a>Zs?`y(qi +zjw;uROxYtXsB+C_XhM~1G(!cdy`?u5B#Oyjk1C(SM-Wb+%I{=i!#1k?mKhdN<)=~Q +z+wpmXYw=eZ&l)o%@G$ACZ?yOoGfZFy@fnZr_xJ{U9r0<8FZcL0=J7j-??m;p%H4W{ +zg=gF$$$F{raEUwLUy!(!@^h%=nl-}=YPs@e7(p#pBdVPQQpJ&-*IT)5Gi;&CZJJ>o +zRW5@n*MP62Ts^A2Iy2Ow%GH>m1XXVS53JlUK9X`nsB(j5$e_ygo1qm|t^_sy%M6;v +ze+o7JIWzR(qeyS__*RdvLUv6@iab8$@e52khWyARs-6imbmO~-FGh{8Ca0Ej{swal +z7fByQ^>f4w8GJhVIx!wsRJ{#mD8)M{x5Iu;%Q1zjKPxHMUVH+wC8!wl`Hc1qpV>nxl{^?w>w-;^0fQ2p;h^}im~|2i{lv;S8Amr?Z= +zq1s=1jXCaixh-zFyWT@SmNzFU*XMR(J>ez~m$@mA-@c|GaX;Ey$4lt%ni)p%GU}^D +z)mMZUk#Fm2>;D`oegYLg;_U+eJ|9zXr+g2X?PZwl2;&I~=MdeZn$q?dYniKowW +z+jw-jwfGO@t3lOMZH6M$_^!Rm#&H%kzB6VR!9OQ`7~jo)dB}_gag1=rj9O9ary5nh +z$_(qjUyxX!-B~QgIxMAJtr=BeIpIn(Dn|~bO=V`3Vt%zTg4$mRqW +z-7zy{P~+Q-caUC#8lP%2l%U497&X2{W|TsWZ^Dc=uCVc)L6y&&VGuRG&8YER?6mP3 +zmekwswxGtP8P&fgGt{B_x52?cFR+)Lc8*#9R#Ee74%LrYGmPLI<@!*|Uxli_T#|pj +z-5hl@ZW;a^`HNBQ6`5i3<(9u6XG!lyrFWTOBDBIMUBVW@0ip0*Mz4~`Eq6$M2&AdY8>lO<6CQnV$}9kgzsV=rpzdTe@uAi#j(*6 +zs=ql@`AIW$;-^(Fsz3P_oA1+RG>Mw;6J|7qn(w1#REb(YWs>?QUu5>W4Q`3M^FmuM +zTX+e}xoL(W)OzW{QtIzCqjpsLZD!PpYQM#dc7EH|$1wgs^gn~2#5UA&wwfW08s9Qh +zyQOB>X}0lQK#lJds$9+t!>I8cLXGdB8D&u8+iyl)sPU~um9H^F0yVx1FR<}#LXB6E +zB>&29nTx3Tx`686yczPS_1}dWpPk>d&Ot66CT7%Sgwp2y76|>%TfIrf4;RdW=12Zc81Mp5YxmS^ElHDt2SjI=v{*oE> +zqVo0NFOjd?44wFEc2v1GGc=&q +zX9Yfh^b~5nCCsq&9Gh>8_-FKE!HnkdgM{bID2tkJ{iyPNW~jjnska!5>CgPLEq%@m +z?a2R*$e!So>mzwt%nJz{<}-hviNRE{Ms|kLDc@a5AR2N +zU8r&BG(#=2t30w*Z|h+L`OM$6Zbqw;{;ZfGkL-$%G@|BPC2C$*m{A%v-^$IX3^m_M +z&8YtwR;~?IuGNfMQ01D7A%?YBxgzYQ9vW*7sJOmESbOG-@98qSkk6n$K%bwB=evEms~dz)@7YBWCDEZQnJhajrI_O4K-4m{B=uoXgB;;|W}M +zp}kqu_CAB!-t%UdKyB|WsQxTH-s)d8qj^;Qb7nMysy}Z={iyv!Gin^FB=zl7`*^q` +zQu#bw?5;e{@{PG&ZW^_nm7(?rrDiC>%W1#ZjB<~)e3Pi{al#Dam?qzt8Fk{F)Yp!e +zus+(%P=Q*H8%L}k3#fUP$8{XXZ{ZlK+^8A)QR}e{zejo+|m^fb;Lv7ESk7m75eh#&MXHn~S#tf6F +z_1l2)aTm27Rvu-`+vXNa;wLICzTBO8r0vhAQ1dy98i#Q+^k6ITRjBneK +z@%l5v=C9d)F@u_K?Wp%U +z&C3K{L_aqwtlz_^erHhgr{4^H_%O=%no$?NgnZTbT}+|YSHcVnhi!j8f&WJOIBJ~6 +z%+QaTFYT!HU4<%NX@-qQ*gVRi)^`soz1s}69P)@Ku{pN(c%eYlP9ENXmb%qWi<-)S?NLXB_Ej9O6RT8$f6f#1Zm#cyFVsy|I;s6mZe3bmcBms@>nW|%{5XS1m7Y{rc8sO@apjK)#p-i;d9 +zE;Cf)cc^#!S8Uw7QR7)D$-nbZa}zaQ8>s%Rn_(H%zai9oE=Mg_5o)bxXFwvQROPku=QXow}}Jf+c2Yb93;GEMpIZoIA=y#)O;B?qfXR3 +zsX)z>V$?h-GNWx)(lqN~89#z~{Giq!{wwz3m$4PqPKy~eq1tIQqf⪚Sw_{#wXKW +z5&jnIJ!OXN66PD@v4z)>f76UMu$S<<87-meTQs9A-avTVjK)y)kD}@yF~cCL{tUj3 +z{QYLshkro0*Noax^|hH%6&@p8X+{;O`qQZT%gs=Ns=pXJ$X{eeDdc`+Q^Jfk9%S{c +zn^7KLN&2)IO`+<~q3WMB!#Jw`F}#ZWqh>UMzfXABjQUXZ^_o!wzM62o8P%ccuSL~g +zV}?pp{S|l(`O{`pjy;6S%qWGbFJVT@543qSgqla)sCm?7Ms=wDWhL^zBgOnj^J<%& +zA-kd@t9Ui(qxf>dWvKiqRQ`2#1|PvCRQ?(4BE1Kdf9nC3e-)K~4mD4wQ2EF3736P1 +zwH*wb(GY4o7&N1HRQqjas6v&i#CZQ`Mrn-qk7l%WfwymlyoaYfJcz0%gW68| +z&8QExo%EVfGphY2GnAvsm7(^trDjxu+Rql7(b^#^w`zt-4^Mcw7gbLWYCGySqb}5T +z)M-ZbsP^m3P>d>9gxX)H%qW4{U+<)1qa{?iMKg?fc+|t4sCwE_+gY0#wW7AO7Bi|w +z)l+4Lourl9M(y{v%xDv}-`_B!9BO~e`^PdGN9~Wt%%~N$-!DRKuN#H7y{?;44s-Oc +z4S$97g#rurqrw~1s`PPGxYWaocPHX-3o5Rc@Ng-ro)XkND>kDd +z)I3X>(aMh1vuuW}hsQnKjjE>$HD5Z-s2w$5+RUg1)t_oJZ1a4d!dqsTL)9~jTJJMv +zlt-=iX*23Xt@m~_YC)~{W;3cl?Z-+{>woFTiFp0bp!U~!Gs@x1*pE#jrySiAW*Eh% +zQ+^oLpCMF#2F)mg>QBEJ)uHOCMb%Sdh6+?Y<*0hfP~%f-MkT26DK?{pA6Y%~sCwqi +zFpa7whpJ~1wZ10ID2rNO<7U)`>Q5`Go)$ASpz5hZ)l-X_KQ(4ljha7IX0)+w^{k`n +zSu?{Ds-6W@J@csfJZDC;sQEl&M%~CE>_`P_y`{}azmB8zrnkp2TK=J}uQAm2nnA6v +zelzO9hZ5h3YPTJ=UfRs46}4Vk%%~cbzXFv%jT--QGb%%kf2kR5{+H!nL*-vZjq{2b +zEu+SH$&98@^-rMkXHnxhZboCM@fqO;iMCGf(cM?wHl*;{w +z<;$Y-4Wsh);t1g`JVCe?*Nx^-`DV?K#XqP0anyPl +zGow+|dKodJUR1drGc=>hHKEpjqZu`z)_=VjRiMhH&5%Hq+xfoDvu!ilLd~;HGg?5E +zn>Rxi<9?#%^OzZpqUQ668Fiz|b(x_aRjv-T-PD><4QjioHlqY;-tF*wH%6PNdADIk +zQ>gR79P*_c-IHdRz)J{c&CrOyOSuL!sz;rV*Wt5RZ?$Hq!e>)o2`YcF8BP70?Z^Aw +zF4TExBXY`oq#Tc88EPJsnxPnfg?ft2XlBFe8N_F>{Jr>6%Jrbib(^6KwO=d7R!rb1 +zZhhCbmqn~0Jcw~U7}tYwJ!UAwxE_q_!FQ^j@7VUVh;cm_*Mo6A7}sNlGK}lNxE>r) +zJ>RzNZ4u*oFs=vVdN8iX3}qPCgK<5m?Qv_}w#P+OJ>#hDX9%^u4WhQUj2Ze-_4b*e +z4VAwXHP1@Su<$LPuVxtX@SulFQR}<&&P3vR)>FF~wV~!mEB+?!w3wk0r|4e;zK;C$ +zW>klNK)BY7Dp2*M&1mzRiNwnZZZVuX4~5&YI~b7 +zLl(8YjhmqekC1=il+E`(d@SKKJ_)nmNF-iG{o`gdhU)Jqs=p&<7)13qgV&J1-;DaO +zhj6bMwWI25GouoGBIQ!}G2HpOg*Q>#?FwFmdE_JKk!jR?nli&AK9u?<%xD<@f_j=z +z_159*u^KhsE3u7wDp2*L&5%OP_nlSWeo@D}b^Ivt%h-+csQuv_YB^`kXa=>Mc{3VE +zZ6AH8_PbH-ccR*FN44K(hI&-{wW#gB8g(44K($|rS7Hj)egZWwcD@!HZKLMJmKiOh +z+MhLIzG3f+Hb~otjG9xfE~0~YeqHLNx0gKN>S}^ +z{;RdWhR-0pf@*&m)&7zh^7wSpr%?NuNz`$F9M%3Xz83pY?f0R!>s~YJL2cLFX4H&o +zzZ|u{DM9U@ic$NgA~U2={YaQ${a-BqBx?UOVTN|p{%2{$&Ywn6=TH6kVA}07qfXTM +zS}PV{J?gr1=6_p!FWyBxZK(M1uUh;F{wMK$sQB5hSo}0<9u9jrgPIqu9&SRdrwR|3 +zp~h`<*~+h>&WlE{fPM~}(I8$xIAcbQsPn=qOK++)qY6uJN}JKnmurdp*7hHLf+NaVkc&yYWS9 +zcioKEQ0=ao(F&^FWiy&xvT|8ef5**e3{`H_j7Cu9hRvu1)!(%*SbtZ|FpcVOkH>d= +zd;@BISE2fwLiKm;e_6Y$X0(E8ciD`VQ0*?7QT`4qH-_r(s2Ppm#p<6K4WY^nno$v| +zzblK@-(@r8Q2p)l_)d?nL(RhqRDX9qZ|$z2+FdrICA^sMq8Tlq+MPF}(SNpfyHMLv +zrx|Kd?QVU};y2AOkDBLwsQxy2dZVY8qslEWSh*!L{U0|&FKYX$K$YA6M@!!_!#t|JL66UPd@IJ=;k<2U +z&8YoHEk2lWt1+W8+@bzr)c7y{Ln85Cgy&G1U~@8Kr=3&K_SVU@!P-1tl)v4RWu +zMVvsbzpNRJ;RS?8&8QpW?H|>zQdGZ6%xLTH6N#Tv&pN6fIou|k^>8QtfN-maD^b_6 +zi|`{VHIEf9OUhnCpsChd#lSr&$ +z7FGYa8G2Fkvl_pGC7xdF=^LN2dDxEnJl2LfKWsHa3+nu^*$g{>ZTYrQ`L@ikiORQO +zhA~uqqn6%1VuoQ$?;bKk4Ju!?rFU1Eq0-X3E6lL?Nz1o@YIoiYbEtM_%}|4yA7xm; +zdM`Dj64X2@Hly{t&5tG2{8%)jetaU^aS!Tzvki5=S&wl)@nxhJqsF<&3>$xyNc@C+ +zv#9tPGmPW&i0}0Hc8{+`&9`#Y{Mi14wY!08cNx|0465B6w$bhos{TPUbm0$4uk-j? +zk1xYU;#a3F|B4x=QS)~U)o$;{t=%qEyDg}8Yfl +z{2T`##m|~y1mp8S)bf_0+D)O_UHNb#@daE$wYzAB1^gx2oj0Qy{1@_#pz0qsLnkf~ +zU+M7`9=~B~GtA=}@xvZJ +zhozCYClnGh7#mEdAf_uutg!2+ccwj)P7_Lb^PnW2b11y +zMy>c{+H1jh|7eCfq{<^TIDu8D?R@oviTJseK8%kCe`e*UQRS!1FpereiXXsX)b?7B +zdM;*}N>#oL)qW|ee2E!$j$8RH%u;>>wcTY=qo{e)h$`3eCmdf`&&_7kh?fv< +zFrzvwAY5xk)u`i2l^IRb8O@t9RK8I&8bRe7Hlt3|ylO(tt41@bM13A8LX}UMkrqs8FpA$orkWX=Hnu29*m;e>s37U^_WpNs=Y2V +z>O{5IZblpLvGx}6$BbVN)!w8Tx=`&kq2_NLs=WlNz11;mZ^ew3QSB|6(ITq71v6?z +zEngk#e5(xAUa1+D-fivWQS*Hg)m|5>Toe8!@s+4@6=qobV=Fh0n&+da{C%kNu@+SR +zW;2wamTT)>Hoxal`SYmrvoTcuQ8RR+@;76=KSt#*#Z~fev5_hNrWs~Y`E#iGoI&O9 +zL7l%fqw+VIp&XUJ2sMv~Z{p>gHuI|VJs{I_Q{G=KBP|MYZy3Vu3PUWTaZ_|u6P|LH9&!zq~Gc2Rd +zmu67;^JX-Jw-FvRqYSEiKmLgFeP-xJ>kd{w6c3LXAhUtDT(2W8)n*9?Piln8!Aa +z8)|v7X6Q$aM;~fDdd<*=PbYs1vTHt4gKEDNRldXwt8cgEnnR688@`18wVF{2YI&OR +zH>khK4E3n9!_Es!|W;_#c#CHNz5WJItf`Qi?;NsAI5L51cL=q-t*G_fVum#8e0=IgTizUMc_+;< +zfm+_I85)sIrm4Y<>QT#EhaaLJwPvV7?Z-<{`HRhH?aj8lb8a5Byc4M9&EQk8U-6Xd +zGowz_`fWokZ>t&VQOjG4>@tp&q1xRUwB=nuE$_S;Mp2&wDp2b;jauGvGnAp0x6}+X +z1BnEu22FW0nno?}6n>3<tJidw(5ZWU^I%TUX^^+)#kViPZ-+=dw~ +zqn39OwY&>vm_{vc4ms61GK^}s2ep3dQOjFrh9cDGkFht|@{XdGcf<_CsO23pLp5^h +z(Ntwdm8j*dz-9W8HbW`uIJ%v&{99(UfLh+1n?)_}Flu?bP@ii$v6yz+&8P{rybY-3 +ztv5p@YI)PhDbyElZZkOBU +zHoFaOt($VU-{9@ItL~CJ?M}Mm?ua|+HoFaOty|@$-GpR4<@>GOoSSt=-F~;n?Q~n+ +zCU^1m9FG{s8GIJwIF7%AgZL-JXHe^@-wfUObkdu#1}pJ4@>QVj8>P*ln`%m5{R6I3 +z(BB1AJ@aOm#yZm5Fy1e^4Q{Plz3#}@3ww-Dcss=v()O{jiWqxw;V +zHZfjwVOZ_6^jTCtbEtYI%`l4UXC11a)oz7b<`%mnHzX3*(M~_ApKbU;Y{1tL +zUyrK4&J0zkewLv6x&B)2x07!T)z4Kk%%ak>sD2Kk>KQUaFRGtqsQts%_2#0RbKCKG +z^>dBj77>9`O +z_V_N3uR|S|%00f!<2SD5JdXGUR6X-%7{@;)zTe~fJiZBaJa2eSBJtboZ|cpc4z*va +z#ahOz#tfAh_aA?o{6%K8+{1TE6J9c-MO66(d>ZBF%`k)NcNUd@+>E;M#e}=es1sGb +z9iLA5HZwG%`dfp_Uu{OE_(axEkvn^hg{R$7cgU@GYur+|$eq2~%e$kJ{xo~I!L4%B +z?((ax+^jq8cDpU8{d^;8zhC3wGB<_e#BX%7KgVU%_K?Tl!7&^oeiSv&N6avc@w_%e +zH`b897Bwza?%Jy?yx`8deQrCde=Vr~)qA+YEx{X!-~N4`)50}W|K_j-C-9Gm&!YM_ +zZiX>b|3=Nwhw5Jgs(-ca=2aG6b{E`1w;R>Jc2xhGJY4OTV-N8uyc##VtbdF6LfV)H^m-bcV(lqw-gy_Uma>`{iaRLhaXAj`6vG +zdZtnHCX2_hAIm7$hbq@=hEDu-%C(~MRioM~_3%!+)w6-RK9|D>VirF_zA=0};X%|m +z_T%N)i@HwNh4*85I?bpR)5O=I+N(m9t3Z`2N0lqaBFYt+(ay`Q+!p>a^KjD)>-bBA +z*UYels&5`u-z=)WNxYEyCd_CAA3=NCmI&8IH6&27eb +zKZ_SpZyKM>dMZM#*PS*iw~5NPgqjx%sP^a0kVnmnEUMfnDt{Mdu^Hcujrhk{kMF@6 +zd^`EqUh4DRU2tbn^-Q4pH-hS4AF7>h)OOO2%GZGEUmdD{wPvV9^{)g~E``d!{CkPS +zTX7cOgn7*16b|474wJtH)lQ>Z=T@WYDMj^97gN-~^_N&XE2wgdsC?6?{^d~pn>521 +z{yOULm +zDGPV!JU)ZkzqWgPo5xq9&c8}LzS!eeIp}IXI*V#|#tb7EpJ#CrqR+|msLzdaW|+lG +zl-~?psC=E4-ra77HcRhrHA4!OPbW93Z>J?TY@_PiGD8-XZ`{(m$ILKl>D?n{s7I}z +z8h7JG7G8C8Zr1I0d)!L5++F7&`b6qmar17@?Q~n+3b)MN=A`k7%#RgGJ&W#;+wV5I +zb#A$&+(NUJn{_AMaks^-bF1C;7g)I!)V!NV9S?Hu5Y`hOM9tfb8T#-L`Ek&@})dJ;qgn) +z=6)LS)2RGYX2^KB-@{EFZuD@Ohf6)Y-jGNfAAEttVuu^+X*`pnRaT3EX%@d`hCFKCj(Pm3$9JLTTa(8(dVD!*zU^?*qx!eauz;FxQy!o5_zb>|_;!zP +z^Z07id@J?%5|3Yds?E2-S{tVxw+%H;+fT81vw^n|UPZ-E;yZByM{x|_rg1>6&uX_E +zl|TPvpC_n!l10ULVLx`_A7U%sO!*Y5p3NtjE2#W^sCm(iniuUJUx`-|uD~uV!<#5y +z#bi)DWo`;p&jgWL|6{22Ka7fR#b3h~ti;VH*!rD8jep(@?Wpxz=kc{3pFpkO<;Pq8 +zB{Pg;yg%{yUXQOst>03QFY);0YFoe4sCK8!(1%*T%^u(6@ujHsyZJcFzhQ=H)c&O8 +zv5W&Q9zpgWlvRt97@2&BkL1HQrO$sPd?KhEe7E +zQ03BiMB{=Q=Q1-Cqt@g4uiAQAMvZqbR$&inJ$0L*3st_;42`JzYf$AXQR}G~)vvV* +z-fJN}hgwgQX6W^BkB8IvILeP7w*HSu%C~#C-mOB7Pcf>UjYn8J^Y|Rvna0Pf9@IP= +zL-l{u3?r!i51XL})&DkB|C>?u)}i{J#s<>2FSq`0nPCn!&w3>3os#@j9!|I$X-i*5 +z^?Mps|0t^dZdAXUJif}~w=c8!8PxJj;iEB&swab5zis#!EJv-cGSu>xnxO=>y!=du +z44V(P!BF69*WFp2Dyp6ZRQWtU94Aoy +z?Zt-@Ub)z}SJZefpvHUN46_)oS2JX>hVp%=_15d@J)Yi%T91vW^-djK_4s1c`dWXG#q{E{wmC9`y#7n!_B)nH|u8HF4TCpp~k<_!=?BF!X+55H#000bKi{kS&YZo +z45O%V?s01{p5N}q11vm;zfJiZYTQRq6{buMzwbNsU7F7OfRQ<*7)ctMT +zb7p8qt&e(-uk-j44;OoQ^?uyPBHt`(|2<=d5&T`^$BKA9i18gYqY>2g^kG!LhRiUC +zmlDpHp$k>6(~KG<ml?#|G)U#|xOQ`l2QSC37VIE5e&zT{I +zDmQ6HgIGhkVtgXwr<)H_zwaw&CF#@nhlI1J`89}|Ul}uMLFI3BOI`hrm*Usm71Vs1 +z_wY1oo=xJ5k)Ohf_X{Ja+v-n&%QF=UzB1$+p8MulDd2_~(RQ?&06XJmKH= +z@N-e+kD}^-8mj!0JbVOI{*fN$^eZmU;W*CEZZ^TPzk$sy@i1iZ5--9G(&uuy!y@(J +zy9mp>2=^e%ST27`xC>dmuc7LBG^%_RLZTAW7scD}1qpYRni=B@wEvb_ +zH{-Uu^={ftxU1}M@VZ;uJ)%2XWVwT-c7p+ca_X>c{l53+;+F#O}hzqmF0;i_(ksO*vJS-~+cX?P|PPpE~^5KNFL94uEN6vs<;pFAH%Zmy}sz$4d +z3TLb4`0vz_=_ABEW%MaUg{x0lIsaI_C-=&V_4qES=>Eypx%v?cg +z?`UsP;Y#l+|IJ-Lb$wCc_VqjbcmA~tuPrJZy!T+(7UXX%C@LI$ +zOTo}vaOo`t%W`6;**Kv8hU`0-TyCC;%9Q#he_;+yX?taB%qx8n9#;m#Niy|-}qy*Toxg`ANeFZ1KTA2GPuB;TUuHf9i6wdz(Zhx(C=WDpS +zTDZ1~%WH)zYdHPQ!u&Teb7$e;ow)Mt!qsnM{yT*;-@(D}77l$ESHD-d_C1{We&Ou* +zacHw}coT=W3rDtb{6~e^AK~ne3+H}}>vt7y+=U}QDIEO?PG*w1jJB?UlcRr(`FAI0-i^7j7I(w{y7uk>tilaN<+R$xq?n=aWO9 +z$NA4E7v#uda&!^b|24VsuZsU#a^Y*3T}@7`;^t~{OU`~hIrnuO|3)(V4P5+2a!GFe +zFuDChoZ3!KZ!7&r$?T7C`A5kWIrrn_{EsnnS90(!T)Qi|E=PBgV>`ILliZP$KS}0( +zg1Mp8)DZin(VJ3ZH{s$bUWs6PtC~rkEa$sj_diFl9= +z7IU{9nz{{_KX7Q}14{q!q1=ZtpF1>@lb<>?^C_G?d1&q==00<1>NAS}?4g;@;?%;S +z=>=T*+@aOaDg8@_roMzTUp_SZWqIeJ**kIWdxz$~hZFyPX!752@CS#6et^qAIJ6>j +z|8Z#QKXCk~hq6D#ou3}c+>I-DA6k{unG5on3;yJK4rUx!cmH^2BJn`ZInp;-Qvxf(7wy?gW +zQ2iV6_8-OhkHS43elv9`yy)R|&##Be^mmiDH~dMf??F$p_BTEJA3k0!e{JcH_i*0B +z*ZBCAf6CJT*2lkV&B7JC%kw=8KiB(H?d^Z?G1gxC(bk_FA6~TlyT3dCUwqhCxZTr# +z&`naUe2{~LP=vkqq8V&N`@Ij0@c2Xg+}uO-a-*qyIme+^;Ixx0Kk +zPAbefeAdIdzV*Nh)2G8tO6N1el&Al1Ef1eL@*W;km=nHj9%|IzLpcGwtRRzErB405 +zkpC;J&k6ebtKT48m`U__|9?tdO7DG{rN771n>~Hi(_86-{{HIOR=#VuJoT!4iI;Ek +z^gd6&)zdd$VddZ9>5ZQLB~Kq`O!W6XmS6RaowD#_`FyEx)1xf>rdB;CoKDno5k`N< +zSis8&FMIn>XtMPF2U|Lyf#Y=Df6(9Eth>t!DevvShd7nj{RjQs=IOiZ_aBKr+`uli2`BRz1h_C;ehpD|xqSfkAIoxzr4}Pmw33#>#y?q+n!_T +zeV%^Y>+kaVKlMzjpN|xAhw2_~`HMXNtG)h&ho`;%=5JX4$G!d@Pe0}LZ)vB;U+J@~ +z{;b#kF0X&v$LmrrKjP)vy!@Ol=<(O${ag3)U-aeg^8BCl{#AQe*H1KlrFX`~6DwXn +zAEDxi!@ho+z5Z8w|MFh{_q>0Vp8w**R^OU$zsvQuJiGhDmw12beR=-L=Xc+Q*8UT` +z|BGJ#$31_u*Z%`gpZE0Zy!}Q`f4=u`*3%a}z24K`>E%~F{Sr@a_w<~XU-tAPm(l-1 +zwqH+wVYMw^`BSaGS93hq_-zCWANTZ1PycIA-}dw^Pp|Rx3p|{9nU#M{gS9v5QCHg>Hp~IQ=VSJxT*c&Axppf*;YR9>0O>)cC)2lQBQg*6TfVzm^*!cGwI9sjCxBi +z^7DsTPoMJiulfFA%hEIjU)IxGJ-v6p(#z_t{!Jg>_jvtdUVnp^pY`%L +zd-=(?S^05KU-a}-o?bs<>06$@>giAODE9f4_4a??$8Xci|GAf6 +z`;e8t)t5i-`M-LIhX}vmbBa@=nV?*<|6RaSPwik7rvQ7Jen?6DnVK%EAxw +z@WPsf-^}@h(&xTm;ZJ+GoaNTv(>#B<=YL<4{HbiB#Mj>=t|NRwHj(l3h2Y^K4}X{Q +z6Q%E-kNlyBxik{j|4z@}=iz_!@Q8<}Jb#aezs32Aj?YzZjEg5m>7T;+H(B^gp58EM +z;p-@`^u-%3{Ewc#?(_9ZPtW-A<=?&)4pdv9u9ukqqtVCWFHhp`#=K%zAr>AFj +zGCMnyxw|uY5O3~u-|o5Dp6=ehw|BaipcIv|A{BoC8l)gtQe}x$w331>Ug?C#g+dz|xq=R2?OJEyOF9zt-24(&yF +zxyRmZ8d1MDLQoSwZxa0fxz6EdKb7OZ5XKe!d>ib8{0gFf;MWN6108;I|CPbol9r`ff3Zz1_v=zke0~Vt6~}ckkCY> +z5%4$uo0mVZ#_3O7&*6?}?>EkK81I2%eXkSip{I!UKX-%ktBd;n_8x~{B--=+B8RUK +zz|Rve;Qa1+jDdI-%J_fa6CC~$$YJ{VB8PDpK=`3|a`+0N-?#iJhyPRXyYo>F +ze;WJ~@lSt%!^?u-l@D;ZE!zLtZ*jN^;}PP&4#oxid`PtSo|7E@q|nceV*LK3D1Y#! +zynIXOV+(?b`1z1%@85YGzC++Y3PCOW+#&4wFBqVMPh04V0r1Ctp?#j@-@H}Gf8l`R +zKP=$8A-NMjvqJuj4u|g-@*jmuHu!m)kbn0p8F=E~MfrO%a0s7m0nhX}{L~v@e0bVh +zPJBX)cRzS7hd(Req9}hv!0&q1`*xxl|#z^@YJrv>~$QT`eM_h3Bd +zn&JBUHmsji_?fUDP~rRU(&1eg|JCv**LC>g1iyMxFTVo%i%Ngl)8Q3TUj0SA{7J&E +zMc}6s_}<%f`o|Y^_|vb^;ooTL@DEhIqKS|{O9N~}oTB^LYt91AoZ`9!*ZRzkMg#R0098vjQ +z596*1|K_uF_`y4L_@Qfc_=iu^Va!KY`CVh_@bB;F@b8fRv+y##{3W|O{Fem(0fK)E +z!T&nJ|1!b<9Kk&k9Bz!k1|3gy#XQcdd +zr2J!~zdNM8&mr(0@vqkt|N4xpw|C|hI(#+EcdC7Vg7n8%k^cIR#9zPjOFF&F@TEQu +znZHW-rOX}@z7ysLRsJoczx{bjFaO(Z9sYGP9vY-QUx#&>%D?OAFy^DH<;HC~{0vwh +zsO7gmTZcbF{QvJS=;ddL|9_9@^LL594~hSOkBsklFHx;ekNE$ekn!$abshhJ_{0Bf +z=;i-L#*1rySucNr_=8Et-^Yo5PZRyVo9OpuqTh#!eqVN{F8`&ZKm01u?+w@J_}?M= +z{R+`iCOS>+qY2exFJF>0Ly>r}uRF0nzVM +z$oTbcqTin+{o@@(zZZ#qA0qmF3(;?d^p`4`U+yFN#e2G{e*c>2w?_2abani{A^LrU +z==WZt->(w=mWh7<>X|zK&&=s?<0c)xudKtLBJ;_IJ-z&PGTyE}T`#|NUWeaF&2hu<=OJf0eCIB>Yo5I{sa3{U*yl-_XlH!1{+QA6%iAKZUgC +z)ucU7C+%@bdu}D|c@JsNi%5GekoLU)yk4J^q&5+WuYA +z{*SZq?#4(V3v4|u;SaO%Si*S!LG9liV&Ctw@lN8Oyj92l2R44m@)r<$+QgpM6MMd& +z=||Fklj%>wF0+?}@&1xp-}{;VWVy-oC*kXueI$HxU8nyt;s5d(z5KI;|2qi(dkFvY +zg#Rl^``%3W|1=w)Wc?l`{NF_U_dUd(FRJVHec*XI{2#=g9`Vlf=Z5>|y86AE@MTh@)Nr!idKjZy)wLV`U_%^9; +zaY4ub*EJn}7Ab#hLoa^`fj@ahFYl4^=acq+ozw^4B~$B&0@}ShT!LPCo_T +z_nK`d==a=Q_(s`x-Fh6ASF`B`=Z0N(X}ICEn=Q9~);Vz3+LcZ_a0kJOmVL?(dZ$W@ +zr_Q&1r{Qk&181-0Zaard{YJy>ZFM|A?9Ci{!TwC!ZGsjqxidA;lcX&Q+FV4o(B8`C +zcBN{c*)*5!Yx!4eo1n3V=Qh2zS*y9eAAaSw>*5QcD#JLn0)3-3wG)G}k-W%8}4s&#O1x&Aq#TdRvsBXQQ`T +z;2Ef`#i(}}g-XA7$z?vZIgjODyScfz6}sHc1|eA3II~{en4eq7LYm(=vuv3Q^P_R* +z%2_yzOqfw9ma?#lrPE*$w{G@>eHd!I8XIgXow^&VePI@dwi1qPo8_~eb}f!FYgVnz +z+11KM8bayxhFOVmp0iGy#qwP2`-Qc(@77>2+ML~3F2{ovFAW3NH%&?}<+5g& +zu4xoe>np+yvM6{>^N^r2Y}BGz8_7RZcn;JB#uwF`139!v4phz;&6EQf`DUW37U2`9 +zS+Nd6#e!K?1fz&k>{hQ6bZVVeh@@f&7B#c5w2%X@Vntl!=#b%AL(>c`uxeI@gH`KX +zSc|;$q)#1{O=z%5=+Q7orI*d%9X*|ofe5UFFMCbb55NtRv?kD?zve-Mswbc&^aMp# +zV(I$0_S5ZenuYldnEIV2%;JTk@InXW%A1^*H0Wf!l8rlxr%?n$!#EZi2Aps?K_v`L +zF>@B0V&)VyA#H1M4~Fmxt}$Ve+`R4FU2J`%tj=S@{Z_#!;1ZQDVk?E=#ky_d|JLsM +zE!Fkb3h-#zt=6RjzIe0`I`w|bWm|}hrOmSEcb%ZNPiCS~D-Nr?dBRT*t?w;TSM%Kn#Acvfwfy^t9jHkRWl!e^>R5h&cZ5c +z(^#ywYfjhib8)a1hkEQ7MPFHln=lh^UA58{c#>S3PJnp?78j%?4vdd +z^TKtP3zK;6^toccn?6_Ue$(cfsopuh%brZT(VpEXRV%RR#w|QM`~s8J-QM_vt>)Cz +zVye0JbeKv9*Jp$UJkA@p*^!S=jTgB26nH6~J_T-kCZ&B`>4pn~#ktvWbywO-^2f=! +zCi&x}TvOIcvw_nby%0%UBjqH`TJ6E1yI2Fd_0hG^h7{@j>N2Y^$B)cc3TCw+RJKys +zp=-XZg;j1A`fzciTIhqr5m=-Q1z{UtH(CkRP>ri0+4sjHrp}&|IL*6rl50JIdbKil +zhwNYr8g&PlbdtNnH25Tq2S=$-(g=``k2n%tf*8{U4DCeW4hD!=M0p;L^~1nJYdF(@ +zJ#&4g?X_kO_q~=o({CU4oNgC3g)>fjX0wZj@esMVaXbXb +z91Fr>5lzo+xsD%!`tiM1#6l+9Iy%IscDsdU_ +zeKoYH<-YpBsdaq5pJzd;hEoIbym34(sqG%h-JOWct@Jtv7EHlo@A@|giS%k^FJLt( +zTI9Ytu=KTeoR{K|ncUQAM1&FI%;a>Dijwnul{T42Ak-6BijmD&9%`|}{8dUF@gIel +zEhajcP3518F`6+u;LBv3h>^`$wpSeGrV2>Gv@rIvQ6qg{Kfh6@_}EdLX;Nw)WMDy& +zSWJZCh9|OkW~4`FD5k7GkLQdgkTH~zxS?5dRD*FvOO3`wuK6%!<3#8wrN*iy_-P%+ +zTezyM%y0|GiPOWuuo`ViL&I1LwMZ;DfT4jDB$!~u(Q*b7=qiR3uW=HCEGOZCp45gx +z5P{Y?n;Sh!r_}T)ou8y9Vo9w4Q#@}^#FA=B!77$T7$Y7}w!6EVd&IdDkF&MS+J>W( +zWUag7xakY*IBxn%n&QgIHM6SG%8tX< +zSj5VbtWs#dUj~)V7I$n_zo1@FE3#i<>Wv#UOWj5ZMGb{`lfYUr%JSJ(k{`qVEa)lXI0rwcI0->`eV+DBLh*BFU`_ +z+dXCDvW*dpo;#Un;l3&pNoKoeq9HHbab+UOHt_9NHZp4jo`4&rJ&fq#P%9H$lU0}l +zRaSy2G7m+h&K$_0Qgfh6)#gAB6`TWAwvekimBi{UunTz*mt26IkW=%5A-EcSO?pXB0OJhv23xMhX9yM+X3vi7{2WM@&uvO>AG#Z-1i}- +zYLp!1z7D`jhO)T3P*u*S>{uS`AXqoo3Tx5j2Hfcp$?EaOn6fJ)Wv^z-F5wnoXI^Yd +zj5)8}?FW!ww*fltc}}b3JFUPpN1l!^M#;aB!ojn$n_5Dzeia0564Qeo4caozY6*83 +zB@9N3wDFrSW5TyRE@#EIKBOKC+m_pSwTfEURP8y48`P{ufzpe1u&#Cp(#Ff?#qDjo +zSBSS%v-s#5sa8&^Q6+zkI$Oy#;{9NbZySwr*LVB%&NgfzI|tAkN?yCsG0L5O0KFp` +z*B~+>&AwXLVWxpU3bxgR?YyQLdUp#ufVoZ-hNPjo{Nce~2QJjkfVm;Xzd0j4RXZw* +zHWtcJG9)^rQzssEXHq1cd*>j~55Y4Dl261lNz^VR%%6!bT_6Q}$P~S*=sCmbXXL#q +zDmBiB2kOTn$rddq3^pZ>QG>B5vnvu#o@3M?Kgnp(xPTc`bUu=7(Nc+gz8<3raniA_ +z`9k{2w!V-`^yWBPk_)F{>3$o>N_N&bUV?