From af5b9e800b83104896f26087a20b514ab70e677d Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:21:54 +0100 Subject: [PATCH 001/106] Correction of typos and comments in header file --- src/AyonCppApi/AyonCppApi.h | 147 ++++++++++++++++++------------------ 1 file changed, 72 insertions(+), 75 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.h b/src/AyonCppApi/AyonCppApi.h index 37c2e70..d09d08b 100644 --- a/src/AyonCppApi/AyonCppApi.h +++ b/src/AyonCppApi/AyonCppApi.h @@ -16,14 +16,13 @@ /** * @class AyonApi - * @brief Central Ayon api class \n + * @brief Central Ayon api class * Class for exposing Ayon server functions to C++ users. Uses httplib internally for communication with the server - * */ class AyonApi { public: /** - * @brief constructor + * @brief Constructor */ AyonApi(const std::string &logFilePos, const std::string &authKey, @@ -32,137 +31,134 @@ class AyonApi { const std::string &siteId, std::optional concurrency = std::nullopt); /** - * @brief destructor + * @brief Destructor */ ~AyonApi(); /** - * @brief returns the stored apikey. Retrieved from the appropriate env variable. (the variable is loaded from - * loadEnvVars()) + * @brief Returns the stored API key. Passed in the constructor. */ std::string getKey(); /** - * @brief returns the stored AYON server url. Retrieved from the appropriate env variable. (the variable is - * loaded from loadEnvVars()) + * @brief Returns the stored AYON server URL. Passed in the constructor. */ std::string getUrl(); /** - * @brief runns a get command and returns the response body as std::string + * @brief Runs a GET command * - * @param endPoint reachable http / https endpoint - * @param headers http headers - * @param sucsessStatus define what http response code should be considered a success. + * @param endPoint Reachable HTTP/HTTPS endpoint + * @param headers HTTP headers + * @param successStatus Defines what HTTP response code should be considered a success. + * @return The response body as nlohmann::json */ nlohmann::json GET(const std::shared_ptr endPoint, const std::shared_ptr headers, - uint8_t sucsessStatus); + uint8_t successStatus); /** - * @brief post Request via a shared httplib client ( serial ) + * @brief POST request via a shared httplib client (serial) * - * @param endPoint the AYON enpoint to hit - * @param headers the http header that you want to send - * @param jsonPayload the payload in json format - * @param sucsessStatus defines what status code is considered a success and brakes the retry loop. + * @param endPoint The AYON endpoint to hit + * @param headers The HTTP headers to send + * @param jsonPayload The payload in JSON format + * @param successStatus Defines what status code is considered a success and breaks the retry loop + * @return The response body as nlohmann::json */ nlohmann::json SPOST(const std::shared_ptr endPoint, const std::shared_ptr headers, nlohmann::json jsonPayload, - const std::shared_ptr sucsessStatus); + const std::shared_ptr successStatus); /** - * @brief http post request utilizing the creation of a new httplib client ( Generative Async ) + * @brief HTTP POST request utilizing the creation of a new httplib client (Generative Async) * - * @param endPoint the AYON enpoint to hit - * @param headers the http header that you want to send - * @param jsonPayload the payload in json format - * @param sucsessStatus defines what status code is considered a success and brakes the retry loop. + * @param endPoint The AYON endpoint to hit + * @param headers The HTTP headers to send + * @param jsonPayload The payload in JSON format + * @param successStatus Defines what status code is considered a success and breaks the retry loop. + * @return The response body as nlohmann::json */ nlohmann::json CPOST(const std::shared_ptr endPoint, const std::shared_ptr headers, nlohmann::json jsonPayload, - const std::shared_ptr sucsessStatus); + const std::shared_ptr successStatus); /** - * @brief uses the uri resolve endpoint on the AYON server in order to resolve an uri path towards the local - * path \n gets the siteId from an variable stored in the class + * @brief Uses the URI resolve endpoint on the AYON server to resolve a URI path to the local path. + * Gets the siteId from a variable stored in the class. * - * @param uriPath + * @param uriPath The URI path to resolve. + * @return A pair containing the asset identifier (ayon:// path) and the machine local file location. */ std::pair resolvePath(const std::string &uriPath); - /** - * @brief resolves a vector off paths against the AYON server in an async way uses auto generated batch requests - * - * @param uriPaths - */ - std::unordered_map batchResolvePath(std::vector &uriPaths); /** - * @brief this function takes a ayon path uri response(resolved ayon://path) and returns a pair of - * assetIdentifier(ayon:// path) and the machine local file location + * @brief Resolves a vector of paths against the AYON server asynchronously using auto-generated batch requests. * - * @param uriResolverRespone json representation off the resolves the ayon/api/resolve endpoint returns + * @param uriPaths The vector of URI paths to resolve. + * @return An unordered map containing the resolved paths. */ - std::pair getAssetIdent(const nlohmann::json &uriResolverRespone); + std::unordered_map batchResolvePath(std::vector &uriPaths); /** - * @brief this function loads all needed varible into the class \n - * this will allso be called by the constructor + * @brief Takes an AYON path URI response (resolved ayon://path) and returns a pair of + * asset identifier (ayon:// path) and the machine local file location. * - * @return + * @param uriResolverResponse JSON representation of the response from the AYON API resolve endpoint. + * @return A pair containing the asset identifier and the machine local file location. */ - bool loadEnvVars(); + std::pair getAssetIdent(const nlohmann::json &uriResolverResponse); /** - * @brief get function for shared AyonLogger pointer used by this class instance + * @brief Get function for shared AyonLogger pointer used by this class instance */ std::shared_ptr logPointer(); /** - * @brief gets the site root overwrites for the current project. Current project is defined via an env variable + * @brief Gets the site root overwrites for the current project. Current project is defined via an env variable * for now */ std::unordered_map* getSiteRoots(); // TODO think about if this should only support current project or multiple projects /** - * @brief replaces {root[var]} for ayon:// paths + * @brief Replaces {root[var]} for ayon:// paths. * - * @param rootLessPath endpoint response for ayon://path with {root[var]} available if no root can be found the - * path will be returned as is + * @param rootLessPath Endpoint response for ayon://path with {root[var]}. + * If no root can be found, the path will be returned as is. */ std::string rootReplace(const std::string &rootLessPath); private: /** - * @brief calls the server in an serial way by sharing the AyonServer pointer + * @brief Calls the server in a serial way by sharing the AyonServer pointer. * - * @param endPoint endpoint that ayon resolve is loaded on - * @param headers http headers - * @param Payload json payload to be resolved by endpoint - * @param sucsessStatus defines what is considered a success response to break the retry loop + * @param endPoint Endpoint that AYON resolve is loaded on. + * @param headers HTTP headers. + * @param payload JSON payload to be resolved by endpoint. + * @param successStatus Defines what is considered a success response to break the retry loop. */ std::string serialCorePost(const std::string &endPoint, httplib::Headers headers, - std::string &Payload, - const int &sucsessStatus); + std::string &payload, + const int &successStatus); /** - * @brief calls the server while creating a new client instance to stay async + * @brief Calls the server while creating a new client instance to stay async. * - * @param endPoint endpoint that ayon resolve is loaded on - * @param headers http headers - * @param Payload json payload to be resolved by endpoint - * @param sucsessStatus defines what is considered a success response to break the retry loop + * @param endPoint Endpoint that AYON resolve is loaded on. + * @param headers HTTP headers. + * @param payload JSON payload to be resolved by endpoint. + * @param successStatus Defines what is considered a success response to break the retry loop. */ std::string GenerativeCorePost(const std::string &endPoint, httplib::Headers headers, - std::string &Payload, - const int &sucsessStatus); + std::string &payload, + const int &successStatus); /** - * @brief converts a vector off uris into an string to serve into CorePost funcs + * @brief Converts a vector of URIs into a string to serve into CorePost functions. * - * @param uriVec vector off str uris + * @param uriVec Vector of string URIs. */ std::string convertUriVecToString(const std::vector &uriVec); @@ -174,6 +170,7 @@ class AyonApi { const std::string m_authKey; const std::string m_serverUrl; std::string m_ayonProjectName; + httplib::Headers m_headers; // ---- Server Vars std::string m_siteId; @@ -181,33 +178,33 @@ class AyonApi { // --- Runtime Dep Vars - // Async Grp Generation Varibles + // Async Grp Generation Varaibles uint8_t m_minGrpSizeForAsyncRequests = 10; uint16_t m_regroupSizeForAsyncRequests = 200; uint16_t m_maxGroupSizeForAsyncRequests = 300; uint16_t m_minVecSizeForGroupSplitAsyncRequests = 50; - uint8_t m_maxCallRetrys = 8; - uint16_t m_retryWaight = 800; + uint8_t m_maxCallRetries = 8; + uint16_t m_retryWait = 800; /** - * @brief maximum number off threads that the cpu can handle at the same time. Will be set via constructor + * @brief maximum number of threads that the CPU can handle at the same time. Will be set via constructor */ const int m_num_threads; // set by constructor std::shared_ptr m_Log; std::string m_uriResolverEndpoint = "/api/resolve"; std::string m_uriResolverEndpointPathOnlyVar = "?pathOnly=true"; - bool m_pathOnlyReselution = true; + bool m_pathOnlyResolution = true; - std::mutex m_ConcurentRequestAfterffoMutex; - uint8_t m_maxConcurentRequestAfterffo = 8; + std::mutex m_ConcurrentRequestAfterffoMutex; + uint8_t m_maxConcurrentRequestAfterffo = 8; uint16_t m_GenerativeCorePostMaxLoopIterations = 200; - uint16_t m_connectionTimeOutMax = 200; - uint8_t m_readTimeOutMax = 160; + uint16_t m_connectionTimeoutMax = 200; + uint8_t m_readTimeoutMax = 160; /** - * @brief decides if the cpp api removes duplicates from batch request vector default is true + * @brief Decides if the cpp API removes duplicates from batch request vector. Default is true */ bool m_batchResolveOptimizeVector = true; @@ -215,12 +212,12 @@ class AyonApi { uint16_t m_RequestDelayWhenServerBusy = 10000; /** - * @brief this bool will be set to true if a 503 is encountered + * @brief This bool will be set to true if a 503 is encountered */ bool m_serverBusy = false; /** - * @brief needed for serial resolve operations. to lock acces to AyonServer shared pointer + * @brief Needed for serial resolve operations. to lock access to AyonServer shared pointer */ std::mutex m_AyonServerMutex; }; From 57b9b7ab31b1a5a89fc16ea7f3fbbff00c6ef915 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:22:43 +0100 Subject: [PATCH 002/106] Correction of typos and comments in source file --- src/AyonCppApi/AyonCppApi.cpp | 244 +++++++++++++++++----------------- 1 file changed, 122 insertions(+), 122 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 231be7f..3cd77cf 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -32,7 +32,7 @@ #include "backward.hpp" #include "perfPrinter.h" -// TODO implement the better Crash hanlder +// TODO implement the better Crash handler backward::StackTrace st; AyonApi::AyonApi(const std::string &logFilePos, @@ -99,24 +99,24 @@ AyonApi::rootReplace(const std::string &rootLessPath) { m_Log->info(m_Log->key("AyonApi"), "AyonApi::rootReplace({})", rootLessPath); std::string rootedPath; - std::smatch matchea; + std::smatch matchesA; std::regex rootFindPattern("\\{root\\[.*?\\]\\}"); - if (std::regex_search(rootLessPath, matchea, rootFindPattern)) { - std::string siteRootOverwriteName = matchea.str(0); - - std::smatch matcheb; - std::regex rootBraketPattern("\\[(.*?)\\]"); - if (std::regex_search(rootLessPath, matcheb, rootBraketPattern)) { - std::string breakedString = matcheb.str(0); - breakedString = breakedString.substr(1, breakedString.length() - 2); + if (std::regex_search(rootLessPath, matchesA, rootFindPattern)) { + std::string siteRootOverwriteName = matchesA.str(0); + + std::smatch matchesB; + std::regex rootBracketPattern("\\[(.*?)\\]"); + if (std::regex_search(rootLessPath, matchesB, rootBracketPattern)) { + std::string bracketedString = matchesB.str(0); + bracketedString = bracketedString.substr(1, bracketedString.length() - 2); try { - std::string replacement = m_siteRoots.at(breakedString); + std::string replacement = m_siteRoots.at(bracketedString); rootedPath = std::regex_replace(rootLessPath, rootFindPattern, replacement); m_Log->info(m_Log->key("AyonApi"), "AyonApi::rootReplace({}) rooted", rootedPath); return rootedPath; } catch (std::out_of_range &e) { - m_Log->warn("AyonApi::rootedPath error acured {}, list off available root replace str: "); + m_Log->warn("AyonApi::rootedPath error occurred {}, list of available root replace str: "); for (auto &g: m_siteRoots) { m_Log->warn("Key: {}, replacement: {}", g.first, g.second); } @@ -131,41 +131,41 @@ AyonApi::rootReplace(const std::string &rootLessPath) { nlohmann::json AyonApi::GET(const std::shared_ptr endPoint, const std::shared_ptr headers, - uint8_t sucsessStatus) { + uint8_t successStatus) { PerfTimer("AyonApi::GET"); m_Log->info(m_Log->key("AyonApi"), "AyonApi::GET({})", *endPoint); httplib::Result response; - int responeStatus; - uint8_t retryes = 0; - while (retryes <= m_maxCallRetrys) { + int responseStatus; + uint8_t retries = 0; + while (retries <= m_maxCallRetries) { try { response = m_AyonServer->Get(*endPoint, *headers); - responeStatus = response->status; - retryes++; + responseStatus = response->status; + retries++; - if (responeStatus == sucsessStatus) { + if (responseStatus == successStatus) { return nlohmann::json::parse(response->body); } else { - m_Log->info("AyonApi::serialCorePost wrong status code: {} expected: {}", responeStatus, sucsessStatus); - if (responeStatus == 401) { + m_Log->info("AyonApi::serialCorePost wrong status code: {} expected: {}", responseStatus, successStatus); + if (responseStatus == 401) { m_Log->warn("not logged in 401 "); return nlohmann::json(); } - if (responeStatus == 500) { + if (responseStatus == 500) { m_Log->warn("internal server error "); return nlohmann::json(); } std::this_thread::sleep_for(std::chrono::milliseconds( - responeStatus == m_ServerBusyCode ? m_RequestDelayWhenServerBusy : m_retryWaight)); + responseStatus == m_ServerBusyCode ? m_RequestDelayWhenServerBusy : m_retryWait)); } } // TODO error reason not printed catch (const httplib::Error &e) { - m_Log->warn("Request Failed because: {}"); + m_Log->warn("Request Failed because: {}"); // maybe just e - httplib::Error is just enum class break; } - m_Log->warn("The connection failed Rety now."); + m_Log->warn("The connection failed. Retry now."); } return nlohmann::json(); }; @@ -174,70 +174,70 @@ nlohmann::json AyonApi::SPOST(const std::shared_ptr endPoint, const std::shared_ptr headers, nlohmann::json jsonPayload, - const std::shared_ptr sucsessStatus) { + const std::shared_ptr successStatus) { PerfTimer("AyonApi::SPOST"); - m_Log->info(m_Log->key("AyonApi"), "AyonApi::SPOST endPoint: {}, jsonPayload: {}, sucsessStatus: {}", *endPoint, - jsonPayload.dump(), *sucsessStatus); + m_Log->info(m_Log->key("AyonApi"), "AyonApi::SPOST endPoint: {}, jsonPayload: {}, successStatus: {}", *endPoint, + jsonPayload.dump(), *successStatus); - nlohmann::json jsonRespne; + nlohmann::json jsonResponse; if (jsonPayload.empty()) { m_Log->info("JSON payload is empty. No request created"); - return jsonRespne; + return jsonResponse; } - if (endPoint == nullptr || headers == nullptr || sucsessStatus == nullptr) { - m_Log->error("One or more of the provided pointers are null: endPoint, headers, sucsessStatus."); + if (endPoint == nullptr || headers == nullptr || successStatus == nullptr) { + m_Log->error("One or more of the provided pointers are null: endPoint, headers, successStatus."); - return jsonRespne; + return jsonResponse; } m_AyonServerMutex.lock(); std::string payload = jsonPayload.dump(); - std::string rawResponse = serialCorePost(*endPoint, *headers, payload, *sucsessStatus); + std::string rawResponse = serialCorePost(*endPoint, *headers, payload, *successStatus); if (!rawResponse.empty()) { - jsonRespne = nlohmann::json::parse(rawResponse)[0]; // TODO figure out why this is isnt the same as CPOST and - // find a better way to make shure its not a array + jsonResponse = nlohmann::json::parse(rawResponse)[0]; // TODO figure out why this is isnt the same as CPOST and + // find a better way to make sure its not an array } else { - m_Log->warn("SPOST cant phrase JSON // response empty"); + m_Log->warn("SPOST can't parse JSON // response empty"); } m_AyonServerMutex.unlock(); - return jsonRespne; + return jsonResponse; }; nlohmann::json AyonApi::CPOST(const std::shared_ptr endPoint, const std::shared_ptr headers, nlohmann::json jsonPayload, - const std::shared_ptr sucsessStatus) { + const std::shared_ptr successStatus) { PerfTimer("AyonApi::CPOST"); - m_Log->info(m_Log->key("AyonApi"), "AyonApi::CPOST endPoint: {}, jsonPayload: {}, sucsessStatus: {}", *endPoint, - jsonPayload.dump(), *sucsessStatus); - nlohmann::json jsonRespne; + m_Log->info(m_Log->key("AyonApi"), "AyonApi::CPOST endPoint: {}, jsonPayload: {}, successStatus: {}", *endPoint, + jsonPayload.dump(), *successStatus); + nlohmann::json jsonResponse; if (jsonPayload.empty()) { m_Log->info("JSON payload is empty. No request created"); - return jsonRespne; + return jsonResponse; } - if (endPoint == nullptr || headers == nullptr || sucsessStatus == nullptr) { - m_Log->error("One or more of the provided pointers are null: endPoint, headers, sucsessStatus"); + if (endPoint == nullptr || headers == nullptr || successStatus == nullptr) { + m_Log->error("One or more of the provided pointers are null: endPoint, headers, successStatus"); - return jsonRespne; + return jsonResponse; } std::string payload = jsonPayload.dump(); - std::string rawResponse = GenerativeCorePost(*endPoint, *headers, payload, *sucsessStatus); + std::string rawResponse = GenerativeCorePost(*endPoint, *headers, payload, *successStatus); if (!rawResponse.empty()) { - jsonRespne = nlohmann::json::parse(rawResponse); + jsonResponse = nlohmann::json::parse(rawResponse); } else { - m_Log->warn("CPOST cant phrase JSON // response empty"); + m_Log->warn("CPOST can't parse JSON // response empty"); } - return jsonRespne; + return jsonResponse; }; // TODO change the pointer work in here because the pointers consume more data that coping would std::pair @@ -252,11 +252,11 @@ AyonApi::resolvePath(const std::string &uriPath) { std::pair resolvedAsset; nlohmann::json jsonPayload = {{"resolveRoots", false}, {"uris", nlohmann::json::array({uriPath})}}; httplib::Headers headers = {{"X-ayon-site-id", m_siteId}}; - uint8_t sucsessStatus = 200; + uint8_t successStatus = 200; nlohmann::json response = SPOST(std::make_shared(m_uriResolverEndpoint + m_uriResolverEndpointPathOnlyVar), - std::make_shared(headers), jsonPayload, std::make_shared(sucsessStatus)); + std::make_shared(headers), jsonPayload, std::make_shared(successStatus)); resolvedAsset = getAssetIdent(response); return resolvedAsset; @@ -277,7 +277,7 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { if (m_batchResolveOptimizeVector) { { - PerfTimer("AyonApi::batchResolvePath::sanatizeVector"); + PerfTimer("AyonApi::batchResolvePath::sanitizeVector"); std::set s; unsigned size = uriPaths.size(); @@ -294,7 +294,7 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { = std::make_shared(httplib::Headers{{"X-ayon-site-id", m_siteId}}); std::shared_ptr batchResolveEndpoint; - if (m_pathOnlyReselution) { + if (m_pathOnlyResolution) { batchResolveEndpoint = std::make_shared(std::string_view(m_uriResolverEndpoint + m_uriResolverEndpointPathOnlyVar)); } @@ -309,20 +309,20 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { int groupSize; int groupAmount; - // set defaults for the grouping incase the vector is to small + // set defaults for the grouping in case the vector is too small groupSize = uriPathsVecSize; groupAmount = 1; grpReason = "The vector is too small."; - // check what scaling the groups schould have + // check what scaling the groups should have if (uriPathsVecSize > m_minVecSizeForGroupSplitAsyncRequests) { - // vector size is large eonught to build groups + // vector size is large enough to build groups // double result = static_cast(uriPathsVecSize) / num_threads; groupSize = std::ceil(static_cast(uriPathsVecSize) / m_num_threads); if (groupSize > m_minGrpSizeForAsyncRequests) { - // the group size is lagre enought to build groups from them + // the group size is large enough to build groups from them if (groupSize < m_maxGroupSizeForAsyncRequests) { - // now its bigger than 5 and smaller than 500 + // now it's bigger than 5 and smaller than 500 // now we can just generate a group per thread and set the group amount groupSize = std::ceil(static_cast(uriPathsVecSize) / m_num_threads); groupAmount = std::floor(static_cast(uriPathsVecSize) / groupSize); @@ -331,7 +331,7 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { grpReason = "5> <500 build group amount by size"; } else { - // the groups are to beig + // the groups are too big // we have to generate more groups than we have threads groupSize = m_regroupSizeForAsyncRequests; groupAmount = std::floor(static_cast(uriPathsVecSize) / m_regroupSizeForAsyncRequests); @@ -339,7 +339,7 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { } } else { - // the groups are to small so we build groups by size + // the groups are too small so we build groups by size groupSize = std::min((int)m_regroupSizeForAsyncRequests, uriPathsVecSize); groupAmount = std::floor(static_cast(uriPathsVecSize) / groupSize); @@ -347,7 +347,7 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { } } m_Log->info( - "AyonApi::batchResolvePath Build groups with grpSize: {} grpAmount: {} grouingReason: {} vectorSize: {}", + "AyonApi::batchResolvePath Build groups with grpSize: {} grpAmount: {} groupingReason: {} vectorSize: {}", groupSize, groupAmount, grpReason, uriPathsVecSize); int groupStartPos = 0; @@ -357,7 +357,7 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { std::string perTimerLoopName = "AyonApi::batchResolvePath Thread Loop: " + std::to_string(thread); PerfTimer(perTimerLoopName.c_str()); - // check if we are to close to the end and extend the group to catch all the data and end the loop + // check if we are too close to the end and extend the group to catch all the data and end the loop if (uriPathsVecSize - groupEndPos < groupSize + (groupSize / 2)) { m_Log->info("the group with the threadId: {} It is too close to the end. This group will be extended. ", @@ -390,24 +390,24 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { }; // TODO make it so that hero version is chosen if available std::pair -AyonApi::getAssetIdent(const nlohmann::json &uriResolverRespone) { +AyonApi::getAssetIdent(const nlohmann::json &uriResolverResponse) { PerfTimer("AyonApi::getAssetIdent"); - m_Log->info(m_Log->key("AyonApi"), "AyonApi::getAssetIdent({})", uriResolverRespone.dump()); + m_Log->info(m_Log->key("AyonApi"), "AyonApi::getAssetIdent({})", uriResolverResponse.dump()); std::pair AssetIdent; - if (uriResolverRespone.empty()) { + if (uriResolverResponse.empty()) { return AssetIdent; } try { - AssetIdent.first = uriResolverRespone.at("uri"); - if (uriResolverRespone.at("entities").size() > 1) { - m_Log->warn("Uri reselution returned more than one path (%s)", uriResolverRespone.at("entities").dump()); + AssetIdent.first = uriResolverResponse.at("uri"); + if (uriResolverResponse.at("entities").size() > 1) { + m_Log->warn("Uri resolution returned more than one path (%s)", uriResolverResponse.at("entities").dump()); } AssetIdent.second = rootReplace( - uriResolverRespone.at("entities").at(uriResolverRespone.at("entities").size() - 1).at("filePath")); + uriResolverResponse.at("entities").at(uriResolverResponse.at("entities").size() - 1).at("filePath")); } catch (const nlohmann::json::exception &e) { - m_Log->warn("asset identification cant be generated {}", uriResolverRespone.dump()); + m_Log->warn("asset identification can't be generated {}", uriResolverResponse.dump()); } return AssetIdent; }; @@ -431,42 +431,42 @@ std::string AyonApi::serialCorePost(const std::string &endPoint, httplib::Headers headers, std::string &Payload, - const int &sucsessStatus) { + const int &successStatus) { PerfTimer("AyonApi::serialCorePost"); - m_Log->info(m_Log->key("AyonApi"), "AyonApi::serialCorePost() endPoint: {}, Payload: {}, sucsessStatus: {}", - endPoint, Payload, sucsessStatus); + m_Log->info(m_Log->key("AyonApi"), "AyonApi::serialCorePost() endPoint: {}, Payload: {}, successStatus: {}", + endPoint, Payload, successStatus); httplib::Result response; - int responeStatus; - uint8_t retryes = 0; - while (retryes <= m_maxCallRetrys) { + int responseStatus; + uint8_t retries = 0; + while (retries <= m_maxCallRetries) { try { response = m_AyonServer->Post(endPoint, headers, Payload, "application/json"); - responeStatus = response->status; - retryes++; + responseStatus = response->status; + retries++; - if (responeStatus == sucsessStatus) { + if (responseStatus == successStatus) { return response->body; } else { - m_Log->info("AyonApi::serialCorePost wrong status code: {} expected: {}", responeStatus, sucsessStatus); - if (responeStatus == 401) { + m_Log->info("AyonApi::serialCorePost wrong status code: {} expected: {}", responseStatus, successStatus); + if (responseStatus == 401) { m_Log->warn("not logged in 401 "); return ""; } - if (responeStatus == 500) { + if (responseStatus == 500) { m_Log->warn("internal server error "); return ""; } std::this_thread::sleep_for(std::chrono::milliseconds( - responeStatus == m_ServerBusyCode ? m_RequestDelayWhenServerBusy : m_retryWaight)); + responseStatus == m_ServerBusyCode ? m_RequestDelayWhenServerBusy : m_retryWait)); } } // TODO error reason not printed catch (const httplib::Error &e) { m_Log->warn("Request Failed because: {}"); break; } - m_Log->warn("The connection failed Rety now."); + m_Log->warn("The connection failed. Retry now."); } return ""; }; @@ -475,41 +475,41 @@ std::string AyonApi::GenerativeCorePost(const std::string &endPoint, httplib::Headers headers, std::string &Payload, - const int &sucsessStatus) { + const int &successStatus) { PerfTimer("AyonApi::GenerativeCorePost"); - m_Log->info(m_Log->key("AyonApi"), "AyonApi::GenerativeCorePost() endPoint: {}, Payload: {}, sucsessStatus: {}", - endPoint, Payload, sucsessStatus); + m_Log->info(m_Log->key("AyonApi"), "AyonApi::GenerativeCorePost() endPoint: {}, Payload: {}, successStatus: {}", + endPoint, Payload, successStatus); httplib::Client AyonServerClient(m_serverUrl); AyonServerClient.set_bearer_token_auth(m_authKey); - AyonServerClient.set_connection_timeout(m_connectionTimeOutMax); - AyonServerClient.set_read_timeout(m_readTimeOutMax); + AyonServerClient.set_connection_timeout(m_connectionTimeoutMax); + AyonServerClient.set_read_timeout(m_readTimeoutMax); httplib::Result response; - int responeStatus; - uint8_t retryes = 0; - bool ffoLocking = false; - uint16_t loopIertaion = 0; - while (retryes <= m_maxCallRetrys || m_GenerativeCorePostMaxLoopIterations > loopIertaion) { - loopIertaion++; + int responseStatus; + uint8_t retries = 0; + bool ffoLock = false; + uint16_t loopIteration = 0; + while (retries <= m_maxCallRetries || m_GenerativeCorePostMaxLoopIterations > loopIteration) { + loopIteration++; m_Log->info("AyonApi::GenerativeCorePost while loop thread {} iteration {}", - std::hash{}(std::this_thread::get_id()), loopIertaion); + std::hash{}(std::this_thread::get_id()), loopIteration); - if (ffoLocking) { - m_ConcurentRequestAfterffoMutex.lock(); - m_Log->info("AyonApi::GenerativeCorePost ffoLocking enabled"); - if (m_maxConcurentRequestAfterffo >= 1) { - m_maxConcurentRequestAfterffo--; + if (ffoLock) { + m_ConcurrentRequestAfterffoMutex.lock(); + m_Log->info("AyonApi::GenerativeCorePost ffoLock enabled"); + if (m_maxConcurrentRequestAfterffo >= 1) { + m_maxConcurrentRequestAfterffo--; m_Log->info("AyonApi::GenerativeCorePost thread pool open available: {}", - m_maxConcurentRequestAfterffo); + m_maxConcurrentRequestAfterffo); - m_ConcurentRequestAfterffoMutex.unlock(); + m_ConcurrentRequestAfterffoMutex.unlock(); } else { m_Log->info("AyonApi::GenerativeCorePost Thread pool closed"); - m_ConcurentRequestAfterffoMutex.unlock(); + m_ConcurrentRequestAfterffoMutex.unlock(); std::this_thread::sleep_for(std::chrono::milliseconds(800)); continue; } @@ -519,37 +519,37 @@ AyonApi::GenerativeCorePost(const std::string &endPoint, try { response = AyonServerClient.Post(endPoint, headers, Payload, "application/json"); - responeStatus = response->status; - retryes++; - if (ffoLocking) { - m_ConcurentRequestAfterffoMutex.lock(); - m_maxConcurentRequestAfterffo++; - m_ConcurentRequestAfterffoMutex.unlock(); + responseStatus = response->status; + retries++; + if (ffoLock) { + m_ConcurrentRequestAfterffoMutex.lock(); + m_maxConcurrentRequestAfterffo++; + m_ConcurrentRequestAfterffoMutex.unlock(); } - if (responeStatus == sucsessStatus) { + if (responseStatus == successStatus) { m_Log->info("AyonApi::GenerativeCorePost The request worked, unlocking and returning. "); return response->body; } else { - if (responeStatus == m_ServerBusyCode) { + if (responseStatus == m_ServerBusyCode) { m_Log->warn("AyonApi::GenerativeCorePost The server responded with 503"); - retryes = 0; - ffoLocking = true; + retries = 0; + ffoLock = true; continue; } - if (responeStatus == 401) { + if (responseStatus == 401) { m_Log->warn("not logged in 401 "); return ""; } - if (responeStatus == 500) { + if (responseStatus == 500) { m_Log->warn("internal server error "); return ""; } - m_Log->info("AyonApi::GenerativeCorePost wrong status code: {} expected: {} retrying", responeStatus, - sucsessStatus); - std::this_thread::sleep_for(std::chrono::milliseconds(m_retryWaight)); + m_Log->info("AyonApi::GenerativeCorePost wrong status code: {} expected: {} retrying", responseStatus, + successStatus); + std::this_thread::sleep_for(std::chrono::milliseconds(m_retryWait)); continue; } } // TODO error reason not printed @@ -560,7 +560,7 @@ AyonApi::GenerativeCorePost(const std::string &endPoint, } m_Log->warn( - "AyonApi::GenerativeCorePost Too many resolve retries without the correct response code for: {}, on: {}", + "AyonApi::GenerativeCorePost Too many resolve retries without the correct response code for: {}, on: {}", Payload, endPoint); return ""; }; @@ -573,7 +573,7 @@ AyonApi::convertUriVecToString(const std::vector &uriVec) { std::string payload = R"({{"resolveRoots": true,"uris": [)"; - for (int i = 0; i <= int(uriVec.size()); i++) { + for (size_t i = 0; i <= uriVec.size(); i++) { payload += uriVec[i]; } From 3769082659d705ff15e12d58a75a7e8f2f933b17 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:32:15 +0100 Subject: [PATCH 003/106] Small adjustments in Instrumentor --- src/AyonCppApi/Instrumentor.h | 40 ++++++++++++++--------------------- 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/src/AyonCppApi/Instrumentor.h b/src/AyonCppApi/Instrumentor.h index c826d69..3b78613 100644 --- a/src/AyonCppApi/Instrumentor.h +++ b/src/AyonCppApi/Instrumentor.h @@ -10,13 +10,13 @@ #include struct ProfileResult { - std::string Name; - long long Start, End; - uint32_t ThreadID; + std::string Name; + long long Start, End; + uint32_t ThreadID; }; struct InstrumentationSession { - std::string Name; + std::string Name; }; class Instrumentor { @@ -30,16 +30,14 @@ class Instrumentor { Instrumentor(): m_CurrentSession(nullptr), m_ProfileCount(0) { } - void - BeginSession(const std::string &name, const std::string &filepath = "results.json") { + void BeginSession(const std::string &name, const std::string &filepath = "results.json") { std::lock_guard lock(m_Mutex); // Lock mutex for critical section m_OutputStream.open(filepath); WriteHeader(); m_CurrentSession = new InstrumentationSession{name}; } - void - EndSession() { + void EndSession() { WriteFooter(); m_OutputStream.close(); delete m_CurrentSession; @@ -47,14 +45,12 @@ class Instrumentor { m_ProfileCount = 0; } - void - WriteProfileAsync(const ProfileResult &result) { - std::future async = std::async(std::launch::async, [this, result]() { WriteProfile(result); }); - async.get(); + void WriteProfileAsync(const ProfileResult &result) { + std::future asyncResult = std::async(std::launch::async, [this, result]() { WriteProfile(result); }); + asyncResult.get(); } - void - WriteProfile(const ProfileResult &result) { + void WriteProfile(const ProfileResult &result) { std::lock_guard lock(m_Mutex); // Lock mutex for critical section if (m_ProfileCount++ > 0) m_OutputStream << ","; @@ -75,20 +71,17 @@ class Instrumentor { m_OutputStream.flush(); } - void - WriteHeader() { + void WriteHeader() { m_OutputStream << "{\"otherData\": {},\"traceEvents\":["; m_OutputStream.flush(); } - void - WriteFooter() { + void WriteFooter() { m_OutputStream << "]}"; m_OutputStream.flush(); } - static Instrumentor & - Get() { + static Instrumentor & Get() { static Instrumentor instance; return instance; } @@ -105,13 +98,12 @@ class InstrumentationTimer { Stop(); } - void - Stop() { + void Stop() { auto endTimepoint = std::chrono::high_resolution_clock::now(); - long long start + long long start = std::chrono::time_point_cast(m_StartTimepoint).time_since_epoch().count(); - long long end + long long end = std::chrono::time_point_cast(endTimepoint).time_since_epoch().count(); uint32_t threadID = std::hash{}(std::this_thread::get_id()); From e3029f0cd2592104dea6e4decffbcaaa7a94749f Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:35:13 +0100 Subject: [PATCH 004/106] Small typos correction, the time calculation bug fixed --- src/AyonCppApi/perfPrinter.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/AyonCppApi/perfPrinter.h b/src/AyonCppApi/perfPrinter.h index 21f9cb6..73a6b8b 100644 --- a/src/AyonCppApi/perfPrinter.h +++ b/src/AyonCppApi/perfPrinter.h @@ -8,7 +8,7 @@ struct perfStats { std::chrono::time_point endTime; std::string StatName; std::string HeaderText; - std::string FoderText; + std::string FooterText; std::string Note; std::vector extraInfo; bool Stop = false; @@ -26,8 +26,7 @@ class perfPrinter { this->printStats(); }; - void - printStats() { + void printStats() { std::cout << currentRunStats.StatName << "\n" << currentRunStats.HeaderText << "\n" << currentRunStats.Note << "\n"; @@ -38,11 +37,11 @@ class perfPrinter { .time_since_epoch() .count(); - long long castEndTime + long long castedEndTime = std::chrono::time_point_cast(std::chrono::high_resolution_clock::now()) .time_since_epoch() .count(); - std::cout << "Execution Time: " << castedStartTime - castEndTime << "\n"; + std::cout << "Execution Time: " << castedEndTime - castedStartTime << "\n"; std::cout << "ThreadId: " << std::hash{}(std::this_thread::get_id()) << "\n"; @@ -50,6 +49,6 @@ class perfPrinter { for (const std::string &infoEntry: currentRunStats.extraInfo) { std::cout << infoEntry << "\n"; } - std::cout << currentRunStats.FoderText << std::endl; + std::cout << currentRunStats.FooterText << std::endl; }; }; From f7637b5c142519289e088d495401c7b18605fbe9 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:38:52 +0100 Subject: [PATCH 005/106] Typo in file name correction in CMakeList --- src/AyonCppApi/CMakeLists.txt | 2 +- src/AyonCppApi/{appDataFoulder.h => appDataFolder.h} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename src/AyonCppApi/{appDataFoulder.h => appDataFolder.h} (100%) diff --git a/src/AyonCppApi/CMakeLists.txt b/src/AyonCppApi/CMakeLists.txt index 11a31f6..16d9129 100755 --- a/src/AyonCppApi/CMakeLists.txt +++ b/src/AyonCppApi/CMakeLists.txt @@ -43,6 +43,6 @@ install ( ) install ( - FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h + FILES AyonCppApi.h appDataFolder.h devMacros.h Instrumentor.h DESTINATION include ) diff --git a/src/AyonCppApi/appDataFoulder.h b/src/AyonCppApi/appDataFolder.h similarity index 100% rename from src/AyonCppApi/appDataFoulder.h rename to src/AyonCppApi/appDataFolder.h From f46d214f5990ed0fba67c4590562c16ae8de5bc6 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:44:02 +0100 Subject: [PATCH 006/106] Typo in file name correction in header file include --- src/AyonCppApi/AyonCppApi.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AyonCppApi/AyonCppApi.h b/src/AyonCppApi/AyonCppApi.h index d09d08b..82f61df 100644 --- a/src/AyonCppApi/AyonCppApi.h +++ b/src/AyonCppApi/AyonCppApi.h @@ -10,7 +10,7 @@ #include #include #include "lib/ynput/lib/logging/AyonLogger.hpp" -#include "appDataFoulder.h" +#include "appDataFolder.h" #include "httplib.h" #include "nlohmann/json_fwd.hpp" From c9b2b7353a31db1c4562f64cf3107b01f6298b00 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:55:06 +0100 Subject: [PATCH 007/106] Typos and inconsistence correction --- test/GTestMain.cpp | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index 5d37241..fab8135 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -9,8 +9,7 @@ nlohmann::json JsonFile; -AyonApi -getApiInstance() { +AyonApi getApiInstance() { std::string AYON_API_KEY("SuperSaveTestKey"); std::string AYON_SERVER_URL("http://localhost:8003"); std::string AYON_SITE_ID("TestId"); @@ -21,14 +20,13 @@ getApiInstance() { return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); } -TEST(AyonCppApi, AyonCppApiCreaion) { +TEST(AyonCppApi, AyonCppApiCreation) { AyonApi Test = getApiInstance(); } TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { Instrumentor::Get().BeginSession("Profile", "bin/profSerial.json"); AyonApi Api = getApiInstance(); - nlohmann::json JsonFileStage = JsonFile["Resolve"]; bool RunOnlyOneResolveIteration = false; bool printResult = true; @@ -40,10 +38,9 @@ TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { std::cout << std::endl; } -TEST(AyonCppApi, AyonCppApiBathResolveRootReplace) { +TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { Instrumentor::Get().BeginSession("Profile", "bin/profBatch.json"); AyonApi Api = getApiInstance(); - nlohmann::json JsonFileStage = JsonFile["Resolve"]; bool RunOnlyOneResolveIteration = false; bool printResult = true; @@ -55,8 +52,7 @@ TEST(AyonCppApi, AyonCppApiBathResolveRootReplace) { std::cout << std::endl; } -int -main(int argc, char** argv) { +int main(int argc, char** argv) { std::ifstream file("test/testData.json"); if (!file.is_open()) { std::cerr << "Failed to open file!" << std::endl; From b0fea84dcb7ce741a4069d8ca97bb72f7d945d9b Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 11:55:13 +0100 Subject: [PATCH 008/106] Typos and inconsistence correction --- test/AyonCppApiTestsMain.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/test/AyonCppApiTestsMain.cpp b/test/AyonCppApiTestsMain.cpp index 33c0c0a..60c7f60 100644 --- a/test/AyonCppApiTestsMain.cpp +++ b/test/AyonCppApiTestsMain.cpp @@ -8,12 +8,12 @@ bool AyonCppApiTest::test_SimpleResolve(nlohmann::json &JsonFile, const bool &RunOnlyOnce, const bool &Print, AyonApi &Api) { - nlohmann::json JsonFileStage = JsonFile["Resolve"]; + nlohmann::json jsonFileStage = JsonFile["Resolve"]; - for (auto it = JsonFileStage.begin(); it != JsonFileStage.end(); it++) { - std::pair test = Api.resolvePath(it.key()); + for (const auto& item : jsonFileStage.items()) { + std::pair test = Api.resolvePath(item.key()); - if (test.second != JsonFileStage[it.key()]["RootResolved"]) { + if (test.second != item.value()["RootResolved"]) { return false; } if (Print) { @@ -28,21 +28,21 @@ AyonCppApiTest::test_SimpleResolve(nlohmann::json &JsonFile, const bool &RunOnly bool AyonCppApiTest::test_BatchResolve(nlohmann::json &JsonFile, const bool &Print, AyonApi &Api) { - nlohmann::json JsonFileStage = JsonFile["Resolve"]; + nlohmann::json jsonFileStage = JsonFile["Resolve"]; std::vector uriListSource; - for (auto it = JsonFileStage.begin(); it != JsonFileStage.end(); it++) { - uriListSource.push_back(it.key()); + for (const auto& item : jsonFileStage.items()) { + uriListSource.push_back(item.key()); } std::unordered_map test = Api.batchResolvePath(uriListSource); - for (std::pair element: test) { + for (const auto& element : test) { if (Print) { std::cout << "BatchTest Run Result: " << element.first << " / " << element.second; } - if (JsonFileStage.find(element.first) != JsonFileStage.end()) { - if (element.second != JsonFileStage[element.first]["RootResolved"]) { + if (jsonFileStage.find(element.first) != jsonFileStage.end()) { + if (element.second != jsonFileStage[element.first]["RootResolved"]) { return false; } } From 0562879215b1f9502c9afaf985dec18247822f67 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 7 Feb 2025 14:25:08 +0100 Subject: [PATCH 009/106] TODOs for adding the exception message to warning - DONE --- src/AyonCppApi/AyonCppApi.cpp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 3cd77cf..be0770b 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -160,9 +160,10 @@ AyonApi::GET(const std::shared_ptr endPoint, std::this_thread::sleep_for(std::chrono::milliseconds( responseStatus == m_ServerBusyCode ? m_RequestDelayWhenServerBusy : m_retryWait)); } - } // TODO error reason not printed + + } catch (const httplib::Error &e) { - m_Log->warn("Request Failed because: {}"); // maybe just e - httplib::Error is just enum class + m_Log->warn("Request Failed because: {}", httplib::to_string(e)); break; } m_Log->warn("The connection failed. Retry now."); @@ -461,9 +462,9 @@ AyonApi::serialCorePost(const std::string &endPoint, std::this_thread::sleep_for(std::chrono::milliseconds( responseStatus == m_ServerBusyCode ? m_RequestDelayWhenServerBusy : m_retryWait)); } - } // TODO error reason not printed + } catch (const httplib::Error &e) { - m_Log->warn("Request Failed because: {}"); + m_Log->warn("Request Failed because: {}", httplib::to_string(e)); break; } m_Log->warn("The connection failed. Retry now."); @@ -552,9 +553,9 @@ AyonApi::GenerativeCorePost(const std::string &endPoint, std::this_thread::sleep_for(std::chrono::milliseconds(m_retryWait)); continue; } - } // TODO error reason not printed + } catch (const httplib::Error &e) { - m_Log->warn("AyonApi::GenerativeCorePost Request Failed because: {}"); + m_Log->warn("AyonApi::GenerativeCorePost Request Failed because: {}", httplib::to_string(e));); break; } } From 97f77cf09e5d37829238052596a49cc78d607a2b Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Thu, 13 Feb 2025 14:43:41 +0100 Subject: [PATCH 010/106] All possible solutions - messy source file (tmp version) --- src/AyonCppApi/AyonCppApi.cpp | 360 ++++++++++++++++++++++++++++++++-- src/AyonCppApi/AyonCppApi.h | 20 ++ 2 files changed, 366 insertions(+), 14 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 231be7f..ab6c989 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -30,22 +30,220 @@ #include #include #include "backward.hpp" +// #ifdef CPPHTTPLIB_OPENSSL_SUPPORT +// #include +// #include +// #include +// #include +// #endif #include "perfPrinter.h" // TODO implement the better Crash hanlder backward::StackTrace st; +// AyonApi::AyonApi(const std::string &logFilePos, +// const std::string &authKey, +// const std::string &serverUrl, +// const std::string &ayonProjectName, +// const std::string &siteId, +// std::optional concurrency): +// m_num_threads(concurrency.value_or(std::max(int(std::thread::hardware_concurrency() / 2), 1))), +// m_authKey(authKey), +// m_serverUrl(serverUrl), +// m_ayonProjectName(ayonProjectName), +// m_siteId(siteId) { +// PerfTimer("AyonApi::AyonApi"); + +// // ----------- Init m_Logger +// std::filesystem::path logFileName = "logFile.json"; +// std::filesystem::path basePath = logFilePos; +// std::filesystem::path logFilePath = std::filesystem::absolute(basePath) / logFileName; + +// if (std::filesystem::exists(logFilePath)) { +// logFilePath = std::filesystem::canonical(logFilePath); +// } +// else { +// std::filesystem::create_directories(logFilePath.parent_path()); +// } + +// m_Log = std::make_shared(AyonLogger::getInstance(logFilePath.string())); +// m_Log->LogLevlWarn(); + +// m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); +// m_AyonServer = std::make_unique(m_serverUrl); + +// if (isSSL()) { +// m_headers = { +// {"X-Api-Key", m_authKey}, +// {"X-ayon-platform", "linux"}, +// }; + +// X509_STORE* store = X509_STORE_new(); +// if (store) { +// std::cout << "X509_STORE created." << std::endl; + +// // This function loads the default system locations for CA certificates. +// if (X509_STORE_set_default_paths(store) != 1) { +// std::cout << "X509_STORE_set_default_paths failed." << std::endl; +// } +// // m_AyonServer->set_ca_cert_store(store); +// } else { +// std::cout << "Failed to create X509_STORE." << std::endl; +// } + +// m_AyonServer->enable_server_certificate_verification(true); + +// // #ifdef CPPHTTPLIB_OPENSSL_SUPPORT +// // const char* cerFilePath = std::getenv("SSL_CERT_FILE"); +// // std::cout << "SSL_CERT_FILE: " << (cerFilePath ? cerFilePath : "not set") << std::endl; + +// // if (!cerFilePath) { +// // m_Log->warn("SSL_CERT_FILE not set. Using OpenSSL default verify paths."); + +// // X509_STORE* store = X509_STORE_new(); +// // if (store) { +// // std::cout << "X509_STORE created." << std::endl; + +// // // This function loads the default system locations for CA certificates. +// // if (X509_STORE_set_default_paths(store) != 1) { +// // std::cout << "X509_STORE_set_default_paths failed." << std::endl; +// // } +// // m_AyonServer->set_ca_cert_store(store); +// // } else { +// // std::cout << "Failed to create X509_STORE." << std::endl; +// // } +// // } else { +// // m_AyonServer->set_ca_cert_path(cerFilePath); +// // } + +// // m_AyonServer->enable_server_certificate_verification(true); + +// // m_headers = { +// // {"X-Api-Key", m_authKey}, +// // {"X-ayon-platform", "linux"}, +// // }; +// // #else +// // m_Log->error("OpenSSL support not enabled."); +// // #endif +// } else { +// m_AyonServer->set_bearer_token_auth(m_authKey); +// m_headers = {}; +// } + +// auto res = m_AyonServer->Get("/api/info", m_headers); + +// auto test_response = m_AyonServer->Get( +// "/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", +// m_headers +// ); + +// if (test_response) { +// std::cout << "Response: " << test_response->status << std::endl; +// std::cout << "Response body: " << test_response->body << std::endl; +// } else { +// std::cout << "Response is null." << std::endl; +// std::cout << "Response error: " << test_response.error() << std::endl; +// } + +// // if (isSSL()) { +// // const char* cerFilePath = std::getenv("SSL_CERT_FILE"); +// // std::cout << "SSL_CERT_FILE: " << (cerFilePath ? cerFilePath : "not set") << std::endl; + +// // if (!cerFilePath) { +// // m_Log->warn("SSL_CERT_FILE not set."); + +// // // Define default paths for Windows and Linux +// // // WRONG APPROACH +// // std::string defaultCertPath; +// // #ifdef _WIN32 +// // defaultCertPath = "C:\\Program Files\\Common Files\\SSL\\certs"; +// // #else +// // defaultCertPath = "/etc/ssl/certs"; +// // // defaultCertPath = "/invalid/path/to/certs"; +// // #endif + +// // // Check if the default path exists +// // if (std::filesystem::exists(defaultCertPath)) { +// // std::cout << "Default certificate path FOUND." << std::endl; +// // m_AyonServer->set_ca_cert_path("", defaultCertPath.c_str()); +// // } else { +// // m_Log->warn("Default certificate path not found. Using embedded certificate."); + +// // std::string pathToTempCert = "/home/tadeas/ynput/ayon-cpp-api-buildtest/test/certificate.crt"; + +// // if (std::filesystem::exists(pathToTempCert)) { +// // m_AyonServer->set_ca_cert_path(pathToTempCert.c_str()); +// // } else { +// // m_Log->error("Failed to create CA cert store from embedded certificate."); +// // } +// // } +// // } else { +// // m_AyonServer->set_ca_cert_path(cerFilePath); +// // } + +// // m_AyonServer->enable_server_certificate_verification(true); + +// // m_headers = { +// // {"X-Api-Key", m_authKey} +// // }; + +// // } else { +// // m_AyonServer->set_bearer_token_auth(m_authKey); +// // m_headers = {}; +// // // m_headers = {{"X-ayon-site-id", m_siteId}}; +// // } + +// m_Log->info(m_Log->key("AyonApi"), "Constructor Getting Site Roots"); +// getSiteRoots(); +// }; +std::string parseOutput(std::string& output) { + // Parse the output to extract the directory path + std::string::size_type start = output.find('"'); + std::string::size_type end = output.find('"', start + 1); + if (start != std::string::npos && end != std::string::npos) { + return output.substr(start + 1, end - start - 1); + } else { + throw std::runtime_error("Failed to parse OpenSSL directory from command output."); + } +} + +std::string getOpenSSLDirByCLI() { + std::array buffer; + std::string result; + auto pipeDeleter = [](FILE* pipe) { pclose(pipe); }; + std::unique_ptr pipe(popen("openssl version -d", "r"), pipeDeleter); + if (!pipe) { + throw std::runtime_error("popen() failed!"); + } + while (fgets(buffer.data(), buffer.size(), pipe.get()) != nullptr) { + result += buffer.data(); + } + + return parseOutput(result); +} + + +std::string getOpenSSLDir() { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0+ + const char* sslVersion = OpenSSL_version(OPENSSL_DIR); + std::string sslVersionStr(sslVersion); + return parseOutput(sslVersionStr); +#else // OpenSSL 1.0.x + return parseOutput(SSLeay_version(SSLEAY_DIR)); +#endif +} + AyonApi::AyonApi(const std::string &logFilePos, const std::string &authKey, const std::string &serverUrl, const std::string &ayonProjectName, const std::string &siteId, - std::optional concurrency): - m_num_threads(concurrency.value_or(std::max(int(std::thread::hardware_concurrency() / 2), 1))), - m_authKey(authKey), - m_serverUrl(serverUrl), - m_ayonProjectName(ayonProjectName), - m_siteId(siteId) { + std::optional concurrency) + : m_num_threads(concurrency.value_or(std::max(int(std::thread::hardware_concurrency() / 2), 1))), + m_authKey(authKey), + m_serverUrl(serverUrl), + m_ayonProjectName(ayonProjectName), + m_siteId(siteId) { PerfTimer("AyonApi::AyonApi"); // ----------- Init m_Logger @@ -55,8 +253,7 @@ AyonApi::AyonApi(const std::string &logFilePos, if (std::filesystem::exists(logFilePath)) { logFilePath = std::filesystem::canonical(logFilePath); - } - else { + } else { std::filesystem::create_directories(logFilePath.parent_path()); } @@ -65,11 +262,95 @@ AyonApi::AyonApi(const std::string &logFilePos, m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); m_AyonServer = std::make_unique(m_serverUrl); - m_AyonServer->set_bearer_token_auth(m_authKey); + + if (isSSL()) { + m_headers = { + {"X-Api-Key", m_authKey}, + {"X-ayon-platform", "linux"}, + }; + + try { + const char* defaultCertFile = X509_get_default_cert_file(); + std::cout << "X509_get_default_cert_file: " << defaultCertFile << std::endl; + if (std::filesystem::exists(defaultCertFile)) { + std::cout << "X509_get_default_cert_dir set" << std::endl; + m_AyonServer->set_ca_cert_path(defaultCertFile); + } else { + const char* defaultCertDir = X509_get_default_cert_dir(); + std::cout << "X509_get_default_cert_dir: " << defaultCertDir << std::endl; + if (std::filesystem::exists(defaultCertDir)) { + std::cout << "X509_get_default_cert_dir set" << std::endl; + m_AyonServer->set_ca_cert_path("", defaultCertDir); + } else { + std::string opensslDir = getOpenSSLDir(); + std::string certFile = opensslDir + "/cert.pem"; + std::cout << "getOpenSSLDir + /certs.pem: " << certFile << std::endl; + if (std::filesystem::exists(certFile)) { + std::cout << "getOpensslFile set" << std::endl; + m_AyonServer->set_ca_cert_path(certFile.c_str()); + } else { + std::string certDir = opensslDir + "/certs"; + if (std::filesystem::exists(certDir)) { + std::cout << "getOpensslDir set" << std::endl; + m_AyonServer->set_ca_cert_path("", certDir.c_str()); + } else { + m_Log->error("Failed to get OpenSSL certificate file: {}", certDir); + } + } + } + } + } catch (const std::exception &e) { + m_Log->error("Failed to get OpenSSL directory: {}", e.what()); + } + + // const char* sslVersion = OpenSSL_version(OPENSSL_DIR); + + // std::cout << "X509_get_default_cert_dir: " << defaultCertDir << " | /usr/local/ssl/certs"<< std::endl; + + // m_AyonServer->set_ca_cert_path("/usr/local/ssl/cert.pem"); + // m_AyonServer->set_ca_cert_path("", "/usr/local/ssl/certs"); + // m_AyonServer->set_ca_cert_path("", defaultCertDir); + std::string opensslCliDir = getOpenSSLDirByCLI(); + std::string x509DefaultCertDir = X509_get_default_cert_dir(); + std::string opensslDefaultDir = getOpenSSLDir(); + + std::cout << "OpenSSL CLI directory: " << opensslCliDir << " - " << (access(opensslCliDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; + std::cout << "X509_get_default_cert_dir: " << x509DefaultCertDir << " - " << (access(x509DefaultCertDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; + std::cout << "OpenSSL default directory: " << opensslDefaultDir << " - " << (access(opensslDefaultDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; + + std::cout << "OpenSSL version: " << OpenSSL_version(OPENSSL_VERSION) << std::endl; + + m_AyonServer->enable_server_certificate_verification(false); + m_Log->info("Server certificate verification enabled."); + } else { + m_AyonServer->set_bearer_token_auth(m_authKey); + m_headers = {}; + } + + auto res = m_AyonServer->Get("/api/info", m_headers); + std::cout << "====== /api/info ======" << std::endl; + if (res) { + std::cout << "Response: " << res->status << std::endl; + // std::cout << "Response body: " << res->body << std::endl; + } else { + std::cout << "Response is null." << std::endl; + std::cout << "Response error: " << res.error() << std::endl; + } + + res = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", m_headers); + std::cout << "====== /api/projects/" << m_ayonProjectName << "/siteRoots?platform=linux ======" << std::endl; + if (res) { + std::cout << "Response: " << res->status << std::endl; + std::cout << "Response body: " << res->body << std::endl; + } else { + std::cout << "Response is null." << std::endl; + std::cout << "Response error: " << res.error() << std::endl; + } m_Log->info(m_Log->key("AyonApi"), "Constructor Getting Site Roots"); getSiteRoots(); -}; +} + AyonApi::~AyonApi() { m_Log->info(m_Log->key("AyonApi"), "AyonApi::~AyonApi()"); }; @@ -78,11 +359,17 @@ std::unordered_map* AyonApi::getSiteRoots() { m_Log->info(m_Log->key("AyonApi"), "AyonApi::getSiteRoots()"); if (m_siteRoots.size() < 1) { - httplib::Headers headers = {{"X-ayon-site-id", m_siteId}}; nlohmann::json response - = GET(std::make_shared("/api/projects/" + m_ayonProjectName + "/siteRoots"), - std::make_shared(headers), 200); - m_siteRoots = response; + = GET(std::make_shared("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux"), + std::make_shared(m_headers), 200); + + if (response.empty()) { + m_Log->error("AyonApi::getSiteRoots response is empty"); + return &m_siteRoots; + } else { + m_siteRoots = response; + } + } if (m_Log->isKeyActive(m_Log->key("AyonApi"))) { m_Log->info(m_Log->key("AyonApi"), "found site Roots: "); @@ -141,6 +428,12 @@ AyonApi::GET(const std::shared_ptr endPoint, while (retryes <= m_maxCallRetrys) { try { response = m_AyonServer->Get(*endPoint, *headers); + + if (response == nullptr) { + m_Log->warn("AyonApi::GET response is null: {}", httplib::to_string(response.error())); + return nlohmann::json(); + } + responeStatus = response->status; retryes++; @@ -587,3 +880,42 @@ AyonApi::logPointer() { m_Log->info(m_Log->key("AyonApi"), "AyonApi::logPointer()"); return m_Log; }; + +bool +AyonApi::isSSL() const { + return m_serverUrl.rfind("https://", 0) == 0; +} + +# ifdef CPPHTTPLIB_OPENSSL_SUPPORT +X509_STORE* +AyonApi::createCaCertStore() { + X509_STORE *store = X509_STORE_new(); + + // Embed the CA certificates as a string + const char *default_ca_bundle_content = R"( +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEbG9Z... +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEbG9Z... +-----END CERTIFICATE----- +)"; + + // Load the CA certificates from the string + BIO *bio = BIO_new_mem_buf(default_ca_bundle_content, -1); + if (!bio) { + X509_STORE_free(store); + return nullptr; + } + + X509 *cert = nullptr; + while ((cert = PEM_read_bio_X509(bio, nullptr, 0, nullptr)) != nullptr) { + X509_STORE_add_cert(store, cert); + X509_free(cert); + } + + BIO_free(bio); + + return store; +} +# endif diff --git a/src/AyonCppApi/AyonCppApi.h b/src/AyonCppApi/AyonCppApi.h index 37c2e70..32ba9e6 100644 --- a/src/AyonCppApi/AyonCppApi.h +++ b/src/AyonCppApi/AyonCppApi.h @@ -9,6 +9,10 @@ #include #include #include +# ifdef CPPHTTPLIB_OPENSSL_SUPPORT +# include +# include +# endif #include "lib/ynput/lib/logging/AyonLogger.hpp" #include "appDataFoulder.h" #include "httplib.h" @@ -166,6 +170,19 @@ class AyonApi { */ std::string convertUriVecToString(const std::vector &uriVec); + /** + * @brief checks if the m_AyonServer is running on ssl based on m_serverUrl + */ + bool isSSL() const; + + + # ifdef CPPHTTPLIB_OPENSSL_SUPPORT + # include + # include + + static X509_STORE* createCaCertStore(); + # endif + // ----- Env Varibles std::unique_ptr m_AyonServer; @@ -179,6 +196,9 @@ class AyonApi { std::string m_siteId; std::string m_userName; + // --- HTTP Headers + httplib::Headers m_headers; + // --- Runtime Dep Vars // Async Grp Generation Varibles From 1299ab5d1ce2dc8b6909feb57bc691d3201d7cc6 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Thu, 13 Feb 2025 14:45:33 +0100 Subject: [PATCH 011/106] Test for https connection and playground src file - needs to be deleted before PR --- test/GTestMain.cpp | 16 ++++ test/test.cpp | 193 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 209 insertions(+) create mode 100644 test/test.cpp diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index 5d37241..36ae9b9 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -55,6 +55,22 @@ TEST(AyonCppApi, AyonCppApiBathResolveRootReplace) { std::cout << std::endl; } +AyonApi +getApiInstanceSSL() { + std::string AYON_API_KEY("6268b8b004ce8c7a7645afc548234937a69b6c6095b1c32ca6fa9f8351f8f4f8"); + std::string AYON_SERVER_URL("https://ayon.dev"); + std::string AYON_SITE_ID("test-id"); + std::string AYON_PROJECT_NAME("test_API_project"); + std::string AYONLOGGERLOGLVL("CRITICAL"); + std::string AYONLOGGERFILELOGGING("OFF"); + + return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); +} + +TEST(AyonCppApi, AyonCppApiCreationSSL) { + AyonApi Test = getApiInstanceSSL(); +} + int main(int argc, char** argv) { std::ifstream file("test/testData.json"); diff --git a/test/test.cpp b/test/test.cpp new file mode 100644 index 0000000..17b942a --- /dev/null +++ b/test/test.cpp @@ -0,0 +1,193 @@ +#include +#include +#include +#include +#define CPPHTTPLIB_OPENSSL_SUPPORT +#include "../ext/cpp-httplib/httplib.h" // Include the cpp-httplib header +#include + +// #define BEARER_TOKEN +#define USER +// #define SERVICE +#define CERTIFICATE_VERIFICATION +// #define SITE_ID +#define GET_SITE_ROOTS +// #define GET_PROJECTS + + +void printRes(const httplib::Result &res) { + if (res) { + std::cout << "Status code: " << res->status << std::endl; + std::cout << "Response body:\n" << res->body << std::endl; + } else { + std::cerr << "Error: Unable to connect to the m_AyonServer - " << res.error() << std::endl; + } +} + + +void constructorTest(const std::string &authKey, + const std::string &serverUrl, + const std::string &ayonProjectName, + const std::string &siteId) { + std::string m_authKey = authKey; + std::string m_serverUrl = serverUrl; + std::string m_ayonProjectName = ayonProjectName; + std::string m_siteId = siteId; + + std::unique_ptr m_AyonServer = std::make_unique(m_serverUrl); + + httplib::Headers m_headers = { + {"X-Api-Key", m_authKey}, + // {"X-ayon-platform", "linux"}, + }; + + // X509_STORE* store = X509_STORE_new(); + // if (store) { + // std::cout << "X509_STORE created." << std::endl; + + // // This function loads the default system locations for CA certificates. + // if (X509_STORE_set_default_paths(store) != 1) { + // std::cout << "X509_STORE_set_default_paths failed." << std::endl; + // } else { + // m_AyonServer->set_ca_cert_store(store); + // std::cout << "Default CA paths loaded and set." << std::endl; + // } + // } else { + // std::cout << "Failed to create X509_STORE." << std::endl; + // } + + // m_AyonServer->enable_server_certificate_verification(true); + // std::cout << "Server certificate verification enabled." << std::endl; + + // auto res = m_AyonServer->Get("/api/info", m_headers); + auto res = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", m_headers); + + if (res) { + std::cout << "Response: " << res->status << std::endl; + std::cout << "Response body: " << res->body << std::endl; + } else { + std::cout << "Response is null." << std::endl; + std::cout << "Response error: " << res.error() << std::endl; + } +} + + +std::string parseOutput(std::string& output) { + // Parse the output to extract the directory path + std::string::size_type start = output.find('"'); + std::string::size_type end = output.find('"', start + 1); + if (start != std::string::npos && end != std::string::npos) { + return output.substr(start + 1, end - start - 1); + } else { + throw std::runtime_error("Failed to parse OpenSSL directory from command output."); + } +} + +std::string getOpenSSLDirByCLI() { + std::array buffer; + std::string result; + auto pipeDeleter = [](FILE* pipe) { pclose(pipe); }; + std::unique_ptr pipe(popen("openssl version -d", "r"), pipeDeleter); + if (!pipe) { + throw std::runtime_error("popen() failed!"); + } + while (fgets(buffer.data(), buffer.size(), pipe.get()) != nullptr) { + result += buffer.data(); + } + + return parseOutput(result); +} + + +std::string getOpenSSLDir() { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0+ + const char* sslVersion = OpenSSL_version(OPENSSL_DIR); + std::string sslVersionStr(sslVersion); + return parseOutput(sslVersionStr); +#else // OpenSSL 1.0.x + return parseOutput(SSLeay_version(SSLEAY_DIR)); +#endif +} + + + +int main() { + std::string opensslCliDir = getOpenSSLDirByCLI(); + std::string x509DefaultCertDir = X509_get_default_cert_dir(); + std::string opensslDefaultDir = getOpenSSLDir(); + + std::cout << "OpenSSL CLI directory: " << opensslCliDir << " - " << (access(opensslCliDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; + std::cout << "X509_get_default_cert_dir: " << x509DefaultCertDir << " - " << (access(x509DefaultCertDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; + std::cout << "OpenSSL default directory: " << opensslDefaultDir << " - " << (access(opensslDefaultDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; + + std::cout << "OpenSSL version: " << OpenSSL_version(OPENSSL_VERSION) << std::endl; + + // return 0; + + // std::string AYON_API_KEY("6268b8b004ce8c7a7645afc548234937a69b6c6095b1c32ca6fa9f8351f8f4f8"); + // std::string AYON_SERVER_URL("https://ayon.dev"); + // std::string AYON_SITE_ID("test-id"); + // std::string AYON_PROJECT_NAME("test_API_project"); + + // constructorTest(AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); + + return 0; + + // ============================================= + const std::string auth_key = "884198bdeb1c28a334acd03c3fc6e188b60506af810b0ed2d1c85748fe96e341"; + + std::string m_ayonProjectName = "test_API_project"; + + std::unique_ptr m_AyonServer = std::make_unique("https://ayon.dev"); + // ============================================= + + httplib::Headers headers = { + {"X-Api-Key", auth_key}, + // {"X-ayon-platform", "linux"}, + #ifdef _WIN32 + {"X-ayon-platform", "windows"}, + #elif __linux__ + // {"X-ayon-platform", "linux"}, + #endif + #ifdef SITE_ID + {"X-ayon-site-id", "test-site-id"} + #endif + }; + + // Create a new store and let OpenSSL load system default paths + // X509_STORE* store = X509_STORE_new(); + // if (store) { + // std::cout << "X509_STORE created." << std::endl; + + // // This function loads the default system locations for CA certificates. + // if (X509_STORE_set_default_paths(store) != 1) { + // std::cout << "X509_STORE_set_default_paths failed." << std::endl; + // } + // m_AyonServer->set_ca_cert_store(store); + // } else { + // std::cout << "Failed to create X509_STORE." << std::endl; + // } + + // std::cout << "OpenSSL support not enabled." << std::endl; + + // m_AyonServer->enable_server_certificate_verification(true); + + auto res_0 = m_AyonServer->Get("/api/info", headers); + std::cout << "Response: " << res_0->status << std::endl; + // printRes(res_0); + +#ifdef GET_SITE_ROOTS + auto res_1 = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", headers); + + printRes(res_1); +#endif + +#ifdef GET_PROJECTS + auto res_2 = m_AyonServer->Get("/api/projects"); + + printRes(res_2); +#endif + + + return 0; +} \ No newline at end of file From fca3b6045973c1273e4e417f467e5981be8ebb31 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 3 Mar 2025 16:17:35 +0100 Subject: [PATCH 012/106] Fix: default vars were not set after building with test vars --- AyonBuild.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/AyonBuild.py b/AyonBuild.py index 75f2ab4..f10325c 100644 --- a/AyonBuild.py +++ b/AyonBuild.py @@ -19,6 +19,15 @@ AyonCppApiPrj.setup_prj() +SetDefaultVars = Project.Stage("SetDefaultVars") +SetDefaultVars.add_funcs( + Project.Func("", AyonCppApiPrj.setVar, "AYON_CPP_API_ENALBE_GBENCH", "OFF"), + Project.Func("", AyonCppApiPrj.setVar, "AYON_CPP_API_ENALBE_GTEST", "OFF"), + Project.Func("", AyonCppApiPrj.setVar, "JTRACE", "0"), + Project.Func("", AyonCppApiPrj.setVar, "ReleaseType", "Release"), +) +AyonCppApiPrj.add_stage(SetDefaultVars) + SetTestVars = Project.Stage("SetTestVars") SetTestVars.add_funcs( Project.Func("", AyonCppApiPrj.setVar, "AYON_CPP_API_ENALBE_GBENCH", "ON"), @@ -195,11 +204,13 @@ def stopTestServer(): AyonCppApiPrj.creat_stage_group( "CleanBuild", CleanUpStage, + SetDefaultVars, BuildStage, ) AyonCppApiPrj.creat_stage_group( "CleanBuildAndDocs", CleanUpStage, + SetDefaultVars, BuildStage, DoxyGenStage, ) From 63305984d7c527fc4d00d816506557d142590165 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 3 Mar 2025 16:18:30 +0100 Subject: [PATCH 013/106] Fix: error while building --- src/AyonCppApi/AyonCppApi.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index be0770b..e7ce344 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -555,7 +555,7 @@ AyonApi::GenerativeCorePost(const std::string &endPoint, } } catch (const httplib::Error &e) { - m_Log->warn("AyonApi::GenerativeCorePost Request Failed because: {}", httplib::to_string(e));); + m_Log->warn("AyonApi::GenerativeCorePost Request Failed because: {}", httplib::to_string(e)); break; } } From 303a4a29a9b4ce2e18508f2084cdbfd7bc4d2db4 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:31:35 +0100 Subject: [PATCH 014/106] Gitignore: ignore the env files for testing --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 85c737c..e48fb19 100755 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ test_logs/ AyonCppApi_CiCd/ AyonCppApi_cicd/ __pycache__ +.env* \ No newline at end of file From 74e52613d01e3dae73c76689b8117b2b934f4ba6 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:32:47 +0100 Subject: [PATCH 015/106] Test: env variables are loaded from env file --- test/GTestMain.cpp | 65 ++++++++++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index 36ae9b9..c78e301 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -1,6 +1,5 @@ #include "gtest/gtest.h" #include -#include #include #include #include "Instrumentor.h" @@ -9,23 +8,33 @@ nlohmann::json JsonFile; -AyonApi -getApiInstance() { - std::string AYON_API_KEY("SuperSaveTestKey"); - std::string AYON_SERVER_URL("http://localhost:8003"); - std::string AYON_SITE_ID("TestId"); - std::string AYON_PROJECT_NAME("TestPrjName"); - std::string AYONLOGGERLOGLVL("CRITICAL"); - std::string AYONLOGGERFILELOGGING("OFF"); +AyonApi getApiInstance() { + std::string AYON_API_KEY; + std::string AYON_SERVER_URL; + std::string AYON_SITE_ID; + std::string AYON_PROJECT_NAME; + std::string AYONLOGGERLOGLVL; + std::string AYONLOGGERFILELOGGING; + #ifdef _WIN32 + std::string envFilePath("test\\.env_http"); + #else + std::string envFilePath("test/.env_http"); + #endif + if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME, AYONLOGGERLOGLVL, AYONLOGGERFILELOGGING)) { + std::cerr << "Failed to load environment variables!" << std::endl; + } return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); } -TEST(AyonCppApi, AyonCppApiCreaion) { +TEST(AyonCppApi, AyonCppApiCreation) { + std::cout << "Running AyonCppApiCreation test..." << std::endl; AyonApi Test = getApiInstance(); + std::cout << "AyonCppApiCreation test completed." << std::endl; } TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { + std::cout << "Running AyonCppApiSerialResolveRootReplace test..." << std::endl; Instrumentor::Get().BeginSession("Profile", "bin/profSerial.json"); AyonApi Api = getApiInstance(); nlohmann::json JsonFileStage = JsonFile["Resolve"]; @@ -37,10 +46,11 @@ TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { } Instrumentor::Get().EndSession(); - std::cout << std::endl; + std::cout << "AyonCppApiSerialResolveRootReplace test completed." << std::endl; } -TEST(AyonCppApi, AyonCppApiBathResolveRootReplace) { +TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { + std::cout << "Running AyonCppApiBatchResolveRootReplace test..." << std::endl; Instrumentor::Get().BeginSession("Profile", "bin/profBatch.json"); AyonApi Api = getApiInstance(); nlohmann::json JsonFileStage = JsonFile["Resolve"]; @@ -52,27 +62,36 @@ TEST(AyonCppApi, AyonCppApiBathResolveRootReplace) { } Instrumentor::Get().EndSession(); - std::cout << std::endl; + std::cout << "AyonCppApiBatchResolveRootReplace test completed." << std::endl; } -AyonApi -getApiInstanceSSL() { - std::string AYON_API_KEY("6268b8b004ce8c7a7645afc548234937a69b6c6095b1c32ca6fa9f8351f8f4f8"); - std::string AYON_SERVER_URL("https://ayon.dev"); - std::string AYON_SITE_ID("test-id"); - std::string AYON_PROJECT_NAME("test_API_project"); - std::string AYONLOGGERLOGLVL("CRITICAL"); - std::string AYONLOGGERFILELOGGING("OFF"); +AyonApi getApiInstanceSSL() { + std::string AYON_API_KEY; + std::string AYON_SERVER_URL; + std::string AYON_SITE_ID; + std::string AYON_PROJECT_NAME; + std::string AYONLOGGERLOGLVL; + std::string AYONLOGGERFILELOGGING; + #ifdef _WIN32 + std::string envFilePath("test\\.env_https"); + #else + std::string envFilePath("test/.env_https"); + #endif + if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME, AYONLOGGERLOGLVL, AYONLOGGERFILELOGGING)) { + std::cerr << "Failed to load environment variables!" << std::endl; + } return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); } TEST(AyonCppApi, AyonCppApiCreationSSL) { + std::cout << "Running AyonCppApiCreationSSL test..." << std::endl; AyonApi Test = getApiInstanceSSL(); + std::cout << "AyonCppApiCreationSSL test completed." << std::endl; } -int -main(int argc, char** argv) { +int main(int argc, char** argv) { + std::cout << "Running tests..." << std::endl; std::ifstream file("test/testData.json"); if (!file.is_open()) { std::cerr << "Failed to open file!" << std::endl; From 203e426821e67c4e149944166c06e92611f120c7 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:34:31 +0100 Subject: [PATCH 016/106] Test: env variables are loaded from env file --- test/GBenchMain.cpp | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/test/GBenchMain.cpp b/test/GBenchMain.cpp index 898b611..a6c28aa 100644 --- a/test/GBenchMain.cpp +++ b/test/GBenchMain.cpp @@ -9,12 +9,20 @@ nlohmann::json JsonFile; AyonApi getApiInstance() { - std::string AYON_API_KEY("SuperSaveTestKey"); - std::string AYON_SERVER_URL("http://localhost:8003"); - std::string AYON_SITE_ID("TestId"); - std::string AYON_PROJECT_NAME("TestPrjName"); - std::string AYONLOGGERLOGLVL("CRITICAL"); - std::string AYONLOGGERFILELOGGING("OFF"); + std::string AYON_API_KEY; + std::string AYON_SERVER_URL; + std::string AYON_SITE_ID; + std::string AYON_PROJECT_NAME; + std::string AYONLOGGERLOGLVL; + std::string AYONLOGGERFILELOGGING; + #ifdef _WIN32 + std::string envFilePath("test\\.env_http"); + #else + std::string envFilePath("test/.env_http"); + #endif + if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME, AYONLOGGERLOGLVL, AYONLOGGERFILELOGGING)) { + std::cerr << "Failed to load environment variables!" << std::endl; + } return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); } From be9d1722896231b57a8f3949375bf4a123d482fa Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:35:14 +0100 Subject: [PATCH 017/106] Test: new function for loading the variables from env file --- test/AyonCppApiTestsMain.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/AyonCppApiTestsMain.h b/test/AyonCppApiTestsMain.h index bceb25a..c19226a 100644 --- a/test/AyonCppApiTestsMain.h +++ b/test/AyonCppApiTestsMain.h @@ -3,6 +3,16 @@ namespace AyonCppApiTest { +bool load_EnvVariables( + std::string &envFilePath, + std::string &AYON_API_KEY, + std::string &AYON_SERVER_URL, + std::string &AYON_SITE_ID, + std::string &AYON_PROJECT_NAME, + std::string &AYONLOGGERLOGLVL, + std::string &AYONLOGGERFILELOGGING +); + bool test_SimpleResolve(nlohmann::json &JsonFile, const bool &RunOnlyOnce, const bool &Print, AyonApi &Api); bool test_BatchResolve(nlohmann::json &JsonFile, const bool &Print, AyonApi &Api); From db953982b054f9d1ce9aeef65713123163f19eef Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:35:28 +0100 Subject: [PATCH 018/106] Test: new function implementation for loading the variables from env file --- test/AyonCppApiTestsMain.cpp | 40 ++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/test/AyonCppApiTestsMain.cpp b/test/AyonCppApiTestsMain.cpp index 33c0c0a..ca9d3da 100644 --- a/test/AyonCppApiTestsMain.cpp +++ b/test/AyonCppApiTestsMain.cpp @@ -6,6 +6,46 @@ #include "nlohmann/json_fwd.hpp" #include "AyonCppApiTestsMain.h" + +bool +AyonCppApiTest::load_EnvVariables(std::string &envFilePath, + std::string &AYON_API_KEY, + std::string &AYON_SERVER_URL, + std::string &AYON_SITE_ID, + std::string &AYON_PROJECT_NAME, + std::string &AYONLOGGERLOGLVL, + std::string &AYONLOGGERFILELOGGING) { + std::ifstream envFile(envFilePath); + if (!envFile.is_open()) { + std::cerr << "Failed to open .env file: " << envFilePath << std::endl; + return false; + } + + std::string line; + while (std::getline(envFile, line)) { + std::istringstream iss(line); + std::string key, value; + if (std::getline(iss, key, '=') && std::getline(iss, value)) { + if (key == "AYON_API_KEY") { + AYON_API_KEY = value; + } else if (key == "AYON_SERVER_URL") { + AYON_SERVER_URL = value; + } else if (key == "AYON_SITE_ID") { + AYON_SITE_ID = value; + } else if (key == "AYON_PROJECT_NAME") { + AYON_PROJECT_NAME = value; + } else if (key == "AYONLOGGERLOGLVL") { + AYONLOGGERLOGLVL = value; + } else if (key == "AYONLOGGERFILELOGGING") { + AYONLOGGERFILELOGGING = value; + } + } + } + + envFile.close(); + return true; +} + bool AyonCppApiTest::test_SimpleResolve(nlohmann::json &JsonFile, const bool &RunOnlyOnce, const bool &Print, AyonApi &Api) { nlohmann::json JsonFileStage = JsonFile["Resolve"]; From ab5a26c08a6a720b9e4ce9522f925d2c0deeb648 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:36:20 +0100 Subject: [PATCH 019/106] Build: the previus implementation didn't work on windows --- AyonBuild.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/AyonBuild.py b/AyonBuild.py index 75f2ab4..cbf32a6 100644 --- a/AyonBuild.py +++ b/AyonBuild.py @@ -28,6 +28,15 @@ ) AyonCppApiPrj.add_stage(SetTestVars) +SetDefaultVars = Project.Stage("SetDefaultVars") +SetDefaultVars.add_funcs( + Project.Func("", AyonCppApiPrj.setVar, "AYON_CPP_API_ENALBE_GBENCH", "OFF"), + Project.Func("", AyonCppApiPrj.setVar, "AYON_CPP_API_ENALBE_GTEST", "OFF"), + Project.Func("", AyonCppApiPrj.setVar, "JTRACE", "0"), + Project.Func("", AyonCppApiPrj.setVar, "ReleaseType", "Release"), +) +AyonCppApiPrj.add_stage(SetDefaultVars) + CleanUpStage = Project.Stage("Cleanup") binFoulder = os.path.join(os.getcwd(), "bin") buildFoulder = os.path.join(os.getcwd(), "build") @@ -157,7 +166,9 @@ def CheckTestServer(): def stopTestServer(): - ServerPocVar.kill() + # ServerPocVar.terminate() + ServerPocVar.join(timeout=2) + # ServerPocVar.kill() SetupTestServer = Project.Stage("SetupTestServer") @@ -195,11 +206,13 @@ def stopTestServer(): AyonCppApiPrj.creat_stage_group( "CleanBuild", CleanUpStage, + SetDefaultVars, BuildStage, ) AyonCppApiPrj.creat_stage_group( "CleanBuildAndDocs", CleanUpStage, + SetDefaultVars, BuildStage, DoxyGenStage, ) From 48f4d69e868da3126fdf6922eaa86caed0ae8887 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:36:42 +0100 Subject: [PATCH 020/106] Build: the previus implementation didn't work on windows --- test/TestServer.py | 83 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 59 insertions(+), 24 deletions(-) diff --git a/test/TestServer.py b/test/TestServer.py index aae0cd5..628d3da 100644 --- a/test/TestServer.py +++ b/test/TestServer.py @@ -1,35 +1,34 @@ -import subprocess +import threading +import time +import uvicorn +import requests from fastapi import FastAPI, HTTPException from pydantic import BaseModel, Field from typing import List, Optional -import uvicorn import json -from multiprocessing import Process app = FastAPI() +stop_event = threading.Event() # Stop flag for graceful shutdown - +# Load JSON data with open('test/testData.json', 'r') as file: - global jsonStore - jsonStore= json.load(file) + jsonStore = json.load(file) class Item(BaseModel): name: str -# Define endpoints + @app.get("/") async def read_root(): return {"Available": "1"} class RequestModel(BaseModel): - resolveRoots: bool = Field( - False, - alias="resolveRoots" - ) + resolveRoots: bool = Field(False, alias="resolveRoots") uris: List[str] + class ResolvedEntityModel(BaseModel): projectName: str folderId: str @@ -39,38 +38,74 @@ class ResolvedEntityModel(BaseModel): filePath: str target: Optional[str] + class ResolvedURIModel(BaseModel): uri: str entities: List[ResolvedEntityModel] + @app.post("/api/resolve") async def resolve_uris(request: RequestModel) -> List[ResolvedURIModel]: resolved_uris = [] for uri in request.uris: resolved_entity = jsonStore["Resolve"][uri]["Server"][-1]["entities"][0] - resolved_uri = ResolvedURIModel(uri=uri, entities=[resolved_entity]) resolved_uris.append(resolved_uri) return resolved_uris + @app.get("/api/projects/{projectName}/siteRoots") async def SiteRoots(projectName: str): - if (projectName == "TestPrjName"): - return{"work": "/home/workh/Documents/AyonAos"} + if projectName == "TestPrjName": + return {"work": "/home/workh/Documents/AyonAos"} + + +# Function to run the server with graceful shutdown +def run_server(): + config = uvicorn.Config(app, host="0.0.0.0", port=8003, log_level="error") + server = uvicorn.Server(config) + + while not stop_event.is_set(): + server.run() + time.sleep(1) + + print("🚀 Server shutting down...") def start(): - proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) + server_thread = threading.Thread(target=run_server, daemon=True) + server_thread.start() + print("✅ Server is starting in the background...") + return server_thread - proc.start() - print("Server is starting in the background...") - return proc +def stop(): + print("🛑 Stopping server...") + stop_event.set() # Set the stop flag + time.sleep(1) # Give some time for shutdown -if __name__ == "__main__": - test = start() - del test - import requests - response = requests.get("http://localhost:8003/") - print("Test Respone", response.text) +if __name__ == "__main__": + try: + server = start() + + # Wait until the server is responsive before sending a request + for _ in range(10): # Try for 10 seconds + try: + response = requests.get("http://localhost:8003/") + if response.status_code == 200: + print("✅ Server is running:", response.text) + break + except requests.exceptions.ConnectionError: + print("⏳ Waiting for server to start...") + time.sleep(1) + else: + print("❌ Error: Server did not start in time.") + + # Keep the script running + while True: + time.sleep(1) + + except KeyboardInterrupt: + print("\n🛑 KeyboardInterrupt detected. Shutting down...") + stop() From 6bf6bc63cca2d2d10abb50bc153915e73bae68dc Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 5 Mar 2025 13:37:38 +0100 Subject: [PATCH 021/106] Https fix: implementation working on windows --- src/AyonCppApi/AyonCppApi.cpp | 115 +++++++++++++++------------------- 1 file changed, 50 insertions(+), 65 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index ab6c989..9a979ba 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -210,8 +210,21 @@ std::string parseOutput(std::string& output) { std::string getOpenSSLDirByCLI() { std::array buffer; std::string result; - auto pipeDeleter = [](FILE* pipe) { pclose(pipe); }; - std::unique_ptr pipe(popen("openssl version -d", "r"), pipeDeleter); + auto pipeDeleter = [](FILE* pipe) { + #ifdef _WIN32 + _pclose(pipe); + #else + pclose(pipe); + #endif + }; + std::unique_ptr pipe( + #ifdef _WIN32 + _popen("openssl version -d", "r"), + #else + popen("openssl version -d", "r"), + #endif + pipeDeleter + ); if (!pipe) { throw std::runtime_error("popen() failed!"); } @@ -266,86 +279,58 @@ AyonApi::AyonApi(const std::string &logFilePos, if (isSSL()) { m_headers = { {"X-Api-Key", m_authKey}, - {"X-ayon-platform", "linux"}, + // {"X-ayon-platform", "linux"}, }; try { - const char* defaultCertFile = X509_get_default_cert_file(); - std::cout << "X509_get_default_cert_file: " << defaultCertFile << std::endl; - if (std::filesystem::exists(defaultCertFile)) { - std::cout << "X509_get_default_cert_dir set" << std::endl; - m_AyonServer->set_ca_cert_path(defaultCertFile); + std::string opensslDir = getOpenSSLDir(); + #ifdef _WIN32 + std::string certFile = opensslDir + "\\cert.pem"; + #else + std::string certFile = opensslDir + "/cert.pem"; + #endif + + if (std::filesystem::exists(opensslDir)) { + m_AyonServer->set_ca_cert_path("", opensslDir.c_str()); } else { - const char* defaultCertDir = X509_get_default_cert_dir(); - std::cout << "X509_get_default_cert_dir: " << defaultCertDir << std::endl; - if (std::filesystem::exists(defaultCertDir)) { - std::cout << "X509_get_default_cert_dir set" << std::endl; - m_AyonServer->set_ca_cert_path("", defaultCertDir); + const char* envCertFile = getenv("SSL_CERT_FILE"); + if (envCertFile) { + m_AyonServer->set_ca_cert_path(envCertFile); } else { - std::string opensslDir = getOpenSSLDir(); - std::string certFile = opensslDir + "/cert.pem"; - std::cout << "getOpenSSLDir + /certs.pem: " << certFile << std::endl; - if (std::filesystem::exists(certFile)) { - std::cout << "getOpensslFile set" << std::endl; - m_AyonServer->set_ca_cert_path(certFile.c_str()); - } else { - std::string certDir = opensslDir + "/certs"; - if (std::filesystem::exists(certDir)) { - std::cout << "getOpensslDir set" << std::endl; - m_AyonServer->set_ca_cert_path("", certDir.c_str()); - } else { - m_Log->error("Failed to get OpenSSL certificate file: {}", certDir); - } - } + m_Log->warn("Using OpenSSL default verify paths."); + m_AyonServer->set_ca_cert_path(nullptr); } } } catch (const std::exception &e) { m_Log->error("Failed to get OpenSSL directory: {}", e.what()); + m_AyonServer->set_ca_cert_path(nullptr); } - // const char* sslVersion = OpenSSL_version(OPENSSL_DIR); - - // std::cout << "X509_get_default_cert_dir: " << defaultCertDir << " | /usr/local/ssl/certs"<< std::endl; - - // m_AyonServer->set_ca_cert_path("/usr/local/ssl/cert.pem"); - // m_AyonServer->set_ca_cert_path("", "/usr/local/ssl/certs"); - // m_AyonServer->set_ca_cert_path("", defaultCertDir); - std::string opensslCliDir = getOpenSSLDirByCLI(); - std::string x509DefaultCertDir = X509_get_default_cert_dir(); - std::string opensslDefaultDir = getOpenSSLDir(); - - std::cout << "OpenSSL CLI directory: " << opensslCliDir << " - " << (access(opensslCliDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; - std::cout << "X509_get_default_cert_dir: " << x509DefaultCertDir << " - " << (access(x509DefaultCertDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; - std::cout << "OpenSSL default directory: " << opensslDefaultDir << " - " << (access(opensslDefaultDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; - - std::cout << "OpenSSL version: " << OpenSSL_version(OPENSSL_VERSION) << std::endl; - - m_AyonServer->enable_server_certificate_verification(false); - m_Log->info("Server certificate verification enabled."); + m_AyonServer->enable_server_certificate_verification(true); } else { m_AyonServer->set_bearer_token_auth(m_authKey); m_headers = {}; } auto res = m_AyonServer->Get("/api/info", m_headers); - std::cout << "====== /api/info ======" << std::endl; - if (res) { - std::cout << "Response: " << res->status << std::endl; - // std::cout << "Response body: " << res->body << std::endl; - } else { - std::cout << "Response is null." << std::endl; - std::cout << "Response error: " << res.error() << std::endl; - } - - res = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", m_headers); - std::cout << "====== /api/projects/" << m_ayonProjectName << "/siteRoots?platform=linux ======" << std::endl; - if (res) { - std::cout << "Response: " << res->status << std::endl; - std::cout << "Response body: " << res->body << std::endl; - } else { - std::cout << "Response is null." << std::endl; - std::cout << "Response error: " << res.error() << std::endl; - } + // std::cout << "====== /api/info ======" << std::endl; + // if (res) { + // std::cout << "Response: " << res->status << std::endl; + // // std::cout << "Response body: " << res->body << std::endl; + // } else { + // std::cout << "Response is null." << std::endl; + // std::cout << "Response error: " << res.error() << std::endl; + // } + + // res = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=windows", m_headers); + // std::cout << "====== /api/projects/" << m_ayonProjectName << "/siteRoots?platform=windows ======" << std::endl; + // if (res) { + // std::cout << "Response: " << res->status << std::endl; + // std::cout << "Response body: " << res->body << std::endl; + // } else { + // std::cout << "Response is null." << std::endl; + // std::cout << "Response error: " << res.error() << std::endl; + // } m_Log->info(m_Log->key("AyonApi"), "Constructor Getting Site Roots"); getSiteRoots(); From 46b551ad0963919d6c2c175e35f06debcf24a336 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 10 Mar 2025 16:33:58 +0100 Subject: [PATCH 022/106] Cross-platform: works on linux, should work on windows --- AyonBuild.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/AyonBuild.py b/AyonBuild.py index cbf32a6..d505f7a 100644 --- a/AyonBuild.py +++ b/AyonBuild.py @@ -166,9 +166,8 @@ def CheckTestServer(): def stopTestServer(): - # ServerPocVar.terminate() - ServerPocVar.join(timeout=2) - # ServerPocVar.kill() + # ServerPocVar.join(timeout=2) + ServerPocVar.kill() SetupTestServer = Project.Stage("SetupTestServer") From 506f69e03197d6cbdd9fb1d6a789076464c4f968 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 10 Mar 2025 16:35:20 +0100 Subject: [PATCH 023/106] Cross-platform: works on linux, should work on windows, cleaning up the code --- src/AyonCppApi/AyonCppApi.cpp | 247 +++++----------------------------- 1 file changed, 33 insertions(+), 214 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 9a979ba..399fcf1 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -30,172 +30,11 @@ #include #include #include "backward.hpp" -// #ifdef CPPHTTPLIB_OPENSSL_SUPPORT -// #include -// #include -// #include -// #include -// #endif #include "perfPrinter.h" // TODO implement the better Crash hanlder backward::StackTrace st; -// AyonApi::AyonApi(const std::string &logFilePos, -// const std::string &authKey, -// const std::string &serverUrl, -// const std::string &ayonProjectName, -// const std::string &siteId, -// std::optional concurrency): -// m_num_threads(concurrency.value_or(std::max(int(std::thread::hardware_concurrency() / 2), 1))), -// m_authKey(authKey), -// m_serverUrl(serverUrl), -// m_ayonProjectName(ayonProjectName), -// m_siteId(siteId) { -// PerfTimer("AyonApi::AyonApi"); - -// // ----------- Init m_Logger -// std::filesystem::path logFileName = "logFile.json"; -// std::filesystem::path basePath = logFilePos; -// std::filesystem::path logFilePath = std::filesystem::absolute(basePath) / logFileName; - -// if (std::filesystem::exists(logFilePath)) { -// logFilePath = std::filesystem::canonical(logFilePath); -// } -// else { -// std::filesystem::create_directories(logFilePath.parent_path()); -// } - -// m_Log = std::make_shared(AyonLogger::getInstance(logFilePath.string())); -// m_Log->LogLevlWarn(); - -// m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); -// m_AyonServer = std::make_unique(m_serverUrl); - -// if (isSSL()) { -// m_headers = { -// {"X-Api-Key", m_authKey}, -// {"X-ayon-platform", "linux"}, -// }; - -// X509_STORE* store = X509_STORE_new(); -// if (store) { -// std::cout << "X509_STORE created." << std::endl; - -// // This function loads the default system locations for CA certificates. -// if (X509_STORE_set_default_paths(store) != 1) { -// std::cout << "X509_STORE_set_default_paths failed." << std::endl; -// } -// // m_AyonServer->set_ca_cert_store(store); -// } else { -// std::cout << "Failed to create X509_STORE." << std::endl; -// } - -// m_AyonServer->enable_server_certificate_verification(true); - -// // #ifdef CPPHTTPLIB_OPENSSL_SUPPORT -// // const char* cerFilePath = std::getenv("SSL_CERT_FILE"); -// // std::cout << "SSL_CERT_FILE: " << (cerFilePath ? cerFilePath : "not set") << std::endl; - -// // if (!cerFilePath) { -// // m_Log->warn("SSL_CERT_FILE not set. Using OpenSSL default verify paths."); - -// // X509_STORE* store = X509_STORE_new(); -// // if (store) { -// // std::cout << "X509_STORE created." << std::endl; - -// // // This function loads the default system locations for CA certificates. -// // if (X509_STORE_set_default_paths(store) != 1) { -// // std::cout << "X509_STORE_set_default_paths failed." << std::endl; -// // } -// // m_AyonServer->set_ca_cert_store(store); -// // } else { -// // std::cout << "Failed to create X509_STORE." << std::endl; -// // } -// // } else { -// // m_AyonServer->set_ca_cert_path(cerFilePath); -// // } - -// // m_AyonServer->enable_server_certificate_verification(true); - -// // m_headers = { -// // {"X-Api-Key", m_authKey}, -// // {"X-ayon-platform", "linux"}, -// // }; -// // #else -// // m_Log->error("OpenSSL support not enabled."); -// // #endif -// } else { -// m_AyonServer->set_bearer_token_auth(m_authKey); -// m_headers = {}; -// } - -// auto res = m_AyonServer->Get("/api/info", m_headers); - -// auto test_response = m_AyonServer->Get( -// "/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", -// m_headers -// ); - -// if (test_response) { -// std::cout << "Response: " << test_response->status << std::endl; -// std::cout << "Response body: " << test_response->body << std::endl; -// } else { -// std::cout << "Response is null." << std::endl; -// std::cout << "Response error: " << test_response.error() << std::endl; -// } - -// // if (isSSL()) { -// // const char* cerFilePath = std::getenv("SSL_CERT_FILE"); -// // std::cout << "SSL_CERT_FILE: " << (cerFilePath ? cerFilePath : "not set") << std::endl; - -// // if (!cerFilePath) { -// // m_Log->warn("SSL_CERT_FILE not set."); - -// // // Define default paths for Windows and Linux -// // // WRONG APPROACH -// // std::string defaultCertPath; -// // #ifdef _WIN32 -// // defaultCertPath = "C:\\Program Files\\Common Files\\SSL\\certs"; -// // #else -// // defaultCertPath = "/etc/ssl/certs"; -// // // defaultCertPath = "/invalid/path/to/certs"; -// // #endif - -// // // Check if the default path exists -// // if (std::filesystem::exists(defaultCertPath)) { -// // std::cout << "Default certificate path FOUND." << std::endl; -// // m_AyonServer->set_ca_cert_path("", defaultCertPath.c_str()); -// // } else { -// // m_Log->warn("Default certificate path not found. Using embedded certificate."); - -// // std::string pathToTempCert = "/home/tadeas/ynput/ayon-cpp-api-buildtest/test/certificate.crt"; - -// // if (std::filesystem::exists(pathToTempCert)) { -// // m_AyonServer->set_ca_cert_path(pathToTempCert.c_str()); -// // } else { -// // m_Log->error("Failed to create CA cert store from embedded certificate."); -// // } -// // } -// // } else { -// // m_AyonServer->set_ca_cert_path(cerFilePath); -// // } - -// // m_AyonServer->enable_server_certificate_verification(true); - -// // m_headers = { -// // {"X-Api-Key", m_authKey} -// // }; - -// // } else { -// // m_AyonServer->set_bearer_token_auth(m_authKey); -// // m_headers = {}; -// // // m_headers = {{"X-ayon-site-id", m_siteId}}; -// // } - -// m_Log->info(m_Log->key("AyonApi"), "Constructor Getting Site Roots"); -// getSiteRoots(); -// }; std::string parseOutput(std::string& output) { // Parse the output to extract the directory path std::string::size_type start = output.find('"'); @@ -283,22 +122,36 @@ AyonApi::AyonApi(const std::string &logFilePos, }; try { - std::string opensslDir = getOpenSSLDir(); + std::string opensslDirCLI = getOpenSSLDirByCLI(); + #ifdef _WIN32 - std::string certFile = opensslDir + "\\cert.pem"; + std::string certFileCLI = opensslDirCLI + "\\cert.pem"; #else - std::string certFile = opensslDir + "/cert.pem"; + std::string certFileCLI = opensslDirCLI + "/cert.pem"; #endif - - if (std::filesystem::exists(opensslDir)) { - m_AyonServer->set_ca_cert_path("", opensslDir.c_str()); + + if (std::filesystem::exists(certFileCLI)) { + m_Log->warn("Using CLI var."); + m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); } else { - const char* envCertFile = getenv("SSL_CERT_FILE"); - if (envCertFile) { - m_AyonServer->set_ca_cert_path(envCertFile); + std::string opensslDir = getOpenSSLDir(); + #ifdef _WIN32 + std::string certFile = opensslDir + "\\cert.pem"; + #else + std::string certFile = opensslDir + "/cert.pem"; + #endif + + if (std::filesystem::exists(certFile)) { + m_AyonServer->set_ca_cert_path(certFile.c_str()); } else { - m_Log->warn("Using OpenSSL default verify paths."); - m_AyonServer->set_ca_cert_path(nullptr); + const char* envCertFile = getenv("SSL_CERT_FILE"); + if (envCertFile) { + m_Log->warn("Using env var: SSL_CERT_PATH."); + m_AyonServer->set_ca_cert_path(envCertFile); + } else { + m_Log->warn("Using OpenSSL default verify paths."); + m_AyonServer->set_ca_cert_path(nullptr); + } } } } catch (const std::exception &e) { @@ -313,14 +166,14 @@ AyonApi::AyonApi(const std::string &logFilePos, } auto res = m_AyonServer->Get("/api/info", m_headers); - // std::cout << "====== /api/info ======" << std::endl; - // if (res) { - // std::cout << "Response: " << res->status << std::endl; - // // std::cout << "Response body: " << res->body << std::endl; - // } else { - // std::cout << "Response is null." << std::endl; - // std::cout << "Response error: " << res.error() << std::endl; - // } + std::cout << "====== /api/info ======" << std::endl; + if (res) { + std::cout << "Response: " << res->status << std::endl; + // std::cout << "Response body: " << res->body << std::endl; + } else { + std::cout << "Response is null." << std::endl; + std::cout << "Response error: " << res.error() << std::endl; + } // res = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=windows", m_headers); // std::cout << "====== /api/projects/" << m_ayonProjectName << "/siteRoots?platform=windows ======" << std::endl; @@ -870,37 +723,3 @@ bool AyonApi::isSSL() const { return m_serverUrl.rfind("https://", 0) == 0; } - -# ifdef CPPHTTPLIB_OPENSSL_SUPPORT -X509_STORE* -AyonApi::createCaCertStore() { - X509_STORE *store = X509_STORE_new(); - - // Embed the CA certificates as a string - const char *default_ca_bundle_content = R"( ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEbG9Z... ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEbG9Z... ------END CERTIFICATE----- -)"; - - // Load the CA certificates from the string - BIO *bio = BIO_new_mem_buf(default_ca_bundle_content, -1); - if (!bio) { - X509_STORE_free(store); - return nullptr; - } - - X509 *cert = nullptr; - while ((cert = PEM_read_bio_X509(bio, nullptr, 0, nullptr)) != nullptr) { - X509_STORE_add_cert(store, cert); - X509_free(cert); - } - - BIO_free(bio); - - return store; -} -# endif From 60ab691fe65d674e0eb1018da013b3cd99e16797 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 10 Mar 2025 16:35:50 +0100 Subject: [PATCH 024/106] Cross-platform: small edits --- test/GTestMain.cpp | 66 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index c78e301..a7179be 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -102,3 +102,69 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); } + +// #include "gtest/gtest.h" +// #include +// #include +// #include +// #include +// #include "Instrumentor.h" +// #include "nlohmann/json.hpp" +// #include "AyonCppApiTestsMain.h" + +// nlohmann::json JsonFile; + +// AyonApi getApiInstance() { +// std::string AYON_API_KEY("SuperSaveTestKey"); +// std::string AYON_SERVER_URL("http://localhost:8003"); +// std::string AYON_SITE_ID("TestId"); +// std::string AYON_PROJECT_NAME("TestPrjName"); +// std::string AYONLOGGERLOGLVL("CRITICAL"); +// std::string AYONLOGGERFILELOGGING("OFF"); + +// return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); +// } + +// TEST(AyonCppApi, AyonCppApiCreation) { +// AyonApi Test = getApiInstance(); +// } + +// TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { +// Instrumentor::Get().BeginSession("Profile", "bin/profSerial.json"); +// AyonApi Api = getApiInstance(); +// bool RunOnlyOneResolveIteration = false; +// bool printResult = true; + +// if (!AyonCppApiTest::test_SimpleResolve(JsonFile, RunOnlyOneResolveIteration, printResult, Api)) { +// FAIL(); +// } + +// Instrumentor::Get().EndSession(); +// std::cout << std::endl; +// } + +// TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { +// Instrumentor::Get().BeginSession("Profile", "bin/profBatch.json"); +// AyonApi Api = getApiInstance(); +// bool RunOnlyOneResolveIteration = false; +// bool printResult = true; + +// if (!AyonCppApiTest::test_BatchResolve(JsonFile, printResult, Api)) { +// FAIL(); +// } + +// Instrumentor::Get().EndSession(); +// std::cout << std::endl; +// } + +// int main(int argc, char** argv) { +// std::ifstream file("test/testData.json"); +// if (!file.is_open()) { +// std::cerr << "Failed to open file!" << std::endl; +// } +// JsonFile = nlohmann::json::parse(file); +// file.close(); + +// ::testing::InitGoogleTest(&argc, argv); +// return RUN_ALL_TESTS(); +// } From a7eb2041bfd87a917bf9dc3a44dde6b6858390e0 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 10 Mar 2025 16:36:13 +0100 Subject: [PATCH 025/106] Cross-platform: works on linux, should work on windows --- test/TestServer.py | 330 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 274 insertions(+), 56 deletions(-) diff --git a/test/TestServer.py b/test/TestServer.py index 628d3da..d86fe0c 100644 --- a/test/TestServer.py +++ b/test/TestServer.py @@ -1,34 +1,158 @@ -import threading -import time -import uvicorn -import requests +# import threading +# import time +# import uvicorn +# import requests +# from fastapi import FastAPI, HTTPException +# from pydantic import BaseModel, Field +# from typing import List, Optional +# import json + +# app = FastAPI() +# stop_event = threading.Event() # Stop flag for graceful shutdown + +# # Load JSON data +# with open('test/testData.json', 'r') as file: +# jsonStore = json.load(file) + + +# class Item(BaseModel): +# name: str + + +# @app.get("/") +# async def read_root(): +# return {"Available": "1"} + + +# class RequestModel(BaseModel): +# resolveRoots: bool = Field(False, alias="resolveRoots") +# uris: List[str] + + +# class ResolvedEntityModel(BaseModel): +# projectName: str +# folderId: str +# productId: str +# versionId: str +# representationId: str +# filePath: str +# target: Optional[str] + + +# class ResolvedURIModel(BaseModel): +# uri: str +# entities: List[ResolvedEntityModel] + + +# @app.post("/api/resolve") +# async def resolve_uris(request: RequestModel) -> List[ResolvedURIModel]: +# resolved_uris = [] +# for uri in request.uris: +# resolved_entity = jsonStore["Resolve"][uri]["Server"][-1]["entities"][0] +# resolved_uri = ResolvedURIModel(uri=uri, entities=[resolved_entity]) +# resolved_uris.append(resolved_uri) +# return resolved_uris + + +# @app.get("/api/projects/{projectName}/siteRoots") +# async def SiteRoots(projectName: str): +# if projectName == "TestPrjName": +# return {"work": "/home/workh/Documents/AyonAos"} + + +# # Function to run the server with graceful shutdown +# def run_server(): +# config = uvicorn.Config(app, host="0.0.0.0", port=8003, log_level="debug") +# server = uvicorn.Server(config) +# print("🚀 Starting server...") +# server.run_in_thread() +# print("✅ Server should be running now.") + +# while not stop_event.is_set(): +# time.sleep(1) + +# print("🚀 Server shutting down...") + + +# # def start(): +# # server_thread = threading.Thread(target=run_server, daemon=True) +# # server_thread.start() +# # print("✅ Server is starting in the background...") +# # return server_thread + +# def start(): +# from multiprocessing import Process +# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) + +# proc.start() +# print("Server is starting in the background...") +# return proc + + +# def stop(): +# print("🛑 Stopping server...") +# stop_event.set() # Set the stop flag +# time.sleep(1) # Give some time for shutdown + + +# if __name__ == "__main__": +# try: +# server = start() + +# # Wait until the server is responsive before sending a request +# for _ in range(10): # Try for 10 seconds +# try: +# response = requests.get("http://localhost:8003/") +# if response.status_code == 200: +# print("✅ Server is running:", response.text) +# break +# except requests.exceptions.ConnectionError: +# print("⏳ Waiting for server to start...") +# time.sleep(1) +# else: +# print("❌ Error: Server did not start in time.") + +# # Keep the script running +# while True: +# time.sleep(1) + +# except KeyboardInterrupt: +# print("\n🛑 KeyboardInterrupt detected. Shutting down...") +# stop() + + +import subprocess from fastapi import FastAPI, HTTPException from pydantic import BaseModel, Field from typing import List, Optional +import uvicorn import json +from multiprocessing import Process app = FastAPI() -stop_event = threading.Event() # Stop flag for graceful shutdown -# Load JSON data + with open('test/testData.json', 'r') as file: - jsonStore = json.load(file) + global jsonStore + jsonStore= json.load(file) class Item(BaseModel): name: str - +# Define endpoints @app.get("/") async def read_root(): return {"Available": "1"} class RequestModel(BaseModel): - resolveRoots: bool = Field(False, alias="resolveRoots") + resolveRoots: bool = Field( + False, + alias="resolveRoots" + ) uris: List[str] - class ResolvedEntityModel(BaseModel): projectName: str folderId: str @@ -38,74 +162,168 @@ class ResolvedEntityModel(BaseModel): filePath: str target: Optional[str] - class ResolvedURIModel(BaseModel): uri: str entities: List[ResolvedEntityModel] - @app.post("/api/resolve") async def resolve_uris(request: RequestModel) -> List[ResolvedURIModel]: resolved_uris = [] for uri in request.uris: resolved_entity = jsonStore["Resolve"][uri]["Server"][-1]["entities"][0] + resolved_uri = ResolvedURIModel(uri=uri, entities=[resolved_entity]) resolved_uris.append(resolved_uri) return resolved_uris - @app.get("/api/projects/{projectName}/siteRoots") async def SiteRoots(projectName: str): - if projectName == "TestPrjName": - return {"work": "/home/workh/Documents/AyonAos"} + if (projectName == "TestPrjName"): + return{"work": "/home/workh/Documents/AyonAos"} -# Function to run the server with graceful shutdown -def run_server(): - config = uvicorn.Config(app, host="0.0.0.0", port=8003, log_level="error") - server = uvicorn.Server(config) +def start(): + proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) - while not stop_event.is_set(): - server.run() - time.sleep(1) + proc.start() + print("Server is starting in the background...") + return proc - print("🚀 Server shutting down...") +if __name__ == "__main__": + test = start() + del test + import requests + response = requests.get("http://localhost:8003/") + print("Test Response", response.text) -def start(): - server_thread = threading.Thread(target=run_server, daemon=True) - server_thread.start() - print("✅ Server is starting in the background...") - return server_thread +# import threading +# import time +# import uvicorn +# import requests +# from fastapi import FastAPI +# from pydantic import BaseModel, Field +# from typing import List, Optional +# import json +# import sys +# import os +# app = FastAPI() +# stop_event = threading.Event() # Stop flag for graceful shutdown -def stop(): - print("🛑 Stopping server...") - stop_event.set() # Set the stop flag - time.sleep(1) # Give some time for shutdown +# # Load JSON data +# with open('test/testData.json', 'r') as file: +# jsonStore = json.load(file) -if __name__ == "__main__": - try: - server = start() - - # Wait until the server is responsive before sending a request - for _ in range(10): # Try for 10 seconds - try: - response = requests.get("http://localhost:8003/") - if response.status_code == 200: - print("✅ Server is running:", response.text) - break - except requests.exceptions.ConnectionError: - print("⏳ Waiting for server to start...") - time.sleep(1) - else: - print("❌ Error: Server did not start in time.") - - # Keep the script running - while True: - time.sleep(1) - - except KeyboardInterrupt: - print("\n🛑 KeyboardInterrupt detected. Shutting down...") - stop() +# class Item(BaseModel): +# name: str + + +# @app.get("/") +# async def read_root(): +# return {"Available": "1"} + + +# class RequestModel(BaseModel): +# resolveRoots: bool = Field(False, alias="resolveRoots") +# uris: List[str] + + +# class ResolvedEntityModel(BaseModel): +# projectName: str +# folderId: str +# productId: str +# versionId: str +# representationId: str +# filePath: str +# target: Optional[str] + + +# class ResolvedURIModel(BaseModel): +# uri: str +# entities: List[ResolvedEntityModel] + + +# @app.post("/api/resolve") +# async def resolve_uris(request: RequestModel) -> List[ResolvedURIModel]: +# resolved_uris = [] +# for uri in request.uris: +# resolved_entity = jsonStore["Resolve"][uri]["Server"][-1]["entities"][0] +# resolved_uri = ResolvedURIModel(uri=uri, entities=[resolved_entity]) +# resolved_uris.append(resolved_uri) +# return resolved_uris + + +# @app.get("/api/projects/{projectName}/siteRoots") +# async def SiteRoots(projectName: str): +# if projectName == "TestPrjName": +# return {"work": "/home/workh/Documents/AyonAos"} + + +# # Function to start the server in a thread (cross-platform) +# def run_server(): +# config = uvicorn.Config(app, host="0.0.0.0", port=8003, log_level="error") +# server = uvicorn.Server(config) +# print("🚀 Starting server...") +# server.run() + +# # Start server in background process (compatible with Windows & Linux) +# def start(): +# if sys.platform == "win32": +# # Windows prefers threading +# from multiprocessing import Process +# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) + +# proc.start() +# print("Server is starting in the background...") +# return proc +# else: +# # Linux can handle multiprocessing +# # import subprocess +# from multiprocessing import Process +# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) +# proc.start() +# print("Server is starting in the background...") +# return proc + + +# # Stop function +# def stop(): +# print("🛑 Stopping server...") +# stop_event.set() # Signal threads to stop +# time.sleep(1) # Allow graceful shutdown + + +# # if __name__ == "__main__": +# # try: +# # server = start() + +# # # Wait until the server is responsive before sending a request +# # for _ in range(10): # Try for 10 seconds +# # try: +# # response = requests.get("http://localhost:8003/") +# # if response.status_code == 200: +# # print("✅ Server is running:", response.text) +# # break +# # except requests.exceptions.ConnectionError: +# # print("⏳ Waiting for server to start...") +# # time.sleep(1) +# # else: +# # print("❌ Error: Server did not start in time.") + +# # # Keep the script running +# # while True: +# # time.sleep(1) + +# # except KeyboardInterrupt: +# # print("\n🛑 KeyboardInterrupt detected. Shutting down...") +# # stop() + +# if __name__ == "__main__": +# test = start() +# del test +# import requests +# response = requests.get("http://localhost:8003/") +# print("Test Response", response.text) + From ed6515f272d86cc473992ca9077b58b10dd2d3c2 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 10 Mar 2025 17:14:58 +0100 Subject: [PATCH 026/106] Cross-platform: adjustments for stop test server on windows --- AyonBuild.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/AyonBuild.py b/AyonBuild.py index d505f7a..f98b73e 100644 --- a/AyonBuild.py +++ b/AyonBuild.py @@ -160,14 +160,15 @@ def startTestServer(): def CheckTestServer(): import requests - response = requests.get("http://localhost:8003/") print("Test Respone", response.text) def stopTestServer(): - # ServerPocVar.join(timeout=2) - ServerPocVar.kill() + if sys.platform == "win32": + ServerPocVar.join(timeout=2) + else: + ServerPocVar.kill() SetupTestServer = Project.Stage("SetupTestServer") @@ -234,7 +235,7 @@ def stopTestServer(): ) AyonCppApiPrj.creat_stage_group( - "BuildAndBnech", + "BuildAndBench", SetTestVars, BuildStage, SetupTestServer, @@ -242,7 +243,7 @@ def stopTestServer(): StopTestServer, ) AyonCppApiPrj.creat_stage_group( - "CleanBuildAndBnech", + "CleanBuildAndBench", CleanUpStage, SetTestVars, BuildStage, @@ -251,7 +252,7 @@ def stopTestServer(): StopTestServer, ) AyonCppApiPrj.creat_stage_group( - "CleanBuildAndBnechPlusTest", + "CleanBuildAndBenchPlusTest", CleanUpStage, SetTestVars, BuildStage, From 0bcf40c16fb9b59411310f6a6ebda6ae884c1005 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 10 Mar 2025 17:15:29 +0100 Subject: [PATCH 027/106] Cross-platform: adjustments of starting test server on windows --- test/TestServer.py | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/test/TestServer.py b/test/TestServer.py index d86fe0c..24ae9fb 100644 --- a/test/TestServer.py +++ b/test/TestServer.py @@ -183,11 +183,32 @@ async def SiteRoots(projectName: str): def start(): - proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) + import sys + if sys.platform == "win32": + import threading + # Windows prefers threading + def run_server(): + uvicorn.run(app, host="0.0.0.0", port=8003, log_level="error") + + server_thread = threading.Thread(target=run_server, daemon=True) + server_thread.start() + print("Server is starting in the background...") + return server_thread + else: + # Linux can handle multiprocessing + # import subprocess + from multiprocessing import Process + proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) + proc.start() + print("Server is starting in the background...") + return proc - proc.start() - print("Server is starting in the background...") - return proc +# def start(): +# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) + +# proc.start() +# print("Server is starting in the background...") +# return proc if __name__ == "__main__": From c2985264a661bb7259d7b8b01bbe615913357eac Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 14 Mar 2025 16:40:12 +0100 Subject: [PATCH 028/106] Conflict local X head --- src/AyonCppApi/AyonCppApi.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 399fcf1..48cb832 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -35,6 +35,10 @@ // TODO implement the better Crash hanlder backward::StackTrace st; + +// ------------------------------------------------ +// helper functions for getting the ca cert path +// ------------------------------------------------ std::string parseOutput(std::string& output) { // Parse the output to extract the directory path std::string::size_type start = output.find('"'); @@ -84,6 +88,8 @@ std::string getOpenSSLDir() { return parseOutput(SSLeay_version(SSLEAY_DIR)); #endif } +// ------------------------------------------------ + AyonApi::AyonApi(const std::string &logFilePos, const std::string &authKey, @@ -131,8 +137,8 @@ AyonApi::AyonApi(const std::string &logFilePos, #endif if (std::filesystem::exists(certFileCLI)) { - m_Log->warn("Using CLI var."); - m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); + m_Log->info("Using CLI var."); + m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); } else { std::string opensslDir = getOpenSSLDir(); #ifdef _WIN32 @@ -146,10 +152,10 @@ AyonApi::AyonApi(const std::string &logFilePos, } else { const char* envCertFile = getenv("SSL_CERT_FILE"); if (envCertFile) { - m_Log->warn("Using env var: SSL_CERT_PATH."); + m_Log->info("Using env var: SSL_CERT_PATH."); m_AyonServer->set_ca_cert_path(envCertFile); } else { - m_Log->warn("Using OpenSSL default verify paths."); + m_Log->warn("Getting OpenSSL directory didn't succeed. Using OpenSSL default verify paths."); m_AyonServer->set_ca_cert_path(nullptr); } } From 301c26f9db110ee0f92ada1d82415370944a7b12 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 14 Mar 2025 16:55:57 +0100 Subject: [PATCH 029/106] Code hygiene --- src/AyonCppApi/AyonCppApi.cpp | 21 +++------------------ src/AyonCppApi/AyonCppApi.h | 28 ++++++---------------------- 2 files changed, 9 insertions(+), 40 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 48cb832..25e5d44 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -172,24 +172,9 @@ AyonApi::AyonApi(const std::string &logFilePos, } auto res = m_AyonServer->Get("/api/info", m_headers); - std::cout << "====== /api/info ======" << std::endl; - if (res) { - std::cout << "Response: " << res->status << std::endl; - // std::cout << "Response body: " << res->body << std::endl; - } else { - std::cout << "Response is null." << std::endl; - std::cout << "Response error: " << res.error() << std::endl; - } - - // res = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=windows", m_headers); - // std::cout << "====== /api/projects/" << m_ayonProjectName << "/siteRoots?platform=windows ======" << std::endl; - // if (res) { - // std::cout << "Response: " << res->status << std::endl; - // std::cout << "Response body: " << res->body << std::endl; - // } else { - // std::cout << "Response is null." << std::endl; - // std::cout << "Response error: " << res.error() << std::endl; - // } + if (!res) { + m_Log->error("Failed to connect to the Ayon server."); + } m_Log->info(m_Log->key("AyonApi"), "Constructor Getting Site Roots"); getSiteRoots(); diff --git a/src/AyonCppApi/AyonCppApi.h b/src/AyonCppApi/AyonCppApi.h index 32ba9e6..cec2e2d 100644 --- a/src/AyonCppApi/AyonCppApi.h +++ b/src/AyonCppApi/AyonCppApi.h @@ -9,10 +9,6 @@ #include #include #include -# ifdef CPPHTTPLIB_OPENSSL_SUPPORT -# include -# include -# endif #include "lib/ynput/lib/logging/AyonLogger.hpp" #include "appDataFoulder.h" #include "httplib.h" @@ -109,14 +105,6 @@ class AyonApi { */ std::pair getAssetIdent(const nlohmann::json &uriResolverRespone); - /** - * @brief this function loads all needed varible into the class \n - * this will allso be called by the constructor - * - * @return - */ - bool loadEnvVars(); - /** * @brief get function for shared AyonLogger pointer used by this class instance */ @@ -172,22 +160,18 @@ class AyonApi { /** * @brief checks if the m_AyonServer is running on ssl based on m_serverUrl + * dumb implementation but it should work - function from httplib is not working + * + * @return true if m_serverUrl starts with https:// */ bool isSSL() const; - - # ifdef CPPHTTPLIB_OPENSSL_SUPPORT - # include - # include - - static X509_STORE* createCaCertStore(); - # endif - - // ----- Env Varibles + std::unique_ptr m_AyonServer; std::unordered_map m_siteRoots; - + + // ----- Env Varibles const std::string m_authKey; const std::string m_serverUrl; std::string m_ayonProjectName; From 193c6ef4c8baf139105a89975eb7fee5c24deacf Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 14 Mar 2025 16:56:07 +0100 Subject: [PATCH 030/106] Code hygiene --- test/GTestMain.cpp | 74 ---------------------------------------------- 1 file changed, 74 deletions(-) diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index a7179be..91069a9 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -28,13 +28,10 @@ AyonApi getApiInstance() { } TEST(AyonCppApi, AyonCppApiCreation) { - std::cout << "Running AyonCppApiCreation test..." << std::endl; AyonApi Test = getApiInstance(); - std::cout << "AyonCppApiCreation test completed." << std::endl; } TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { - std::cout << "Running AyonCppApiSerialResolveRootReplace test..." << std::endl; Instrumentor::Get().BeginSession("Profile", "bin/profSerial.json"); AyonApi Api = getApiInstance(); nlohmann::json JsonFileStage = JsonFile["Resolve"]; @@ -46,11 +43,9 @@ TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { } Instrumentor::Get().EndSession(); - std::cout << "AyonCppApiSerialResolveRootReplace test completed." << std::endl; } TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { - std::cout << "Running AyonCppApiBatchResolveRootReplace test..." << std::endl; Instrumentor::Get().BeginSession("Profile", "bin/profBatch.json"); AyonApi Api = getApiInstance(); nlohmann::json JsonFileStage = JsonFile["Resolve"]; @@ -62,7 +57,6 @@ TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { } Instrumentor::Get().EndSession(); - std::cout << "AyonCppApiBatchResolveRootReplace test completed." << std::endl; } AyonApi getApiInstanceSSL() { @@ -85,9 +79,7 @@ AyonApi getApiInstanceSSL() { } TEST(AyonCppApi, AyonCppApiCreationSSL) { - std::cout << "Running AyonCppApiCreationSSL test..." << std::endl; AyonApi Test = getApiInstanceSSL(); - std::cout << "AyonCppApiCreationSSL test completed." << std::endl; } int main(int argc, char** argv) { @@ -102,69 +94,3 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); } - -// #include "gtest/gtest.h" -// #include -// #include -// #include -// #include -// #include "Instrumentor.h" -// #include "nlohmann/json.hpp" -// #include "AyonCppApiTestsMain.h" - -// nlohmann::json JsonFile; - -// AyonApi getApiInstance() { -// std::string AYON_API_KEY("SuperSaveTestKey"); -// std::string AYON_SERVER_URL("http://localhost:8003"); -// std::string AYON_SITE_ID("TestId"); -// std::string AYON_PROJECT_NAME("TestPrjName"); -// std::string AYONLOGGERLOGLVL("CRITICAL"); -// std::string AYONLOGGERFILELOGGING("OFF"); - -// return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); -// } - -// TEST(AyonCppApi, AyonCppApiCreation) { -// AyonApi Test = getApiInstance(); -// } - -// TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { -// Instrumentor::Get().BeginSession("Profile", "bin/profSerial.json"); -// AyonApi Api = getApiInstance(); -// bool RunOnlyOneResolveIteration = false; -// bool printResult = true; - -// if (!AyonCppApiTest::test_SimpleResolve(JsonFile, RunOnlyOneResolveIteration, printResult, Api)) { -// FAIL(); -// } - -// Instrumentor::Get().EndSession(); -// std::cout << std::endl; -// } - -// TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { -// Instrumentor::Get().BeginSession("Profile", "bin/profBatch.json"); -// AyonApi Api = getApiInstance(); -// bool RunOnlyOneResolveIteration = false; -// bool printResult = true; - -// if (!AyonCppApiTest::test_BatchResolve(JsonFile, printResult, Api)) { -// FAIL(); -// } - -// Instrumentor::Get().EndSession(); -// std::cout << std::endl; -// } - -// int main(int argc, char** argv) { -// std::ifstream file("test/testData.json"); -// if (!file.is_open()) { -// std::cerr << "Failed to open file!" << std::endl; -// } -// JsonFile = nlohmann::json::parse(file); -// file.close(); - -// ::testing::InitGoogleTest(&argc, argv); -// return RUN_ALL_TESTS(); -// } From db6521a944319f15e034daa16939c6e8a482296f Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 17 Mar 2025 10:49:28 +0100 Subject: [PATCH 031/106] Test: delete of playground source file --- test/test.cpp | 193 -------------------------------------------------- 1 file changed, 193 deletions(-) delete mode 100644 test/test.cpp diff --git a/test/test.cpp b/test/test.cpp deleted file mode 100644 index 17b942a..0000000 --- a/test/test.cpp +++ /dev/null @@ -1,193 +0,0 @@ -#include -#include -#include -#include -#define CPPHTTPLIB_OPENSSL_SUPPORT -#include "../ext/cpp-httplib/httplib.h" // Include the cpp-httplib header -#include - -// #define BEARER_TOKEN -#define USER -// #define SERVICE -#define CERTIFICATE_VERIFICATION -// #define SITE_ID -#define GET_SITE_ROOTS -// #define GET_PROJECTS - - -void printRes(const httplib::Result &res) { - if (res) { - std::cout << "Status code: " << res->status << std::endl; - std::cout << "Response body:\n" << res->body << std::endl; - } else { - std::cerr << "Error: Unable to connect to the m_AyonServer - " << res.error() << std::endl; - } -} - - -void constructorTest(const std::string &authKey, - const std::string &serverUrl, - const std::string &ayonProjectName, - const std::string &siteId) { - std::string m_authKey = authKey; - std::string m_serverUrl = serverUrl; - std::string m_ayonProjectName = ayonProjectName; - std::string m_siteId = siteId; - - std::unique_ptr m_AyonServer = std::make_unique(m_serverUrl); - - httplib::Headers m_headers = { - {"X-Api-Key", m_authKey}, - // {"X-ayon-platform", "linux"}, - }; - - // X509_STORE* store = X509_STORE_new(); - // if (store) { - // std::cout << "X509_STORE created." << std::endl; - - // // This function loads the default system locations for CA certificates. - // if (X509_STORE_set_default_paths(store) != 1) { - // std::cout << "X509_STORE_set_default_paths failed." << std::endl; - // } else { - // m_AyonServer->set_ca_cert_store(store); - // std::cout << "Default CA paths loaded and set." << std::endl; - // } - // } else { - // std::cout << "Failed to create X509_STORE." << std::endl; - // } - - // m_AyonServer->enable_server_certificate_verification(true); - // std::cout << "Server certificate verification enabled." << std::endl; - - // auto res = m_AyonServer->Get("/api/info", m_headers); - auto res = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", m_headers); - - if (res) { - std::cout << "Response: " << res->status << std::endl; - std::cout << "Response body: " << res->body << std::endl; - } else { - std::cout << "Response is null." << std::endl; - std::cout << "Response error: " << res.error() << std::endl; - } -} - - -std::string parseOutput(std::string& output) { - // Parse the output to extract the directory path - std::string::size_type start = output.find('"'); - std::string::size_type end = output.find('"', start + 1); - if (start != std::string::npos && end != std::string::npos) { - return output.substr(start + 1, end - start - 1); - } else { - throw std::runtime_error("Failed to parse OpenSSL directory from command output."); - } -} - -std::string getOpenSSLDirByCLI() { - std::array buffer; - std::string result; - auto pipeDeleter = [](FILE* pipe) { pclose(pipe); }; - std::unique_ptr pipe(popen("openssl version -d", "r"), pipeDeleter); - if (!pipe) { - throw std::runtime_error("popen() failed!"); - } - while (fgets(buffer.data(), buffer.size(), pipe.get()) != nullptr) { - result += buffer.data(); - } - - return parseOutput(result); -} - - -std::string getOpenSSLDir() { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0+ - const char* sslVersion = OpenSSL_version(OPENSSL_DIR); - std::string sslVersionStr(sslVersion); - return parseOutput(sslVersionStr); -#else // OpenSSL 1.0.x - return parseOutput(SSLeay_version(SSLEAY_DIR)); -#endif -} - - - -int main() { - std::string opensslCliDir = getOpenSSLDirByCLI(); - std::string x509DefaultCertDir = X509_get_default_cert_dir(); - std::string opensslDefaultDir = getOpenSSLDir(); - - std::cout << "OpenSSL CLI directory: " << opensslCliDir << " - " << (access(opensslCliDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; - std::cout << "X509_get_default_cert_dir: " << x509DefaultCertDir << " - " << (access(x509DefaultCertDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; - std::cout << "OpenSSL default directory: " << opensslDefaultDir << " - " << (access(opensslDefaultDir.c_str(), F_OK) != -1 ? "exists" : "not exists") << std::endl; - - std::cout << "OpenSSL version: " << OpenSSL_version(OPENSSL_VERSION) << std::endl; - - // return 0; - - // std::string AYON_API_KEY("6268b8b004ce8c7a7645afc548234937a69b6c6095b1c32ca6fa9f8351f8f4f8"); - // std::string AYON_SERVER_URL("https://ayon.dev"); - // std::string AYON_SITE_ID("test-id"); - // std::string AYON_PROJECT_NAME("test_API_project"); - - // constructorTest(AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); - - return 0; - - // ============================================= - const std::string auth_key = "884198bdeb1c28a334acd03c3fc6e188b60506af810b0ed2d1c85748fe96e341"; - - std::string m_ayonProjectName = "test_API_project"; - - std::unique_ptr m_AyonServer = std::make_unique("https://ayon.dev"); - // ============================================= - - httplib::Headers headers = { - {"X-Api-Key", auth_key}, - // {"X-ayon-platform", "linux"}, - #ifdef _WIN32 - {"X-ayon-platform", "windows"}, - #elif __linux__ - // {"X-ayon-platform", "linux"}, - #endif - #ifdef SITE_ID - {"X-ayon-site-id", "test-site-id"} - #endif - }; - - // Create a new store and let OpenSSL load system default paths - // X509_STORE* store = X509_STORE_new(); - // if (store) { - // std::cout << "X509_STORE created." << std::endl; - - // // This function loads the default system locations for CA certificates. - // if (X509_STORE_set_default_paths(store) != 1) { - // std::cout << "X509_STORE_set_default_paths failed." << std::endl; - // } - // m_AyonServer->set_ca_cert_store(store); - // } else { - // std::cout << "Failed to create X509_STORE." << std::endl; - // } - - // std::cout << "OpenSSL support not enabled." << std::endl; - - // m_AyonServer->enable_server_certificate_verification(true); - - auto res_0 = m_AyonServer->Get("/api/info", headers); - std::cout << "Response: " << res_0->status << std::endl; - // printRes(res_0); - -#ifdef GET_SITE_ROOTS - auto res_1 = m_AyonServer->Get("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux", headers); - - printRes(res_1); -#endif - -#ifdef GET_PROJECTS - auto res_2 = m_AyonServer->Get("/api/projects"); - - printRes(res_2); -#endif - - - return 0; -} \ No newline at end of file From c2494156c26d2006ace8650e59cc291db2edee02 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 17 Mar 2025 10:50:34 +0100 Subject: [PATCH 032/106] Constructor: The change that has not been included somehow - already in main branch --- src/AyonCppApi/AyonCppApi.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AyonCppApi/AyonCppApi.h b/src/AyonCppApi/AyonCppApi.h index cec2e2d..e457fbc 100644 --- a/src/AyonCppApi/AyonCppApi.h +++ b/src/AyonCppApi/AyonCppApi.h @@ -25,7 +25,7 @@ class AyonApi { /** * @brief constructor */ - AyonApi(const std::string &logFilePos, + AyonApi(const std::optional &logFilePos, const std::string &authKey, const std::string &serverUrl, const std::string &ayonProjectName, From 4a0f60d85fbe91b350831de5f753c0187d11ed2e Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 17 Mar 2025 10:50:41 +0100 Subject: [PATCH 033/106] Constructor: The change that has not been included somehow - already in main branch --- src/AyonCppApi/AyonCppApi.cpp | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 25e5d44..c08a537 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -32,7 +32,7 @@ #include "backward.hpp" #include "perfPrinter.h" -// TODO implement the better Crash hanlder +// TODO implement the better Crash handler backward::StackTrace st; @@ -91,7 +91,7 @@ std::string getOpenSSLDir() { // ------------------------------------------------ -AyonApi::AyonApi(const std::string &logFilePos, +AyonApi::AyonApi(const std::optional &logFilePos, const std::string &authKey, const std::string &serverUrl, const std::string &ayonProjectName, @@ -105,17 +105,29 @@ AyonApi::AyonApi(const std::string &logFilePos, PerfTimer("AyonApi::AyonApi"); // ----------- Init m_Logger - std::filesystem::path logFileName = "logFile.json"; - std::filesystem::path basePath = logFilePos; - std::filesystem::path logFilePath = std::filesystem::absolute(basePath) / logFileName; + std::filesystem::path logPath; + if (logFilePos.has_value()) { + std::filesystem::path inPath(logFilePos.value()); + + if (inPath.is_relative()) { + logPath = std::filesystem::weakly_canonical(inPath); + } + if (!inPath.has_parent_path()) { + // if the input path is just an filename we will just throw it into tmp + logPath = std::filesystem::temp_directory_path() / inPath; + } + // we allways want the data to be a json, so we just enforce it. + logPath.replace_extension(".json"); - if (std::filesystem::exists(logFilePath)) { - logFilePath = std::filesystem::canonical(logFilePath); - } else { - std::filesystem::create_directories(logFilePath.parent_path()); - } - m_Log = std::make_shared(AyonLogger::getInstance(logFilePath.string())); + if (std::filesystem::exists(logPath)) { + logPath = std::filesystem::canonical(logPath); + } + else { + std::filesystem::create_directories(logPath.parent_path()); + } + } + m_Log = std::make_shared(AyonLogger::getInstance(logPath.string())); m_Log->LogLevlWarn(); m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); @@ -124,7 +136,6 @@ AyonApi::AyonApi(const std::string &logFilePos, if (isSSL()) { m_headers = { {"X-Api-Key", m_authKey}, - // {"X-ayon-platform", "linux"}, }; try { From f25eb33ad59b82823192e5fffa4bb0c06cfe395e Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 17 Mar 2025 10:51:25 +0100 Subject: [PATCH 034/106] Test: Run tests without printing results --- test/GTestMain.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index 91069a9..e58b1e4 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -36,7 +36,7 @@ TEST(AyonCppApi, AyonCppApiSerialResolveRootReplace) { AyonApi Api = getApiInstance(); nlohmann::json JsonFileStage = JsonFile["Resolve"]; bool RunOnlyOneResolveIteration = false; - bool printResult = true; + bool printResult = false; if (!AyonCppApiTest::test_SimpleResolve(JsonFile, RunOnlyOneResolveIteration, printResult, Api)) { FAIL(); @@ -50,7 +50,7 @@ TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { AyonApi Api = getApiInstance(); nlohmann::json JsonFileStage = JsonFile["Resolve"]; bool RunOnlyOneResolveIteration = false; - bool printResult = true; + bool printResult = false; if (!AyonCppApiTest::test_BatchResolve(JsonFile, printResult, Api)) { FAIL(); From 3f2730f5521fde8a73cacd52158b5f42a623b390 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 28 Mar 2025 16:19:11 +0100 Subject: [PATCH 035/106] Test: new endpoint added - /api/info --- test/TestServer.py | 274 ++------------------------------------------- 1 file changed, 12 insertions(+), 262 deletions(-) diff --git a/test/TestServer.py b/test/TestServer.py index 24ae9fb..1b35c69 100644 --- a/test/TestServer.py +++ b/test/TestServer.py @@ -1,128 +1,8 @@ -# import threading -# import time -# import uvicorn -# import requests -# from fastapi import FastAPI, HTTPException -# from pydantic import BaseModel, Field -# from typing import List, Optional -# import json +""" +This script sets up a FastAPI server for testing purposes. It reads data from a JSON file and provides endpoints to resolve URIs and get project site roots. +""" -# app = FastAPI() -# stop_event = threading.Event() # Stop flag for graceful shutdown - -# # Load JSON data -# with open('test/testData.json', 'r') as file: -# jsonStore = json.load(file) - - -# class Item(BaseModel): -# name: str - - -# @app.get("/") -# async def read_root(): -# return {"Available": "1"} - - -# class RequestModel(BaseModel): -# resolveRoots: bool = Field(False, alias="resolveRoots") -# uris: List[str] - - -# class ResolvedEntityModel(BaseModel): -# projectName: str -# folderId: str -# productId: str -# versionId: str -# representationId: str -# filePath: str -# target: Optional[str] - - -# class ResolvedURIModel(BaseModel): -# uri: str -# entities: List[ResolvedEntityModel] - - -# @app.post("/api/resolve") -# async def resolve_uris(request: RequestModel) -> List[ResolvedURIModel]: -# resolved_uris = [] -# for uri in request.uris: -# resolved_entity = jsonStore["Resolve"][uri]["Server"][-1]["entities"][0] -# resolved_uri = ResolvedURIModel(uri=uri, entities=[resolved_entity]) -# resolved_uris.append(resolved_uri) -# return resolved_uris - - -# @app.get("/api/projects/{projectName}/siteRoots") -# async def SiteRoots(projectName: str): -# if projectName == "TestPrjName": -# return {"work": "/home/workh/Documents/AyonAos"} - - -# # Function to run the server with graceful shutdown -# def run_server(): -# config = uvicorn.Config(app, host="0.0.0.0", port=8003, log_level="debug") -# server = uvicorn.Server(config) -# print("🚀 Starting server...") -# server.run_in_thread() -# print("✅ Server should be running now.") - -# while not stop_event.is_set(): -# time.sleep(1) - -# print("🚀 Server shutting down...") - - -# # def start(): -# # server_thread = threading.Thread(target=run_server, daemon=True) -# # server_thread.start() -# # print("✅ Server is starting in the background...") -# # return server_thread - -# def start(): -# from multiprocessing import Process -# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) - -# proc.start() -# print("Server is starting in the background...") -# return proc - - -# def stop(): -# print("🛑 Stopping server...") -# stop_event.set() # Set the stop flag -# time.sleep(1) # Give some time for shutdown - - -# if __name__ == "__main__": -# try: -# server = start() - -# # Wait until the server is responsive before sending a request -# for _ in range(10): # Try for 10 seconds -# try: -# response = requests.get("http://localhost:8003/") -# if response.status_code == 200: -# print("✅ Server is running:", response.text) -# break -# except requests.exceptions.ConnectionError: -# print("⏳ Waiting for server to start...") -# time.sleep(1) -# else: -# print("❌ Error: Server did not start in time.") - -# # Keep the script running -# while True: -# time.sleep(1) - -# except KeyboardInterrupt: -# print("\n🛑 KeyboardInterrupt detected. Shutting down...") -# stop() - - -import subprocess -from fastapi import FastAPI, HTTPException +from fastapi import FastAPI from pydantic import BaseModel, Field from typing import List, Optional import uvicorn @@ -145,6 +25,14 @@ class Item(BaseModel): async def read_root(): return {"Available": "1"} +@app.get("/api/info") +async def get_info(): + return { + "server": "Ayon Test Server", + "version": "1.0.0", + "description": "This is a test server for AyonCppApi." + } + class RequestModel(BaseModel): resolveRoots: bool = Field( @@ -203,13 +91,6 @@ def run_server(): print("Server is starting in the background...") return proc -# def start(): -# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) - -# proc.start() -# print("Server is starting in the background...") -# return proc - if __name__ == "__main__": test = start() @@ -217,134 +98,3 @@ def run_server(): import requests response = requests.get("http://localhost:8003/") print("Test Response", response.text) - -# import threading -# import time -# import uvicorn -# import requests -# from fastapi import FastAPI -# from pydantic import BaseModel, Field -# from typing import List, Optional -# import json -# import sys -# import os - -# app = FastAPI() -# stop_event = threading.Event() # Stop flag for graceful shutdown - -# # Load JSON data -# with open('test/testData.json', 'r') as file: -# jsonStore = json.load(file) - - -# class Item(BaseModel): -# name: str - - -# @app.get("/") -# async def read_root(): -# return {"Available": "1"} - - -# class RequestModel(BaseModel): -# resolveRoots: bool = Field(False, alias="resolveRoots") -# uris: List[str] - - -# class ResolvedEntityModel(BaseModel): -# projectName: str -# folderId: str -# productId: str -# versionId: str -# representationId: str -# filePath: str -# target: Optional[str] - - -# class ResolvedURIModel(BaseModel): -# uri: str -# entities: List[ResolvedEntityModel] - - -# @app.post("/api/resolve") -# async def resolve_uris(request: RequestModel) -> List[ResolvedURIModel]: -# resolved_uris = [] -# for uri in request.uris: -# resolved_entity = jsonStore["Resolve"][uri]["Server"][-1]["entities"][0] -# resolved_uri = ResolvedURIModel(uri=uri, entities=[resolved_entity]) -# resolved_uris.append(resolved_uri) -# return resolved_uris - - -# @app.get("/api/projects/{projectName}/siteRoots") -# async def SiteRoots(projectName: str): -# if projectName == "TestPrjName": -# return {"work": "/home/workh/Documents/AyonAos"} - - -# # Function to start the server in a thread (cross-platform) -# def run_server(): -# config = uvicorn.Config(app, host="0.0.0.0", port=8003, log_level="error") -# server = uvicorn.Server(config) -# print("🚀 Starting server...") -# server.run() - -# # Start server in background process (compatible with Windows & Linux) -# def start(): -# if sys.platform == "win32": -# # Windows prefers threading -# from multiprocessing import Process -# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) - -# proc.start() -# print("Server is starting in the background...") -# return proc -# else: -# # Linux can handle multiprocessing -# # import subprocess -# from multiprocessing import Process -# proc = Process(target=uvicorn.run,args=(app,),kwargs={"host": "0.0.0.0","port": 8003,"log_level": "error"}) -# proc.start() -# print("Server is starting in the background...") -# return proc - - -# # Stop function -# def stop(): -# print("🛑 Stopping server...") -# stop_event.set() # Signal threads to stop -# time.sleep(1) # Allow graceful shutdown - - -# # if __name__ == "__main__": -# # try: -# # server = start() - -# # # Wait until the server is responsive before sending a request -# # for _ in range(10): # Try for 10 seconds -# # try: -# # response = requests.get("http://localhost:8003/") -# # if response.status_code == 200: -# # print("✅ Server is running:", response.text) -# # break -# # except requests.exceptions.ConnectionError: -# # print("⏳ Waiting for server to start...") -# # time.sleep(1) -# # else: -# # print("❌ Error: Server did not start in time.") - -# # # Keep the script running -# # while True: -# # time.sleep(1) - -# # except KeyboardInterrupt: -# # print("\n🛑 KeyboardInterrupt detected. Shutting down...") -# # stop() - -# if __name__ == "__main__": -# test = start() -# del test -# import requests -# response = requests.get("http://localhost:8003/") -# print("Test Response", response.text) - From dd5c22ae2494abd18083ebf96d72e1652d1e19f7 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 28 Mar 2025 16:21:08 +0100 Subject: [PATCH 036/106] Test: unnecessary arguments deleted --- test/AyonCppApiTestsMain.cpp | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/test/AyonCppApiTestsMain.cpp b/test/AyonCppApiTestsMain.cpp index ca9d3da..755084a 100644 --- a/test/AyonCppApiTestsMain.cpp +++ b/test/AyonCppApiTestsMain.cpp @@ -12,9 +12,7 @@ AyonCppApiTest::load_EnvVariables(std::string &envFilePath, std::string &AYON_API_KEY, std::string &AYON_SERVER_URL, std::string &AYON_SITE_ID, - std::string &AYON_PROJECT_NAME, - std::string &AYONLOGGERLOGLVL, - std::string &AYONLOGGERFILELOGGING) { + std::string &AYON_PROJECT_NAME) { std::ifstream envFile(envFilePath); if (!envFile.is_open()) { std::cerr << "Failed to open .env file: " << envFilePath << std::endl; @@ -34,10 +32,6 @@ AyonCppApiTest::load_EnvVariables(std::string &envFilePath, AYON_SITE_ID = value; } else if (key == "AYON_PROJECT_NAME") { AYON_PROJECT_NAME = value; - } else if (key == "AYONLOGGERLOGLVL") { - AYONLOGGERLOGLVL = value; - } else if (key == "AYONLOGGERFILELOGGING") { - AYONLOGGERFILELOGGING = value; } } } From f219106e924b0345dacbe054861809305576a440 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 28 Mar 2025 16:21:58 +0100 Subject: [PATCH 037/106] Test: unnecessary arguments deleted --- test/AyonCppApiTestsMain.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/AyonCppApiTestsMain.h b/test/AyonCppApiTestsMain.h index c19226a..b127e48 100644 --- a/test/AyonCppApiTestsMain.h +++ b/test/AyonCppApiTestsMain.h @@ -8,9 +8,7 @@ bool load_EnvVariables( std::string &AYON_API_KEY, std::string &AYON_SERVER_URL, std::string &AYON_SITE_ID, - std::string &AYON_PROJECT_NAME, - std::string &AYONLOGGERLOGLVL, - std::string &AYONLOGGERFILELOGGING + std::string &AYON_PROJECT_NAME ); bool test_SimpleResolve(nlohmann::json &JsonFile, const bool &RunOnlyOnce, const bool &Print, AyonApi &Api); From 6285410a8035a1c5f14545890bf2d7c3acc905a5 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 28 Mar 2025 16:22:36 +0100 Subject: [PATCH 038/106] Test: unnecessary arguments deleted --- test/GBenchMain.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/GBenchMain.cpp b/test/GBenchMain.cpp index a6c28aa..3c50b53 100644 --- a/test/GBenchMain.cpp +++ b/test/GBenchMain.cpp @@ -13,14 +13,13 @@ getApiInstance() { std::string AYON_SERVER_URL; std::string AYON_SITE_ID; std::string AYON_PROJECT_NAME; - std::string AYONLOGGERLOGLVL; - std::string AYONLOGGERFILELOGGING; + #ifdef _WIN32 std::string envFilePath("test\\.env_http"); #else std::string envFilePath("test/.env_http"); #endif - if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME, AYONLOGGERLOGLVL, AYONLOGGERFILELOGGING)) { + if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME)) { std::cerr << "Failed to load environment variables!" << std::endl; } From a9c1ea1f8671c9b604e8502fd3ae6c6f0d65c9e4 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 28 Mar 2025 16:22:47 +0100 Subject: [PATCH 039/106] Test: unnecessary arguments deleted --- test/GTestMain.cpp | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index e58b1e4..7cea769 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -13,15 +13,15 @@ AyonApi getApiInstance() { std::string AYON_SERVER_URL; std::string AYON_SITE_ID; std::string AYON_PROJECT_NAME; - std::string AYONLOGGERLOGLVL; - std::string AYONLOGGERFILELOGGING; + #ifdef _WIN32 std::string envFilePath("test\\.env_http"); #else std::string envFilePath("test/.env_http"); #endif - if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME, AYONLOGGERLOGLVL, AYONLOGGERFILELOGGING)) { + if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME)) { std::cerr << "Failed to load environment variables!" << std::endl; + throw std::runtime_error("Failed to load environment variables!"); } return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); @@ -59,24 +59,24 @@ TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { Instrumentor::Get().EndSession(); } -AyonApi getApiInstanceSSL() { - std::string AYON_API_KEY; - std::string AYON_SERVER_URL; - std::string AYON_SITE_ID; - std::string AYON_PROJECT_NAME; - std::string AYONLOGGERLOGLVL; - std::string AYONLOGGERFILELOGGING; - #ifdef _WIN32 - std::string envFilePath("test\\.env_https"); - #else - std::string envFilePath("test/.env_https"); - #endif - if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME, AYONLOGGERLOGLVL, AYONLOGGERFILELOGGING)) { - std::cerr << "Failed to load environment variables!" << std::endl; - } +// AyonApi getApiInstanceSSL() { +// std::string AYON_API_KEY; +// std::string AYON_SERVER_URL; +// std::string AYON_SITE_ID; +// std::string AYON_PROJECT_NAME; - return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); -} +// #ifdef _WIN32 +// std::string envFilePath("test\\.env_https"); +// #else +// std::string envFilePath("test/.env_https"); +// #endif +// if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME)) { +// std::cerr << "Failed to load environment variables!" << std::endl; +// throw std::runtime_error("Failed to load environment variables!"); +// } + +// return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); +// } TEST(AyonCppApi, AyonCppApiCreationSSL) { AyonApi Test = getApiInstanceSSL(); From 47d2162f894bf696e66bd8c53e3dff8ae92b61ec Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 28 Mar 2025 16:24:57 +0100 Subject: [PATCH 040/106] SSL: added an option for loading a cert file from the newcerts/ directory --- src/AyonCppApi/AyonCppApi.cpp | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index c08a537..e5188d4 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -32,6 +32,11 @@ #include "backward.hpp" #include "perfPrinter.h" +#ifdef _WIN32 +#include +#include +#endif + // TODO implement the better Crash handler backward::StackTrace st; @@ -166,8 +171,9 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_Log->info("Using env var: SSL_CERT_PATH."); m_AyonServer->set_ca_cert_path(envCertFile); } else { - m_Log->warn("Getting OpenSSL directory didn't succeed. Using OpenSSL default verify paths."); - m_AyonServer->set_ca_cert_path(nullptr); + m_Log->warn("Failed to determine the OpenSSL directory. Falling back to the default certificate file path."); + std::string certPath = (std::filesystem::path(__FILE__).parent_path().parent_path().parent_path() / "certs" / "cacert.pem").string(); + m_AyonServer->set_ca_cert_path(certPath); } } } @@ -185,6 +191,10 @@ AyonApi::AyonApi(const std::optional &logFilePos, auto res = m_AyonServer->Get("/api/info", m_headers); if (!res) { m_Log->error("Failed to connect to the Ayon server."); + } else if (res->status != 200) { + m_Log->warn("Connected to the Ayon server : {}", res->status); + } else { + m_Log->info("Connected to the Ayon server : {}", res->status); } m_Log->info(m_Log->key("AyonApi"), "Constructor Getting Site Roots"); @@ -202,7 +212,7 @@ AyonApi::getSiteRoots() { nlohmann::json response = GET(std::make_shared("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux"), std::make_shared(m_headers), 200); - + if (response.empty()) { m_Log->error("AyonApi::getSiteRoots response is empty"); return &m_siteRoots; From 7eca99be46eff9406bcaac7c920096b63f6b68df Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 28 Mar 2025 16:25:29 +0100 Subject: [PATCH 041/106] SSL: default cert file --- certs/cacert.pem | 3642 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3642 insertions(+) create mode 100644 certs/cacert.pem diff --git a/certs/cacert.pem b/certs/cacert.pem new file mode 100644 index 0000000..584af3c --- /dev/null +++ b/certs/cacert.pem @@ -0,0 +1,3642 @@ +## +## Bundle of CA Root Certificates +## +## Certificate data from Mozilla as of: Tue Feb 25 04:12:03 2025 GMT +## +## Find updated versions here: https://curl.se/docs/caextract.html +## +## This is a bundle of X.509 certificates of public Certificate Authorities +## (CA). These were automatically extracted from Mozilla's root certificates +## file (certdata.txt). This file can be found in the mozilla source tree: +## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt +## +## It contains the certificates in PEM format and therefore +## can be directly used with curl / libcurl / php_curl, or with +## an Apache+mod_ssl webserver for SSL client authentication. +## Just configure this file as the SSLCACertificateFile. +## +## Conversion done with mk-ca-bundle.pl version 1.29. +## SHA256: 620fd89c02acb0019f1899dab7907db5d20735904f5a9a0d3a8771a5857ac482 +## + + +GlobalSign Root CA +================== +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx +GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds +b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD +VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa +DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc +THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb +Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP +c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX +gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF +AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj +Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG +j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH +hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC +X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- + +Entrust.net Premium 2048 Secure Server CA +========================================= +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u +ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp +bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV +BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx +NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3 +d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl +MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u +ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL +Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr +hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW +nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi +VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ +KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy +T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT +J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e +nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- + +Baltimore CyberTrust Root +========================= +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE +ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li +ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC +SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs +dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME +uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB +UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C +G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9 +XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr +l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI +VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh +cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5 +hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa +Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H +RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- + +Entrust Root Certification Authority +==================================== +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw +b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG +A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 +MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu +MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu +Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz +A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww +Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 +j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN +rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 +MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH +hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM +Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa +v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS +W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 +tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +Comodo AAA Services root +======================== +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl +c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV +BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG +C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs +i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW +Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH +Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK +Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f +BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl +cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz +LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm +7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z +8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C +12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + +QuoVadis Root CA 2 +================== +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx +ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 +XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk +lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB +lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy +lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt +66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn +wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy +BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie +J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud +DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU +a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv +Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 +UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm +VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK ++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW +IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 +WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X +f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II +4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 +VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- + +QuoVadis Root CA 3 +================== +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx +OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg +DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij +KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K +DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv +BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp +p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 +nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX +MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM +Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz +uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT +BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj +YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD +VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 +ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE +AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV +qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s +hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z +POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 +Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp +8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC +bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu +g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p +vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr +qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- + +XRamp Global CA Root +==================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE +BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj +dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx +HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg +U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu +IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx +foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE +zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs +AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry +xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap +oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC +AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc +/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n +nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz +8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- + +Go Daddy Class 2 CA +=================== +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY +VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG +A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD +ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32 +qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j +YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY +vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O +BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o +atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu +MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim +PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt +I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI +Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b +vZ8= +-----END CERTIFICATE----- + +Starfield Class 2 CA +==================== +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc +U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo +MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG +A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG +SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY +bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ +JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm +epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN +F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF +MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f +hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo +bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs +afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM +PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD +KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 +QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- + +DigiCert Assured ID Root CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx +MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO +9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy +UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW +/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy +oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf +GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF +66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc +EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn +SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i +8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- + +DigiCert Global Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw +MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn +TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 +BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H +4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y +7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB +o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm +8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF +BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr +EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt +tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 +UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- + +DigiCert High Assurance EV Root CA +================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K +-----END CERTIFICATE----- + +SwissSign Gold CA - G2 +====================== +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw +EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN +MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp +c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq +t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C +jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg +vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF +ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR +AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO +peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR +7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi +GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 +OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm +5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr +44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf +Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m +Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp +mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk +vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf +KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br +NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj +viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- + +SecureTrust CA +============== +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy +dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe +BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX +OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t +DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH +GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b +01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH +ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu +SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf +mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ +nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +Secure Global CA +================ +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH +bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg +MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx +YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ +bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g +8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV +HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi +0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn +oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA +MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ +OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn +CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 +3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- + +COMODO Certification Authority +============================== +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb +MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD +T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH ++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww +xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV +4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA +1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI +rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k +b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC +AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP +OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc +IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN ++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== +-----END CERTIFICATE----- + +COMODO ECC Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X +4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni +wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG +FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA +U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- + +Certigna +======== +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw +EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 +MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI +Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q +XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH +GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p +ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg +DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf +Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ +tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ +BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J +SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA +hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ +ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu +PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY +1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- + +ePKI Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx +MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq +MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs +IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi +lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv +qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX +12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O +WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ +ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao +lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ +vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi +Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi +MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 +1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq +KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV +xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP +NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r +GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE +xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx +gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy +sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD +BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +certSIGN ROOT CA +================ +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD +VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa +Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE +CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I +JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH +rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 +ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD +0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 +AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB +AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 +SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 +x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt +vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz +TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +NetLock Arany (Class Gold) Főtanúsítvány +======================================== +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G +A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 +dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB +cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx +MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO +ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 +c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu +0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw +/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk +H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw +fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 +neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW +qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta +YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna +NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu +dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +Microsec e-Szigno Root CA 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv +c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE +BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt +U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA +fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG +0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA +pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm +1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC +AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf +QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE +FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o +lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX +I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 +yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi +LXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +GlobalSign Root CA - R3 +======================= +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt +iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ +0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 +rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl +OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 +xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 +lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E +bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 +YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r +kpeDMdmztcpHWD9f +-----END CERTIFICATE----- + +Izenpe.com +========== +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG +EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz +MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu +QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ +03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK +ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU ++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC +PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT +OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK +F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK +0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ +0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB +leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID +AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ +SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG +NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l +Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga +kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q +hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs +g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 +aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 +nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC +ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo +Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z +WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +Go Daddy Root Certificate Authority - G2 +======================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu +MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G +A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq +9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD ++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd +fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl +NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 +BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac +vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r +5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV +N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 +-----END CERTIFICATE----- + +Starfield Root Certificate Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw +DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg +VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv +W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs +bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk +N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf +ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU +JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol +TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx +4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw +F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ +c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- + +Starfield Services Root Certificate Authority - G2 +================================================== +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl +IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT +dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 +h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa +hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP +LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB +rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG +SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP +E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy +xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza +YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 +-----END CERTIFICATE----- + +AffirmTrust Commercial +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw +MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb +DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV +C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 +BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww +MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV +HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG +hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi +qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv +0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh +sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- + +AffirmTrust Networking +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw +MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE +Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI +dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 +/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb +h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV +HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu +UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 +12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 +WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 +/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- + +AffirmTrust Premium +=================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy +OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy +dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn +BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV +5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs ++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd +GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R +p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI +S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 +6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 +/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo ++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv +MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC +6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S +L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK ++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV +BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg +IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 +g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb +zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== +-----END CERTIFICATE----- + +AffirmTrust Premium ECC +======================= +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV +BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx +MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U +cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ +N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW +BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK +BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X +57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM +eQ== +-----END CERTIFICATE----- + +Certum Trusted Network CA +========================= +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK +ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy +MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC +l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J +J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 +fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 +cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj +jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 +mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj +Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +TWCA Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ +VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG +EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB +IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx +QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC +oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP +4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r +y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG +9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC +mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW +QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY +T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny +Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +Security Communication RootCA2 +============================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh +dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC +SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy +aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ ++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R +3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV +spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K +EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 +QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj +u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk +3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q +tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 +mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +Actalis Authentication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM +BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE +AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky +MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz +IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ +wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa +by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 +zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 +oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l +EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 +hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 +EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 +jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY +iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI +WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 +JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx +K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ +Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC +4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo +2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz +lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem +OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 +vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +Buypass Class 2 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X +DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 +g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn +9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b +/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU +CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff +awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI +zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn +Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX +Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs +M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI +osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S +aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd +DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD +LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 +oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC +wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS +CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN +rJgWVqA= +-----END CERTIFICATE----- + +Buypass Class 3 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X +DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH +sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR +5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh +7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ +ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH +2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV +/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ +RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA +Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq +j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G +uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG +Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 +ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 +KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz +6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug +UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe +eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi +Cp/HuZc= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 3 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx +MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK +9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU +NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF +iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr +AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb +fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT +ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h +P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe +Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE +LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD +ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA +BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv +KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z +p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC +AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ +4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y +eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw +MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G +PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw +OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm +2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV +dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph +X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 EV 2009 +================================= +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS +egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh +zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T +7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 +11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv +cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v +ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El +MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp +b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh +c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ +PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX +ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA +NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv +w9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +CA Disig Root R2 +================ +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw +EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp +ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx +EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp +c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC +w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia +xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 +A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S +GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV +g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa +5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE +koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A +Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i +Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u +Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV +sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je +dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 +1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx +mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 +utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 +sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg +UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV +7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +ACCVRAIZ1 +========= +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB +SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 +MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH +UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM +jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 +RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD +aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ +0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG +WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 +8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR +5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J +9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK +Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw +Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu +Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM +Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA +QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh +AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA +YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj +AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA +IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk +aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 +dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 +MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI +hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E +R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN +YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 +nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ +TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 +sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg +Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd +3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p +EfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +TWCA Global Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT +CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD +QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK +EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C +nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV +r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR +Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV +tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W +KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 +sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p +yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn +kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI +zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g +cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M +8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg +/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg +lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP +A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m +i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 +EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 +zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= +-----END CERTIFICATE----- + +TeliaSonera Root CA v1 +====================== +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE +CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 +MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW +VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ +6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA +3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k +B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn +Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH +oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 +F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ +oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 +gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc +TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB +AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW +DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm +zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW +pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV +G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc +c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT +JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 +qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 +Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems +WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 2 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx +MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ +SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F +vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 +2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV +WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy +YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 +r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf +vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR +3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== +-----END CERTIFICATE----- + +Atos TrustedRoot 2011 +===================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU +cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 +MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG +A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV +hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr +54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ +DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 +HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR +z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R +l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ +bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h +k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh +TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 +61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G +3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- + +QuoVadis Root CA 1 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE +PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm +PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6 +Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN +ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l +g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV +7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX +9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f +iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg +t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI +hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3 +GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct +Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP ++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh +3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa +wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6 +O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0 +FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV +hMJKzRwuJIczYOXD +-----END CERTIFICATE----- + +QuoVadis Root CA 2 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh +ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY +NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t +oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o +MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l +V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo +L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ +sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD +6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh +lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI +hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K +pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9 +x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz +dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X +U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw +mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD +zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN +JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr +O3jtZsSOeWmD3n+M +-----END CERTIFICATE----- + +QuoVadis Root CA 3 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286 +IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL +Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe +6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3 +I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U +VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7 +5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi +Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM +dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt +rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI +hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS +t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ +TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du +DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib +Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD +hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX +0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW +dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2 +PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- + +DigiCert Assured ID Root G2 +=========================== +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw +MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH +35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq +bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw +VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP +YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn +lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO +w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv +0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz +d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW +hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M +jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- + +DigiCert Assured ID Root G3 +=========================== +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD +VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb +RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs +KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF +UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy +YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy +1vUhZscv6pZjamVFkpUBtA== +-----END CERTIFICATE----- + +DigiCert Global Root G2 +======================= +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx +MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ +kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO +3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV +BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM +UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu +5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr +F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U +WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH +QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/ +iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- + +DigiCert Global Root G3 +======================= +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD +VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw +MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k +aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O +YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp +Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y +3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34 +VOKa5Vt8sycX +-----END CERTIFICATE----- + +DigiCert Trusted Root G4 +======================== +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw +HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp +pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o +k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa +vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY +QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 +MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm +mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 +f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH +dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8 +oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY +ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr +yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy +7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah +ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN +5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb +/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa +5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK +G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP +82Z+ +-----END CERTIFICATE----- + +COMODO RSA Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn +dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ +FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ +5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG +x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX +2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL +OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 +sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C +GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 +WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt +rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ +nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg +tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW +sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp +pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA +zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq +ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 +7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I +LaZRfyHBNVOFBkpdn627G190 +-----END CERTIFICATE----- + +USERTrust RSA Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz +0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j +Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn +RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O ++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq +/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE +Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM +lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8 +yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+ +eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW +FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ +7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ +Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM +8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi +FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi +yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c +J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw +sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx +Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- + +USERTrust ECC Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2 +0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez +nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB +HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu +9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R5 +=========================== +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6 +SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS +h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx +uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7 +yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- + +IdenTrust Commercial Root CA 1 +============================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS +b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES +MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB +IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld +hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/ +mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi +1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C +XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl +3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy +NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV +WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg +xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix +uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI +hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg +ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt +ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV +YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX +feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro +kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe +2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz +Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R +cGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- + +IdenTrust Public Sector Root CA 1 +================================= +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv +ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS +b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy +P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6 +Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI +rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf +qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS +mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn +ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh +LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v +iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL +4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B +Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw +DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A +mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt +GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt +m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx +NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4 +Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI +ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC +ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ +3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- + +Entrust Root Certification Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy +bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug +b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw +HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT +DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx +OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP +/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz +HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU +s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y +TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx +AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6 +0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z +iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi +nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+ +vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO +e4pIb4tF9g== +-----END CERTIFICATE----- + +Entrust Root Certification Authority - EC1 +========================================== +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx +FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn +YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw +FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs +LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg +dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy +AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef +9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h +vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8 +kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- + +CFCA EV ROOT +============ +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE +CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB +IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw +MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD +DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV +BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD +7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN +uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW +ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7 +xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f +py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K +gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol +hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ +tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf +BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q +ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua +4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG +E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX +BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn +aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy +PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX +kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C +ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GB CA +=============================== +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG +EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw +MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds +b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX +scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP +rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk +9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o +Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg +GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD +dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0 +VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui +HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- + +SZAFIR ROOT CA2 +=============== +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV +BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ +BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD +VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q +qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK +DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE +2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ +ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi +ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC +AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5 +O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67 +oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul +4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6 ++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- + +Certum Trusted Network CA 2 +=========================== +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE +BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1 +bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y +ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ +TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB +IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9 +7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o +CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b +Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p +uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130 +GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ +9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB +Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye +hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM +BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI +hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW +Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA +L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo +clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM +pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb +w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo +J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm +ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX +is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7 +zAYspsbiDrW5viSP +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2015 +======================================================= +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT +BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0 +aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx +MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg +QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV +BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw +MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv +bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh +iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+ +6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd +FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr +i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F +GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2 +fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu +iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI +hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+ +D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM +d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y +d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn +82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb +davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F +Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt +J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa +JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q +p/UsQu0yrbYhnr68 +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions ECC RootCA 2015 +=========================================================== +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0 +aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw +MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj +IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD +VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290 +Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP +dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK +Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA +GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn +dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- + +ISRG Root X1 +============ +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE +BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD +EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG +EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT +DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r +Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1 +3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K +b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN +Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ +4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf +1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu +hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH +usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r +OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY +9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV +0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt +hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw +TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx +e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA +JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD +YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n +JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ +m+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM +================ +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT +AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw +MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD +TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf +qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr +btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL +j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou +08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw +WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT +tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ +47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC +ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa +i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o +dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s +D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ +j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT +Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW ++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7 +Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d +8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm +5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG +rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- + +Amazon Root CA 1 +================ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1 +MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH +FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ +gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t +dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce +VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3 +DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM +CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy +8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa +2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2 +xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- + +Amazon Root CA 2 +================ +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1 +MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4 +kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp +N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9 +AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd +fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx +kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS +btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0 +Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN +c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+ +3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw +DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA +A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE +YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW +xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ +gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW +aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV +Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3 +KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi +JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw= +-----END CERTIFICATE----- + +Amazon Root CA 3 +================ +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB +f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr +Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43 +rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc +eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw== +-----END CERTIFICATE----- + +Amazon Root CA 4 +================ +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN +/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri +83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA +MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1 +AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- + +TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +============================================= +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT +D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr +IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g +TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp +ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD +VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt +c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth +bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11 +IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8 +6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc +wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0 +3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9 +WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU +ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc +lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R +e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j +q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- + +GDCA TrustAUTH R5 ROOT +====================== +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw +BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD +DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow +YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs +AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p +OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr +pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ +9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ +xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM +R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ +D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 +oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx +9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 +H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 +6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd ++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ +HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD +F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ +8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv +/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT +aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +SSL.com Root Certification Authority RSA +======================================== +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM +BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x +MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw +MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM +LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C +Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 +P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge +oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp +k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z +fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ +gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 +UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 +1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s +bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr +dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf +ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl +u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq +erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj +MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ +vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI +Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y +wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI +WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +SSL.com Root Certification Authority ECC +======================================== +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv +BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy +MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO +BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ +8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR +hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT +jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW +e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z +5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority RSA R2 +============================================== +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u +MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI +DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD +VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh +hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w +cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO +Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ +B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh +CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim +9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto +RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm +JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 ++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp +qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 +++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx +Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G +guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz +OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 +CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq +lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR +rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 +hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX +9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority ECC +=========================================== +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy +BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw +MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy +3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O +BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe +5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ +N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm +m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- + +GlobalSign Root CA - R6 +======================= +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX +R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i +YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs +U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss +grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE +3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF +vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM +PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+ +azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O +WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy +CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP +0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN +b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV +HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0 +lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY +BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym +Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr +3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1 +0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T +uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK +oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t +JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GC CA +=============================== +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD +SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo +MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa +Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL +ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr +VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab +NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E +AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk +AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- + +UCA Global G2 Root +================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x +NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU +cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT +oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV +8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS +h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o +LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/ +R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe +KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa +4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc +OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97 +8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo +5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A +Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9 +yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX +c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo +jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk +bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x +ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn +RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A== +-----END CERTIFICATE----- + +UCA Extended Validation Root +============================ +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u +IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G +A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs +iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF +Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu +eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR +59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH +0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR +el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv +B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth +WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS +NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS +3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM +aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4 +dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb ++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW +F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi +GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc +GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi +djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr +dhh2n1ax +-----END CERTIFICATE----- + +Certigna Root CA +================ +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE +BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ +MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda +MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz +MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX +stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz +KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8 +JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16 +XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq +4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej +wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ +lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI +jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/ +/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy +dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h +LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl +cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt +OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP +TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq +7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3 +4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd +8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS +6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY +tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS +aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde +E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= +-----END CERTIFICATE----- + +emSign Root CA - G1 +=================== +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET +MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl +ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx +ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk +aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN +LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1 +cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW +DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ +6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH +hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2 +vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q +NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q ++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih +U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx +iN66zB+Afko= +-----END CERTIFICATE----- + +emSign ECC Root CA - G3 +======================= +-----BEGIN CERTIFICATE----- +MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG +A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg +MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4 +MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11 +ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g +RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc +58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr +MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D +CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7 +jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj +-----END CERTIFICATE----- + +emSign Root CA - C1 +=================== +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx +EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp +Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD +ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up +ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/ +Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX +OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V +I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms +lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+ +XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp +/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1 +NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9 +wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ +BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI= +-----END CERTIFICATE----- + +emSign ECC Root CA - C3 +======================= +-----BEGIN CERTIFICATE----- +MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG +A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF +Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD +ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd +6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9 +SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA +B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA +MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU +ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== +-----END CERTIFICATE----- + +Hongkong Post Root CA 3 +======================= +-----BEGIN CERTIFICATE----- +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG +A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK +Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2 +MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv +bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX +SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz +iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf +jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim +5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe +sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj +0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/ +JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u +y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h ++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG +xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID +AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN +AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw +W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld +y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov ++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc +eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw +9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7 +nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY +hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB +60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq +dBb9HxEGmpv0 +-----END CERTIFICATE----- + +Microsoft ECC Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND +IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4 +MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6 +thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB +eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM ++Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf +Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR +eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +-----END CERTIFICATE----- + +Microsoft RSA Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg +UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw +NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u +MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml +7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e +S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7 +1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+ +dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F +yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS +MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr +lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ +0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ +ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og +6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80 +dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk ++ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex +/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy +AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW +ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE +7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT +c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D +5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E +-----END CERTIFICATE----- + +e-Szigno Root CA 2017 +===================== +-----BEGIN CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw +DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt +MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa +Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE +CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp +Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx +s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv +vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA +tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO +svxyqltZ+efcMQ== +-----END CERTIFICATE----- + +certSIGN Root CA G2 +=================== +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw +EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy +MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH +TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05 +N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk +abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg +wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp +dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh +ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732 +jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf +95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc +z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL +iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud +DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB +ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB +/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5 +8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5 +BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW +atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU +Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M +NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N +0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc= +-----END CERTIFICATE----- + +Trustwave Global Certification Authority +======================================== +-----BEGIN CERTIFICATE----- +MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29 +zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf +LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq +stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o +WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+ +OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40 +Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE +uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm ++9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj +ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB +BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H +PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H +ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla +4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R +vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd +zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O +856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH +Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu +3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP +29FpHOTKyeC2nOnOcXHebD8WpHk= +-----END CERTIFICATE----- + +Trustwave Global ECC P256 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1 +NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj +43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm +P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt +0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz +RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 +-----END CERTIFICATE----- + +Trustwave Global ECC P384 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4 +NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH +Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr +/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV +HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn +ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl +CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw== +-----END CERTIFICATE----- + +NAVER Global Root Certification Authority +========================================= +-----BEGIN CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG +A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD +DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4 +NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT +UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb +UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW ++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7 +XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2 +aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4 +Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z +VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B +A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai +cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy +YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV +HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK +21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB +jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx +hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg +E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH +D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ +A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY +qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG +I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg +kpzNNIaRkPpkUZ3+/uul9XXeifdy +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM SERVIDORES SEGUROS +=================================== +-----BEGIN CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF +UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy +NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4 +MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt +UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB +QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2 +LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG +SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD +zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c= +-----END CERTIFICATE----- + +GlobalSign Root R46 +=================== +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv +b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX +BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es +CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/ +r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje +2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt +bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj +K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4 +12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on +ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls +eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9 +vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM +BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy +gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92 +CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm +OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq +JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye +qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz +nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7 +DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3 +QEUxeCp6 +-----END CERTIFICATE----- + +GlobalSign Root E46 +=================== +-----BEGIN CERTIFICATE----- +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT +AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg +RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV +BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB +jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj +QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL +gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk +vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+ +CAezNIm8BZ/3Hobui3A= +-----END CERTIFICATE----- + +GLOBALTRUST 2020 +================ +-----BEGIN CERTIFICATE----- +MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx +IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT +VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh +BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy +MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi +D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO +VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM +CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm +fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA +A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR +JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG +DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU +clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ +mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud +IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA +VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw +4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9 +iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS +8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2 +HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS +vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918 +oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF +YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl +gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== +-----END CERTIFICATE----- + +ANF Secure Server Root CA +========================= +-----BEGIN CERTIFICATE----- +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4 +NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv +bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg +Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw +MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw +EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz +BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv +T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv +B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse +zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM +VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j +7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z +JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe +8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO +Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E +BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ +UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx +j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt +dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM +5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb +5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54 +EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H +hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy +g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3 +r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= +-----END CERTIFICATE----- + +Certum EC-384 CA +================ +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ +TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2 +MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh +dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx +GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq +vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn +iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo +ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0 +QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= +-----END CERTIFICATE----- + +Certum Trusted Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG +EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew +HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY +QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p +fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52 +HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2 +fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt +g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4 +NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk +fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ +P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY +njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK +HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 +vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL +LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s +ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K +h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8 +CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA +4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo +WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj +6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT +OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck +bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb +-----END CERTIFICATE----- + +TunTrust Root CA +================ +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQELBQAwYTELMAkG +A1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUgQ2VydGlmaWNhdGlvbiBFbGVj +dHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJvb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQw +NDI2MDg1NzU2WjBhMQswCQYDVQQGEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBD +ZXJ0aWZpY2F0aW9uIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZn56eY+hz +2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd2JQDoOw05TDENX37Jk0b +bjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgFVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7 +NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAd +gjH8KcwAWJeRTIAAHDOFli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViW +VSHbhlnUr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2eY8f +Tpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIbMlEsPvLfe/ZdeikZ +juXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISgjwBUFfyRbVinljvrS5YnzWuioYas +DXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwS +VXAkPcvCFDVDXSdOvsC9qnyW5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI +04Y+oXNZtPdEITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 +90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+zxiD2BkewhpMl +0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYuQEkHDVneixCwSQXi/5E/S7fd +Ao74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRY +YdZ2vyJ/0Adqp2RT8JeNnYA/u8EH22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJp +adbGNjHh/PqAulxPxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65x +xBzndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5Xc0yGYuP +jCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7bnV2UqL1g52KAdoGDDIzM +MEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9z +ZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZHu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3r +AZ3r2OvEhJn7wAzMMujjd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= +-----END CERTIFICATE----- + +HARICA TLS RSA Root CA 2021 +=========================== +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG +EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUz +OFoXDTQ1MDIxMzEwNTUzN1owbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRl +bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNB +IFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569lmwVnlskN +JLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE4VGC/6zStGndLuwRo0Xu +a2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uva9of08WRiFukiZLRgeaMOVig1mlDqa2Y +Ulhu2wr7a89o+uOkXjpFc5gH6l8Cct4MpbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K +5FrZx40d/JiZ+yykgmvwKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEv +dmn8kN3bLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcYAuUR +0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqBAGMUuTNe3QvboEUH +GjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYqE613TBoYm5EPWNgGVMWX+Ko/IIqm +haZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHrW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQ +CPxrvrNQKlr9qEgYRtaQQJKQCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAUX15QvWiWkKQU +EapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3f5Z2EMVGpdAgS1D0NTsY9FVq +QRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxajaH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxD +QpSbIPDRzbLrLFPCU3hKTwSUQZqPJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcR +j88YxeMn/ibvBZ3PzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5 +vZStjBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0/L5H9MG0 +qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pTBGIBnfHAT+7hOtSLIBD6 +Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79aPib8qXPMThcFarmlwDB31qlpzmq6YR/ +PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YWxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnn +kf3/W9b3raYvAwtt41dU63ZTGI0RmLo= +-----END CERTIFICATE----- + +HARICA TLS ECC Root CA 2021 +=========================== +-----BEGIN CERTIFICATE----- +MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQswCQYDVQQGEwJH +UjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBD +QTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoX +DTQ1MDIxMzExMDEwOVowbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj +IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJv +b3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7KKrxcm1l +AEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9YSTHMmE5gEYd103KUkE+b +ECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW +0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAi +rcJRQO9gcS3ujwLEXQNwSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/Qw +CZ61IygNnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps +-----END CERTIFICATE----- + +Autoridad de Certificacion Firmaprofesional CIF A62634068 +========================================================= +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCRVMxQjBA +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIw +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1Ud +DgQWBBRlzeurNR4APn7VdMActHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4w +gZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j +b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABCAG8AbgBhAG4A +bwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEANzAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9miWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL +4QjbEwj4KKE1soCzC1HA01aajTNFSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDb +LIpgD7dvlAceHabJhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1il +I45PVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZEEAEeiGaP +cjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV1aUsIC+nmCjuRfzxuIgA +LI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2tCsvMo2ebKHTEm9caPARYpoKdrcd7b/+A +lun4jWq9GJAd/0kakFI3ky88Al2CdgtR5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH +9IBk9W6VULgRfhVwOEqwf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpf +NIbnYrX9ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNKGbqE +ZycPvEJdvSRUDewdcAZfpLz6IHxV +-----END CERTIFICATE----- + +vTrus ECC Root CA +================= +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMwRzELMAkGA1UE +BhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBS +b290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDczMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAa +BgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+c +ToL0v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUde4BdS49n +TPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UT +QJtS0zvzQBm8JsctBp61ezaf9SXUY2sAAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQL +YgmRWAD5Tfs0aNoJrSEGGJTO +-----END CERTIFICATE----- + +vTrus Root CA +============= +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQELBQAwQzELMAkG +A1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xFjAUBgNVBAMTDXZUcnVzIFJv +b3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMxMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoG +A1UEChMTaVRydXNDaGluYSBDby4sTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZots +SKYcIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykUAyyNJJrI +ZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+GrPSbcKvdmaVayqwlHeF +XgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z98Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KA +YPxMvDVTAWqXcoKv8R1w6Jz1717CbMdHflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70 +kLJrxLT5ZOrpGgrIDajtJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2 +AXPKBlim0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZNpGvu +/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQUqqzApVg+QxMaPnu +1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHWOXSuTEGC2/KmSNGzm/MzqvOmwMVO +9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMBAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYg +scasGrz2iTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC +AgEAKbqSSaet8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd +nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1jbhd47F18iMjr +jld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvMKar5CKXiNxTKsbhm7xqC5PD4 +8acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIivTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJn +xDHO2zTlJQNgJXtxmOTAGytfdELSS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554Wg +icEFOwE30z9J4nfrI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4 +sEb9b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNBUvupLnKW +nyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1PTi07NEPhmg4NpGaXutIc +SkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929vensBxXVsFy6K2ir40zSbofitzmdHxghm+H +l3s= +-----END CERTIFICATE----- + +ISRG Root X2 +============ +-----BEGIN CERTIFICATE----- +MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJV +UzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT +UkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVT +MSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNS +RyBSb290IFgyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H +ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9ItgKbppb +d9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZIzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtF +cP9Ymd70/aTSVaYgLXTWNLxBo1BfASdWtL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5 +U6VR5CmD1/iQMVtCnwr1/q4AaOeMSQ+2b1tbFfLn +-----END CERTIFICATE----- + +HiPKI Root CA - G1 +================== +-----BEGIN CERTIFICATE----- +MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xGzAZBgNVBAMMEkhpUEtJ +IFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRaFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYT +AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kg +Um9vdCBDQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0 +o9QwqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twvVcg3Px+k +wJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6lZgRZq2XNdZ1AYDgr/SE +YYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnzQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsA +GJZMoYFL3QRtU6M9/Aes1MU3guvklQgZKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfd +hSi8MEyr48KxRURHH+CKFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj +1jOXTyFjHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDry+K4 +9a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ/W3c1pzAtH2lsN0/ +Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgMa/aOEmem8rJY5AIJEzypuxC00jBF +8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQD +AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi +7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqcSE5XCV0vrPSl +tJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6FzaZsT0pPBWGTMpWmWSBUdGSquE +wx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9TcXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07Q +JNBAsNB1CI69aO4I1258EHBGG3zgiLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv +5wiZqAxeJoBF1PhoL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+Gpz +jLrFNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wrkkVbbiVg +hUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+vhV4nYWBSipX3tUZQ9rb +yltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQUYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/ +yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R4 +=========================== +-----BEGIN CERTIFICATE----- +MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9i +YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9i +YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkW +ymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNVHQ8BAf8E +BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74zyTyjhNUwCgYI +KoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147bmF0774BxL4YSFlhgjICICadVGNA3jdg +UM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm +-----END CERTIFICATE----- + +GTS Root R1 +=========== +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM +f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKb0 +xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnWr4+w +B7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXW +nOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk +9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zq +kUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92wO1A +K/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om3xPX +V2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDW +cfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQAD +ggIBAJ+qQibbC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe +QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuyh6f88/qBVRRi +ClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM47HLwEXWdyzRSjeZ2axfG34ar +J45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8JZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYci +NuaCp+0KueIHoI17eko8cdLiA6EfMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5me +LMFrUKTX5hgUvYU/Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJF +fbdT6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ0E6yove+ +7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm2tIMPNuzjsmhDYAPexZ3 +FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bbbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3 +gm3c +-----END CERTIFICATE----- + +GTS Root R2 +=========== +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv +CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo7JUl +e3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWIm8Wb +a96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS ++LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7M +kogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJG +r61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RWIr9q +S34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73VululycslaVNV +J1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy5okL +dWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQAD +ggIBAB/Kzt3HvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 +0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyCB19m3H0Q/gxh +swWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2uNmSRXbBoGOqKYcl3qJfEycel +/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMgyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVn +jWQye+mew4K6Ki3pHrTgSAai/GevHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y5 +9PYjJbigapordwj6xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M +7YNRTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924SgJPFI/2R8 +0L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV7LXTWtiBmelDGDfrs7vR +WGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjW +HYbL +-----END CERTIFICATE----- + +GTS Root R3 +=========== +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi +MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMw +HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ +R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout +736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24CejQjBA +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/Eq +Er24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azT +L818+FsuVbu/3ZL3pAzcMeGiAjEA/JdmZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV +11RZt+cRLInUue4X +-----END CERTIFICATE----- + +GTS Root R4 +=========== +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi +MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQw +HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ +R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu +hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBA +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1 +PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/C +r8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh +4rsUecrNIdSUtUlD +-----END CERTIFICATE----- + +Telia Root CA v2 +================ +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYT +AkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2 +MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQK +DBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ7 +6zBqAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9vVYiQJ3q +9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9lRdU2HhE8Qx3FZLgmEKn +pNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTODn3WhUidhOPFZPY5Q4L15POdslv5e2QJl +tI5c0BE0312/UqeBAMN/mUWZFdUXyApT7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW +5olWK8jjfN7j/4nlNW4o6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNr +RBH0pUPCTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6WT0E +BXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63RDolUK5X6wK0dmBR4 +M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZIpEYslOqodmJHixBTB0hXbOKSTbau +BcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGjYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7W +xy+G2CQ5MB0GA1UdDgQWBBRyrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ +8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi0f6X+J8wfBj5 +tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMMA8iZGok1GTzTyVR8qPAs5m4H +eW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBSSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+C +y748fdHif64W1lZYudogsYMVoe+KTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygC +QMez2P2ccGrGKMOF6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15 +h2Er3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMtTy3EHD70 +sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pTVmBds9hCG1xLEooc6+t9 +xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAWysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQ +raVplI/owd8k+BsHMYeB2F326CjYSlKArBPuUBQemMc= +-----END CERTIFICATE----- + +D-TRUST BR Root CA 1 2020 +========================= +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE +RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0EgMSAy +MDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNV +BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7 +dPYSzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0QVK5buXu +QqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/VbNafAkl1bK6CKBrqx9t +MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu +bmV0L2NybC9kLXRydXN0X2JyX3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP +PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD +AwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFWwKrY7RjEsK70Pvom +AjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHVdWNbFJWcHwHP2NVypw87 +-----END CERTIFICATE----- + +D-TRUST EV Root CA 1 2020 +========================= +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE +RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0EgMSAy +MDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNV +BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8 +ZRCC/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rDwpdhQntJ +raOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3OqQo5FD4pPfsazK2/umL +MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu +bmV0L2NybC9kLXRydXN0X2V2X3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP +PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD +AwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CAy/m0sRtW9XLS/BnR +AjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJbgfM0agPnIjhQW+0ZT0MW +-----END CERTIFICATE----- + +DigiCert TLS ECC P384 Root G5 +============================= +-----BEGIN CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURpZ2lDZXJ0IFRMUyBFQ0MgUDM4 +NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMx +FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQg +Um9vdCBHNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1Tzvd +lHJS7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp0zVozptj +n4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICISB4CIfBFqMA4GA1UdDwEB +/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCJao1H5+z8blUD2Wds +Jk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIx +AJSdYsiJvRmEFOml+wG4DXZDjC5Ty3zfDBeWUA== +-----END CERTIFICATE----- + +DigiCert TLS RSA4096 Root G5 +============================ +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQG +EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0 +MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2 +IFJvb3QgRzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS8 +7IE+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG02C+JFvuU +AT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgpwgscONyfMXdcvyej/Ces +tyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZMpG2T6T867jp8nVid9E6P/DsjyG244gXa +zOvswzH016cpVIDPRFtMbzCe88zdH5RDnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnV +DdXifBBiqmvwPXbzP6PosMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9q +TXeXAaDxZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cdLvvy +z6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvXKyY//SovcfXWJL5/ +MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNeXoVPzthwiHvOAbWWl9fNff2C+MIk +wcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPLtgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4E +FgQUUTMc7TZArxfTJc1paPKvTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw +GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7HPNtQOa27PShN +lnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLFO4uJ+DQtpBflF+aZfTCIITfN +MBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/ +u4cnYiWB39yhL/btp/96j1EuMPikAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9G +OUrYU9DzLjtxpdRv/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh +47a+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilwMUc/dNAU +FvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WFqUITVuwhd4GTWgzqltlJ +yqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCKovfepEWFJqgejF0pW8hL2JpqA15w8oVP +bEtoL8pU9ozaMv7Da4M/OMZ+ +-----END CERTIFICATE----- + +Certainly Root R1 +================= +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE +BhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2VydGFpbmx5IFJvb3QgUjEwHhcN +MjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2Vy +dGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBANA21B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O +5MQTvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbedaFySpvXl +8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b01C7jcvk2xusVtyWMOvwl +DbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGI +XsXwClTNSaa/ApzSRKft43jvRl5tcdF5cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkN +KPl6I7ENPT2a/Z2B7yyQwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQ +AjeZjOVJ6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA2Cnb +rlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyHWyf5QBGenDPBt+U1 +VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMReiFPCyEQtkA6qyI6BJyLm4SGcprS +p6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBTgqj8ljZ9EXME66C6ud0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAsz +HQNTVfSVcOQrPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d +8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi1wrykXprOQ4v +MMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrdrRT90+7iIgXr0PK3aBLXWopB +GsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9ditaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+ +gjwN/KUD+nsa2UUeYNrEjvn8K8l7lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgH +JBu6haEaBQmAupVjyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7 +fpYnKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLyyCwzk5Iw +x06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5nwXARPbv0+Em34yaXOp/S +X3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6OV+KmalBWQewLK8= +-----END CERTIFICATE----- + +Certainly Root E1 +================= +-----BEGIN CERTIFICATE----- +MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQswCQYDVQQGEwJV +UzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBFMTAeFw0yMTA0 +MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlu +bHkxGjAYBgNVBAMTEUNlcnRhaW5seSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4 +fxzf7flHh4axpMCK+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9 +YBk2QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4hevIIgcwCgYIKoZIzj0E +AwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozmut6Dacpps6kFtZaSF4fC0urQe87YQVt8 +rgIwRt7qy12a7DLCZRawTDBcMPPaTnOGBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR +-----END CERTIFICATE----- + +Security Communication ECC RootCA1 +================================== +-----BEGIN CERTIFICATE----- +MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD +VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t +dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL +MAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNV +BAMTIlNlY3VyaXR5IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo +5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpKULGjQjBAMB0GA1UdDgQW +BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK +BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L +snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e +N9k= +-----END CERTIFICATE----- + +BJCA Global Root CA1 +==================== +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQG +EwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJK +Q0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAzMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkG +A1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQD +DBRCSkNBIEdsb2JhbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFm +CL3ZxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZspDyRhyS +sTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O558dnJCNPYwpj9mZ9S1Wn +P3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgRat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcW +yqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRj +eulumijWML3mG90Vr4TqnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNn +MoH1V6XKV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/pj+b +OT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZOz2nxbkRs1CTqjSSh +GL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXnjSXWgXSHRtQpdaJCbPdzied9v3pK +H9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMB +AAGjQjBAMB0GA1UdDgQWBBTF7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3KliawLwQ8hOnThJ +dMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u+2D2/VnGKhs/I0qUJDAnyIm8 +60Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuh +TaRjAv04l5U/BXCga99igUOLtFkNSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW +4AB+dAb/OMRyHdOoP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmp +GQrI+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRzznfSxqxx +4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9eVzYH6Eze9mCUAyTF6ps +3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4S +SPfSKcOYKMryMguTjClPPGAyzQWWYezyr/6zcCwupvI= +-----END CERTIFICATE----- + +BJCA Global Root CA2 +==================== +-----BEGIN CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQswCQYDVQQGEwJD +TjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJKQ0Eg +R2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgyMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UE +BhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRC +SkNBIEdsb2JhbCBSb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jl +SR9BIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK++kpRuDCK +/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJKsVF/BvDRgh9Obl+rg/xI +1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8 +W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8g +UXOQwKhbYdDFUDn9hf7B43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== +-----END CERTIFICATE----- + +Sectigo Public Server Authentication Root E46 +============================================= +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJH +QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2 +ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5 +WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0 +aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccCWvkEN/U0 +NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+6xnOQ6OjQjBAMB0GA1Ud +DgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAKBggqhkjOPQQDAwNnADBkAjAn7qRaqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RH +lAFWovgzJQxC36oCMB3q4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21U +SAGKcw== +-----END CERTIFICATE----- + +Sectigo Public Server Authentication Root R46 +============================================= +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQG +EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1 +OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDaef0rty2k +1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnzSDBh+oF8HqcIStw+Kxwf +GExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xfiOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMP +FF1bFOdLvt30yNoDN9HWOaEhUTCDsG3XME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vu +ZDCQOc2TZYEhMbUjUDM3IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5Qaz +Yw6A3OASVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgESJ/A +wSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu+Zd4KKTIRJLpfSYF +plhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt8uaZFURww3y8nDnAtOFr94MlI1fZ +EoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+LHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW +6aWWrL3DkJiy4Pmi1KZHQ3xtzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWI +IUkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQYKlJfp/imTYp +E0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52gDY9hAaLMyZlbcp+nv4fjFg4 +exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZAFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M +0ejf5lG5Nkc/kLnHvALcWxxPDkjBJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI +84HxZmduTILA7rpXDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9m +pFuiTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5dHn5Hrwd +Vw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65LvKRRFHQV80MNNVIIb/b +E/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmm +J1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAYQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL +-----END CERTIFICATE----- + +SSL.com TLS RSA Root CA 2022 +============================ +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQG +EwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0Eg +Um9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloXDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMC +VVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJv +b3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u +9nTPL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OYt6/wNr/y +7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0insS657Lb85/bRi3pZ7Qcac +oOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3PnxEX4MN8/HdIGkWCVDi1FW24IBydm5M +R7d1VVm0U3TZlMZBrViKMWYPHqIbKUBOL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDG +D6C1vBdOSHtRwvzpXGk3R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEW +TO6Af77wdr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS+YCk +8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYSd66UNHsef8JmAOSq +g+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoGAtUjHBPW6dvbxrB6y3snm/vg1UYk +7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2fgTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsu +N+7jhHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsMQtfhWsSWTVTN +j8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvfR4iyrT7gJ4eLSYwfqUdYe5by +iB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjU +o3KUQyxi4U5cMj29TH0ZR6LDSeeWP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqo +ENjwuSfr98t67wVylrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7Egkaib +MOlqbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2wAgDHbICi +vRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3qr5nsLFR+jM4uElZI7xc7 +P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sjiMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB0 +9+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- + +SSL.com TLS ECC Root CA 2022 +============================ +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV +UzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBFQ0MgUm9v +dCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMx +GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3Qg +Q0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWy +JGYmacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFNSeR7T5v1 +5wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSJjy+j6CugFFR7 +81a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NWuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w +7deedWo1dlJF4AIxAMeNb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5 +Zn6g6g== +-----END CERTIFICATE----- + +Atos TrustedRoot Root CA ECC TLS 2021 +===================================== +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4wLAYDVQQDDCVB +dG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQswCQYD +VQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3Mg +VHJ1c3RlZFJvb3QgUm9vdCBDQSBFQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYT +AkRFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6K +DP/XtXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4AjJn8ZQS +b+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2KCXWfeBmmnoJsmo7jjPX +NtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAwZQIwW5kp85wxtolrbNa9d+F851F+ +uDrNozZffPc8dz7kUK2o59JZDCaOMDtuCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGY +a3cpetskz2VAv9LcjBHo9H1/IISpQuQo +-----END CERTIFICATE----- + +Atos TrustedRoot Root CA RSA TLS 2021 +===================================== +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBMMS4wLAYDVQQD +DCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQsw +CQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0 +b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNV +BAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BB +l01Z4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYvYe+W/CBG +vevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZkmGbzSoXfduP9LVq6hdK +ZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDsGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt +0xU6kGpn8bRrZtkh68rZYnxGEFzedUlnnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVK +PNe0OwANwI8f4UDErmwh3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMY +sluMWuPD0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzygeBY +Br3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8ANSbhqRAvNncTFd+ +rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezBc6eUWsuSZIKmAMFwoW4sKeFYV+xa +fJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lIpw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUdEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0G +CSqGSIb3DQEBDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPso0UvFJ/1TCpl +Q3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJqM7F78PRreBrAwA0JrRUITWX +AdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuywxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9G +slA9hGCZcbUztVdF5kJHdWoOsAgMrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2Vkt +afcxBPTy+av5EzH4AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9q +TFsR0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuYo7Ey7Nmj +1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5dDTedk+SKlOxJTnbPP/l +PqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcEoji2jbDwN/zIIX8/syQbPYtuzE2wFg2W +HYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- + +TrustAsia Global Root CA G3 +=========================== +-----BEGIN CERTIFICATE----- +MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEMBQAwWjELMAkG +A1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMM +G1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAeFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEw +MTlaMFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMu +MSQwIgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNST1QY4Sxz +lZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqKAtCWHwDNBSHvBm3dIZwZ +Q0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/V +P68czH5GX6zfZBCK70bwkPAPLfSIC7Epqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1Ag +dB4SQXMeJNnKziyhWTXAyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm +9WAPzJMshH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gXzhqc +D0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAvkV34PmVACxmZySYg +WmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msTf9FkPz2ccEblooV7WIQn3MSAPmea +mseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jAuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCF +TIcQcf+eQxuulXUtgQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj +7zjKsK5Xf/IhMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E +BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4wM8zAQLpw6o1 +D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2XFNFV1pF1AWZLy4jVe5jaN/T +G3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNj +duMNhXJEIlU/HHzp/LgV6FL6qj6jITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstl +cHboCoWASzY9M/eVVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys ++TIxxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1onAX1daBli +2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d7XB4tmBZrOFdRWOPyN9y +aFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2NtjjgKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsAS +ZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFR +JQJ6+N1rZdVtTTDIZbpoFGWsJwt0ivKH +-----END CERTIFICATE----- + +TrustAsia Global Root CA G4 +=========================== +-----BEGIN CERTIFICATE----- +MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMwWjELMAkGA1UE +BhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMMG1Ry +dXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0yMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJa +MFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQw +IgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATxs8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbwLxYI+hW8 +m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJijYzBhMA8GA1UdEwEB/wQF +MAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mDpm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/ +pDHel4NZg6ZvccveMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AA +bbd+NvBNEU/zy4k6LHiRUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xk +dUfFVZDj/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA== +-----END CERTIFICATE----- + +CommScope Public Trust ECC Root-01 +================================== +-----BEGIN CERTIFICATE----- +MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkGA1UE +BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz +dCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYT +AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg +RUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLx +eP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJEhRGnSjot +6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggqhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2 +Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liW +pDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7LR47QjRE= +-----END CERTIFICATE----- + +CommScope Public Trust ECC Root-02 +================================== +-----BEGIN CERTIFICATE----- +MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkGA1UE +BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz +dCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYT +AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg +RUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/M +MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE +SgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggqhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9 +Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs7 +3u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ0LKOag== +-----END CERTIFICATE----- + +CommScope Public Trust RSA Root-01 +================================== +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjELMAkG +A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU +cnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNV +BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 +c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45Ft +nYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslhsuitQDy6 +uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0alDrJLpA6lfO741GIDuZNq +ihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3OjWiE260f6GBfZumbCk6SP/F2krfxQapWs +vCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/c +Zip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTif +BSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9 +lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeo +KFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH ++VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm4 +5P3luG0wDQYJKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6 +NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM +3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck +jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg+Mkf +Foom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/W +NyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+ +o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0wlREQKC6/ +oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHnYfkUyq+Dj7+vsQpZXdxc +1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM +6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw +-----END CERTIFICATE----- + +CommScope Public Trust RSA Root-02 +================================== +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjELMAkG +A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU +cnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNV +BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 +c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3V +rCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0kyI9p+Kx +7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1CrWDaSWqVcN3SAOLMV2MC +e5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxzhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2W +Wy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rp +M9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIf +hs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMr +eyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycE +VS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4t +Vn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7Gx +cJXvYXowDQYJKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB +KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF +1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa +MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xd +gSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2O +HG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+Nm +YWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2dlklyALKr +dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ +iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN +lM47ni3niAIi9G7oyOzWPPO5std3eqx7 +-----END CERTIFICATE----- + +Telekom Security TLS ECC Root 2020 +================================== +-----BEGIN CERTIFICATE----- +MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE +RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl +a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz +NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg +R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG +SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1 +2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC +MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ +Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU +ga/sf+Rn27iQ7t0l +-----END CERTIFICATE----- + +Telekom Security TLS RSA Root 2023 +================================== +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG +EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU +ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy +NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp +dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC +KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP +GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx +UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo +l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9 +FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v +zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg +rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML +KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S +WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2 +p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+ +sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp +kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy +/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4 +mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz +aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa +oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8 +wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE +HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0 +o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A= +-----END CERTIFICATE----- + +FIRMAPROFESIONAL CA ROOT-A WEB +============================== +-----BEGIN CERTIFICATE----- +MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF +UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4 +MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2 +WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h +bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM +IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6 +iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg +st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD +Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB +/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL +cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ +pYXFuXqUPoeovQA= +-----END CERTIFICATE----- + +TWCA CYBER Root CA +================== +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQMQswCQYDVQQG +EwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NB +IENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5WhcNNDcxMTIyMTU1OTU5WjBQMQswCQYDVQQG +EwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NB +IENZQkVSIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDG+Moe2Qkgfh1s +Ts6P40czRJzHyWmqOlt47nDSkvgEs1JSHWdyKKHfi12VCv7qze33Kc7wb3+szT3vsxxFavcokPFh +V8UMxKNQXd7UtcsZyoC5dc4pztKFIuwCY8xEMCDa6pFbVuYdHNWdZsc/34bKS1PE2Y2yHer43CdT +o0fhYcx9tbD47nORxc5zb87uEB8aBs/pJ2DFTxnk684iJkXXYJndzk834H/nY62wuFm40AZoNWDT +Nq5xQwTxaWV4fPMf88oon1oglWa0zbfuj3ikRRjpJi+NmykosaS3Om251Bw4ckVYsV7r8Cibt4LK +/c/WMw+f+5eesRycnupfXtuq3VTpMCEobY5583WSjCb+3MX2w7DfRFlDo7YDKPYIMKoNM+HvnKkH +IuNZW0CP2oi3aQiotyMuRAlZN1vH4xfyIutuOVLF3lSnmMlLIJXcRolftBL5hSmO68gnFSDAS9TM +fAxsNAwmmyYxpjyn9tnQS6Jk/zuZQXLB4HCX8SS7K8R0IrGsayIyJNN4KsDAoS/xUgXJP+92ZuJF +2A09rZXIx4kmyA+upwMu+8Ff+iDhcK2wZSA3M2Cw1a/XDBzCkHDXShi8fgGwsOsVHkQGzaRP6AzR +wyAQ4VRlnrZR0Bp2a0JaWHY06rc3Ga4udfmW5cFZ95RXKSWNOkyrTZpB0F8mAwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSdhWEUfMFib5do5E83 +QOGt4A1WNzAdBgNVHQ4EFgQUnYVhFHzBYm+XaORPN0DhreANVjcwDQYJKoZIhvcNAQEMBQADggIB +AGSPesRiDrWIzLjHhg6hShbNcAu3p4ULs3a2D6f/CIsLJc+o1IN1KriWiLb73y0ttGlTITVX1olN +c79pj3CjYcya2x6a4CD4bLubIp1dhDGaLIrdaqHXKGnK/nZVekZn68xDiBaiA9a5F/gZbG0jAn/x +X9AKKSM70aoK7akXJlQKTcKlTfjF/biBzysseKNnTKkHmvPfXvt89YnNdJdhEGoHK4Fa0o635yDR +IG4kqIQnoVesqlVYL9zZyvpoBJ7tRCT5dEA7IzOrg1oYJkK2bVS1FmAwbLGg+LhBoF1JSdJlBTrq +/p1hvIbZv97Tujqxf36SNI7JAG7cmL3c7IAFrQI932XtCwP39xaEBDG6k5TY8hL4iuO/Qq+n1M0R +FxbIQh0UqEL20kCGoE8jypZFVmAGzbdVAaYBlGX+bgUJurSkquLvWL69J1bY73NxW0Qz8ppy6rBe +Pm6pUlvscG21h483XjyMnM7k8M4MZ0HMzvaAq07MTFb1wWFZk7Q+ptq4NxKfKjLji7gh7MMrZQzv +It6IKTtM1/r+t+FHvpw+PoP7UV31aPcuIYXcv/Fa4nzXxeSDwWrruoBa3lwtcHb4yOWHh8qgnaHl +IhInD0Q9HWzq1MKLL295q39QpsQZp6F6t5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X +-----END CERTIFICATE----- + +SecureSign Root CA12 +==================== +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUZvnHwa/swlG07VOX5uaCwysckBYwDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRT +ZWN1cmVTaWduIFJvb3QgQ0ExMjAeFw0yMDA0MDgwNTM2NDZaFw00MDA0MDgwNTM2NDZaMFExCzAJ +BgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMU +U2VjdXJlU2lnbiBSb290IENBMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6OcE3 +emhFKxS06+QT61d1I02PJC0W6K6OyX2kVzsqdiUzg2zqMoqUm048luT9Ub+ZyZN+v/mtp7JIKwcc +J/VMvHASd6SFVLX9kHrko+RRWAPNEHl57muTH2SOa2SroxPjcf59q5zdJ1M3s6oYwlkm7Fsf0uZl +fO+TvdhYXAvA42VvPMfKWeP+bl+sg779XSVOKik71gurFzJ4pOE+lEa+Ym6b3kaosRbnhW70CEBF +EaCeVESE99g2zvVQR9wsMJvuwPWW0v4JhscGWa5Pro4RmHvzC1KqYiaqId+OJTN5lxZJjfU+1Uef +NzFJM3IFTQy2VYzxV4+Kh9GtxRESOaCtAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBRXNPN0zwRL1SXm8UC2LEzZLemgrTANBgkqhkiG9w0BAQsFAAOC +AQEAPrvbFxbS8hQBICw4g0utvsqFepq2m2um4fylOqyttCg6r9cBg0krY6LdmmQOmFxv3Y67ilQi +LUoT865AQ9tPkbeGGuwAtEGBpE/6aouIs3YIcipJQMPTw4WJmBClnW8Zt7vPemVV2zfrPIpyMpce +mik+rY3moxtt9XUa5rBouVui7mlHJzWhhpmA8zNL4WukJsPvdFlseqJkth5Ew1DgDzk9qTPxpfPS +vWKErI4cqc1avTc7bgoitPQV55FYxTpE05Uo2cBl6XLK0A+9H7MV2anjpEcJnuDLN/v9vZfVvhga +aaI5gdka9at/yOPiZwud9AzqVN/Ssq+xIvEg37xEHA== +-----END CERTIFICATE----- + +SecureSign Root CA14 +==================== +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIUZNtaDCBO6Ncpd8hQJ6JaJ90t8sswDQYJKoZIhvcNAQEMBQAwUTELMAkG +A1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRT +ZWN1cmVTaWduIFJvb3QgQ0ExNDAeFw0yMDA0MDgwNzA2MTlaFw00NTA0MDgwNzA2MTlaMFExCzAJ +BgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMU +U2VjdXJlU2lnbiBSb290IENBMTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF0nqh +1oq/FjHQmNE6lPxauG4iwWL3pwon71D2LrGeaBLwbCRjOfHw3xDG3rdSINVSW0KZnvOgvlIfX8xn +bacuUKLBl422+JX1sLrcneC+y9/3OPJH9aaakpUqYllQC6KxNedlsmGy6pJxaeQp8E+BgQQ8sqVb +1MWoWWd7VRxJq3qdwudzTe/NCcLEVxLbAQ4jeQkHO6Lo/IrPj8BGJJw4J+CDnRugv3gVEOuGTgpa +/d/aLIJ+7sr2KeH6caH3iGicnPCNvg9JkdjqOvn90Ghx2+m1K06Ckm9mH+Dw3EzsytHqunQG+bOE +kJTRX45zGRBdAuVwpcAQ0BB8b8VYSbSwbprafZX1zNoCr7gsfXmPvkPx+SgojQlD+Ajda8iLLCSx +jVIHvXiby8posqTdDEx5YMaZ0ZPxMBoH064iwurO8YQJzOAUbn8/ftKChazcqRZOhaBgy/ac18iz +ju3Gm5h1DVXoX+WViwKkrkMpKBGk5hIwAUt1ax5mnXkvpXYvHUC0bcl9eQjs0Wq2XSqypWa9a4X0 +dFbD9ed1Uigspf9mR6XU/v6eVL9lfgHWMI+lNpyiUBzuOIABSMbHdPTGrMNASRZhdCyvjG817XsY +AFs2PJxQDcqSMxDxJklt33UkN4Ii1+iW/RVLApY+B3KVfqs9TC7XyvDf4Fg/LS8EmjijAQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUBpOjCl4oaTeq +YR3r6/wtbyPk86AwDQYJKoZIhvcNAQEMBQADggIBAJaAcgkGfpzMkwQWu6A6jZJOtxEaCnFxEM0E +rX+lRVAQZk5KQaID2RFPeje5S+LGjzJmdSX7684/AykmjbgWHfYfM25I5uj4V7Ibed87hwriZLoA +ymzvftAj63iP/2SbNDefNWWipAA9EiOWWF3KY4fGoweITedpdopTzfFP7ELyk+OZpDc8h7hi2/Ds +Hzc/N19DzFGdtfCXwreFamgLRB7lUe6TzktuhsHSDCRZNhqfLJGP4xjblJUK7ZGqDpncllPjYYPG +FrojutzdfhrGe0K22VoF3Jpf1d+42kd92jjbrDnVHmtsKheMYc2xbXIBw8MgAGJoFjHVdqqGuw6q +nsb58Nn4DSEC5MUoFlkRudlpcyqSeLiSV5sI8jrlL5WwWLdrIBRtFO8KvH7YVdiI2i/6GaX7i+B/ +OfVyK4XELKzvGUWSTLNhB9xNH27SgRNcmvMSZ4PPmz+Ln52kuaiWA3rF7iDeM9ovnhp6dB7h7sxa +OgTdsxoEqBRjrLdHEoOabPXm6RUVkRqEGQ6UROcSjiVbgGcZ3GOTEAtlLor6CZpO2oYofaphNdgO +pygau1LgePhsumywbrmHXumZNTfxPWQrqaA0k89jL9WB365jJ6UeTo3cKXhZ+PmhIIynJkBugnLN +eLLIjzwec+fBH7/PzqUqm9tEZDKgu39cJRNItX+S +-----END CERTIFICATE----- + +SecureSign Root CA15 +==================== +-----BEGIN CERTIFICATE----- +MIICIzCCAamgAwIBAgIUFhXHw9hJp75pDIqI7fBw+d23PocwCgYIKoZIzj0EAwMwUTELMAkGA1UE +BhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRTZWN1 +cmVTaWduIFJvb3QgQ0ExNTAeFw0yMDA0MDgwODMyNTZaFw00NTA0MDgwODMyNTZaMFExCzAJBgNV +BAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2Vj +dXJlU2lnbiBSb290IENBMTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQLUHSNZDKZmbPSYAi4Io5G +dCx4wCtELW1fHcmuS1Iggz24FG1Th2CeX2yF2wYUleDHKP+dX+Sq8bOLbe1PL0vJSpSRZHX+AezB +2Ot6lHhWGENfa4HL9rzatAy2KZMIaY+jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBTrQciu/NWeUUj1vYv0hyCTQSvT9DAKBggqhkjOPQQDAwNoADBlAjEA2S6J +fl5OpBEHvVnCB96rMjhTKkZEBhd6zlHp4P9mLQlO4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJ +SwdLZrWeqrqgHkHZAXQ6bkU6iYAZezKYVWOr62Nuk22rGwlgMU4= +-----END CERTIFICATE----- + +D-TRUST BR Root CA 2 2023 +========================= +-----BEGIN CERTIFICATE----- +MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQG +EwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0Eg +MiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUwOTA4NTYzMFowSDELMAkGA1UEBhMCREUxFTAT +BgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDIgMjAyMzCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYkP7in5Mg6CjoWzckjYaCT +cfKri3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrdTIzZXcFhfUvnKLNEgXtRr90z +sWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8T1soegj8k12b9py0i4a6Ibn08OhZ +WiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCTRphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6 +++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl2ecjbwb9Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LUL +QyReS2tNZ9/WtT5PeB+UcSTq3nD88ZP+npNa5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIv +x9gvdhFP/Wxc6PWOJ4d/GUohR5AdeY0cW/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bSuREV +MweR2Ds3OmMwBtHFIjYoYiMQ4EbMl6zWK11kJNXuHA7e+whadSr2Y23OC0K+0bpwHJwh5Q8xaRfX +/Aq03u2AnMuStIv13lmiWAmlY0cL4UEyNEHZmrHZqLAbWt4NDfTisl01gLmB1IRpkQLLddCNxbU9 +CZEJjxShFHR5PtbJFR2kWVki3PaKRT08EtY+XTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUZ5Dw1t61GNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRC +MEAwPqA8oDqGOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8y +XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tIFoE9c+CeJyrr +d6kTpGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67nriv6uvw8l5VAk1/DLQOj7aRv +U9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTRVFxDWy6u71cqqLRvpO8NVhTaIasgdp4D/Ca4 +nj8+AybmTNudX0KEPUUDAxxZiMrcLmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8JkiZmkdij +YQ6qgYF/6FKC0ULn4B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4nwSPFyysCu7Ff +/vtDhQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnkbWOACKsGkoHU6XCP +pz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46ls/pdu4D58JDUjxqgejB +WoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aSEcr1wPrYg1UDfNPFIkZ1cGt5SAYqgpq/ +5usWDiJFAbzdNpQ0qTUmiteXue4Icr80knCDgKs4qllo3UCkGJCy89UDyibK79XH4I9TjvAA46jt +n/mtd+ArY0+ew+43u3gJhJ65bvspmZDogNOfJA== +-----END CERTIFICATE----- + +D-TRUST EV Root CA 2 2023 +========================= +-----BEGIN CERTIFICATE----- +MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQG +EwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0Eg +MiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUwOTA5MTAzMlowSDELMAkGA1UEBhMCREUxFTAT +BgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDIgMjAyMzCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtypU0w3uX9jFxPvp1sjW2l1 +sJkKF8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/kPbOx1sWy/YgJ25yE7CUXFId/ +MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR8CUkNRFeEMbsh2aJgWi6zCudR3Mf +vc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6lHPTGGkKSv/BAQP/eX+1SH977ugpbzZM +lWGG2Pmic4ruri+W7mjNPU0oQvlFKzIbRlUWaqZLKfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3 +YG14C8qKXO0elg6DpkiVjTujIcSuWMYAsoS0I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq910 +7PncjLgcjmgjutDzUNzPZY9zOjLHfP7KgiJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZxTnXo +nMkmdMV9WdEKWw9t/p51HBjGGjp82A0EzM23RWV6sY+4roRIPrN6TagD4uJ+ARZZaBhDM7DS3LAa +QzXupdqpRlyuhoFBAUp0JuyfBr/CBTdkdXgpaP3F9ev+R/nkhbDhezGdpn9yo7nELC7MmVcOIQxF +AZRl62UJxmMiCzNJkkg8/M3OsD6Onov4/knFNXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUqvyREBuHkV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRC +MEAwPqA8oDqGOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8y +XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14QvBukEdHjqOS +Mo1wj/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4pZt+UPJ26oUFKidBK7GB0aL2 +QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q3C+jisosketSjl8MmxfPy3MHGcRqwnNU73xD +UmPBEcrCRbH0O1P1aa4846XerOhUt7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHyTS9URZ0V +4U/M5d40VxDJI3IXcI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3dotfyc1dZnaVuo +dNv8ifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFaanuU5nCT2vFp4LJi +TZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs7dpn1mKmS00PaaLJvOwi +S5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNPgofXNJhuS5N5YHVpD/Aa1VP6IQzCP+k/ +HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAstNl7F6cTVg8uGF5csbBNvh1qvSaYd2804BC5f4ko1Di1L ++KIkBI3Y4WNeApI02phhXBxvWHZks/wCuPWdCg== +-----END CERTIFICATE----- From 12b8fce95eeeb91940e05a30f70f9b0b88e4edb0 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 31 Mar 2025 11:23:21 +0200 Subject: [PATCH 042/106] Build: added line that fixes the issue when including cpp-api to other project --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a036ad7..ddf6820 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -54,4 +54,4 @@ endif() add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") include_directories("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") - +target_include_directories(AyonCppApi PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/ext/ayon-cpp-dev-tools/src") From 0a14d99886ac6a0b4b77cdc07c3a4e89b709f36e Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Tue, 1 Apr 2025 12:23:07 +0200 Subject: [PATCH 043/106] Test: uncomment of the function used in tests --- test/GTestMain.cpp | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/test/GTestMain.cpp b/test/GTestMain.cpp index 7cea769..1187bff 100644 --- a/test/GTestMain.cpp +++ b/test/GTestMain.cpp @@ -59,24 +59,24 @@ TEST(AyonCppApi, AyonCppApiBatchResolveRootReplace) { Instrumentor::Get().EndSession(); } -// AyonApi getApiInstanceSSL() { -// std::string AYON_API_KEY; -// std::string AYON_SERVER_URL; -// std::string AYON_SITE_ID; -// std::string AYON_PROJECT_NAME; - -// #ifdef _WIN32 -// std::string envFilePath("test\\.env_https"); -// #else -// std::string envFilePath("test/.env_https"); -// #endif -// if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME)) { -// std::cerr << "Failed to load environment variables!" << std::endl; -// throw std::runtime_error("Failed to load environment variables!"); -// } - -// return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); -// } +AyonApi getApiInstanceSSL() { + std::string AYON_API_KEY; + std::string AYON_SERVER_URL; + std::string AYON_SITE_ID; + std::string AYON_PROJECT_NAME; + + #ifdef _WIN32 + std::string envFilePath("test\\.env_https"); + #else + std::string envFilePath("test/.env_https"); + #endif + if (!AyonCppApiTest::load_EnvVariables(envFilePath, AYON_API_KEY, AYON_SERVER_URL, AYON_SITE_ID, AYON_PROJECT_NAME)) { + std::cerr << "Failed to load environment variables!" << std::endl; + throw std::runtime_error("Failed to load environment variables!"); + } + + return AyonApi("./test_logs", AYON_API_KEY, AYON_SERVER_URL, AYON_PROJECT_NAME, AYON_SITE_ID); +} TEST(AyonCppApi, AyonCppApiCreationSSL) { AyonApi Test = getApiInstanceSSL(); From 9d047fc04d271eff3e92c64db9dc6c8c10040013 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 7 Apr 2025 13:09:03 +0200 Subject: [PATCH 044/106] Log: change the category of the log msg, small adjustments in code formating --- src/AyonCppApi/AyonCppApi.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index e5188d4..0ec0780 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -171,8 +171,10 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_Log->info("Using env var: SSL_CERT_PATH."); m_AyonServer->set_ca_cert_path(envCertFile); } else { - m_Log->warn("Failed to determine the OpenSSL directory. Falling back to the default certificate file path."); - std::string certPath = (std::filesystem::path(__FILE__).parent_path().parent_path().parent_path() / "certs" / "cacert.pem").string(); + m_Log->info("Failed to determine the OpenSSL directory. Falling back to the default certificate file path."); + std::string certPath = ( + std::filesystem::path(__FILE__).parent_path().parent_path().parent_path() / "certs" / "cacert.pem" + ).string(); m_AyonServer->set_ca_cert_path(certPath); } } From e16655d0d19ea6768677d1728538454435c5938c Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 7 Apr 2025 14:00:46 +0200 Subject: [PATCH 045/106] Changing the git pointer to get the bug fix with AyonLogger --- ext/ayon-cpp-dev-tools | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/ayon-cpp-dev-tools b/ext/ayon-cpp-dev-tools index 12d7013..fb785ee 160000 --- a/ext/ayon-cpp-dev-tools +++ b/ext/ayon-cpp-dev-tools @@ -1 +1 @@ -Subproject commit 12d70139791e1386c8a6b643a92d942e84238da4 +Subproject commit fb785eeb9224861cdd34f52345447ee840747656 From 871ed1b14408b09776f04c7f99b3176cfcd6c2f7 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 7 Apr 2025 15:39:57 +0200 Subject: [PATCH 046/106] Fix: fix of hardcoded platform in GET --- src/AyonCppApi/AyonCppApi.cpp | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 0ec0780..9100007 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -76,7 +76,7 @@ std::string getOpenSSLDirByCLI() { if (!pipe) { throw std::runtime_error("popen() failed!"); } - while (fgets(buffer.data(), buffer.size(), pipe.get()) != nullptr) { + while (fgets(buffer.data(), static_cast(buffer.size()), pipe.get()) != nullptr) { result += buffer.data(); } @@ -210,9 +210,14 @@ AyonApi::~AyonApi() { std::unordered_map* AyonApi::getSiteRoots() { m_Log->info(m_Log->key("AyonApi"), "AyonApi::getSiteRoots()"); - if (m_siteRoots.size() < 1) { - nlohmann::json response - = GET(std::make_shared("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=linux"), + if (m_siteRoots.size() < 1) { + std::string platform; + #ifdef _WIN32 + platform = "windows"; + #elif __linux__ + platform = "linux"; + #endif + nlohmann::json response = GET(std::make_shared("/api/projects/" + m_ayonProjectName + "/siteRoots?platform=" + platform), std::make_shared(m_headers), 200); if (response.empty()) { @@ -255,7 +260,7 @@ AyonApi::rootReplace(const std::string &rootLessPath) { return rootedPath; } catch (std::out_of_range &e) { - m_Log->warn("AyonApi::rootedPath error acured {}, list off available root replace str: "); + m_Log->warn("AyonApi::rootedPath error acured {}, list off available root replace str: ", e.what()); for (auto &g: m_siteRoots) { m_Log->warn("Key: {}, replacement: {}", g.first, g.second); } @@ -307,7 +312,7 @@ AyonApi::GET(const std::shared_ptr endPoint, } } // TODO error reason not printed catch (const httplib::Error &e) { - m_Log->warn("Request Failed because: {}"); + m_Log->warn("Request Failed because: {}", httplib::to_string(e)); break; } m_Log->warn("The connection failed Rety now."); @@ -424,9 +429,9 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { { PerfTimer("AyonApi::batchResolvePath::sanatizeVector"); std::set s; - unsigned size = uriPaths.size(); + size_t size = uriPaths.size(); - for (unsigned i = 0; i < size; ++i) s.insert(uriPaths[i]); + for (size_t i = 0; i < size; ++i) s.insert(uriPaths[i]); uriPaths.assign(s.begin(), s.end()); m_Log->info("Make sure that the vector has no duplicates. vecSize before: {} after: {}", size, uriPaths.size()); From 92c0eef75f32a109d43f46ab9341f6dd1c82c3f5 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 7 Apr 2025 16:12:05 +0200 Subject: [PATCH 047/106] Log: added missing log for one case of setting ca cert --- src/AyonCppApi/AyonCppApi.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 9100007..01adaae 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -153,7 +153,7 @@ AyonApi::AyonApi(const std::optional &logFilePos, #endif if (std::filesystem::exists(certFileCLI)) { - m_Log->info("Using CLI var."); + m_Log->info("Using cert based on CLI var."); m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); } else { std::string opensslDir = getOpenSSLDir(); @@ -164,11 +164,12 @@ AyonApi::AyonApi(const std::optional &logFilePos, #endif if (std::filesystem::exists(certFile)) { + m_Log->info("Using cert based on SSLEAY_DIR."); m_AyonServer->set_ca_cert_path(certFile.c_str()); } else { const char* envCertFile = getenv("SSL_CERT_FILE"); if (envCertFile) { - m_Log->info("Using env var: SSL_CERT_PATH."); + m_Log->info("Using cert based on env variable (SSL_CERT_PATH)."); m_AyonServer->set_ca_cert_path(envCertFile); } else { m_Log->info("Failed to determine the OpenSSL directory. Falling back to the default certificate file path."); From 5fba7dd33aee6e8bc5382d4f8250bb4ce2266e63 Mon Sep 17 00:00:00 2001 From: Jakub Trllo <43494761+iLLiCiTiT@users.noreply.github.com> Date: Fri, 29 Aug 2025 11:52:45 +0200 Subject: [PATCH 048/106] auto-detect service api key or user token --- src/AyonCppApi/AyonCppApi.cpp | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 01adaae..8238470 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -139,10 +139,6 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_AyonServer = std::make_unique(m_serverUrl); if (isSSL()) { - m_headers = { - {"X-Api-Key", m_authKey}, - }; - try { std::string opensslDirCLI = getOpenSSLDirByCLI(); @@ -186,18 +182,23 @@ AyonApi::AyonApi(const std::optional &logFilePos, } m_AyonServer->enable_server_certificate_verification(true); - } else { - m_AyonServer->set_bearer_token_auth(m_authKey); - m_headers = {}; } - auto res = m_AyonServer->Get("/api/info", m_headers); + auto res = m_AyonServer->Get("/api/info"); if (!res) { m_Log->error("Failed to connect to the Ayon server."); - } else if (res->status != 200) { - m_Log->warn("Connected to the Ayon server : {}", res->status); } else { m_Log->info("Connected to the Ayon server : {}", res->status); + // First try to use authentication token as service API key + // - if fails use it as user tokens + m_headers = { + {"X-Api-Key", m_authKey}, + }; + auto res = m_AyonServer->Get("/api/users/me", m_headers); + if (res->status != 200) { + m_headers = {}; + m_AyonServer->set_bearer_token_auth(m_authKey); + } } m_Log->info(m_Log->key("AyonApi"), "Constructor Getting Site Roots"); From a04f127517f7def65108f4a59de4ba3265bf5a02 Mon Sep 17 00:00:00 2001 From: Jakub Trllo <43494761+iLLiCiTiT@users.noreply.github.com> Date: Mon, 1 Sep 2025 09:33:46 +0200 Subject: [PATCH 049/106] fill site id in headers and use m_headers at all places --- src/AyonCppApi/AyonCppApi.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 8238470..62caaa6 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -193,10 +193,13 @@ AyonApi::AyonApi(const std::optional &logFilePos, // - if fails use it as user tokens m_headers = { {"X-Api-Key", m_authKey}, + {"X-ayon-site-id", m_siteId}, }; auto res = m_AyonServer->Get("/api/users/me", m_headers); if (res->status != 200) { - m_headers = {}; + m_headers = { + {"X-ayon-site-id", m_siteId}, + }; m_AyonServer->set_bearer_token_auth(m_authKey); } } @@ -403,7 +406,8 @@ AyonApi::resolvePath(const std::string &uriPath) { } std::pair resolvedAsset; nlohmann::json jsonPayload = {{"resolveRoots", false}, {"uris", nlohmann::json::array({uriPath})}}; - httplib::Headers headers = {{"X-ayon-site-id", m_siteId}}; + httplib::Headers headers = m_headers; + uint8_t sucsessStatus = 200; nlohmann::json response @@ -443,7 +447,7 @@ AyonApi::batchResolvePath(std::vector &uriPaths) { std::vector> futures; std::shared_ptr headers - = std::make_shared(httplib::Headers{{"X-ayon-site-id", m_siteId}}); + = std::make_shared(m_headers); std::shared_ptr batchResolveEndpoint; if (m_pathOnlyReselution) { From a8bed00a8f47fa4e7aa2b58244199ed657f16f15 Mon Sep 17 00:00:00 2001 From: Jakub Trllo <43494761+iLLiCiTiT@users.noreply.github.com> Date: Wed, 3 Sep 2025 21:14:12 +0200 Subject: [PATCH 050/106] keep original logic to add site id only in resolvePath --- src/AyonCppApi/AyonCppApi.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 62caaa6..98c502b 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -193,13 +193,10 @@ AyonApi::AyonApi(const std::optional &logFilePos, // - if fails use it as user tokens m_headers = { {"X-Api-Key", m_authKey}, - {"X-ayon-site-id", m_siteId}, }; auto res = m_AyonServer->Get("/api/users/me", m_headers); if (res->status != 200) { - m_headers = { - {"X-ayon-site-id", m_siteId}, - }; + m_headers = {}; m_AyonServer->set_bearer_token_auth(m_authKey); } } @@ -407,6 +404,7 @@ AyonApi::resolvePath(const std::string &uriPath) { std::pair resolvedAsset; nlohmann::json jsonPayload = {{"resolveRoots", false}, {"uris", nlohmann::json::array({uriPath})}}; httplib::Headers headers = m_headers; + headers.insert({"X-ayon-site-id", m_siteId}); uint8_t sucsessStatus = 200; From 65baff2596165f05fead0ea4baa01f5b1184ca82 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 12 Nov 2025 15:43:17 +0100 Subject: [PATCH 051/106] New cmakelists to make it work with resolver build --- CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ddf6820..5d86b1b 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -9,6 +9,9 @@ set(AR_PROJECT_NAME AyonCppApi) set(CMAKE_CXX_STANDARD 17) set(CMAKE_POSITION_INDEPENDENT_CODE ON) +if(NOT DEFINED JTRACE) + set(JTRACE 0) +endif() add_compile_definitions(JTRACE=${JTRACE}) option(BUILD_TEST "Build the test application" OFF) @@ -35,8 +38,6 @@ include_directories("${CMAKE_CURRENT_SOURCE_DIR}/ext/json/include") set(AYON_CPPTOOLS_BUILD_LOGGER 1) add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/ayon-cpp-dev-tools") -include_directories("${CMAKE_CURRENT_SOURCE_DIR}/ext/ayon-cpp-dev-tools/src/") - project(${AR_PROJECT_NAME} VERSION 1.0.0 LANGUAGES CXX) @@ -54,4 +55,5 @@ endif() add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") include_directories("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") -target_include_directories(AyonCppApi PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/ext/ayon-cpp-dev-tools/src") + +target_link_libraries(AyonCppApi PUBLIC AyonCppDevToolsLib) \ No newline at end of file From 07b276824fd02a229071d9e709fa0046029001fd Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 12 Nov 2025 16:30:54 +0100 Subject: [PATCH 052/106] new CMakeLists in cpp-dev-tools --- ext/ayon-cpp-dev-tools | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/ayon-cpp-dev-tools b/ext/ayon-cpp-dev-tools index fb785ee..721f8af 160000 --- a/ext/ayon-cpp-dev-tools +++ b/ext/ayon-cpp-dev-tools @@ -1 +1 @@ -Subproject commit fb785eeb9224861cdd34f52345447ee840747656 +Subproject commit 721f8afe4b3edcae745649af73f46a9184e9a10d From e82add7ec4a31f8c7c8d9f371e439412796a59b5 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 19 Nov 2025 17:36:28 +0100 Subject: [PATCH 053/106] Test CMakeLists - fix of different versions of libs --- src/AyonCppApi/CMakeLists.txt | 151 +++++++++++++++++++++++++++------- 1 file changed, 119 insertions(+), 32 deletions(-) diff --git a/src/AyonCppApi/CMakeLists.txt b/src/AyonCppApi/CMakeLists.txt index 11a31f6..f05209a 100755 --- a/src/AyonCppApi/CMakeLists.txt +++ b/src/AyonCppApi/CMakeLists.txt @@ -1,48 +1,135 @@ -add_library(AyonCppApi STATIC AyonCppApi.cpp) +# add_library(AyonCppApi STATIC AyonCppApi.cpp) -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) -#include the header only libary -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib) -# precompile the header lib for better perfocmance -target_precompile_headers(AyonCppApi PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib/httplib.h) +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) +# #include the header only libary +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib) +# # precompile the header lib for better perfocmance +# target_precompile_headers(AyonCppApi PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib/httplib.h) -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json) -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json/include) +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json) +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json/include) -target_link_libraries(AyonCppApi PRIVATE nlohmann_json::nlohmann_json) -target_link_libraries(AyonCppApi PRIVATE Backward::Interface) +# target_link_libraries(AyonCppApi PRIVATE nlohmann_json::nlohmann_json) +# target_link_libraries(AyonCppApi PRIVATE Backward::Interface) -target_compile_definitions(AyonCppApi PUBLIC CPPHTTPLIB_OPENSSL_SUPPORT) +# target_compile_definitions(AyonCppApi PUBLIC CPPHTTPLIB_OPENSSL_SUPPORT) +# if(WIN32) +# target_link_libraries(AyonCppApi PRIVATE +# ${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib +# ${OPENSSL_ROOT_DIR}/lib/libssl_static.lib +# ) +# else() +# target_link_libraries(AyonCppApi PRIVATE +# ${OPENSSL_ROOT_DIR}/lib/libssl.a +# ${OPENSSL_ROOT_DIR}/lib/libcrypto.a +# ) +# endif() +# target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) + +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) + +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) + +# # needed because off usd resovler +# set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) + + +# install ( +# TARGETS AyonCppApi +# DESTINATION ${CMAKE_INSTALL_PREFIX} +# ) + +# install ( +# FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h +# DESTINATION include +# ) + +cmake_minimum_required(VERSION 3.19 FATAL_ERROR) + +# Ensure CMAKE_EXPORT_COMPILE_COMMANDS is set before project() call +set(CMAKE_EXPORT_COMPILE_COMMANDS ON) + +set(AR_PROJECT_NAME AyonCppApi) + +# --------------------------------------------------------------------------- +# Core settings +# --------------------------------------------------------------------------- +set(CMAKE_CXX_STANDARD 17) +set(CMAKE_POSITION_INDEPENDENT_CODE ON) + +# Provide default when invoked from external projects +if(NOT DEFINED JTRACE) + set(JTRACE 0) +endif() +add_compile_definitions(JTRACE=${JTRACE}) + +option(BUILD_TEST "Build the test application" OFF) + +set(CMAKE_INSTALL_PREFIX ${CMAKE_CURRENT_SOURCE_DIR}/bin) +set(JSON_BuildTests OFF CACHE INTERNAL "") + +# --------------------------------------------------------------------------- +# OpenSSL selection (unused by the resolver, but required by AyonCppApi) +# --------------------------------------------------------------------------- if(WIN32) - target_link_libraries(AyonCppApi PRIVATE - ${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib - ${OPENSSL_ROOT_DIR}/lib/libssl_static.lib - ) + set(OPENSSL_ROOT_DIR "${CMAKE_CURRENT_SOURCE_DIR}/ext/opensslW") else() - target_link_libraries(AyonCppApi PRIVATE - ${OPENSSL_ROOT_DIR}/lib/libssl.a - ${OPENSSL_ROOT_DIR}/lib/libcrypto.a - ) + set(OPENSSL_ROOT_DIR "${CMAKE_CURRENT_SOURCE_DIR}/ext/opensslL") endif() -target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) +include_directories(${OPENSSL_ROOT_DIR}/include) + +# --------------------------------------------------------------------------- +# External dependencies (header-only or local) +# --------------------------------------------------------------------------- +add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/backward-cpp") + +add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/cpp-httplib" EXCLUDE_FROM_ALL) +include_directories("${CMAKE_CURRENT_SOURCE_DIR}/ext/cpp-httplib") + +add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/json" EXCLUDE_FROM_ALL) +include_directories("${CMAKE_CURRENT_SOURCE_DIR}/ext/json/include") -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) +set(AYON_CPPTOOLS_BUILD_LOGGER 1) +add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/ayon-cpp-dev-tools") -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) +# --------------------------------------------------------------------------- +# Main project +# --------------------------------------------------------------------------- +project(${AR_PROJECT_NAME} VERSION 1.0.0 LANGUAGES CXX) -# needed because off usd resovler -set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) +# --------------------------------------------------------------------------- +# Optional tests and benchmarks +# --------------------------------------------------------------------------- +if(AYON_CPP_API_ENALBE_GTEST) + add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/googletest") +endif() + +if(AYON_CPP_API_ENALBE_GBENCH) + add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/benchmark") +endif() + +if(AYON_CPP_API_ENALBE_GTEST OR AYON_CPP_API_ENALBE_GBENCH) + add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/test") +endif() +# --------------------------------------------------------------------------- +# Main library +# --------------------------------------------------------------------------- +add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") +include_directories("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") -install ( - TARGETS AyonCppApi - DESTINATION ${CMAKE_INSTALL_PREFIX} -) +# --------------------------------------------------------------------------- +# Fix: Houdini / USD / MayaUSD crash from bundled spdlog fmt +# This forces spdlog to use the SAME fmt version as the DCC. +# --------------------------------------------------------------------------- +add_definitions(-DSPDLOG_FMT_EXTERNAL) +find_package(fmt REQUIRED) +target_link_libraries(AyonCppApi PRIVATE fmt::fmt) -install ( - FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h - DESTINATION include -) +# --------------------------------------------------------------------------- +# Final link — AyonCppDevTools contains spdlog and helpers +# --------------------------------------------------------------------------- +target_link_libraries(AyonCppApi PUBLIC AyonCppDevToolsLib) \ No newline at end of file From 4a1c7e3be92550a0109922827adf121b168b0071 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 19 Nov 2025 18:25:39 +0100 Subject: [PATCH 054/106] Fix of segfault - delete the responsible line with res->status --- src/AyonCppApi/AyonCppApi.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 98c502b..504a743 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -188,7 +188,7 @@ AyonApi::AyonApi(const std::optional &logFilePos, if (!res) { m_Log->error("Failed to connect to the Ayon server."); } else { - m_Log->info("Connected to the Ayon server : {}", res->status); + // m_Log->info("Connected to the Ayon server : {}", res->status); // First try to use authentication token as service API key // - if fails use it as user tokens m_headers = { From a20e82ba2d5160e7e0d3c1b826ce873cf6a1cd40 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 24 Nov 2025 09:56:19 +0100 Subject: [PATCH 055/106] Debug prints added - should be deleted before merge --- src/AyonCppApi/AyonCppApi.cpp | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 504a743..03f5c8a 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -133,10 +133,11 @@ AyonApi::AyonApi(const std::optional &logFilePos, } } m_Log = std::make_shared(AyonLogger::getInstance(logPath.string())); - m_Log->LogLevlWarn(); + m_Log->LogLevelWarn(); m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); m_AyonServer = std::make_unique(m_serverUrl); + std::cout << "After creating httplib::Client - " << m_serverUrl << std::endl; if (isSSL()) { try { @@ -184,10 +185,34 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_AyonServer->enable_server_certificate_verification(true); } - auto res = m_AyonServer->Get("/api/info"); + std::cout << "Before" << std::endl; + if (!m_AyonServer) { + std::cerr << "m_AyonServer is null. serverUrl='" << m_serverUrl << "'\n"; + throw std::runtime_error("AyonApi: HTTP client not initialized"); + } + std::cout << "After m_AyonServer check" << std::endl; + if (m_serverUrl.empty()) { + std::cerr << "m_serverUrl empty\n"; + } + std::cout << "Before GET" << std::endl; + httplib::Result res; + try { + res = m_AyonServer->Get("/api/info"); + std::cout << "After GET try" << std::endl; + } catch (const std::exception& e) { + std::cerr << "Exception during GET /api/info: " << e.what() << "\n"; + throw; + } + std::cout << "After GET" << std::endl; + if (!res) { + std::cout << "Failed to connect to the Ayon server." << std::endl; m_Log->error("Failed to connect to the Ayon server."); + std::cout << "After log error" << std::endl; } else { + std::cout << "Ayon server info: " << res->body << std::endl; + std::cout << "Status code: " << res->status << std::endl; + std::cout << "After" << std::endl; // m_Log->info("Connected to the Ayon server : {}", res->status); // First try to use authentication token as service API key // - if fails use it as user tokens @@ -561,6 +586,8 @@ AyonApi::getAssetIdent(const nlohmann::json &uriResolverRespone) { uriResolverRespone.at("entities").at(uriResolverRespone.at("entities").size() - 1).at("filePath")); } catch (const nlohmann::json::exception &e) { + std::cout << "AyonApi::getAssetIdent JSON exception: " << e.what() << std::endl; + std::cout << "uriResolverRespone: " << uriResolverRespone.dump() << std::endl; m_Log->warn("asset identification cant be generated {}", uriResolverRespone.dump()); } return AssetIdent; From 94f686c55116d16a64b5e90c03fe791ec0591d86 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 24 Nov 2025 09:56:43 +0100 Subject: [PATCH 056/106] CMakeLists --- src/AyonCppApi/CMakeLists.txt | 152 ++++++++-------------------------- 1 file changed, 33 insertions(+), 119 deletions(-) diff --git a/src/AyonCppApi/CMakeLists.txt b/src/AyonCppApi/CMakeLists.txt index f05209a..0b6e489 100755 --- a/src/AyonCppApi/CMakeLists.txt +++ b/src/AyonCppApi/CMakeLists.txt @@ -1,135 +1,49 @@ -# add_library(AyonCppApi STATIC AyonCppApi.cpp) +add_library(AyonCppApi STATIC AyonCppApi.cpp) -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) -# #include the header only libary -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib) -# # precompile the header lib for better perfocmance -# target_precompile_headers(AyonCppApi PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib/httplib.h) +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) +#include the header only libary +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib) +# precompile the header lib for better perfocmance +target_precompile_headers(AyonCppApi PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib/httplib.h) -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json) -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json/include) +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json) +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json/include) -# target_link_libraries(AyonCppApi PRIVATE nlohmann_json::nlohmann_json) -# target_link_libraries(AyonCppApi PRIVATE Backward::Interface) +target_link_libraries(AyonCppApi PRIVATE nlohmann_json::nlohmann_json) +target_link_libraries(AyonCppApi PRIVATE Backward::Interface) -# target_compile_definitions(AyonCppApi PUBLIC CPPHTTPLIB_OPENSSL_SUPPORT) +target_compile_definitions(AyonCppApi PUBLIC CPPHTTPLIB_OPENSSL_SUPPORT) -# if(WIN32) -# target_link_libraries(AyonCppApi PRIVATE -# ${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib -# ${OPENSSL_ROOT_DIR}/lib/libssl_static.lib -# ) -# else() -# target_link_libraries(AyonCppApi PRIVATE -# ${OPENSSL_ROOT_DIR}/lib/libssl.a -# ${OPENSSL_ROOT_DIR}/lib/libcrypto.a -# ) -# endif() -# target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) - -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) - -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) - -# # needed because off usd resovler -# set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) - - -# install ( -# TARGETS AyonCppApi -# DESTINATION ${CMAKE_INSTALL_PREFIX} -# ) - -# install ( -# FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h -# DESTINATION include -# ) - -cmake_minimum_required(VERSION 3.19 FATAL_ERROR) - -# Ensure CMAKE_EXPORT_COMPILE_COMMANDS is set before project() call -set(CMAKE_EXPORT_COMPILE_COMMANDS ON) - -set(AR_PROJECT_NAME AyonCppApi) - -# --------------------------------------------------------------------------- -# Core settings -# --------------------------------------------------------------------------- -set(CMAKE_CXX_STANDARD 17) -set(CMAKE_POSITION_INDEPENDENT_CODE ON) - -# Provide default when invoked from external projects -if(NOT DEFINED JTRACE) - set(JTRACE 0) -endif() -add_compile_definitions(JTRACE=${JTRACE}) - -option(BUILD_TEST "Build the test application" OFF) - -set(CMAKE_INSTALL_PREFIX ${CMAKE_CURRENT_SOURCE_DIR}/bin) -set(JSON_BuildTests OFF CACHE INTERNAL "") - -# --------------------------------------------------------------------------- -# OpenSSL selection (unused by the resolver, but required by AyonCppApi) -# --------------------------------------------------------------------------- if(WIN32) - set(OPENSSL_ROOT_DIR "${CMAKE_CURRENT_SOURCE_DIR}/ext/opensslW") + target_link_libraries(AyonCppApi PRIVATE + ${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib + ${OPENSSL_ROOT_DIR}/lib/libssl_static.lib + ) else() - set(OPENSSL_ROOT_DIR "${CMAKE_CURRENT_SOURCE_DIR}/ext/opensslL") + target_link_libraries(AyonCppApi PRIVATE + ${OPENSSL_ROOT_DIR}/lib/libssl.a + ${OPENSSL_ROOT_DIR}/lib/libcrypto.a + ) endif() -include_directories(${OPENSSL_ROOT_DIR}/include) - -# --------------------------------------------------------------------------- -# External dependencies (header-only or local) -# --------------------------------------------------------------------------- -add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/backward-cpp") - -add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/cpp-httplib" EXCLUDE_FROM_ALL) -include_directories("${CMAKE_CURRENT_SOURCE_DIR}/ext/cpp-httplib") - -add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/json" EXCLUDE_FROM_ALL) -include_directories("${CMAKE_CURRENT_SOURCE_DIR}/ext/json/include") +target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) -set(AYON_CPPTOOLS_BUILD_LOGGER 1) -add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/ayon-cpp-dev-tools") +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) -# --------------------------------------------------------------------------- -# Main project -# --------------------------------------------------------------------------- -project(${AR_PROJECT_NAME} VERSION 1.0.0 LANGUAGES CXX) +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) -# --------------------------------------------------------------------------- -# Optional tests and benchmarks -# --------------------------------------------------------------------------- -if(AYON_CPP_API_ENALBE_GTEST) - add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/googletest") -endif() - -if(AYON_CPP_API_ENALBE_GBENCH) - add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/ext/benchmark") -endif() - -if(AYON_CPP_API_ENALBE_GTEST OR AYON_CPP_API_ENALBE_GBENCH) - add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/test") -endif() +# needed because off usd resovler +set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) -# --------------------------------------------------------------------------- -# Main library -# --------------------------------------------------------------------------- -add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") -include_directories("${CMAKE_CURRENT_SOURCE_DIR}/src/AyonCppApi") -# --------------------------------------------------------------------------- -# Fix: Houdini / USD / MayaUSD crash from bundled spdlog fmt -# This forces spdlog to use the SAME fmt version as the DCC. -# --------------------------------------------------------------------------- -add_definitions(-DSPDLOG_FMT_EXTERNAL) -find_package(fmt REQUIRED) -target_link_libraries(AyonCppApi PRIVATE fmt::fmt) +install ( + TARGETS AyonCppApi + DESTINATION ${CMAKE_INSTALL_PREFIX} +) -# --------------------------------------------------------------------------- -# Final link — AyonCppDevTools contains spdlog and helpers -# --------------------------------------------------------------------------- -target_link_libraries(AyonCppApi PUBLIC AyonCppDevToolsLib) \ No newline at end of file +install ( + FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h + DESTINATION include +) + \ No newline at end of file From e38be43e1f27c66c9ac477b0fd6bd82010b99f67 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 24 Nov 2025 10:21:48 +0100 Subject: [PATCH 057/106] Checkout to the fix of logger --- ext/ayon-cpp-dev-tools | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/ayon-cpp-dev-tools b/ext/ayon-cpp-dev-tools index 721f8af..9831c56 160000 --- a/ext/ayon-cpp-dev-tools +++ b/ext/ayon-cpp-dev-tools @@ -1 +1 @@ -Subproject commit 721f8afe4b3edcae745649af73f46a9184e9a10d +Subproject commit 9831c56a3d8e61385dcc706d003086bd6e43f4d8 From dea96884bf181063465fd9132ef66e2a8609df08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tade=C3=A1=C5=A1=20Hejnic?= <65614308+tadeas-hejnic@users.noreply.github.com> Date: Tue, 2 Dec 2025 16:27:14 +0100 Subject: [PATCH 058/106] typo fix Co-authored-by: Philippe Leprince --- src/AyonCppApi/AyonCppApi.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 03f5c8a..a7a48aa 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -121,7 +121,7 @@ AyonApi::AyonApi(const std::optional &logFilePos, // if the input path is just an filename we will just throw it into tmp logPath = std::filesystem::temp_directory_path() / inPath; } - // we allways want the data to be a json, so we just enforce it. + // we always want the data to be a json, so we just enforce it. logPath.replace_extension(".json"); From d11ec602010bd0c9af6343ea60eca7cd349706f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tade=C3=A1=C5=A1=20Hejnic?= <65614308+tadeas-hejnic@users.noreply.github.com> Date: Tue, 2 Dec 2025 17:03:21 +0100 Subject: [PATCH 059/106] use std::filesystem::path instead of platform ifdef --- src/AyonCppApi/AyonCppApi.cpp | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index a7a48aa..98b9d0a 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -141,13 +141,9 @@ AyonApi::AyonApi(const std::optional &logFilePos, if (isSSL()) { try { - std::string opensslDirCLI = getOpenSSLDirByCLI(); - - #ifdef _WIN32 - std::string certFileCLI = opensslDirCLI + "\\cert.pem"; - #else - std::string certFileCLI = opensslDirCLI + "/cert.pem"; - #endif + std::filesystem::path opensslDirCLI(getOpenSSLDirByCLI()); + opensslDirCLI /= "cert.pem"; + std::string certFileCLI = opensslDirCLI.string() if (std::filesystem::exists(certFileCLI)) { m_Log->info("Using cert based on CLI var."); From 28ac24fc2c3b6e164af3af208b359b8fe4c61fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tade=C3=A1=C5=A1=20Hejnic?= <65614308+tadeas-hejnic@users.noreply.github.com> Date: Tue, 2 Dec 2025 17:03:53 +0100 Subject: [PATCH 060/106] typo fix Co-authored-by: Roy Nieterau --- src/AyonCppApi/AyonCppApi.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 98b9d0a..93f947f 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -283,7 +283,7 @@ AyonApi::rootReplace(const std::string &rootLessPath) { return rootedPath; } catch (std::out_of_range &e) { - m_Log->warn("AyonApi::rootedPath error acured {}, list off available root replace str: ", e.what()); + m_Log->warn("AyonApi::rootedPath error occured {}, list of available root replace str: ", e.what()); for (auto &g: m_siteRoots) { m_Log->warn("Key: {}, replacement: {}", g.first, g.second); } From f997f3eeba160b678c15425059b00f9092fbb930 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Wed, 3 Dec 2025 17:53:32 +0100 Subject: [PATCH 061/106] Code review suggestions, cleaning --- src/AyonCppApi/AyonCppApi.cpp | 80 ++++++++++++++++++++--------------- src/AyonCppApi/AyonCppApi.h | 4 ++ 2 files changed, 50 insertions(+), 34 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 93f947f..e6b99d1 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -121,7 +121,7 @@ AyonApi::AyonApi(const std::optional &logFilePos, // if the input path is just an filename we will just throw it into tmp logPath = std::filesystem::temp_directory_path() / inPath; } - // we always want the data to be a json, so we just enforce it. + // we allways want the data to be a json, so we just enforce it. logPath.replace_extension(".json"); @@ -131,7 +131,10 @@ AyonApi::AyonApi(const std::optional &logFilePos, else { std::filesystem::create_directories(logPath.parent_path()); } + } else { + throw std::runtime_error("AyonApi: No log file path provided"); } + m_Log = std::make_shared(AyonLogger::getInstance(logPath.string())); m_Log->LogLevelWarn(); @@ -141,38 +144,7 @@ AyonApi::AyonApi(const std::optional &logFilePos, if (isSSL()) { try { - std::filesystem::path opensslDirCLI(getOpenSSLDirByCLI()); - opensslDirCLI /= "cert.pem"; - std::string certFileCLI = opensslDirCLI.string() - - if (std::filesystem::exists(certFileCLI)) { - m_Log->info("Using cert based on CLI var."); - m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); - } else { - std::string opensslDir = getOpenSSLDir(); - #ifdef _WIN32 - std::string certFile = opensslDir + "\\cert.pem"; - #else - std::string certFile = opensslDir + "/cert.pem"; - #endif - - if (std::filesystem::exists(certFile)) { - m_Log->info("Using cert based on SSLEAY_DIR."); - m_AyonServer->set_ca_cert_path(certFile.c_str()); - } else { - const char* envCertFile = getenv("SSL_CERT_FILE"); - if (envCertFile) { - m_Log->info("Using cert based on env variable (SSL_CERT_PATH)."); - m_AyonServer->set_ca_cert_path(envCertFile); - } else { - m_Log->info("Failed to determine the OpenSSL directory. Falling back to the default certificate file path."); - std::string certPath = ( - std::filesystem::path(__FILE__).parent_path().parent_path().parent_path() / "certs" / "cacert.pem" - ).string(); - m_AyonServer->set_ca_cert_path(certPath); - } - } - } + setSSL(); } catch (const std::exception &e) { m_Log->error("Failed to get OpenSSL directory: {}", e.what()); m_AyonServer->set_ca_cert_path(nullptr); @@ -283,7 +255,7 @@ AyonApi::rootReplace(const std::string &rootLessPath) { return rootedPath; } catch (std::out_of_range &e) { - m_Log->warn("AyonApi::rootedPath error occured {}, list of available root replace str: ", e.what()); + m_Log->warn("AyonApi::rootedPath error acured {}, list off available root replace str: ", e.what()); for (auto &g: m_siteRoots) { m_Log->warn("Key: {}, replacement: {}", g.first, g.second); } @@ -769,3 +741,43 @@ bool AyonApi::isSSL() const { return m_serverUrl.rfind("https://", 0) == 0; } + +void +AyonApi::setSSL() { + // env varaiable + const char* envCertFile = getenv("SSL_CERT_FILE"); + if (envCertFile) { + m_Log->info("Using cert based on env variable (SSL_CERT_PATH)."); + m_AyonServer->set_ca_cert_path(envCertFile); + return; + } + + // CLI + std::filesystem::path opensslDirCLI(getOpenSSLDirByCLI()); + opensslDirCLI /= "cert.pem"; + std::string certFileCLI = opensslDirCLI.string(); + + if (std::filesystem::exists(certFileCLI)) { + m_Log->info("Using cert based on CLI var."); + m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); + return; + } + + // SSLEAY_DIR / OPENSSLDIR + std::filesystem::path opensslDirCLI(getOpenSSLDir()); + opensslDirCLI /= "cert.pem"; + std::string certFileCLI = opensslDirCLI.string(); + + if (std::filesystem::exists(certFileCLI)) { + m_Log->info("Using cert based on SSLEAY_DIR."); + m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); + return; + } + + // fallback + m_Log->info("Failed to determine the OpenSSL directory. Falling back to the default certificate file path."); + std::string certPath = ( + std::filesystem::path(__FILE__).parent_path().parent_path().parent_path() / "certs" / "cacert.pem" + ).string(); + m_AyonServer->set_ca_cert_path(certPath); +} diff --git a/src/AyonCppApi/AyonCppApi.h b/src/AyonCppApi/AyonCppApi.h index e457fbc..1f1814e 100644 --- a/src/AyonCppApi/AyonCppApi.h +++ b/src/AyonCppApi/AyonCppApi.h @@ -166,6 +166,10 @@ class AyonApi { */ bool isSSL() const; + /** + * @brief sets the ssl cert path for the m_AyonServer httplib client + */ + void setSSL(); std::unique_ptr m_AyonServer; From 716597144fcab7c188485cc3e595025c5dc2686b Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 8 Dec 2025 13:38:46 +0100 Subject: [PATCH 062/106] Use logger instead of stdout --- src/AyonCppApi/AyonCppApi.cpp | 59 ++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 26 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index e6b99d1..f80e88b 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -137,10 +137,9 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_Log = std::make_shared(AyonLogger::getInstance(logPath.string())); m_Log->LogLevelWarn(); - m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); m_AyonServer = std::make_unique(m_serverUrl); - std::cout << "After creating httplib::Client - " << m_serverUrl << std::endl; + m_Log->info(m_Log->key("AyonApi"), "After creating httplib::Client - {}", m_serverUrl); if (isSSL()) { try { @@ -152,43 +151,37 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_AyonServer->enable_server_certificate_verification(true); } - - std::cout << "Before" << std::endl; + m_Log->info(m_Log->key("AyonApi"), "Before"); if (!m_AyonServer) { - std::cerr << "m_AyonServer is null. serverUrl='" << m_serverUrl << "'\n"; + m_Log->error("m_AyonServer is null. serverUrl='{}'", m_serverUrl); throw std::runtime_error("AyonApi: HTTP client not initialized"); } - std::cout << "After m_AyonServer check" << std::endl; + m_Log->info(m_Log->key("AyonApi"), "After m_AyonServer check"); if (m_serverUrl.empty()) { - std::cerr << "m_serverUrl empty\n"; + m_Log->warn("m_serverUrl empty"); } - std::cout << "Before GET" << std::endl; + m_Log->info(m_Log->key("AyonApi"), "Before GET"); httplib::Result res; try { res = m_AyonServer->Get("/api/info"); - std::cout << "After GET try" << std::endl; + m_Log->info(m_Log->key("AyonApi"), "After GET try"); } catch (const std::exception& e) { - std::cerr << "Exception during GET /api/info: " << e.what() << "\n"; + m_Log->error("Exception during GET /api/info: {}", e.what()); throw; } - std::cout << "After GET" << std::endl; if (!res) { - std::cout << "Failed to connect to the Ayon server." << std::endl; m_Log->error("Failed to connect to the Ayon server."); - std::cout << "After log error" << std::endl; } else { - std::cout << "Ayon server info: " << res->body << std::endl; - std::cout << "Status code: " << res->status << std::endl; - std::cout << "After" << std::endl; - // m_Log->info("Connected to the Ayon server : {}", res->status); - // First try to use authentication token as service API key - // - if fails use it as user tokens + m_Log->info(m_Log->key("AyonApi"), "Ayon server info: {}", res->body); + m_Log->info(m_Log->key("AyonApi"), "Status code: {}", res->status); + m_Log->info(m_Log->key("AyonApi"), "After"); + m_headers = { {"X-Api-Key", m_authKey}, }; - auto res = m_AyonServer->Get("/api/users/me", m_headers); - if (res->status != 200) { + auto resMe = m_AyonServer->Get("/api/users/me", m_headers); + if (resMe && resMe->status != 200) { m_headers = {}; m_AyonServer->set_bearer_token_auth(m_authKey); } @@ -774,10 +767,24 @@ AyonApi::setSSL() { return; } - // fallback - m_Log->info("Failed to determine the OpenSSL directory. Falling back to the default certificate file path."); - std::string certPath = ( + m_Log->info("Failed to determine the OpenSSL directory or load system CAs. Falling back to bundled certificate path derived from __FILE__."); + + std::filesystem::path bundledPath = ( std::filesystem::path(__FILE__).parent_path().parent_path().parent_path() / "certs" / "cacert.pem" - ).string(); - m_AyonServer->set_ca_cert_path(certPath); + ); + + std::string certPath = bundledPath.string(); + + if (std::filesystem::exists(certPath)) { + m_Log->info("Using bundled certificate (via __FILE__ path): {}", certPath); + m_AyonServer->set_ca_cert_path(certPath); + return; // Success, exit function + } + + + + m_Log->error("Bundled cacert.pem file not found at compile-time path: {}", certPath); + + // Final ultimate failure point: set to nullptr or throw + m_AyonServer->set_ca_cert_path(nullptr); } From 9ede5b8ed98e5b0303dbbb077c280bf50e9a5418 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 8 Dec 2025 14:18:40 +0100 Subject: [PATCH 063/106] Get the ca cert filepath from the env variable instead of finding it --- src/AyonCppApi/AyonCppApi.cpp | 122 +++------------------------------- 1 file changed, 8 insertions(+), 114 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index f80e88b..4622065 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -41,61 +41,6 @@ backward::StackTrace st; -// ------------------------------------------------ -// helper functions for getting the ca cert path -// ------------------------------------------------ -std::string parseOutput(std::string& output) { - // Parse the output to extract the directory path - std::string::size_type start = output.find('"'); - std::string::size_type end = output.find('"', start + 1); - if (start != std::string::npos && end != std::string::npos) { - return output.substr(start + 1, end - start - 1); - } else { - throw std::runtime_error("Failed to parse OpenSSL directory from command output."); - } -} - -std::string getOpenSSLDirByCLI() { - std::array buffer; - std::string result; - auto pipeDeleter = [](FILE* pipe) { - #ifdef _WIN32 - _pclose(pipe); - #else - pclose(pipe); - #endif - }; - std::unique_ptr pipe( - #ifdef _WIN32 - _popen("openssl version -d", "r"), - #else - popen("openssl version -d", "r"), - #endif - pipeDeleter - ); - if (!pipe) { - throw std::runtime_error("popen() failed!"); - } - while (fgets(buffer.data(), static_cast(buffer.size()), pipe.get()) != nullptr) { - result += buffer.data(); - } - - return parseOutput(result); -} - - -std::string getOpenSSLDir() { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0+ - const char* sslVersion = OpenSSL_version(OPENSSL_DIR); - std::string sslVersionStr(sslVersion); - return parseOutput(sslVersionStr); -#else // OpenSSL 1.0.x - return parseOutput(SSLeay_version(SSLEAY_DIR)); -#endif -} -// ------------------------------------------------ - - AyonApi::AyonApi(const std::optional &logFilePos, const std::string &authKey, const std::string &serverUrl, @@ -142,15 +87,18 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_Log->info(m_Log->key("AyonApi"), "After creating httplib::Client - {}", m_serverUrl); if (isSSL()) { - try { - setSSL(); - } catch (const std::exception &e) { - m_Log->error("Failed to get OpenSSL directory: {}", e.what()); - m_AyonServer->set_ca_cert_path(nullptr); + std::string ayonSSSLCertPath = std::getenv("AYON_SSL_CERT_PATH") ? std::getenv("AYON_SSL_CERT_PATH") : ""; + + if (!ayonSSSLCertPath.empty()) { + m_Log->info(m_Log->key("AyonApi"), "Using AYON_SSL_CERT_PATH: {}", ayonSSSLCertPath); + m_AyonServer->set_ca_cert_path(ayonSSSLCertPath.c_str()); + } else { + m_Log->error("AYON_SSL_CERT_PATH variable is not set."); } m_AyonServer->enable_server_certificate_verification(true); } + m_Log->info(m_Log->key("AyonApi"), "Before"); if (!m_AyonServer) { m_Log->error("m_AyonServer is null. serverUrl='{}'", m_serverUrl); @@ -734,57 +682,3 @@ bool AyonApi::isSSL() const { return m_serverUrl.rfind("https://", 0) == 0; } - -void -AyonApi::setSSL() { - // env varaiable - const char* envCertFile = getenv("SSL_CERT_FILE"); - if (envCertFile) { - m_Log->info("Using cert based on env variable (SSL_CERT_PATH)."); - m_AyonServer->set_ca_cert_path(envCertFile); - return; - } - - // CLI - std::filesystem::path opensslDirCLI(getOpenSSLDirByCLI()); - opensslDirCLI /= "cert.pem"; - std::string certFileCLI = opensslDirCLI.string(); - - if (std::filesystem::exists(certFileCLI)) { - m_Log->info("Using cert based on CLI var."); - m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); - return; - } - - // SSLEAY_DIR / OPENSSLDIR - std::filesystem::path opensslDirCLI(getOpenSSLDir()); - opensslDirCLI /= "cert.pem"; - std::string certFileCLI = opensslDirCLI.string(); - - if (std::filesystem::exists(certFileCLI)) { - m_Log->info("Using cert based on SSLEAY_DIR."); - m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); - return; - } - - m_Log->info("Failed to determine the OpenSSL directory or load system CAs. Falling back to bundled certificate path derived from __FILE__."); - - std::filesystem::path bundledPath = ( - std::filesystem::path(__FILE__).parent_path().parent_path().parent_path() / "certs" / "cacert.pem" - ); - - std::string certPath = bundledPath.string(); - - if (std::filesystem::exists(certPath)) { - m_Log->info("Using bundled certificate (via __FILE__ path): {}", certPath); - m_AyonServer->set_ca_cert_path(certPath); - return; // Success, exit function - } - - - - m_Log->error("Bundled cacert.pem file not found at compile-time path: {}", certPath); - - // Final ultimate failure point: set to nullptr or throw - m_AyonServer->set_ca_cert_path(nullptr); -} From ac1dfc6192bba47ca1838b535ae4c66c6c24bdd5 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Mon, 8 Dec 2025 14:50:59 +0100 Subject: [PATCH 064/106] Get back the previous implementation of getting cert file and add the env variable get --- src/AyonCppApi/AyonCppApi.cpp | 143 ++++++++++++++++++++++++++++++++-- src/AyonCppApi/AyonCppApi.h | 5 ++ src/AyonCppApi/CMakeLists.txt | 63 +++++++++++++-- 3 files changed, 198 insertions(+), 13 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 4622065..57f6015 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -41,6 +41,61 @@ backward::StackTrace st; +// ------------------------------------------------ +// helper functions for getting the ca cert path +// ------------------------------------------------ +std::string parseOutput(std::string& output) { + // Parse the output to extract the directory path + std::string::size_type start = output.find('"'); + std::string::size_type end = output.find('"', start + 1); + if (start != std::string::npos && end != std::string::npos) { + return output.substr(start + 1, end - start - 1); + } else { + throw std::runtime_error("Failed to parse OpenSSL directory from command output."); + } +} + +std::string getOpenSSLDirByCLI() { + std::array buffer; + std::string result; + auto pipeDeleter = [](FILE* pipe) { + #ifdef _WIN32 + _pclose(pipe); + #else + pclose(pipe); + #endif + }; + std::unique_ptr pipe( + #ifdef _WIN32 + _popen("openssl version -d", "r"), + #else + popen("openssl version -d", "r"), + #endif + pipeDeleter + ); + if (!pipe) { + throw std::runtime_error("popen() failed!"); + } + while (fgets(buffer.data(), static_cast(buffer.size()), pipe.get()) != nullptr) { + result += buffer.data(); + } + + return parseOutput(result); +} + + +std::string getOpenSSLDir() { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0+ + const char* sslVersion = OpenSSL_version(OPENSSL_DIR); + std::string sslVersionStr(sslVersion); + return parseOutput(sslVersionStr); +#else // OpenSSL 1.0.x + return parseOutput(SSLeay_version(SSLEAY_DIR)); +#endif +} +// ------------------------------------------------ + + AyonApi::AyonApi(const std::optional &logFilePos, const std::string &authKey, const std::string &serverUrl, @@ -87,18 +142,23 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_Log->info(m_Log->key("AyonApi"), "After creating httplib::Client - {}", m_serverUrl); if (isSSL()) { - std::string ayonSSSLCertPath = std::getenv("AYON_SSL_CERT_PATH") ? std::getenv("AYON_SSL_CERT_PATH") : ""; - - if (!ayonSSSLCertPath.empty()) { - m_Log->info(m_Log->key("AyonApi"), "Using AYON_SSL_CERT_PATH: {}", ayonSSSLCertPath); - m_AyonServer->set_ca_cert_path(ayonSSSLCertPath.c_str()); + std::string ayonSSLPath = std::getenv("AYON_SSL_CERT_PATH") ? std::getenv("AYON_SSL_CERT_PATH") : ""; + if (!ayonSSLPath.empty()) { + m_Log->info(m_Log->key("AyonApi"), "Using AYON_SSL_CERT_PATH: {}", ayonSSLPath); + m_AyonServer->set_ca_cert_path(ayonSSLPath.c_str()); } else { - m_Log->error("AYON_SSL_CERT_PATH variable is not set."); + m_Log->warn(m_Log->key("AyonApi"), "No AYON_SSL_CERT_PATH set, trying to get OpenSSL dir"); + + try { + setSSL(); + } catch (const std::exception &e) { + m_Log->error("Failed to get OpenSSL directory: {}", e.what()); + m_AyonServer->set_ca_cert_path(nullptr); + } } m_AyonServer->enable_server_certificate_verification(true); } - m_Log->info(m_Log->key("AyonApi"), "Before"); if (!m_AyonServer) { m_Log->error("m_AyonServer is null. serverUrl='{}'", m_serverUrl); @@ -682,3 +742,72 @@ bool AyonApi::isSSL() const { return m_serverUrl.rfind("https://", 0) == 0; } + +#include // REQUIRED for dladdr, Dl_info + +void +AyonApi::setSSL() { + // 1. ENVIRONMENT VARIABLE CHECK + const char* envCertFile = getenv("SSL_CERT_FILE"); + if (envCertFile) { + m_Log->info("Using cert based on env variable (SSL_CERT_FILE)."); + m_AyonServer->set_ca_cert_path(envCertFile); + return; + } + + // 2. CLI CHECK (getOpenSSLDirByCLI) + // Note: If getOpenSSLDirByCLI() returns an empty path, the filesystem::exists() check will fail safely. + std::filesystem::path opensslDirCLI(getOpenSSLDirByCLI()); + opensslDirCLI /= "cert.pem"; + std::string certFileCLI = opensslDirCLI.string(); + + if (std::filesystem::exists(certFileCLI)) { + m_Log->info("Using cert based on CLI var."); + m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); + return; + } + + // 3. SSLEAY_DIR / OPENSSLDIR CHECK (getOpenSSLDir) + std::filesystem::path opensslDirSSLEAY(getOpenSSLDir()); + opensslDirSSLEAY /= "cert.pem"; + std::string certFileSSLEAY = opensslDirSSLEAY.string(); + + if (std::filesystem::exists(certFileSSLEAY)) { + m_Log->info("Using cert based on SSLEAY_DIR."); + m_AyonServer->set_ca_cert_path(certFileSSLEAY.c_str()); + return; + } + + // 4. FALLBACK TO BUNDLED CERTIFICATE (VIA SHARED OBJECT PATH) + m_Log->info("Failed to determine the OpenSSL directory or load system CAs. Falling back to bundled certificate path."); + + std::filesystem::path soPath; + Dl_info dl_info; + + if (dladdr(reinterpret_cast(&parseOutput), &dl_info) && dl_info.dli_fname) { + soPath = dl_info.dli_fname; + } + + if (!soPath.empty()) { + std::filesystem::path resolverRoot = soPath.parent_path().parent_path(); + + std::filesystem::path bundledPath = ( + resolverRoot / "certs" / "cacert.pem" + ); + + std::string certPath = bundledPath.string(); + + if (std::filesystem::exists(certPath)) { + m_Log->info("Using bundled certificate (via SO path): {}", certPath); + m_AyonServer->set_ca_cert_path(certPath.c_str()); + return; + } + + m_Log->error("Bundled cacert.pem file not found at expected runtime path: {}", certPath); + } else { + m_Log->error("Failed to determine the path of the loaded shared library (dladdr failed)."); + } + + // 5. FINAL FAILURE POINT + throw std::runtime_error("Failed to set SSL certificate path. No valid certificate found."); +} diff --git a/src/AyonCppApi/AyonCppApi.h b/src/AyonCppApi/AyonCppApi.h index 1f1814e..711054f 100644 --- a/src/AyonCppApi/AyonCppApi.h +++ b/src/AyonCppApi/AyonCppApi.h @@ -14,6 +14,11 @@ #include "httplib.h" #include "nlohmann/json_fwd.hpp" +#ifdef __linux__ +// This header provides the dladdr function and Dl_info structure. +#include +#endif + /** * @class AyonApi * @brief Central Ayon api class \n diff --git a/src/AyonCppApi/CMakeLists.txt b/src/AyonCppApi/CMakeLists.txt index 0b6e489..1e3cc0f 100755 --- a/src/AyonCppApi/CMakeLists.txt +++ b/src/AyonCppApi/CMakeLists.txt @@ -1,4 +1,52 @@ +# add_library(AyonCppApi STATIC AyonCppApi.cpp) + +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) +# #include the header only libary +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib) +# # precompile the header lib for better perfocmance +# target_precompile_headers(AyonCppApi PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib/httplib.h) + +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json) +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json/include) + + +# target_link_libraries(AyonCppApi PRIVATE nlohmann_json::nlohmann_json) +# target_link_libraries(AyonCppApi PRIVATE Backward::Interface) + +# target_compile_definitions(AyonCppApi PUBLIC CPPHTTPLIB_OPENSSL_SUPPORT) + +# if(WIN32) +# target_link_libraries(AyonCppApi PRIVATE +# ${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib +# ${OPENSSL_ROOT_DIR}/lib/libssl_static.lib +# ) +# else() +# target_link_libraries(AyonCppApi PRIVATE +# ${OPENSSL_ROOT_DIR}/lib/libssl.a +# ${OPENSSL_ROOT_DIR}/lib/libcrypto.a +# ) +# endif() +# target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) + +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) + +# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) + +# # needed because off usd resovler +# set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) + + +# install ( +# TARGETS AyonCppApi +# DESTINATION ${CMAKE_INSTALL_PREFIX} +# ) + +# install ( +# FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h +# DESTINATION include +# ) + add_library(AyonCppApi STATIC AyonCppApi.cpp) target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) @@ -29,13 +77,17 @@ else() endif() target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) - target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) -# needed because off usd resovler -set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) +target_compile_definitions(AyonCppApi PUBLIC SPDLOG_HEADER_ONLY SPDLOG_FMT_EXTERNAL) +# CRITICAL: Link against the dynamic loading library for dladdr on Linux/UNIX +if(UNIX AND NOT APPLE) + target_link_libraries(AyonCppApi PRIVATE dl) +endif() + +# needed because of usd resovler +set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) install ( TARGETS AyonCppApi @@ -45,5 +97,4 @@ install ( install ( FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h DESTINATION include -) - \ No newline at end of file +) \ No newline at end of file From 86fb738be9000a7484468d076dd988748479414c Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Fri, 12 Dec 2025 00:09:24 +0100 Subject: [PATCH 065/106] debug prints, logger file creation better handling --- src/AyonCppApi/AyonCppApi.cpp | 69 +++++++++++++++++++++++++---------- src/AyonCppApi/CMakeLists.txt | 62 +++---------------------------- 2 files changed, 54 insertions(+), 77 deletions(-) diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 57f6015..38947f6 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -109,34 +109,61 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_siteId(siteId) { PerfTimer("AyonApi::AyonApi"); + std::cout << "before logFilePos.has_value()" << std::endl; + // TODO remove + // logFilePos = "/home/ynput/dev/ayon-usd-resolver/logFile.json"; + // ----------- Init m_Logger std::filesystem::path logPath; if (logFilePos.has_value()) { - std::filesystem::path inPath(logFilePos.value()); - - if (inPath.is_relative()) { - logPath = std::filesystem::weakly_canonical(inPath); - } - if (!inPath.has_parent_path()) { - // if the input path is just an filename we will just throw it into tmp - logPath = std::filesystem::temp_directory_path() / inPath; - } - // we allways want the data to be a json, so we just enforce it. - logPath.replace_extension(".json"); - + try { + std::filesystem::path inPath(logFilePos.value()); + // std::cout << "Original path: " << inPath << std::endl; + + std::cout << "is_relative" << std::endl; + if (inPath.is_relative()) { + logPath = std::filesystem::weakly_canonical(inPath); + } else { + logPath = inPath; + } - if (std::filesystem::exists(logPath)) { - logPath = std::filesystem::canonical(logPath); - } - else { - std::filesystem::create_directories(logPath.parent_path()); + std::cout << "has_parent_path" << std::endl; + if (!inPath.has_parent_path()) { + // if the input path is just a filename we will just throw it into tmp + logPath = std::filesystem::temp_directory_path() / inPath; + } + + // std::cout << "replace_extension" << std::endl; + // we always want the data to be a json, so we just enforce it. + // logPath.replace_extension(".json"); + + std::cout << "std::filesystem::exists - " << logPath << std::endl; + if (std::filesystem::exists(logPath)) { + std::cout << "std::filesystem::canonical" << std::endl; + logPath = std::filesystem::canonical(logPath); + } else { + std::cout << "std::filesystem::create_directories" << std::endl; + // Check if parent path exists before trying to create it to avoid empty path errors + if (logPath.has_parent_path()) { + std::filesystem::create_directories(logPath.parent_path()); + } + } + } + catch (const std::filesystem::filesystem_error& e) { + std::cerr << "Filesystem error: " << e.what() << std::endl; + std::cerr << "Path 1: " << e.path1() << std::endl; + std::cerr << "Path 2: " << e.path2() << std::endl; + } + catch (const std::exception& e) { + std::cerr << "General error processing path: " << e.what() << std::endl; } - } else { - throw std::runtime_error("AyonApi: No log file path provided"); } + std::cout << "before AyonLogger init - logPath: " << logPath << std::endl; m_Log = std::make_shared(AyonLogger::getInstance(logPath.string())); - m_Log->LogLevelWarn(); + std::cout << "after AyonLogger init" << std::endl; + m_Log->LogLevelInfo(); + // m_Log->LogLevelWarn(); m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); m_AyonServer = std::make_unique(m_serverUrl); m_Log->info(m_Log->key("AyonApi"), "After creating httplib::Client - {}", m_serverUrl); @@ -747,6 +774,8 