|lkz#HcN69dTmRv(L6Q##skHcl@D%D*! +zV`(bpWHIW9|0u+4F`+-C^H0SX%@})oHseH$Y{s&^y!)pMNWp}&<>G9m?+1{A#%^=L +zy=J&QA9!$%=I?H?W$dnXPW)4yM#YNLOi0M#bi?2*Blq}UyX>zx2lyIJ3dLIiKHK>6 +z#})X)8W2K&o8{~q@u)`lO>}YljP8ac8b12sHldfAVx2AN7IrEHw?ZD0Xor?`5t{H1 +zy(R}L-xuNbH3xFon{%Mb{ZB%JlX2`%GqA?zg$|l>aeM4~NrO&SFWE;`4O$)AFAGgE +zvw{Yb1mux>umN|K4C>1AX*M@B-L~6nBVp>b;KmDKQt29n +zI&940*bMj$hb#K*BDKV3hlPd*8SaoT4;Lnu!`tiWG+eW}h{7R9BAbOunuKs*$c>Dh +zCKoav_;Jmqp&JE!bwpS*)?PNbVIQY7vIiv7#Hs~yWOtx6eA%bS$a3PrDkq2Q>$V@% +zTi%}S`I{Cz$AwP?nZX&jQxFW7Ji}f(g#VTf17`X7__0`nH^A`V!G}}|epww){-Q`T +zM2H0`eUQn(*a5!o72tz7dZ=1SoQUX^^F94^0?(tgYCur>5RM($daLVid-mmCt7;Uy +zwim#`8FWvm>Tu8&D84aoJHC(0yiR+?@mlcMj%}A3aD}7P^4e~>(Q=x;Uq0)?QgG7; +z-^JI+YJ7nRNeGsC+UomrnCAgW30&-iJk4Sf%LTiEPhYVou0)FI81+ozX&p+vu^{Ad +zUR2+=9Y_>51JFhde!ntGk9 +z#z~B`UqdO(!PPN%(hpvU84moy9N%d#8HTdW4hMmF#={X3_pq%wk}PzU@OgBu-^Ilh +z3vsabY(|GRbT;vr$;2$9UNCx)ny>LECapb)w%Hd8nYF)cdN*y`_y?Tw8xR!HTf)Wa +zhi@rk{Pe}bBY+uwK9rZ_R2Tz-0H5ksrgugJSyEbf{GyV_i_r$MzB|Php%7gTADz-oOm=4Z3FQ_?xrmUToNV>R +zB$TWD{DiW?+NFg244}&D9fVPYao-z7VXgbsIUioQ^#()3u=;zJd$AAs!|u(OEsrnT +zTYv#i|E6Qa=LZ9}6Z>#08Lwz7`MZo?47*qcY`FZ4`&`&1Bh5;u$KEofwApi-G0W$) +zGjNT&=d>Wd(;~yCTDfljJqrSnKYls}FGT-^DF +zW@S*b&L!{R`i)9#SXAG2Wy>94013k?=U7w&R%vloqi-@MJTYai;_`QVX=MAUP25uz +zqwPSCPfYqoYl^MWJUuBtV~Vnffz+WY{)*qxdx2)2;}W77=Xiu@rpXwzrf#7hm#h(k +z@l@M2VnCjvtW2}X%V<-Sm^^(dq7okAn#{du4>>MbNme@^S#n9H59kSRzlDzmX;J=qT{M>- +zqa1A#IyO16v?snKOjxCjRE_kq5mP2O*3mub*m#qpjD$tYQR=OD#4*%7A+wF!?!l&XCGxHi=fA(D0n9YMi}95lK`Lj=C=sS!b05dYMs`P#Q+l +zA?zA!n36M0!I2IF##hC +zSY~wVBeZXN+>#cGipz~xH}-2hvlrmuYWx+F*exNvI?c>wS;iv#SQmZb-?IFIF{}Lq +zz!KcEkyJ&)-s8V^#WM!PL7_3<4;l;jBSYsQErE6BdCxbk%G#P`Ep;*H0+KI6HnP*n +zNmW}=nbqNX%$1W@n;EEdftZM@%wWk?5RX~Le`AdQs1*E!87MRr>6R@hg>x^=D?!^Z +z08=+2AWSlfzTly{2yDRHl^jTTu49t-KhBx#$c-klOnhTEjqk*FcGDP7dTTe0@5J|Z +zkulg_=0C%Wl&@DqaK_0SkH|G7W*HNG|)CBG@(V**A-QSdt;I5zt=YwY503MV-d+Q +zcPug(g_H2XH#7VKpZsB#()tEGT^R3#Y<=l}^o^ +iykRDUiltLLTXm-84B_(V%z@`0;BPIxW(IyX_WuA9Ry^|n literal 0 HcmV?d00001 @@ -25307,16 +25962,35 @@ index 00000000000000..e134697ed96de7 +import "C" diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h new file mode 100644 -index 00000000000000..d9ad79d513f910 +index 00000000000000..dc98c702b3d50f --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h -@@ -0,0 +1,84 @@ +@@ -0,0 +1,127 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+// This header file is used by the mkcgo tool to generate cgo and Go bindings -+// for the CommonCrypto C API. Run "go generate ." to regenerate the bindings. -+// Do not include this file, import "zcryptokit.h" instead. ++// This header declares the C API for the CryptoKit Swift bindings. ++// ++// It serves two purposes: ++// 1. The mkcgo tool parses it to generate cgo and Go bindings. ++// Run "go generate ." to regenerate them. ++// 2. Swift's @implementation @c validates that Swift function signatures ++// match these declarations at compile time (via cryptokit.h wrapper). ++// ++// Type conventions: ++// - Return types and length parameters use `long` (not int64_t) because ++// Swift imports `long` as `Int` and `int64_t` as `Int64`. The Swift ++// implementations use `Int`, so the header must use `long` to match. ++// On macOS (LP64), both are 64-bit. ++// - Buffer size parameters use `size_t` where the mkcgo `slice()` attribute ++// pairs them with a pointer for Go slice generation. ++// - Pointer nullability is declared via `#pragma clang assume_nonnull` ++// (guarded by __clang__) so Swift sees non-optional pointer types. ++// mkcgo parses this file as text and ignores the pragma. ++// - Custom __attribute__ annotations (noescape, nocallback, static, slice) ++// are mkcgo extensions. The cryptokit.h wrapper strips them for clang. ++// ++// Do not include this file directly; import "zcryptokit.h" instead. + +// mkcgo:static_imports + @@ -25326,73 +26000,97 @@ index 00000000000000..d9ad79d513f910 +#include +#include + ++// When compiled by clang (e.g. via Swift bridging header), assume all ++// pointers are nonnull. mkcgo parses this file as text, not via clang, ++// so the #ifdef ensures mkcgo never sees these pragmas. ++#ifdef __clang__ ++#pragma clang assume_nonnull begin ++#endif ++ +// AES GCM encryption and decryption -+int64_t go_encryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); -+int64_t go_decryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); ++long go_encryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); ++long go_decryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); + +// ChaChaPoly encryption and decryption -+int64_t go_encryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); -+int64_t go_decryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); ++long go_encryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); ++long go_decryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); + +// Generates an Ed25519 keypair. +// The private key is 64 bytes (first 32 bytes are the seed, next 32 bytes are the public key). The public key is 32 bytes. +void go_generateKeyEd25519(uint8_t *key) __attribute__((noescape, nocallback, static, slice(key))); -+int64_t go_newPrivateKeyEd25519FromSeed(uint8_t *key, const uint8_t *seed) __attribute__((noescape, nocallback, static, slice(key), slice(seed))); -+int64_t go_newPublicKeyEd25519(uint8_t *key, const uint8_t *pub) __attribute__((noescape, nocallback, static, slice(key), slice(pub))); -+int64_t go_signEd25519(const uint8_t *privateKey, const uint8_t *message, size_t messageLength, uint8_t *sigBuffer) __attribute__((noescape, nocallback, static, slice(privateKey), slice(message, messageLength), slice(sigBuffer))); -+int64_t go_verifyEd25519(const uint8_t *publicKey, const uint8_t *message, size_t messageLength, const uint8_t *sig) __attribute__((noescape, nocallback, static, slice(publicKey), slice(message, messageLength), slice(sig))); ++long go_newPrivateKeyEd25519FromSeed(uint8_t *key, const uint8_t *seed) __attribute__((noescape, nocallback, static, slice(key), slice(seed))); ++long go_newPublicKeyEd25519(uint8_t *key, const uint8_t *pub) __attribute__((noescape, nocallback, static, slice(key), slice(pub))); ++long go_signEd25519(const uint8_t *privateKey, const uint8_t *message, size_t messageLength, uint8_t *sigBuffer) __attribute__((noescape, nocallback, static, slice(privateKey), slice(message, messageLength), slice(sigBuffer))); ++long go_verifyEd25519(const uint8_t *publicKey, const uint8_t *message, size_t messageLength, const uint8_t *sig) __attribute__((noescape, nocallback, static, slice(publicKey), slice(message, messageLength), slice(sig))); + +// HKDF key derivation -+int64_t go_extractHKDF(int32_t hashFunction, const uint8_t *secret, size_t secretLength, const uint8_t *salt, size_t saltLength, uint8_t *prk, size_t prkLength) __attribute__((noescape, nocallback, static, slice(secret, secretLength), slice(salt, saltLength), slice(prk, prkLength))); -+int64_t go_expandHKDF(int32_t hashFunction, const uint8_t *prk, size_t prkLength, const uint8_t *info, size_t infoLength, uint8_t *okm, size_t okmLength) __attribute__((noescape, nocallback, static, slice(prk, prkLength), slice(info, infoLength), slice(okm, okmLength))); ++long go_extractHKDF(int32_t hashFunction, const uint8_t *secret, size_t secretLength, const uint8_t *salt, size_t saltLength, uint8_t *prk, size_t prkLength) __attribute__((noescape, nocallback, static, slice(secret, secretLength), slice(salt, saltLength), slice(prk, prkLength))); ++long go_expandHKDF(int32_t hashFunction, const uint8_t *prk, size_t prkLength, const uint8_t *info, size_t infoLength, uint8_t *okm, size_t okmLength) __attribute__((noescape, nocallback, static, slice(prk, prkLength), slice(info, infoLength), slice(okm, okmLength))); + -+void *go_initHMAC(int32_t hashFunction, const uint8_t *key, int64_t keyLength) __attribute__((noescape, nocallback, static, slice(key, keyLength))); ++void *go_initHMAC(int32_t hashFunction, const uint8_t *key, long keyLength) __attribute__((noescape, nocallback, static, slice(key, keyLength))); +void go_freeHMAC(int32_t hashFunction, void *ptr) __attribute__((noescape, nocallback, static)); -+void go_updateHMAC(int32_t hashFunction, void *ptr, const uint8_t *data, int64_t length) __attribute__((noescape, nocallback, static, slice(data, length))); ++void go_updateHMAC(int32_t hashFunction, void *ptr, const uint8_t *data, long length) __attribute__((noescape, nocallback, static, slice(data, length))); +void go_finalizeHMAC(int32_t hashFunction, void *ptr, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(outputPointer))); +void *go_copyHMAC(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); + -+void go_MD5(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA1(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA256(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA384(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA512(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+int64_t go_supportsSHA3() __attribute__((noescape, nocallback, static)); -+void go_SHA3_256(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA3_384(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA3_512(const uint8_t *inputPointer, size_t inputLength, const uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_MD5(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA1(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA256(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA384(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA512(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++long go_supportsSHA3() __attribute__((noescape, nocallback, static)); ++void go_SHA3_256(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA3_384(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA3_512(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); + +void *go_hashNew(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); -+void go_hashWrite(int32_t hashAlgorithm, void *ptr, const uint8_t *data, int64_t length) __attribute__((noescape, nocallback, static, slice(data, length))); ++void go_hashWrite(int32_t hashAlgorithm, void *ptr, const uint8_t *data, long length) __attribute__((noescape, nocallback, static, slice(data, length))); +void go_hashSum(int32_t hashAlgorithm, void *ptr, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(outputPointer))); +void go_hashReset(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); -+int64_t go_hashSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); -+int64_t go_hashBlockSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); ++long go_hashSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); ++long go_hashBlockSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); +void *go_hashCopy(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); +void go_hashFree(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); + +// ML-KEM (Post-quantum key encapsulation mechanism) -+int64_t go_supportsMLKEM() __attribute__((noescape, nocallback, static)); -+int64_t go_generateKeyMLKEM768(uint8_t *seed, int64_t seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); -+int64_t go_generateKeyMLKEM1024(uint8_t *seed, int64_t seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); -+int64_t go_deriveEncapsulationKeyMLKEM768(const uint8_t *seed, int64_t seedLen, uint8_t *encapKey, int64_t encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); -+int64_t go_deriveEncapsulationKeyMLKEM1024(const uint8_t *seed, int64_t seedLen, uint8_t *encapKey, int64_t encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); -+int64_t go_encapsulateMLKEM768(const uint8_t *encapKey, int64_t encapKeyLen, uint8_t *sharedKey, int64_t sharedKeyLen, uint8_t *ciphertext, int64_t ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); -+int64_t go_encapsulateMLKEM1024(const uint8_t *encapKey, int64_t encapKeyLen, uint8_t *sharedKey, int64_t sharedKeyLen, uint8_t *ciphertext, int64_t ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); -+int64_t go_decapsulateMLKEM768(const uint8_t *seed, int64_t seedLen, const uint8_t *ciphertext, int64_t ciphertextLen, uint8_t *sharedKey, int64_t sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); -+int64_t go_decapsulateMLKEM1024(const uint8_t *seed, int64_t seedLen, const uint8_t *ciphertext, int64_t ciphertextLen, uint8_t *sharedKey, int64_t sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); ++long go_supportsMLKEM() __attribute__((noescape, nocallback, static)); ++long go_generateKeyMLKEM768(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_generateKeyMLKEM1024(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_deriveEncapsulationKeyMLKEM768(const uint8_t *seed, long seedLen, uint8_t *encapKey, long encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); ++long go_deriveEncapsulationKeyMLKEM1024(const uint8_t *seed, long seedLen, uint8_t *encapKey, long encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); ++long go_encapsulateMLKEM768(const uint8_t *encapKey, long encapKeyLen, uint8_t *sharedKey, long sharedKeyLen, uint8_t *ciphertext, long ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); ++long go_encapsulateMLKEM1024(const uint8_t *encapKey, long encapKeyLen, uint8_t *sharedKey, long sharedKeyLen, uint8_t *ciphertext, long ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); ++long go_decapsulateMLKEM768(const uint8_t *seed, long seedLen, const uint8_t *ciphertext, long ciphertextLen, uint8_t *sharedKey, long sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); ++long go_decapsulateMLKEM1024(const uint8_t *seed, long seedLen, const uint8_t *ciphertext, long ciphertextLen, uint8_t *sharedKey, long sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); ++ ++// ML-DSA (Post-quantum digital signature algorithm) ++long go_supportsMLDSA() __attribute__((noescape, nocallback, static)); ++long go_generateKeyMLDSA65(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_generateKeyMLDSA87(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_derivePublicKeyMLDSA65(const uint8_t *seed, long seedLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(publicKey, publicKeyLen))); ++long go_derivePublicKeyMLDSA87(const uint8_t *seed, long seedLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(publicKey, publicKeyLen))); ++long go_signMLDSA65(const uint8_t *seed, long seedLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(message, messageLen), slice(context, contextLen), slice(signature))); ++long go_signMLDSA87(const uint8_t *seed, long seedLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(message, messageLen), slice(context, contextLen), slice(signature))); ++long go_verifyMLDSA65(const uint8_t *publicKey, long publicKeyLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen), slice(message, messageLen), slice(context, contextLen), slice(signature, signatureLen))); ++long go_verifyMLDSA87(const uint8_t *publicKey, long publicKeyLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen), slice(message, messageLen), slice(context, contextLen), slice(signature, signatureLen))); ++long go_validatePublicKeyMLDSA65(const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); ++long go_validatePublicKeyMLDSA87(const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); + +// ECDH -+int64_t go_generateKeyECDH(int32_t curveID, uint8_t *privateKey, int64_t privateKeyLen, uint8_t *publicKey, int64_t publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); -+int64_t go_publicKeyFromPrivateECDH(int32_t curveID, const uint8_t *privateKey, int64_t privateKeyLen, uint8_t *publicKey, int64_t publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); -+int64_t go_ecdhSharedSecret(int32_t curveID, const uint8_t *privateKey, int64_t privateKeyLen, const uint8_t *publicKey, int64_t publicKeyLen, uint8_t *sharedSecret, int64_t sharedSecretLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen), slice(sharedSecret, sharedSecretLen))); -+int64_t go_validatePrivateKeyECDH(int32_t curveID, const uint8_t *privateKey, int64_t privateKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen))); -+int64_t go_validatePublicKeyECDH(int32_t curveID, const uint8_t *publicKey, int64_t publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); ++long go_generateKeyECDH(int32_t curveID, uint8_t *privateKey, long privateKeyLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); ++long go_publicKeyFromPrivateECDH(int32_t curveID, const uint8_t *privateKey, long privateKeyLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); ++long go_ecdhSharedSecret(int32_t curveID, const uint8_t *privateKey, long privateKeyLen, const uint8_t *publicKey, long publicKeyLen, uint8_t *sharedSecret, long sharedSecretLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen), slice(sharedSecret, sharedSecretLen))); ++long go_validatePrivateKeyECDH(int32_t curveID, const uint8_t *privateKey, long privateKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen))); ++long go_validatePublicKeyECDH(int32_t curveID, const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); + +// ECDSA -+int64_t go_generateKeyECDSA(int32_t curveID, uint8_t *x, int64_t xLen, uint8_t *y, int64_t yLen, uint8_t *d, int64_t dLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(d, dLen))); -+int64_t go_ecdsaSign(int32_t curveID, const uint8_t *d, int64_t dLen, const uint8_t *message, int64_t messageLen, uint8_t *signature, int64_t *signatureLen) __attribute__((noescape, nocallback, static, slice(d, dLen), slice(message, messageLen), slice(signature))); -+int64_t go_ecdsaVerify(int32_t curveID, const uint8_t *x, int64_t xLen, const uint8_t *y, int64_t yLen, const uint8_t *message, int64_t messageLen, const uint8_t *signature, int64_t signatureLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(message, messageLen), slice(signature, signatureLen))); ++long go_generateKeyECDSA(int32_t curveID, uint8_t *x, long xLen, uint8_t *y, long yLen, uint8_t *d, long dLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(d, dLen))); ++long go_ecdsaSign(int32_t curveID, const uint8_t *d, long dLen, const uint8_t *message, long messageLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(d, dLen), slice(message, messageLen), slice(signature))); ++long go_ecdsaVerify(int32_t curveID, const uint8_t *x, long xLen, const uint8_t *y, long yLen, const uint8_t *message, long messageLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(message, messageLen), slice(signature, signatureLen))); ++ ++#ifdef __clang__ ++#pragma clang assume_nonnull end ++#endif + +#endif // _GO_CRYPTOKIT_SHIMS_H diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go @@ -25416,12 +26114,20 @@ index 00000000000000..c83bb8660303f6 +func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { + return xsyscall.SyscallN(errType, fn, args...) +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt +new file mode 100644 +index 00000000000000..e96680e304c47d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt +@@ -0,0 +1,2 @@ ++Xcode 26.4.1 ++Build version 17E202 diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c new file mode 100644 -index 00000000000000..f159f4b8e9cb77 +index 00000000000000..d0d2a5bbd3475d --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c -@@ -0,0 +1,262 @@ +@@ -0,0 +1,317 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -25433,86 +26139,97 @@ index 00000000000000..f159f4b8e9cb77 +#include +#include "zcryptokit.h" + -+void go_MD5(const uint8_t*, size_t, const uint8_t*); -+void go_SHA1(const uint8_t*, size_t, const uint8_t*); -+void go_SHA256(const uint8_t*, size_t, const uint8_t*); -+void go_SHA384(const uint8_t*, size_t, const uint8_t*); -+void go_SHA3_256(const uint8_t*, size_t, const uint8_t*); -+void go_SHA3_384(const uint8_t*, size_t, const uint8_t*); -+void go_SHA3_512(const uint8_t*, size_t, const uint8_t*); -+void go_SHA512(const uint8_t*, size_t, const uint8_t*); ++void go_MD5(const uint8_t*, size_t, uint8_t*); ++void go_SHA1(const uint8_t*, size_t, uint8_t*); ++void go_SHA256(const uint8_t*, size_t, uint8_t*); ++void go_SHA384(const uint8_t*, size_t, uint8_t*); ++void go_SHA3_256(const uint8_t*, size_t, uint8_t*); ++void go_SHA3_384(const uint8_t*, size_t, uint8_t*); ++void go_SHA3_512(const uint8_t*, size_t, uint8_t*); ++void go_SHA512(const uint8_t*, size_t, uint8_t*); +void* go_copyHMAC(int32_t, void*); -+int64_t go_decapsulateMLKEM1024(const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_decapsulateMLKEM768(const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+int64_t go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+int64_t go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_deriveEncapsulationKeyMLKEM768(const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_ecdhSharedSecret(int32_t, const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_ecdsaSign(int32_t, const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t*); -+int64_t go_ecdsaVerify(int32_t, const uint8_t*, int64_t, const uint8_t*, int64_t, const uint8_t*, int64_t, const uint8_t*, int64_t); -+int64_t go_encapsulateMLKEM1024(const uint8_t*, int64_t, uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_encapsulateMLKEM768(const uint8_t*, int64_t, uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+int64_t go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+int64_t go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); -+int64_t go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++long go_decapsulateMLKEM1024(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long go_decapsulateMLKEM768(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, long, uint8_t*, long); ++long go_deriveEncapsulationKeyMLKEM768(const uint8_t*, long, uint8_t*, long); ++long go_derivePublicKeyMLDSA65(const uint8_t*, long, uint8_t*, long); ++long go_derivePublicKeyMLDSA87(const uint8_t*, long, uint8_t*, long); ++long go_ecdhSharedSecret(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long go_ecdsaSign(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long go_ecdsaVerify(int32_t, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long go_encapsulateMLKEM1024(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long go_encapsulateMLKEM768(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++long go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); +void go_finalizeHMAC(int32_t, void*, uint8_t*); +void go_freeHMAC(int32_t, void*); -+int64_t go_generateKeyECDH(int32_t, uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_generateKeyECDSA(int32_t, uint8_t*, int64_t, uint8_t*, int64_t, uint8_t*, int64_t); ++long go_generateKeyECDH(int32_t, uint8_t*, long, uint8_t*, long); ++long go_generateKeyECDSA(int32_t, uint8_t*, long, uint8_t*, long, uint8_t*, long); +void go_generateKeyEd25519(uint8_t*); -+int64_t go_generateKeyMLKEM1024(uint8_t*, int64_t); -+int64_t go_generateKeyMLKEM768(uint8_t*, int64_t); -+int64_t go_hashBlockSize(int32_t); ++long go_generateKeyMLDSA65(uint8_t*, long); ++long go_generateKeyMLDSA87(uint8_t*, long); ++long go_generateKeyMLKEM1024(uint8_t*, long); ++long go_generateKeyMLKEM768(uint8_t*, long); ++long go_hashBlockSize(int32_t); +void* go_hashCopy(int32_t, void*); +void go_hashFree(int32_t, void*); +void* go_hashNew(int32_t); +void go_hashReset(int32_t, void*); -+int64_t go_hashSize(int32_t); ++long go_hashSize(int32_t); +void go_hashSum(int32_t, void*, uint8_t*); -+void go_hashWrite(int32_t, void*, const uint8_t*, int64_t); -+void* go_initHMAC(int32_t, const uint8_t*, int64_t); -+int64_t go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); -+int64_t go_newPublicKeyEd25519(uint8_t*, const uint8_t*); -+int64_t go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); -+int64_t go_supportsMLKEM(void); -+int64_t go_supportsSHA3(void); -+void go_updateHMAC(int32_t, void*, const uint8_t*, int64_t); -+int64_t go_validatePrivateKeyECDH(int32_t, const uint8_t*, int64_t); -+int64_t go_validatePublicKeyECDH(int32_t, const uint8_t*, int64_t); -+int64_t go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); -+ -+void _mkcgo_go_MD5(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void go_hashWrite(int32_t, void*, const uint8_t*, long); ++void* go_initHMAC(int32_t, const uint8_t*, long); ++long go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); ++long go_newPublicKeyEd25519(uint8_t*, const uint8_t*); ++long go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, long, uint8_t*, long); ++long go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); ++long go_signMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long go_signMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long go_supportsMLDSA(void); ++long go_supportsMLKEM(void); ++long go_supportsSHA3(void); ++void go_updateHMAC(int32_t, void*, const uint8_t*, long); ++long go_validatePrivateKeyECDH(int32_t, const uint8_t*, long); ++long go_validatePublicKeyECDH(int32_t, const uint8_t*, long); ++long go_validatePublicKeyMLDSA65(const uint8_t*, long); ++long go_validatePublicKeyMLDSA87(const uint8_t*, long); ++long go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); ++long go_verifyMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long go_verifyMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++ ++void _mkcgo_go_MD5(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_MD5(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_SHA1(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void _mkcgo_go_SHA1(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_SHA1(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_SHA256(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void _mkcgo_go_SHA256(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_SHA256(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_SHA384(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void _mkcgo_go_SHA384(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_SHA384(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_SHA3_256(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void _mkcgo_go_SHA3_256(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_SHA3_256(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_SHA3_384(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void _mkcgo_go_SHA3_384(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_SHA3_384(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_SHA3_512(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void _mkcgo_go_SHA3_512(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_SHA3_512(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_SHA512(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2) { ++void _mkcgo_go_SHA512(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { + go_SHA512(_arg0, _arg1, _arg2); +} + @@ -25520,63 +26237,71 @@ index 00000000000000..f159f4b8e9cb77 + return go_copyHMAC(_arg0, _arg1); +} + -+int64_t _mkcgo_go_decapsulateMLKEM1024(const uint8_t* _arg0, int64_t _arg1, const uint8_t* _arg2, int64_t _arg3, uint8_t* _arg4, int64_t _arg5) { ++long _mkcgo_go_decapsulateMLKEM1024(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { + return go_decapsulateMLKEM1024(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + -+int64_t _mkcgo_go_decapsulateMLKEM768(const uint8_t* _arg0, int64_t _arg1, const uint8_t* _arg2, int64_t _arg3, uint8_t* _arg4, int64_t _arg5) { ++long _mkcgo_go_decapsulateMLKEM768(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { + return go_decapsulateMLKEM768(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + -+int64_t _mkcgo_go_decryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { ++long _mkcgo_go_decryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { + return go_decryptAESGCM(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); +} + -+int64_t _mkcgo_go_decryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { ++long _mkcgo_go_decryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { + return go_decryptChaChaPoly(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); +} + -+int64_t _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t* _arg0, int64_t _arg1, uint8_t* _arg2, int64_t _arg3) { ++long _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { + return go_deriveEncapsulationKeyMLKEM1024(_arg0, _arg1, _arg2, _arg3); +} + -+int64_t _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t* _arg0, int64_t _arg1, uint8_t* _arg2, int64_t _arg3) { ++long _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { + return go_deriveEncapsulationKeyMLKEM768(_arg0, _arg1, _arg2, _arg3); +} + -+int64_t _mkcgo_go_ecdhSharedSecret(int32_t _arg0, const uint8_t* _arg1, int64_t _arg2, const uint8_t* _arg3, int64_t _arg4, uint8_t* _arg5, int64_t _arg6) { ++long _mkcgo_go_derivePublicKeyMLDSA65(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { ++ return go_derivePublicKeyMLDSA65(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_derivePublicKeyMLDSA87(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { ++ return go_derivePublicKeyMLDSA87(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_ecdhSharedSecret(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, uint8_t* _arg5, long _arg6) { + return go_ecdhSharedSecret(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); +} + -+int64_t _mkcgo_go_ecdsaSign(int32_t _arg0, const uint8_t* _arg1, int64_t _arg2, const uint8_t* _arg3, int64_t _arg4, uint8_t* _arg5, int64_t* _arg6) { ++long _mkcgo_go_ecdsaSign(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, uint8_t* _arg5, long* _arg6) { + return go_ecdsaSign(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); +} + -+int64_t _mkcgo_go_ecdsaVerify(int32_t _arg0, const uint8_t* _arg1, int64_t _arg2, const uint8_t* _arg3, int64_t _arg4, const uint8_t* _arg5, int64_t _arg6, const uint8_t* _arg7, int64_t _arg8) { ++long _mkcgo_go_ecdsaVerify(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, const uint8_t* _arg5, long _arg6, const uint8_t* _arg7, long _arg8) { + return go_ecdsaVerify(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8); +} + -+int64_t _mkcgo_go_encapsulateMLKEM1024(const uint8_t* _arg0, int64_t _arg1, uint8_t* _arg2, int64_t _arg3, uint8_t* _arg4, int64_t _arg5) { ++long _mkcgo_go_encapsulateMLKEM1024(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { + return go_encapsulateMLKEM1024(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + -+int64_t _mkcgo_go_encapsulateMLKEM768(const uint8_t* _arg0, int64_t _arg1, uint8_t* _arg2, int64_t _arg3, uint8_t* _arg4, int64_t _arg5) { ++long _mkcgo_go_encapsulateMLKEM768(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { + return go_encapsulateMLKEM768(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + -+int64_t _mkcgo_go_encryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { ++long _mkcgo_go_encryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { + return go_encryptAESGCM(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); +} + -+int64_t _mkcgo_go_encryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { ++long _mkcgo_go_encryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { + return go_encryptChaChaPoly(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); +} + -+int64_t _mkcgo_go_expandHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { ++long _mkcgo_go_expandHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { + return go_expandHKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); +} + -+int64_t _mkcgo_go_extractHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { ++long _mkcgo_go_extractHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { + return go_extractHKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); +} + @@ -25588,11 +26313,11 @@ index 00000000000000..f159f4b8e9cb77 + go_freeHMAC(_arg0, _arg1); +} + -+int64_t _mkcgo_go_generateKeyECDH(int32_t _arg0, uint8_t* _arg1, int64_t _arg2, uint8_t* _arg3, int64_t _arg4) { ++long _mkcgo_go_generateKeyECDH(int32_t _arg0, uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4) { + return go_generateKeyECDH(_arg0, _arg1, _arg2, _arg3, _arg4); +} + -+int64_t _mkcgo_go_generateKeyECDSA(int32_t _arg0, uint8_t* _arg1, int64_t _arg2, uint8_t* _arg3, int64_t _arg4, uint8_t* _arg5, int64_t _arg6) { ++long _mkcgo_go_generateKeyECDSA(int32_t _arg0, uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4, uint8_t* _arg5, long _arg6) { + return go_generateKeyECDSA(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); +} + @@ -25600,15 +26325,23 @@ index 00000000000000..f159f4b8e9cb77 + go_generateKeyEd25519(_arg0); +} + -+int64_t _mkcgo_go_generateKeyMLKEM1024(uint8_t* _arg0, int64_t _arg1) { ++long _mkcgo_go_generateKeyMLDSA65(uint8_t* _arg0, long _arg1) { ++ return go_generateKeyMLDSA65(_arg0, _arg1); ++} ++ ++long _mkcgo_go_generateKeyMLDSA87(uint8_t* _arg0, long _arg1) { ++ return go_generateKeyMLDSA87(_arg0, _arg1); ++} ++ ++long _mkcgo_go_generateKeyMLKEM1024(uint8_t* _arg0, long _arg1) { + return go_generateKeyMLKEM1024(_arg0, _arg1); +} + -+int64_t _mkcgo_go_generateKeyMLKEM768(uint8_t* _arg0, int64_t _arg1) { ++long _mkcgo_go_generateKeyMLKEM768(uint8_t* _arg0, long _arg1) { + return go_generateKeyMLKEM768(_arg0, _arg1); +} + -+int64_t _mkcgo_go_hashBlockSize(int32_t _arg0) { ++long _mkcgo_go_hashBlockSize(int32_t _arg0) { + return go_hashBlockSize(_arg0); +} + @@ -25628,7 +26361,7 @@ index 00000000000000..f159f4b8e9cb77 + go_hashReset(_arg0, _arg1); +} + -+int64_t _mkcgo_go_hashSize(int32_t _arg0) { ++long _mkcgo_go_hashSize(int32_t _arg0) { + return go_hashSize(_arg0); +} + @@ -25636,60 +26369,88 @@ index 00000000000000..f159f4b8e9cb77 + go_hashSum(_arg0, _arg1, _arg2); +} + -+void _mkcgo_go_hashWrite(int32_t _arg0, void* _arg1, const uint8_t* _arg2, int64_t _arg3) { ++void _mkcgo_go_hashWrite(int32_t _arg0, void* _arg1, const uint8_t* _arg2, long _arg3) { + go_hashWrite(_arg0, _arg1, _arg2, _arg3); +} + -+void* _mkcgo_go_initHMAC(int32_t _arg0, const uint8_t* _arg1, int64_t _arg2) { ++void* _mkcgo_go_initHMAC(int32_t _arg0, const uint8_t* _arg1, long _arg2) { + return go_initHMAC(_arg0, _arg1, _arg2); +} + -+int64_t _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t* _arg0, const uint8_t* _arg1) { ++long _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t* _arg0, const uint8_t* _arg1) { + return go_newPrivateKeyEd25519FromSeed(_arg0, _arg1); +} + -+int64_t _mkcgo_go_newPublicKeyEd25519(uint8_t* _arg0, const uint8_t* _arg1) { ++long _mkcgo_go_newPublicKeyEd25519(uint8_t* _arg0, const uint8_t* _arg1) { + return go_newPublicKeyEd25519(_arg0, _arg1); +} + -+int64_t _mkcgo_go_publicKeyFromPrivateECDH(int32_t _arg0, const uint8_t* _arg1, int64_t _arg2, uint8_t* _arg3, int64_t _arg4) { ++long _mkcgo_go_publicKeyFromPrivateECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4) { + return go_publicKeyFromPrivateECDH(_arg0, _arg1, _arg2, _arg3, _arg4); +} + -+int64_t _mkcgo_go_signEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, uint8_t* _arg3) { ++long _mkcgo_go_signEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, uint8_t* _arg3) { + return go_signEd25519(_arg0, _arg1, _arg2, _arg3); +} + -+int64_t _mkcgo_go_supportsMLKEM(void) { ++long _mkcgo_go_signMLDSA65(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, uint8_t* _arg6, long* _arg7) { ++ return go_signMLDSA65(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ ++long _mkcgo_go_signMLDSA87(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, uint8_t* _arg6, long* _arg7) { ++ return go_signMLDSA87(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ ++long _mkcgo_go_supportsMLDSA(void) { ++ return go_supportsMLDSA(); ++} ++ ++long _mkcgo_go_supportsMLKEM(void) { + return go_supportsMLKEM(); +} + -+int64_t _mkcgo_go_supportsSHA3(void) { ++long _mkcgo_go_supportsSHA3(void) { + return go_supportsSHA3(); +} + -+void _mkcgo_go_updateHMAC(int32_t _arg0, void* _arg1, const uint8_t* _arg2, int64_t _arg3) { ++void _mkcgo_go_updateHMAC(int32_t _arg0, void* _arg1, const uint8_t* _arg2, long _arg3) { + go_updateHMAC(_arg0, _arg1, _arg2, _arg3); +} + -+int64_t _mkcgo_go_validatePrivateKeyECDH(int32_t _arg0, const uint8_t* _arg1, int64_t _arg2) { ++long _mkcgo_go_validatePrivateKeyECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2) { + return go_validatePrivateKeyECDH(_arg0, _arg1, _arg2); +} + -+int64_t _mkcgo_go_validatePublicKeyECDH(int32_t _arg0, const uint8_t* _arg1, int64_t _arg2) { ++long _mkcgo_go_validatePublicKeyECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2) { + return go_validatePublicKeyECDH(_arg0, _arg1, _arg2); +} + -+int64_t _mkcgo_go_verifyEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3) { ++long _mkcgo_go_validatePublicKeyMLDSA65(const uint8_t* _arg0, long _arg1) { ++ return go_validatePublicKeyMLDSA65(_arg0, _arg1); ++} ++ ++long _mkcgo_go_validatePublicKeyMLDSA87(const uint8_t* _arg0, long _arg1) { ++ return go_validatePublicKeyMLDSA87(_arg0, _arg1); ++} ++ ++long _mkcgo_go_verifyEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3) { + return go_verifyEd25519(_arg0, _arg1, _arg2, _arg3); +} + ++long _mkcgo_go_verifyMLDSA65(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, const uint8_t* _arg6, long _arg7) { ++ return go_verifyMLDSA65(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ ++long _mkcgo_go_verifyMLDSA87(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, const uint8_t* _arg6, long _arg7) { ++ return go_verifyMLDSA87(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h new file mode 100644 -index 00000000000000..d738d7278076ec +index 00000000000000..f933f59c3013da --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h -@@ -0,0 +1,66 @@ +@@ -0,0 +1,77 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -25704,64 +26465,75 @@ index 00000000000000..d738d7278076ec + +uintptr_t mkcgo_err_retrieve(); + -+void _mkcgo_go_MD5(const uint8_t*, size_t, const uint8_t*); -+void _mkcgo_go_SHA1(const uint8_t*, size_t, const uint8_t*); -+void _mkcgo_go_SHA256(const uint8_t*, size_t, const uint8_t*); -+void _mkcgo_go_SHA384(const uint8_t*, size_t, const uint8_t*); -+void _mkcgo_go_SHA3_256(const uint8_t*, size_t, const uint8_t*); -+void _mkcgo_go_SHA3_384(const uint8_t*, size_t, const uint8_t*); -+void _mkcgo_go_SHA3_512(const uint8_t*, size_t, const uint8_t*); -+void _mkcgo_go_SHA512(const uint8_t*, size_t, const uint8_t*); ++void _mkcgo_go_MD5(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA1(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA256(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA384(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA3_256(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA3_384(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA3_512(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA512(const uint8_t*, size_t, uint8_t*); +void* _mkcgo_go_copyHMAC(int32_t, void*); -+int64_t _mkcgo_go_decapsulateMLKEM1024(const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_decapsulateMLKEM768(const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+int64_t _mkcgo_go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+int64_t _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_ecdhSharedSecret(int32_t, const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_ecdsaSign(int32_t, const uint8_t*, int64_t, const uint8_t*, int64_t, uint8_t*, int64_t*); -+int64_t _mkcgo_go_ecdsaVerify(int32_t, const uint8_t*, int64_t, const uint8_t*, int64_t, const uint8_t*, int64_t, const uint8_t*, int64_t); -+int64_t _mkcgo_go_encapsulateMLKEM1024(const uint8_t*, int64_t, uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_encapsulateMLKEM768(const uint8_t*, int64_t, uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+int64_t _mkcgo_go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+int64_t _mkcgo_go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); -+int64_t _mkcgo_go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++long _mkcgo_go_decapsulateMLKEM1024(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_decapsulateMLKEM768(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long _mkcgo_go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_derivePublicKeyMLDSA65(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_derivePublicKeyMLDSA87(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_ecdhSharedSecret(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_ecdsaSign(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long _mkcgo_go_ecdsaVerify(int32_t, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long _mkcgo_go_encapsulateMLKEM1024(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_encapsulateMLKEM768(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long _mkcgo_go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long _mkcgo_go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++long _mkcgo_go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); +void _mkcgo_go_finalizeHMAC(int32_t, void*, uint8_t*); +void _mkcgo_go_freeHMAC(int32_t, void*); -+int64_t _mkcgo_go_generateKeyECDH(int32_t, uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_generateKeyECDSA(int32_t, uint8_t*, int64_t, uint8_t*, int64_t, uint8_t*, int64_t); ++long _mkcgo_go_generateKeyECDH(int32_t, uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_generateKeyECDSA(int32_t, uint8_t*, long, uint8_t*, long, uint8_t*, long); +void _mkcgo_go_generateKeyEd25519(uint8_t*); -+int64_t _mkcgo_go_generateKeyMLKEM1024(uint8_t*, int64_t); -+int64_t _mkcgo_go_generateKeyMLKEM768(uint8_t*, int64_t); -+int64_t _mkcgo_go_hashBlockSize(int32_t); ++long _mkcgo_go_generateKeyMLDSA65(uint8_t*, long); ++long _mkcgo_go_generateKeyMLDSA87(uint8_t*, long); ++long _mkcgo_go_generateKeyMLKEM1024(uint8_t*, long); ++long _mkcgo_go_generateKeyMLKEM768(uint8_t*, long); ++long _mkcgo_go_hashBlockSize(int32_t); +void* _mkcgo_go_hashCopy(int32_t, void*); +void _mkcgo_go_hashFree(int32_t, void*); +void* _mkcgo_go_hashNew(int32_t); +void _mkcgo_go_hashReset(int32_t, void*); -+int64_t _mkcgo_go_hashSize(int32_t); ++long _mkcgo_go_hashSize(int32_t); +void _mkcgo_go_hashSum(int32_t, void*, uint8_t*); -+void _mkcgo_go_hashWrite(int32_t, void*, const uint8_t*, int64_t); -+void* _mkcgo_go_initHMAC(int32_t, const uint8_t*, int64_t); -+int64_t _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); -+int64_t _mkcgo_go_newPublicKeyEd25519(uint8_t*, const uint8_t*); -+int64_t _mkcgo_go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, int64_t, uint8_t*, int64_t); -+int64_t _mkcgo_go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); -+int64_t _mkcgo_go_supportsMLKEM(void); -+int64_t _mkcgo_go_supportsSHA3(void); -+void _mkcgo_go_updateHMAC(int32_t, void*, const uint8_t*, int64_t); -+int64_t _mkcgo_go_validatePrivateKeyECDH(int32_t, const uint8_t*, int64_t); -+int64_t _mkcgo_go_validatePublicKeyECDH(int32_t, const uint8_t*, int64_t); -+int64_t _mkcgo_go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); ++void _mkcgo_go_hashWrite(int32_t, void*, const uint8_t*, long); ++void* _mkcgo_go_initHMAC(int32_t, const uint8_t*, long); ++long _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); ++long _mkcgo_go_newPublicKeyEd25519(uint8_t*, const uint8_t*); ++long _mkcgo_go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); ++long _mkcgo_go_signMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long _mkcgo_go_signMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long _mkcgo_go_supportsMLDSA(void); ++long _mkcgo_go_supportsMLKEM(void); ++long _mkcgo_go_supportsSHA3(void); ++void _mkcgo_go_updateHMAC(int32_t, void*, const uint8_t*, long); ++long _mkcgo_go_validatePrivateKeyECDH(int32_t, const uint8_t*, long); ++long _mkcgo_go_validatePublicKeyECDH(int32_t, const uint8_t*, long); ++long _mkcgo_go_validatePublicKeyMLDSA65(const uint8_t*, long); ++long _mkcgo_go_validatePublicKeyMLDSA87(const uint8_t*, long); ++long _mkcgo_go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); ++long _mkcgo_go_verifyMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long _mkcgo_go_verifyMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); + +#endif // MKCGO_H diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s new file mode 100644 -index 00000000000000..85d38bd6d881c3 +index 00000000000000..5be36f4b35dedb --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s -@@ -0,0 +1,334 @@ +@@ -0,0 +1,400 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -25886,6 +26658,18 @@ index 00000000000000..85d38bd6d881c3 +GLOBL ·_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE +DATA ·_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline<>(SB) + ++TEXT _mkcgo_go_derivePublicKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_derivePublicKeyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_derivePublicKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_derivePublicKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_derivePublicKeyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_derivePublicKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_derivePublicKeyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_derivePublicKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_derivePublicKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_derivePublicKeyMLDSA87_trampoline<>(SB) ++ +TEXT _mkcgo_go_ecdhSharedSecret_trampoline<>(SB), NOSPLIT, $0-0 + JMP _mkcgo_go_ecdhSharedSecret(SB) + @@ -25970,6 +26754,18 @@ index 00000000000000..85d38bd6d881c3 +GLOBL ·_mkcgo_go_generateKeyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE +DATA ·_mkcgo_go_generateKeyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyEd25519_trampoline<>(SB) + ++TEXT _mkcgo_go_generateKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLDSA87_trampoline<>(SB) ++ +TEXT _mkcgo_go_generateKeyMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 + JMP _mkcgo_go_generateKeyMLKEM1024(SB) + @@ -26060,6 +26856,24 @@ index 00000000000000..85d38bd6d881c3 +GLOBL ·_mkcgo_go_signEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE +DATA ·_mkcgo_go_signEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signEd25519_trampoline<>(SB) + ++TEXT _mkcgo_go_signMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_signMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_signMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_signMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_signMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_signMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_signMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_signMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signMLDSA87_trampoline<>(SB) ++ ++TEXT _mkcgo_go_supportsMLDSA_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_supportsMLDSA(SB) ++ ++GLOBL ·_mkcgo_go_supportsMLDSA_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_supportsMLDSA_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_supportsMLDSA_trampoline<>(SB) ++ +TEXT _mkcgo_go_supportsMLKEM_trampoline<>(SB), NOSPLIT, $0-0 + JMP _mkcgo_go_supportsMLKEM(SB) + @@ -26090,18 +26904,42 @@ index 00000000000000..85d38bd6d881c3 +GLOBL ·_mkcgo_go_validatePublicKeyECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE +DATA ·_mkcgo_go_validatePublicKeyECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyECDH_trampoline<>(SB) + ++TEXT _mkcgo_go_validatePublicKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_validatePublicKeyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_validatePublicKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_validatePublicKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_validatePublicKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_validatePublicKeyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_validatePublicKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_validatePublicKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyMLDSA87_trampoline<>(SB) ++ +TEXT _mkcgo_go_verifyEd25519_trampoline<>(SB), NOSPLIT, $0-0 + JMP _mkcgo_go_verifyEd25519(SB) + +GLOBL ·_mkcgo_go_verifyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE +DATA ·_mkcgo_go_verifyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyEd25519_trampoline<>(SB) + ++TEXT _mkcgo_go_verifyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_verifyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_verifyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_verifyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_verifyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_verifyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_verifyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_verifyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyMLDSA87_trampoline<>(SB) ++ diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go new file mode 100644 -index 00000000000000..a5612fded9b225 +index 00000000000000..c05dd1acf80954 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go -@@ -0,0 +1,320 @@ +@@ -0,0 +1,386 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -26143,6 +26981,10 @@ index 00000000000000..a5612fded9b225 +#cgo nocallback _mkcgo_go_deriveEncapsulationKeyMLKEM1024 +#cgo noescape _mkcgo_go_deriveEncapsulationKeyMLKEM768 +#cgo nocallback _mkcgo_go_deriveEncapsulationKeyMLKEM768 ++#cgo noescape _mkcgo_go_derivePublicKeyMLDSA65 ++#cgo nocallback _mkcgo_go_derivePublicKeyMLDSA65 ++#cgo noescape _mkcgo_go_derivePublicKeyMLDSA87 ++#cgo nocallback _mkcgo_go_derivePublicKeyMLDSA87 +#cgo noescape _mkcgo_go_ecdhSharedSecret +#cgo nocallback _mkcgo_go_ecdhSharedSecret +#cgo noescape _mkcgo_go_ecdsaSign @@ -26171,6 +27013,10 @@ index 00000000000000..a5612fded9b225 +#cgo nocallback _mkcgo_go_generateKeyECDSA +#cgo noescape _mkcgo_go_generateKeyEd25519 +#cgo nocallback _mkcgo_go_generateKeyEd25519 ++#cgo noescape _mkcgo_go_generateKeyMLDSA65 ++#cgo nocallback _mkcgo_go_generateKeyMLDSA65 ++#cgo noescape _mkcgo_go_generateKeyMLDSA87 ++#cgo nocallback _mkcgo_go_generateKeyMLDSA87 +#cgo noescape _mkcgo_go_generateKeyMLKEM1024 +#cgo nocallback _mkcgo_go_generateKeyMLKEM1024 +#cgo noescape _mkcgo_go_generateKeyMLKEM768 @@ -26201,6 +27047,12 @@ index 00000000000000..a5612fded9b225 +#cgo nocallback _mkcgo_go_publicKeyFromPrivateECDH +#cgo noescape _mkcgo_go_signEd25519 +#cgo nocallback _mkcgo_go_signEd25519 ++#cgo noescape _mkcgo_go_signMLDSA65 ++#cgo nocallback _mkcgo_go_signMLDSA65 ++#cgo noescape _mkcgo_go_signMLDSA87 ++#cgo nocallback _mkcgo_go_signMLDSA87 ++#cgo noescape _mkcgo_go_supportsMLDSA ++#cgo nocallback _mkcgo_go_supportsMLDSA +#cgo noescape _mkcgo_go_supportsMLKEM +#cgo nocallback _mkcgo_go_supportsMLKEM +#cgo noescape _mkcgo_go_supportsSHA3 @@ -26211,8 +27063,16 @@ index 00000000000000..a5612fded9b225 +#cgo nocallback _mkcgo_go_validatePrivateKeyECDH +#cgo noescape _mkcgo_go_validatePublicKeyECDH +#cgo nocallback _mkcgo_go_validatePublicKeyECDH ++#cgo noescape _mkcgo_go_validatePublicKeyMLDSA65 ++#cgo nocallback _mkcgo_go_validatePublicKeyMLDSA65 ++#cgo noescape _mkcgo_go_validatePublicKeyMLDSA87 ++#cgo nocallback _mkcgo_go_validatePublicKeyMLDSA87 +#cgo noescape _mkcgo_go_verifyEd25519 +#cgo nocallback _mkcgo_go_verifyEd25519 ++#cgo noescape _mkcgo_go_verifyMLDSA65 ++#cgo nocallback _mkcgo_go_verifyMLDSA65 ++#cgo noescape _mkcgo_go_verifyMLDSA87 ++#cgo nocallback _mkcgo_go_verifyMLDSA87 +*/ +import "C" +import "unsafe" @@ -26260,11 +27120,11 @@ index 00000000000000..a5612fded9b225 +} + +func DecapsulateMLKEM1024(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { -+ return int64(C._mkcgo_go_decapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.int64_t(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.int64_t(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.int64_t(len(sharedKey)))) ++ return int64(C._mkcgo_go_decapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)))) +} + +func DecapsulateMLKEM768(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { -+ return int64(C._mkcgo_go_decapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.int64_t(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.int64_t(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.int64_t(len(sharedKey)))) ++ return int64(C._mkcgo_go_decapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)))) +} + +func DecryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { @@ -26276,31 +27136,39 @@ index 00000000000000..a5612fded9b225 +} + +func DeriveEncapsulationKeyMLKEM1024(seed []uint8, encapKey []uint8) int64 { -+ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.int64_t(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.int64_t(len(encapKey)))) ++ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)))) +} + +func DeriveEncapsulationKeyMLKEM768(seed []uint8, encapKey []uint8) int64 { -+ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.int64_t(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.int64_t(len(encapKey)))) ++ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)))) ++} ++ ++func DerivePublicKeyMLDSA65(seed []uint8, publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_derivePublicKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func DerivePublicKeyMLDSA87(seed []uint8, publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_derivePublicKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) +} + +func EcdhSharedSecret(curveID int32, privateKey []uint8, publicKey []uint8, sharedSecret []uint8) int64 { -+ return int64(C._mkcgo_go_ecdhSharedSecret(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.int64_t(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.int64_t(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedSecret))), C.int64_t(len(sharedSecret)))) ++ return int64(C._mkcgo_go_ecdhSharedSecret(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedSecret))), C.long(len(sharedSecret)))) +} + +func EcdsaSign(curveID int32, d []uint8, message []uint8, signature []uint8, signatureLen *int64) int64 { -+ return int64(C._mkcgo_go_ecdsaSign(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.int64_t(len(d)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.int64_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.int64_t)(unsafe.Pointer(signatureLen)))) ++ return int64(C._mkcgo_go_ecdsaSign(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.long(len(d)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) +} + +func EcdsaVerify(curveID int32, x []uint8, y []uint8, message []uint8, signature []uint8) int64 { -+ return int64(C._mkcgo_go_ecdsaVerify(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.int64_t(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.int64_t(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.int64_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.int64_t(len(signature)))) ++ return int64(C._mkcgo_go_ecdsaVerify(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.long(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.long(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) +} + +func EncapsulateMLKEM1024(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { -+ return int64(C._mkcgo_go_encapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.int64_t(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.int64_t(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.int64_t(len(ciphertext)))) ++ return int64(C._mkcgo_go_encapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)))) +} + +func EncapsulateMLKEM768(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { -+ return int64(C._mkcgo_go_encapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.int64_t(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.int64_t(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.int64_t(len(ciphertext)))) ++ return int64(C._mkcgo_go_encapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)))) +} + +func EncryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { @@ -26328,23 +27196,31 @@ index 00000000000000..a5612fded9b225 +} + +func GenerateKeyECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.int64_t(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.int64_t(len(publicKey)))) ++ return int64(C._mkcgo_go_generateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) +} + +func GenerateKeyECDSA(curveID int32, x []uint8, y []uint8, d []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyECDSA(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.int64_t(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.int64_t(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.int64_t(len(d)))) ++ return int64(C._mkcgo_go_generateKeyECDSA(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.long(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.long(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.long(len(d)))) +} + +func GenerateKeyEd25519(key []uint8) { + C._mkcgo_go_generateKeyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key)))) +} + ++func GenerateKeyMLDSA65(seed []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++} ++ ++func GenerateKeyMLDSA87(seed []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++} ++ +func GenerateKeyMLKEM1024(seed []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.int64_t(len(seed)))) ++ return int64(C._mkcgo_go_generateKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) +} + +func GenerateKeyMLKEM768(seed []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.int64_t(len(seed)))) ++ return int64(C._mkcgo_go_generateKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) +} + +func HashBlockSize(hashAlgorithm int32) int64 { @@ -26376,11 +27252,11 @@ index 00000000000000..a5612fded9b225 +} + +func HashWrite(hashAlgorithm int32, ptr unsafe.Pointer, data []uint8) { -+ C._mkcgo_go_hashWrite(C.int32_t(hashAlgorithm), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.int64_t(len(data))) ++ C._mkcgo_go_hashWrite(C.int32_t(hashAlgorithm), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.long(len(data))) +} + +func InitHMAC(hashFunction int32, key []uint8) unsafe.Pointer { -+ return C._mkcgo_go_initHMAC(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.int64_t(len(key))) ++ return C._mkcgo_go_initHMAC(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.long(len(key))) +} + +func NewPrivateKeyEd25519FromSeed(key []uint8, seed []uint8) int64 { @@ -26392,13 +27268,25 @@ index 00000000000000..a5612fded9b225 +} + +func PublicKeyFromPrivateECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_publicKeyFromPrivateECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.int64_t(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.int64_t(len(publicKey)))) ++ return int64(C._mkcgo_go_publicKeyFromPrivateECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) +} + +func SignEd25519(privateKey []uint8, message []uint8, sigBuffer []uint8) int64 { + return int64(C._mkcgo_go_signEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.size_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sigBuffer))))) +} + ++func SignMLDSA65(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ return int64(C._mkcgo_go_signMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) ++} ++ ++func SignMLDSA87(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ return int64(C._mkcgo_go_signMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) ++} ++ ++func SupportsMLDSA() int64 { ++ return int64(C._mkcgo_go_supportsMLDSA()) ++} ++ +func SupportsMLKEM() int64 { + return int64(C._mkcgo_go_supportsMLKEM()) +} @@ -26408,26 +27296,42 @@ index 00000000000000..a5612fded9b225 +} + +func UpdateHMAC(hashFunction int32, ptr unsafe.Pointer, data []uint8) { -+ C._mkcgo_go_updateHMAC(C.int32_t(hashFunction), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.int64_t(len(data))) ++ C._mkcgo_go_updateHMAC(C.int32_t(hashFunction), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.long(len(data))) +} + +func ValidatePrivateKeyECDH(curveID int32, privateKey []uint8) int64 { -+ return int64(C._mkcgo_go_validatePrivateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.int64_t(len(privateKey)))) ++ return int64(C._mkcgo_go_validatePrivateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)))) +} + +func ValidatePublicKeyECDH(curveID int32, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_validatePublicKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.int64_t(len(publicKey)))) ++ return int64(C._mkcgo_go_validatePublicKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func ValidatePublicKeyMLDSA65(publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_validatePublicKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func ValidatePublicKeyMLDSA87(publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_validatePublicKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) +} + +func VerifyEd25519(publicKey []uint8, message []uint8, sig []uint8) int64 { + return int64(C._mkcgo_go_verifyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.size_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sig))))) +} ++ ++func VerifyMLDSA65(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ return int64(C._mkcgo_go_verifyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) ++} ++ ++func VerifyMLDSA87(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ return int64(C._mkcgo_go_verifyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go new file mode 100644 -index 00000000000000..64315a13705101 +index 00000000000000..222ece4bb14349 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go -@@ -0,0 +1,364 @@ +@@ -0,0 +1,441 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -26472,6 +27376,8 @@ index 00000000000000..64315a13705101 +//go:linkname go_decryptChaChaPoly go_decryptChaChaPoly +//go:linkname go_deriveEncapsulationKeyMLKEM1024 go_deriveEncapsulationKeyMLKEM1024 +//go:linkname go_deriveEncapsulationKeyMLKEM768 go_deriveEncapsulationKeyMLKEM768 ++//go:linkname go_derivePublicKeyMLDSA65 go_derivePublicKeyMLDSA65 ++//go:linkname go_derivePublicKeyMLDSA87 go_derivePublicKeyMLDSA87 +//go:linkname go_ecdhSharedSecret go_ecdhSharedSecret +//go:linkname go_ecdsaSign go_ecdsaSign +//go:linkname go_ecdsaVerify go_ecdsaVerify @@ -26486,6 +27392,8 @@ index 00000000000000..64315a13705101 +//go:linkname go_generateKeyECDH go_generateKeyECDH +//go:linkname go_generateKeyECDSA go_generateKeyECDSA +//go:linkname go_generateKeyEd25519 go_generateKeyEd25519 ++//go:linkname go_generateKeyMLDSA65 go_generateKeyMLDSA65 ++//go:linkname go_generateKeyMLDSA87 go_generateKeyMLDSA87 +//go:linkname go_generateKeyMLKEM1024 go_generateKeyMLKEM1024 +//go:linkname go_generateKeyMLKEM768 go_generateKeyMLKEM768 +//go:linkname go_hashBlockSize go_hashBlockSize @@ -26501,12 +27409,19 @@ index 00000000000000..64315a13705101 +//go:linkname go_newPublicKeyEd25519 go_newPublicKeyEd25519 +//go:linkname go_publicKeyFromPrivateECDH go_publicKeyFromPrivateECDH +//go:linkname go_signEd25519 go_signEd25519 ++//go:linkname go_signMLDSA65 go_signMLDSA65 ++//go:linkname go_signMLDSA87 go_signMLDSA87 ++//go:linkname go_supportsMLDSA go_supportsMLDSA +//go:linkname go_supportsMLKEM go_supportsMLKEM +//go:linkname go_supportsSHA3 go_supportsSHA3 +//go:linkname go_updateHMAC go_updateHMAC +//go:linkname go_validatePrivateKeyECDH go_validatePrivateKeyECDH +//go:linkname go_validatePublicKeyECDH go_validatePublicKeyECDH ++//go:linkname go_validatePublicKeyMLDSA65 go_validatePublicKeyMLDSA65 ++//go:linkname go_validatePublicKeyMLDSA87 go_validatePublicKeyMLDSA87 +//go:linkname go_verifyEd25519 go_verifyEd25519 ++//go:linkname go_verifyMLDSA65 go_verifyMLDSA65 ++//go:linkname go_verifyMLDSA87 go_verifyMLDSA87 + +var go_MD5 byte +var go_SHA1 byte @@ -26523,6 +27438,8 @@ index 00000000000000..64315a13705101 +var go_decryptChaChaPoly byte +var go_deriveEncapsulationKeyMLKEM1024 byte +var go_deriveEncapsulationKeyMLKEM768 byte ++var go_derivePublicKeyMLDSA65 byte ++var go_derivePublicKeyMLDSA87 byte +var go_ecdhSharedSecret byte +var go_ecdsaSign byte +var go_ecdsaVerify byte @@ -26537,6 +27454,8 @@ index 00000000000000..64315a13705101 +var go_generateKeyECDH byte +var go_generateKeyECDSA byte +var go_generateKeyEd25519 byte ++var go_generateKeyMLDSA65 byte ++var go_generateKeyMLDSA87 byte +var go_generateKeyMLKEM1024 byte +var go_generateKeyMLKEM768 byte +var go_hashBlockSize byte @@ -26552,12 +27471,19 @@ index 00000000000000..64315a13705101 +var go_newPublicKeyEd25519 byte +var go_publicKeyFromPrivateECDH byte +var go_signEd25519 byte ++var go_signMLDSA65 byte ++var go_signMLDSA87 byte ++var go_supportsMLDSA byte +var go_supportsMLKEM byte +var go_supportsSHA3 byte +var go_updateHMAC byte +var go_validatePrivateKeyECDH byte +var go_validatePublicKeyECDH byte ++var go_validatePublicKeyMLDSA65 byte ++var go_validatePublicKeyMLDSA87 byte +var go_verifyEd25519 byte ++var go_verifyMLDSA65 byte ++var go_verifyMLDSA87 byte + +func MD5(inputPointer []uint8, outputPointer []uint8) { + syscallN(0, uintptr(unsafe.Pointer(&go_MD5)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) @@ -26626,6 +27552,16 @@ index 00000000000000..64315a13705101 + return int64(r0) +} + ++func DerivePublicKeyMLDSA65(seed []uint8, publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_derivePublicKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func DerivePublicKeyMLDSA87(seed []uint8, publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_derivePublicKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ +func EcdhSharedSecret(curveID int32, privateKey []uint8, publicKey []uint8, sharedSecret []uint8) int64 { + r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_ecdhSharedSecret)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedSecret))), uintptr(len(sharedSecret))) + return int64(r0) @@ -26693,6 +27629,16 @@ index 00000000000000..64315a13705101 + syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(key)))) +} + ++func GenerateKeyMLDSA65(seed []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) ++ return int64(r0) ++} ++ ++func GenerateKeyMLDSA87(seed []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) ++ return int64(r0) ++} ++ +func GenerateKeyMLKEM1024(seed []uint8) int64 { + r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) + return int64(r0) @@ -26764,6 +27710,21 @@ index 00000000000000..64315a13705101 + return int64(r0) +} + ++func SignMLDSA65(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) ++ return int64(r0) ++} ++ ++func SignMLDSA87(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) ++ return int64(r0) ++} ++ ++func SupportsMLDSA() int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsMLDSA))) ++ return int64(r0) ++} ++ +func SupportsMLKEM() int64 { + r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsMLKEM))) + return int64(r0) @@ -26788,16 +27749,36 @@ index 00000000000000..64315a13705101 + return int64(r0) +} + ++func ValidatePublicKeyMLDSA65(publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func ValidatePublicKeyMLDSA87(publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ +func VerifyEd25519(publicKey []uint8, message []uint8, sig []uint8) int64 { + r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(sig)))) + return int64(r0) +} ++ ++func VerifyMLDSA65(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) ++ return int64(r0) ++} ++ ++func VerifyMLDSA87(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) ++ return int64(r0) ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go new file mode 100644 -index 00000000000000..fc5d643f48bd87 +index 00000000000000..2b9858f5e5ce80 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go -@@ -0,0 +1,283 @@ +@@ -0,0 +1,307 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. +// Code generated by genswiftimports. DO NOT EDIT. @@ -26982,6 +27963,32 @@ index 00000000000000..fc5d643f48bd87 +//go:cgo_import_dynamic $s9CryptoKit6SHA512VACycfC $s9CryptoKit6SHA512VACycfC "" +//go:cgo_import_dynamic $s9CryptoKit6SHA512VMa $s9CryptoKit6SHA512VMa "" +//go:cgo_import_dynamic $s9CryptoKit6SHA512VMn $s9CryptoKit6SHA512VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVMa $s9CryptoKit7MLDSA65O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMa $s9CryptoKit7MLDSA65O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMn $s9CryptoKit7MLDSA65O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVMa $s9CryptoKit7MLDSA87O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMa $s9CryptoKit7MLDSA87O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMn $s9CryptoKit7MLDSA87O9PublicKeyVMn "" +//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF "" +//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestVMa $s9CryptoKit8InsecureO10SHA1DigestVMa "" +//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ "" @@ -27046,7 +28053,6 @@ index 00000000000000..fc5d643f48bd87 +//go:cgo_import_dynamic $sSW10Foundation12DataProtocolAAMc $sSW10Foundation12DataProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" +//go:cgo_import_dynamic $sSW4load14fromByteOffset2asxSi_xmtlF $sSW4load14fromByteOffset2asxSi_xmtlF "" +//go:cgo_import_dynamic $sSW5countSivg $sSW5countSivg "" -+//go:cgo_import_dynamic $sSW5start5countSWSVSg_SitcfC $sSW5start5countSWSVSg_SitcfC "" +//go:cgo_import_dynamic $sSWN $sSWN "/usr/lib/swift/libswiftCore.dylib" +//go:cgo_import_dynamic $sSWSTsWP $sSWSTsWP "/usr/lib/swift/libswiftCore.dylib" +//go:cgo_import_dynamic $sSWSlsMc $sSWSlsMc "/usr/lib/swift/libswiftCore.dylib" @@ -27056,10 +28062,10 @@ index 00000000000000..fc5d643f48bd87 +//go:cgo_import_dynamic $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ "" +//go:cgo_import_dynamic $sSp10deallocateyyF $sSp10deallocateyyF "" +//go:cgo_import_dynamic $sSp8allocate8capacitySpyxGSi_tFZ $sSp8allocate8capacitySpyxGSi_tFZ "" -+//go:cgo_import_dynamic $sSw5start5countSwSvSg_SitcfC $sSw5start5countSwSvSg_SitcfC "" +//go:cgo_import_dynamic $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF "" +//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" +//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" +//go:cgo_import_dynamic $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF "" +//go:cgo_import_dynamic $ss26DefaultStringInterpolationV13appendLiteralyySSF $ss26DefaultStringInterpolationV13appendLiteralyySSF "" +//go:cgo_import_dynamic $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC "" @@ -27074,7 +28080,6 @@ index 00000000000000..fc5d643f48bd87 +//go:cgo_import_dynamic swift_bridgeObjectRetain swift_bridgeObjectRetain "" +//go:cgo_import_dynamic swift_endAccess swift_endAccess "" +//go:cgo_import_dynamic swift_errorRelease swift_errorRelease "" -+//go:cgo_import_dynamic swift_errorRetain swift_errorRetain "" +//go:cgo_import_dynamic swift_getTypeByMangledNameInContext swift_getTypeByMangledNameInContext "" +//go:cgo_import_dynamic swift_getTypeByMangledNameInContextInMetadataState swift_getTypeByMangledNameInContextInMetadataState "" +//go:cgo_import_dynamic swift_getWitnessTable swift_getWitnessTable "" @@ -27083,10 +28088,10 @@ index 00000000000000..fc5d643f48bd87 +//go:cgo_import_dynamic swift_unexpectedError swift_unexpectedError "" diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go new file mode 100644 -index 00000000000000..a6ba482889cc27 +index 00000000000000..ce5806b1910da9 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go -@@ -0,0 +1,282 @@ +@@ -0,0 +1,306 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. +// Code generated by genswiftimports. DO NOT EDIT. @@ -27271,6 +28276,32 @@ index 00000000000000..a6ba482889cc27 +//go:cgo_import_dynamic $s9CryptoKit6SHA512VACycfC $s9CryptoKit6SHA512VACycfC "" +//go:cgo_import_dynamic $s9CryptoKit6SHA512VMa $s9CryptoKit6SHA512VMa "" +//go:cgo_import_dynamic $s9CryptoKit6SHA512VMn $s9CryptoKit6SHA512VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVMa $s9CryptoKit7MLDSA65O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMa $s9CryptoKit7MLDSA65O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMn $s9CryptoKit7MLDSA65O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVMa $s9CryptoKit7MLDSA87O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMa $s9CryptoKit7MLDSA87O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMn $s9CryptoKit7MLDSA87O9PublicKeyVMn "" +//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF "" +//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestVMa $s9CryptoKit8InsecureO10SHA1DigestVMa "" +//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ "" @@ -27335,7 +28366,6 @@ index 00000000000000..a6ba482889cc27 +//go:cgo_import_dynamic $sSW10Foundation12DataProtocolAAMc $sSW10Foundation12DataProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" +//go:cgo_import_dynamic $sSW4load14fromByteOffset2asxSi_xmtlF $sSW4load14fromByteOffset2asxSi_xmtlF "" +//go:cgo_import_dynamic $sSW5countSivg $sSW5countSivg "" -+//go:cgo_import_dynamic $sSW5start5countSWSVSg_SitcfC $sSW5start5countSWSVSg_SitcfC "" +//go:cgo_import_dynamic $sSWN $sSWN "/usr/lib/swift/libswiftCore.dylib" +//go:cgo_import_dynamic $sSWSTsWP $sSWSTsWP "/usr/lib/swift/libswiftCore.dylib" +//go:cgo_import_dynamic $sSWSlsMc $sSWSlsMc "/usr/lib/swift/libswiftCore.dylib" @@ -27345,10 +28375,10 @@ index 00000000000000..a6ba482889cc27 +//go:cgo_import_dynamic $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ "" +//go:cgo_import_dynamic $sSp10deallocateyyF $sSp10deallocateyyF "" +//go:cgo_import_dynamic $sSp8allocate8capacitySpyxGSi_tFZ $sSp8allocate8capacitySpyxGSi_tFZ "" -+//go:cgo_import_dynamic $sSw5start5countSwSvSg_SitcfC $sSw5start5countSwSvSg_SitcfC "" +//go:cgo_import_dynamic $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF "" +//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" +//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" +//go:cgo_import_dynamic $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF "" +//go:cgo_import_dynamic $ss26DefaultStringInterpolationV13appendLiteralyySSF $ss26DefaultStringInterpolationV13appendLiteralyySSF "" +//go:cgo_import_dynamic $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC "" @@ -27362,7 +28392,6 @@ index 00000000000000..a6ba482889cc27 +//go:cgo_import_dynamic swift_bridgeObjectRetain swift_bridgeObjectRetain "" +//go:cgo_import_dynamic swift_endAccess swift_endAccess "" +//go:cgo_import_dynamic swift_errorRelease swift_errorRelease "" -+//go:cgo_import_dynamic swift_errorRetain swift_errorRetain "" +//go:cgo_import_dynamic swift_getTypeByMangledNameInContext swift_getTypeByMangledNameInContext "" +//go:cgo_import_dynamic swift_getTypeByMangledNameInContextInMetadataState swift_getTypeByMangledNameInContextInMetadataState "" +//go:cgo_import_dynamic swift_getWitnessTable swift_getWitnessTable "" @@ -28652,7 +29681,7 @@ index 00000000000000..74ee18d383784e +//go:generate go run ../../cmd/mkcgo -out zsecurity.go -nocgo -package security --noerrors shims.h diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h new file mode 100644 -index 00000000000000..2f29d1d916958f +index 00000000000000..d37be58038a718 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h @@ -0,0 +1,107 @@ @@ -28686,7 +29715,7 @@ index 00000000000000..2f29d1d916958f +typedef void *CFAllocatorRef; +typedef void *CFDictionaryKeyCallBacks; +typedef void *CFDictionaryValueCallBacks; -+typedef int32_t CFIndex; ++typedef long CFIndex; +typedef CFStringRef SecKeyAlgorithm; + +typedef enum { @@ -28701,7 +29730,7 @@ index 00000000000000..2f29d1d916958f +} CFStringEncoding; + +typedef enum { -+ kCFNumberIntType = 9 ++ kCFNumberLongType = 10 +} CFNumberType; + +extern const CFAllocatorRef kCFAllocatorDefault __attribute__((framework(CoreFoundation, A))); @@ -28919,7 +29948,7 @@ index 00000000000000..a74278d02fd6ef + diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go new file mode 100644 -index 00000000000000..edafb365383aca +index 00000000000000..41aa0341b8a2b2 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go @@ -0,0 +1,21 @@ @@ -28942,11 +29971,11 @@ index 00000000000000..edafb365383aca +) + +const ( -+ KCFNumberIntType CFNumberType = 9 ++ KCFNumberLongType CFNumberType = 10 +) diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h new file mode 100644 -index 00000000000000..6b0cd286f82d58 +index 00000000000000..8a2524b3cd0fe6 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h @@ -0,0 +1,98 @@ @@ -28975,7 +30004,7 @@ index 00000000000000..6b0cd286f82d58 +typedef void* CFAllocatorRef; +typedef void* CFDictionaryKeyCallBacks; +typedef void* CFDictionaryValueCallBacks; -+typedef int32_t CFIndex; ++typedef long CFIndex; +typedef CFStringRef SecKeyAlgorithm; + +extern const CFAllocatorRef kCFAllocatorDefault; @@ -29018,7 +30047,7 @@ index 00000000000000..6b0cd286f82d58 +} CFStringEncoding; + +typedef enum { -+ kCFNumberIntType = 9, ++ kCFNumberLongType = 10, +} CFNumberType; + +uintptr_t mkcgo_err_retrieve(); @@ -29622,7 +30651,7 @@ index 00000000000000..c17b764ee90662 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go new file mode 100644 -index 00000000000000..08bafd9a64d7c4 +index 00000000000000..7e5d52ef2d3c63 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go @@ -0,0 +1,466 @@ @@ -29668,7 +30697,7 @@ index 00000000000000..08bafd9a64d7c4 +type CFAllocatorRef unsafe.Pointer +type CFDictionaryKeyCallBacks unsafe.Pointer +type CFDictionaryValueCallBacks unsafe.Pointer -+type CFIndex = int32 ++type CFIndex = int64 +type SecKeyAlgorithm = CFStringRef + +type SecKeyOperationType int32 @@ -31435,7 +32464,7 @@ index 00000000000000..316ecba6792d47 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go new file mode 100644 -index 00000000000000..39a70bfcd259d8 +index 00000000000000..a085303b10ac00 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go @@ -0,0 +1,339 @@ @@ -31749,7 +32778,7 @@ index 00000000000000..39a70bfcd259d8 + unsafe.Pointer(keyType), + ) + -+ cfNum := security.CFNumberCreate(security.KCFAllocatorDefault, security.KCFNumberIntType, unsafe.Pointer(&keySize)) ++ cfNum := security.CFNumberCreate(security.KCFAllocatorDefault, security.KCFNumberLongType, unsafe.Pointer(&keySize)) + defer security.CFRelease(security.CFTypeRef(cfNum)) + + security.CFDictionarySetValue( @@ -32579,6 +33608,234 @@ index 00000000000000..80a951f8ea1a2a + return 0 + } +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go +new file mode 100644 +index 00000000000000..136d81fe3c152e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go +@@ -0,0 +1,222 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ // privateKeySizeMLDSA is the size of an ML-DSA private key seed. ++ privateKeySizeMLDSA = 32 ++ ++ // publicKeySizeMLDSA65 is the size of an ML-DSA-65 public key encoding. ++ publicKeySizeMLDSA65 = 1952 ++ ++ // publicKeySizeMLDSA87 is the size of an ML-DSA-87 public key encoding. ++ publicKeySizeMLDSA87 = 2592 ++ ++ // signatureSizeMLDSA65 is the size of an ML-DSA-65 signature. ++ signatureSizeMLDSA65 = 3309 ++ ++ // signatureSizeMLDSA87 is the size of an ML-DSA-87 signature. ++ signatureSizeMLDSA87 = 4627 ++) ++ ++// SupportsMLDSA returns true if the given ML-DSA parameter set is supported ++// on this platform. ++func SupportsMLDSA(params MLDSAParameters) bool { ++ switch params.publicKeySize { ++ case publicKeySizeMLDSA65, publicKeySizeMLDSA87: ++ return cryptokit.SupportsMLDSA() == 1 ++ default: ++ return false ++ } ++} ++ ++// MLDSAParameters represents one of the fixed ML-DSA parameter sets. ++type MLDSAParameters struct { ++ name string ++ publicKeySize int ++ signatureSize int ++ generateKey func(seed []uint8) int64 ++ derivePublic func(seed []uint8, publicKey []uint8) int64 ++ sign func(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 ++ verify func(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 ++ validatePub func(publicKey []uint8) int64 ++} ++ ++var ( ++ mldsa65 = MLDSAParameters{ ++ name: "ML-DSA-65", ++ publicKeySize: publicKeySizeMLDSA65, ++ signatureSize: signatureSizeMLDSA65, ++ generateKey: cryptokit.GenerateKeyMLDSA65, ++ derivePublic: cryptokit.DerivePublicKeyMLDSA65, ++ sign: cryptokit.SignMLDSA65, ++ verify: cryptokit.VerifyMLDSA65, ++ validatePub: cryptokit.ValidatePublicKeyMLDSA65, ++ } ++ mldsa87 = MLDSAParameters{ ++ name: "ML-DSA-87", ++ publicKeySize: publicKeySizeMLDSA87, ++ signatureSize: signatureSizeMLDSA87, ++ generateKey: cryptokit.GenerateKeyMLDSA87, ++ derivePublic: cryptokit.DerivePublicKeyMLDSA87, ++ sign: cryptokit.SignMLDSA87, ++ verify: cryptokit.VerifyMLDSA87, ++ validatePub: cryptokit.ValidatePublicKeyMLDSA87, ++ } ++) ++ ++// MLDSA65 returns the ML-DSA-65 parameter set. ++func MLDSA65() MLDSAParameters { return mldsa65 } ++ ++// MLDSA87 returns the ML-DSA-87 parameter set. ++func MLDSA87() MLDSAParameters { return mldsa87 } ++ ++func (params MLDSAParameters) valid() bool { ++ return params.generateKey != nil ++} ++ ++// PublicKeySize returns the size of public keys for this parameter set, in bytes. ++func (params MLDSAParameters) PublicKeySize() int { return params.publicKeySize } ++ ++// SignatureSize returns the size of signatures for this parameter set, in bytes. ++func (params MLDSAParameters) SignatureSize() int { return params.signatureSize } ++ ++// String returns the name of the parameter set. ++func (params MLDSAParameters) String() string { return params.name } ++ ++var errInvalidMLDSAParameters = errors.New("mldsa: invalid parameters") ++ ++// PrivateKeyMLDSA is an ML-DSA private key seed. ++type PrivateKeyMLDSA struct { ++ params MLDSAParameters ++ seed [privateKeySizeMLDSA]byte ++} ++ ++// GenerateKeyMLDSA generates a new ML-DSA private key. ++func GenerateKeyMLDSA(params MLDSAParameters) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ if ret := params.generateKey(key.seed[:]); ret != 0 { ++ return nil, errors.New("mldsa: key generation failed") ++ } ++ return key, nil ++} ++ ++// NewPrivateKeyMLDSA constructs an ML-DSA private key from its seed. ++func NewPrivateKeyMLDSA(params MLDSAParameters, seed []byte) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(seed) != privateKeySizeMLDSA { ++ return nil, errors.New("mldsa: invalid private key size") ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ copy(key.seed[:], seed) ++ return key, nil ++} ++ ++// Bytes returns the private key seed. ++func (key *PrivateKeyMLDSA) Bytes() []byte { ++ return key.seed[:] ++} ++ ++// Parameters returns the parameters associated with this private key. ++func (key *PrivateKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// PublicKey returns the corresponding public key. ++func (key *PrivateKeyMLDSA) PublicKey() *PublicKeyMLDSA { ++ publicKey := &PublicKeyMLDSA{params: key.params} ++ if ret := key.params.derivePublic(key.seed[:], publicKey.bytes[:key.params.publicKeySize]); ret != 0 { ++ panic("mldsa: failed to derive public key") ++ } ++ return publicKey ++} ++ ++// Sign signs message with context using ML-DSA. ++func (key *PrivateKeyMLDSA) Sign(message []byte, context string) ([]byte, error) { ++ if len(context) > 255 { ++ return nil, errors.New("mldsa: context too long") ++ } ++ signature := make([]byte, key.params.signatureSize) ++ sigLen := int64(key.params.signatureSize) ++ contextBytes := []byte(context) ++ if ret := key.params.sign(key.seed[:], message, contextBytes, signature, &sigLen); ret != 0 { ++ return nil, errors.New("mldsa: signing failed") ++ } ++ return signature[:sigLen], nil ++} ++ ++// SignExternalMu signs a pre-hashed mu message representative using ML-DSA. ++func (key *PrivateKeyMLDSA) SignExternalMu(mu []byte) ([]byte, error) { ++ if len(mu) != 64 { ++ return nil, errors.New("mldsa: invalid message hash length") ++ } ++ return nil, errors.New("mldsa: external mu not supported") ++} ++ ++// PublicKeyMLDSA is an ML-DSA public key. ++type PublicKeyMLDSA struct { ++ params MLDSAParameters ++ bytes [publicKeySizeMLDSA87]byte ++} ++ ++// NewPublicKeyMLDSA constructs an ML-DSA public key from its encoding. ++func NewPublicKeyMLDSA(params MLDSAParameters, publicKey []byte) (*PublicKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(publicKey) != params.publicKeySize { ++ return nil, errors.New("mldsa: invalid public key size") ++ } ++ if ret := params.validatePub(publicKey); ret != 0 { ++ return nil, errors.New("mldsa: invalid public key") ++ } ++ key := &PublicKeyMLDSA{params: params} ++ copy(key.bytes[:], publicKey) ++ return key, nil ++} ++ ++// Bytes returns the public key encoding. ++func (key *PublicKeyMLDSA) Bytes() []byte { ++ return key.bytes[:key.params.publicKeySize] ++} ++ ++// Parameters returns the parameters associated with this public key. ++func (key *PublicKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// Verify verifies an ML-DSA signature. ++func (key *PublicKeyMLDSA) Verify(message, signature []byte, context string) error { ++ if len(signature) != key.params.signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ if len(context) > 255 { ++ return errors.New("mldsa: context too long") ++ } ++ contextBytes := []byte(context) ++ if ret := key.params.verify(key.bytes[:key.params.publicKeySize], message, contextBytes, signature); ret != 0 { ++ return errors.New("mldsa: verification failed") ++ } ++ return nil ++} ++ ++// VerifyExternalMu verifies an ML-DSA signature over a pre-hashed mu message representative. ++func (key *PublicKeyMLDSA) VerifyExternalMu(mu, signature []byte) error { ++ if len(mu) != 64 { ++ return errors.New("mldsa: invalid message hash length") ++ } ++ if len(signature) != key.params.signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ return errors.New("mldsa: external mu not supported") ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go new file mode 100644 index 00000000000000..b5131703afdbcc @@ -32848,10 +34105,10 @@ index 00000000000000..b5131703afdbcc +} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go new file mode 100644 -index 00000000000000..75416a508374ca +index 00000000000000..b50fc17d0f8d66 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go -@@ -0,0 +1,68 @@ +@@ -0,0 +1,76 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -32863,11 +34120,19 @@ index 00000000000000..75416a508374ca + "crypto" + "errors" + "hash" ++ "math" + + "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" +) + +func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ // CommonCrypto's CCKeyDerivationPBKDF takes an unsigned 32-bit iteration ++ // count, so reject values that would overflow or wrap. In practice the ++ // recommended iteration count is around 300,000. ++ if iter <= 0 || iter > math.MaxUint32 { ++ return nil, errors.New("PBKDF2: invalid iteration count") ++ } ++ + // Map Go hash function to CommonCrypto hash constant + ccDigest, err := hashToCCDigestPBKDF2(fh()) + if err != nil { @@ -35935,6 +37200,437 @@ index 00000000000000..bc150a7bd39272 + } + return nil +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/mldsa.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/mldsa.go +new file mode 100644 +index 00000000000000..673fdcd3b3e9e5 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/mldsa.go +@@ -0,0 +1,425 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build windows ++// +build windows ++ ++package cng ++ ++import ( ++ "errors" ++ "runtime" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-winnative/internal/bcrypt" ++) ++ ++const ( ++ // privateKeySizeMLDSA is the size of an ML-DSA private key seed. ++ privateKeySizeMLDSA = 32 ++ ++ // publicKeySizeMLDSA44 is the size of an ML-DSA-44 public key encoding. ++ publicKeySizeMLDSA44 = 1312 ++ ++ // publicKeySizeMLDSA65 is the size of an ML-DSA-65 public key encoding. ++ publicKeySizeMLDSA65 = 1952 ++ ++ // publicKeySizeMLDSA87 is the size of an ML-DSA-87 public key encoding. ++ publicKeySizeMLDSA87 = 2592 ++ ++ // signatureSizeMLDSA44 is the size of an ML-DSA-44 signature. ++ signatureSizeMLDSA44 = 2420 ++ ++ // signatureSizeMLDSA65 is the size of an ML-DSA-65 signature. ++ signatureSizeMLDSA65 = 3309 ++ ++ // signatureSizeMLDSA87 is the size of an ML-DSA-87 signature. ++ signatureSizeMLDSA87 = 4627 ++ ++ sizeOfPQDSAKeyBlobHeader = 12 ++ maxMLDSAParameterSetNameBytes = 6 ++ sizeOfPrivateSeedBlobMLDSA = sizeOfPQDSAKeyBlobHeader + maxMLDSAParameterSetNameBytes + privateKeySizeMLDSA ++ sizeOfPublicKeyBlobMLDSA87 = sizeOfPQDSAKeyBlobHeader + maxMLDSAParameterSetNameBytes + publicKeySizeMLDSA87 ++) ++ ++type mldsaAlgorithm struct { ++ handle bcrypt.ALG_HANDLE ++} ++ ++func loadMLDSA() (mldsaAlgorithm, error) { ++ return loadOrStoreAlg(bcrypt.MLDSA_ALGORITHM, 0, "", func(h bcrypt.ALG_HANDLE) (mldsaAlgorithm, error) { ++ return mldsaAlgorithm{handle: h}, nil ++ }) ++} ++ ++// SupportsMLDSA returns true if ML-DSA is supported on this platform. ++func SupportsMLDSA() bool { ++ _, err := loadMLDSA() ++ return err == nil ++} ++ ++func generateMLDSAKey(paramSet string, dst []byte) error { ++ alg, err := loadMLDSA() ++ if err != nil { ++ return err ++ } ++ ++ var hKey bcrypt.KEY_HANDLE ++ if err := bcrypt.GenerateKeyPair(alg.handle, &hKey, 0, 0); err != nil { ++ return err ++ } ++ defer bcrypt.DestroyKey(hKey) ++ ++ if err := setString(bcrypt.HANDLE(hKey), bcrypt.PARAMETER_SET_NAME, paramSet); err != nil { ++ return err ++ } ++ if err := bcrypt.FinalizeKeyPair(hKey, 0); err != nil { ++ return err ++ } ++ ++ var blob [sizeOfPrivateSeedBlobMLDSA]byte ++ var size uint32 ++ if err := bcrypt.ExportKey(hKey, 0, utf16PtrFromString(bcrypt.PQDSA_PRIVATE_SEED_BLOB), blob[:], &size, 0); err != nil { ++ return err ++ } ++ return extractPQDSAKeyBytes(dst, blob[:size]) ++} ++ ++func newPQDSAKeyBlob(dst []byte, paramSet string, keyBytes []byte, magic bcrypt.KeyBlobMagicNumber) ([]byte, error) { ++ paramSetByteLen := (len(paramSet) + 1) * 2 ++ blobSize := 12 + paramSetByteLen + len(keyBytes) ++ if len(dst) < blobSize { ++ return nil, errors.New("mldsa: destination blob too small") ++ } ++ blob := dst[:blobSize] ++ putUint32LE(blob[0:4], uint32(magic)) ++ putUint32LE(blob[4:8], uint32(paramSetByteLen)) ++ putUint32LE(blob[8:12], uint32(len(keyBytes))) ++ for i := 0; i < len(paramSet); i++ { ++ if paramSet[i] == 0 || paramSet[i] > 127 { ++ panic("newPQDSAKeyBlob only supports ASCII parameter set names, got " + paramSet) ++ } ++ putUint16LE(blob[12+i*2:], uint16(paramSet[i])) ++ } ++ putUint16LE(blob[12+len(paramSet)*2:], 0) ++ copy(blob[12+paramSetByteLen:], keyBytes) ++ return blob, nil ++} ++ ++func extractPQDSAKeyBytes(dst, blob []byte) error { ++ if len(blob) < 12 { ++ return errors.New("mldsa: blob too small") ++ } ++ cbParameterSet := getUint32LE(blob[4:8]) ++ cbKey := getUint32LE(blob[8:12]) ++ headerSize := 12 + int(cbParameterSet) ++ if len(blob) < headerSize+int(cbKey) { ++ return errors.New("mldsa: invalid blob size") ++ } ++ if len(dst) != int(cbKey) { ++ return errors.New("mldsa: destination size mismatch") ++ } ++ copy(dst, blob[headerSize:headerSize+int(cbKey)]) ++ return nil ++} ++ ++func importMLDSAPrivateKey(paramSet string, seed []byte) (bcrypt.KEY_HANDLE, error) { ++ alg, err := loadMLDSA() ++ if err != nil { ++ return 0, err ++ } ++ var blobBuf [sizeOfPrivateSeedBlobMLDSA]byte ++ blob, err := newPQDSAKeyBlob(blobBuf[:], paramSet, seed, bcrypt.MLDSA_PRIVATE_SEED_MAGIC) ++ if err != nil { ++ return 0, err ++ } ++ var hKey bcrypt.KEY_HANDLE ++ if err := bcrypt.ImportKeyPair(alg.handle, 0, utf16PtrFromString(bcrypt.PQDSA_PRIVATE_SEED_BLOB), &hKey, blob, 0); err != nil { ++ return 0, err ++ } ++ return hKey, nil ++} ++ ++func importMLDSAPublicKey(paramSet string, publicKey []byte) (bcrypt.KEY_HANDLE, error) { ++ alg, err := loadMLDSA() ++ if err != nil { ++ return 0, err ++ } ++ var blobBuf [sizeOfPublicKeyBlobMLDSA87]byte ++ blob, err := newPQDSAKeyBlob(blobBuf[:], paramSet, publicKey, bcrypt.MLDSA_PUBLIC_MAGIC) ++ if err != nil { ++ return 0, err ++ } ++ var hKey bcrypt.KEY_HANDLE ++ if err := bcrypt.ImportKeyPair(alg.handle, 0, utf16PtrFromString(bcrypt.PQDSA_PUBLIC_BLOB), &hKey, blob, 0); err != nil { ++ return 0, err ++ } ++ return hKey, nil ++} ++ ++func mldsaPublicKey(paramSet string, seed, dst []byte) error { ++ hKey, err := importMLDSAPrivateKey(paramSet, seed) ++ if err != nil { ++ return err ++ } ++ defer bcrypt.DestroyKey(hKey) ++ ++ var blob [sizeOfPublicKeyBlobMLDSA87]byte ++ var size uint32 ++ if err := bcrypt.ExportKey(hKey, 0, utf16PtrFromString(bcrypt.PQDSA_PUBLIC_BLOB), blob[:], &size, 0); err != nil { ++ return err ++ } ++ return extractPQDSAKeyBytes(dst, blob[:size]) ++} ++ ++func mldsaPadding(context string) (bcrypt.PQDSA_PADDING_INFO, []byte, bcrypt.PadMode, error) { ++ if len(context) > 255 { ++ return bcrypt.PQDSA_PADDING_INFO{}, nil, 0, errors.New("mldsa: context too long") ++ } ++ if context == "" { ++ return bcrypt.PQDSA_PADDING_INFO{}, nil, bcrypt.PAD_PQDSA, nil ++ } ++ contextBytes := []byte(context) ++ return bcrypt.PQDSA_PADDING_INFO{ ++ Context: &contextBytes[0], ++ ContextSize: uint32(len(contextBytes)), ++ }, contextBytes, bcrypt.PAD_PQDSA, nil ++} ++ ++func mldsaSign(paramSet string, seed, message []byte, signatureSize int, context string) ([]byte, error) { ++ hKey, err := importMLDSAPrivateKey(paramSet, seed) ++ if err != nil { ++ return nil, err ++ } ++ defer bcrypt.DestroyKey(hKey) ++ ++ info, contextBytes, flags, err := mldsaPadding(context) ++ if err != nil { ++ return nil, err ++ } ++ var infoPtr unsafe.Pointer ++ if flags != 0 { ++ infoPtr = unsafe.Pointer(&info) ++ defer runtime.KeepAlive(contextBytes) ++ } ++ ++ signature := make([]byte, signatureSize) ++ var size uint32 ++ if err := bcrypt.SignHash(hKey, infoPtr, message, signature, &size, flags); err != nil { ++ return nil, err ++ } ++ return signature[:size], nil ++} ++ ++func mldsaSignExternalMu(paramSet string, seed, mu []byte, signatureSize int) ([]byte, error) { ++ if len(mu) != 64 { ++ return nil, errors.New("mldsa: invalid message hash length") ++ } ++ hKey, err := importMLDSAPrivateKey(paramSet, seed) ++ if err != nil { ++ return nil, err ++ } ++ defer bcrypt.DestroyKey(hKey) ++ ++ signature := make([]byte, signatureSize) ++ var size uint32 ++ if err := bcrypt.SignHash(hKey, nil, mu, signature, &size, bcrypt.MLDSA_EXTERNAL_MU); err != nil { ++ return nil, err ++ } ++ return signature[:size], nil ++} ++ ++func mldsaVerify(paramSet string, publicKey, message, signature []byte, signatureSize int, context string) error { ++ if len(signature) != signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ hKey, err := importMLDSAPublicKey(paramSet, publicKey) ++ if err != nil { ++ return err ++ } ++ defer bcrypt.DestroyKey(hKey) ++ ++ info, contextBytes, flags, err := mldsaPadding(context) ++ if err != nil { ++ return err ++ } ++ var infoPtr unsafe.Pointer ++ if flags != 0 { ++ infoPtr = unsafe.Pointer(&info) ++ defer runtime.KeepAlive(contextBytes) ++ } ++ return bcrypt.VerifySignature(hKey, infoPtr, message, signature, flags) ++} ++ ++func mldsaVerifyExternalMu(paramSet string, publicKey, mu, signature []byte, signatureSize int) error { ++ if len(mu) != 64 { ++ return errors.New("mldsa: invalid message hash length") ++ } ++ if len(signature) != signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ hKey, err := importMLDSAPublicKey(paramSet, publicKey) ++ if err != nil { ++ return err ++ } ++ defer bcrypt.DestroyKey(hKey) ++ return bcrypt.VerifySignature(hKey, nil, mu, signature, bcrypt.MLDSA_EXTERNAL_MU) ++} ++ ++// MLDSAParameters represents one of the fixed ML-DSA parameter sets. ++type MLDSAParameters struct { ++ name string ++ paramSet string ++ publicKeySize int ++ signatureSize int ++} ++ ++var ( ++ mldsa44 = MLDSAParameters{ ++ name: "ML-DSA-44", ++ paramSet: bcrypt.MLDSA_PARAMETER_SET_44, ++ publicKeySize: publicKeySizeMLDSA44, ++ signatureSize: signatureSizeMLDSA44, ++ } ++ mldsa65 = MLDSAParameters{ ++ name: "ML-DSA-65", ++ paramSet: bcrypt.MLDSA_PARAMETER_SET_65, ++ publicKeySize: publicKeySizeMLDSA65, ++ signatureSize: signatureSizeMLDSA65, ++ } ++ mldsa87 = MLDSAParameters{ ++ name: "ML-DSA-87", ++ paramSet: bcrypt.MLDSA_PARAMETER_SET_87, ++ publicKeySize: publicKeySizeMLDSA87, ++ signatureSize: signatureSizeMLDSA87, ++ } ++) ++ ++// MLDSA44 returns the ML-DSA-44 parameter set. ++func MLDSA44() MLDSAParameters { return mldsa44 } ++ ++// MLDSA65 returns the ML-DSA-65 parameter set. ++func MLDSA65() MLDSAParameters { return mldsa65 } ++ ++// MLDSA87 returns the ML-DSA-87 parameter set. ++func MLDSA87() MLDSAParameters { return mldsa87 } ++ ++func (params MLDSAParameters) valid() bool { ++ switch params { ++ case mldsa44, mldsa65, mldsa87: ++ return true ++ default: ++ return false ++ } ++} ++ ++// PublicKeySize returns the size of public keys for this parameter set, in bytes. ++func (params MLDSAParameters) PublicKeySize() int { return params.publicKeySize } ++ ++// SignatureSize returns the size of signatures for this parameter set, in bytes. ++func (params MLDSAParameters) SignatureSize() int { return params.signatureSize } ++ ++// String returns the name of the parameter set. ++func (params MLDSAParameters) String() string { return params.name } ++ ++var errInvalidMLDSAParameters = errors.New("mldsa: invalid parameters") ++ ++// PrivateKeyMLDSA is an ML-DSA private key seed. ++type PrivateKeyMLDSA struct { ++ params MLDSAParameters ++ seed [privateKeySizeMLDSA]byte ++} ++ ++// GenerateKeyMLDSA generates a new ML-DSA private key. ++func GenerateKeyMLDSA(params MLDSAParameters) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ if err := generateMLDSAKey(params.paramSet, key.seed[:]); err != nil { ++ return nil, err ++ } ++ return key, nil ++} ++ ++// NewPrivateKeyMLDSA constructs an ML-DSA private key from its seed. ++func NewPrivateKeyMLDSA(params MLDSAParameters, seed []byte) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(seed) != privateKeySizeMLDSA { ++ return nil, errors.New("mldsa: invalid private key size") ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ copy(key.seed[:], seed) ++ return key, nil ++} ++ ++// Bytes returns the private key seed. ++func (key *PrivateKeyMLDSA) Bytes() []byte { ++ return key.seed[:] ++} ++ ++// Parameters returns the parameters associated with this private key. ++func (key *PrivateKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// PublicKey returns the corresponding public key. ++func (key *PrivateKeyMLDSA) PublicKey() *PublicKeyMLDSA { ++ publicKey := &PublicKeyMLDSA{params: key.params} ++ if err := mldsaPublicKey(key.params.paramSet, key.seed[:], publicKey.bytes[:key.params.publicKeySize]); err != nil { ++ panic(err) ++ } ++ return publicKey ++} ++ ++// Sign signs message with context using ML-DSA. ++func (key *PrivateKeyMLDSA) Sign(message []byte, context string) ([]byte, error) { ++ return mldsaSign(key.params.paramSet, key.seed[:], message, key.params.signatureSize, context) ++} ++ ++// SignExternalMu signs a pre-hashed mu message representative using ML-DSA. ++func (key *PrivateKeyMLDSA) SignExternalMu(mu []byte) ([]byte, error) { ++ return mldsaSignExternalMu(key.params.paramSet, key.seed[:], mu, key.params.signatureSize) ++} ++ ++// PublicKeyMLDSA is an ML-DSA public key. ++type PublicKeyMLDSA struct { ++ params MLDSAParameters ++ bytes [publicKeySizeMLDSA87]byte ++} ++ ++// NewPublicKeyMLDSA constructs an ML-DSA public key from its encoding. ++func NewPublicKeyMLDSA(params MLDSAParameters, publicKey []byte) (*PublicKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(publicKey) != params.publicKeySize { ++ return nil, errors.New("mldsa: invalid public key size") ++ } ++ if hKey, err := importMLDSAPublicKey(params.paramSet, publicKey); err != nil { ++ return nil, err ++ } else { ++ bcrypt.DestroyKey(hKey) ++ } ++ key := &PublicKeyMLDSA{params: params} ++ copy(key.bytes[:], publicKey) ++ return key, nil ++} ++ ++// Bytes returns the public key encoding. ++func (key *PublicKeyMLDSA) Bytes() []byte { ++ return key.bytes[:key.params.publicKeySize] ++} ++ ++// Parameters returns the parameters associated with this public key. ++func (key *PublicKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// Verify verifies an ML-DSA signature. ++func (key *PublicKeyMLDSA) Verify(message, signature []byte, context string) error { ++ return mldsaVerify(key.params.paramSet, key.bytes[:key.params.publicKeySize], message, signature, key.params.signatureSize, context) ++} ++ ++// VerifyExternalMu verifies an ML-DSA signature over a pre-hashed mu message representative. ++func (key *PublicKeyMLDSA) VerifyExternalMu(mu, signature []byte) error { ++ return mldsaVerifyExternalMu(key.params.paramSet, key.bytes[:key.params.publicKeySize], mu, signature, key.params.signatureSize) ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/mlkem.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/mlkem.go new file mode 100644 index 00000000000000..f220e1d9d29794 @@ -37243,10 +38939,10 @@ index 00000000000000..56131a6bc93d3f +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go new file mode 100644 -index 00000000000000..3fe42f9334abd0 +index 00000000000000..7c24727f821191 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go -@@ -0,0 +1,414 @@ +@@ -0,0 +1,434 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -37287,6 +38983,7 @@ index 00000000000000..3fe42f9334abd0 + TLS1_1_KDF_ALGORITHM = "TLS1_1_KDF" + TLS1_2_KDF_ALGORITHM = "TLS1_2_KDF" + DSA_ALGORITHM = "DSA" ++ MLDSA_ALGORITHM = "ML-DSA" + MLKEM_ALGORITHM = "ML-KEM" + + CHACHA20_POLY1305_ALGORITHM = "CHACHA20_POLY1305" @@ -37323,6 +39020,9 @@ index 00000000000000..3fe42f9334abd0 + ECCPRIVATE_BLOB = "ECCPRIVATEBLOB" + DSA_PUBLIC_BLOB = "DSAPUBLICBLOB" + DSA_PRIVATE_BLOB = "DSAPRIVATEBLOB" ++ PQDSA_PUBLIC_BLOB = "PQDSAPUBLICBLOB" ++ PQDSA_PRIVATE_BLOB = "PQDSAPRIVATEBLOB" ++ PQDSA_PRIVATE_SEED_BLOB = "PQDSAPRIVATESEEDBLOB" + MLKEM_PUBLIC_BLOB = "MLKEMPUBLICBLOB" + MLKEM_PRIVATE_SEED_BLOB = "MLKEMPRIVATESEEDBLOB" +) @@ -37385,8 +39085,11 @@ index 00000000000000..3fe42f9334abd0 +) + +const ( -+ // ML-KEM related properties and constants ++ // Post-quantum related properties and constants + PARAMETER_SET_NAME = "ParameterSetName" ++ MLDSA_PARAMETER_SET_44 = "44" ++ MLDSA_PARAMETER_SET_65 = "65" ++ MLDSA_PARAMETER_SET_87 = "87" + MLKEM_PARAMETER_SET_768 = "768" + MLKEM_PARAMETER_SET_1024 = "1024" +) @@ -37429,11 +39132,13 @@ index 00000000000000..3fe42f9334abd0 +type PadMode uint32 + +const ( -+ PAD_UNDEFINED PadMode = 0x0 -+ PAD_NONE PadMode = 0x1 -+ PAD_PKCS1 PadMode = 0x2 -+ PAD_OAEP PadMode = 0x4 -+ PAD_PSS PadMode = 0x8 ++ PAD_UNDEFINED PadMode = 0x0 ++ PAD_NONE PadMode = 0x1 ++ PAD_PKCS1 PadMode = 0x2 ++ PAD_OAEP PadMode = 0x4 ++ PAD_PSS PadMode = 0x8 ++ PAD_PQDSA PadMode = 0x20 ++ MLDSA_EXTERNAL_MU PadMode = 0x40 +) + +type AlgorithmProviderFlags uint32 @@ -37463,6 +39168,10 @@ index 00000000000000..3fe42f9334abd0 + DSA_PUBLIC_MAGIC_V2 KeyBlobMagicNumber = 0x32425044 + DSA_PRIVATE_MAGIC_V2 KeyBlobMagicNumber = 0x32565044 + ++ MLDSA_PUBLIC_MAGIC KeyBlobMagicNumber = 0x4B505344 ++ MLDSA_PRIVATE_MAGIC KeyBlobMagicNumber = 0x4B535344 ++ MLDSA_PRIVATE_SEED_MAGIC KeyBlobMagicNumber = 0x53535344 ++ + MLKEM_PUBLIC_MAGIC KeyBlobMagicNumber = 0x504B4C4D + MLKEM_PRIVATE_MAGIC KeyBlobMagicNumber = 0x524B4C4D + MLKEM_PRIVATE_SEED_MAGIC KeyBlobMagicNumber = 0x534B4C4D @@ -37536,6 +39245,13 @@ index 00000000000000..3fe42f9334abd0 + Salt uint32 +} + ++// https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptsignhash ++type PQDSA_PADDING_INFO struct { ++ Context *byte ++ ContextSize uint32 ++ PrehashAlgID *uint16 ++} ++ +// https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_rsakey_blob +type RSAKEY_BLOB struct { + Magic KeyBlobMagicNumber @@ -38256,18 +39972,18 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index d72017d2a43c1e..a0df64287bf4ba 100644 +index d72017d2a43c1e..6baad0da40495a 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,26 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20260317100950-3fc1e29e8efb ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd +## explicit; go 1.25 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig +github.com/golang-fips/openssl/v2/internal/fakecgo +github.com/golang-fips/openssl/v2/internal/ossl +github.com/golang-fips/openssl/v2/osslsetup -+# github.com/microsoft/go-crypto-darwin v0.0.3-0.20260317085126-9a7217034974 ++# github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b +## explicit; go 1.25 +github.com/microsoft/go-crypto-darwin/bbig +github.com/microsoft/go-crypto-darwin/internal/commoncrypto @@ -38276,7 +39992,7 @@ index d72017d2a43c1e..a0df64287bf4ba 100644 +github.com/microsoft/go-crypto-darwin/internal/security +github.com/microsoft/go-crypto-darwin/internal/xsyscall +github.com/microsoft/go-crypto-darwin/xcrypto -+# github.com/microsoft/go-crypto-winnative v0.0.0-20260307231751-f82d13314c5c ++# github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe +## explicit; go 1.25 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig From 093b1a1267fcbc35f048485fffdfcb66f1ef286e Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 14 May 2026 15:16:17 +0100 Subject: [PATCH 2/2] update OpenSSL --- .../0001-Vendor-external-dependencies.patch | 33 +++++++++++-------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index 9d368778e0..cbd39cdab5 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -151,7 +151,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../openssl/v2/osslsetup/init_cgo_unix.go | 31 + .../openssl/v2/osslsetup/init_nocgo_unix.go | 32 + .../openssl/v2/osslsetup/init_windows.go | 36 + - .../openssl/v2/osslsetup/osslsetup.go | 103 + + .../openssl/v2/osslsetup/osslsetup.go | 108 + .../openssl/v2/osslsetup/osslsetup_cgo.go | 11 + .../openssl/v2/osslsetup/osslsetup_nocgo.go | 21 + .../golang-fips/openssl/v2/params.go | 190 ++ @@ -273,7 +273,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 23 + - 265 files changed, 35744 insertions(+), 7 deletions(-) + 265 files changed, 35749 insertions(+), 7 deletions(-) create mode 100644 src/cmd/internal/telemetry/counter/deps_ignore.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/LICENSE create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/README.md @@ -2276,7 +2276,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 8703fad3b226c9..9f8df0036c955d 100644 +index 8703fad3b226c9..10ccf74f86ae3b 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -2285,17 +2285,17 @@ index 8703fad3b226c9..9f8df0036c955d 100644 ) + +require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce + github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b + github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe +) diff --git a/src/go.sum b/src/go.sum -index 43554ff45c183e..3d89135b77492f 100644 +index 43554ff45c183e..143b3063c17042 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd h1:Gy+X+bKvOprZMji5Fc4Js0BNha4Fw0nM+Ah3Bf53d0k= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd/go.mod h1:E+yPtdllHdy5S8YLMfcIRcqjqQySyiexqxxaLK7+cQQ= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce h1:Kl2/ytBV5nuKMGe6YNZsm3IEq9y1i0xjf/LUdAXBK9A= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce/go.mod h1:E+yPtdllHdy5S8YLMfcIRcqjqQySyiexqxxaLK7+cQQ= +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b h1:HADuteQytnLec1jmAOGPGCukWIxObrAm/CBYtVzuo5o= +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b/go.mod h1:QahyqOoEDhEJ08aC1WtiWq691LyNgXq3qrjI4QmdPzM= +github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe h1:WDbUuTTKY8VElMRA3JJ8Quvj9xK9GqEcTiBZ3BF+7mI= @@ -21157,10 +21157,10 @@ index 00000000000000..c4981aef84b42f +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go new file mode 100644 -index 00000000000000..991e9ed5ba5e21 +index 00000000000000..cbf60ff9f1462c --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go -@@ -0,0 +1,103 @@ +@@ -0,0 +1,108 @@ +//go:build !cmd_go_bootstrap + +package osslsetup @@ -21168,7 +21168,6 @@ index 00000000000000..991e9ed5ba5e21 +import ( + "errors" + "strconv" -+ "strings" + "sync" + "syscall" + @@ -21198,10 +21197,16 @@ index 00000000000000..991e9ed5ba5e21 +// contains ms_opensslallowuntested=1. Matches internal/godebug parsing: +// no whitespace trimming. +func godebugAllowUntested(godebug string) bool { -+ for _, kv := range strings.Split(godebug, ",") { -+ if kv == "ms_opensslallowuntested=1" { ++ const key = "ms_opensslallowuntested=1" ++ var start int = 0 ++ for i := 0; i <= len(godebug); i++ { ++ if i < len(godebug) && godebug[i] != ',' { ++ continue ++ } ++ if godebug[start:i] == key { + return true + } ++ start = i + 1 + } + return false +} @@ -39972,11 +39977,11 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index d72017d2a43c1e..6baad0da40495a 100644 +index d72017d2a43c1e..f352d97e430e89 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,26 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20260514023258-747562f362cd ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce +## explicit; go 1.25 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig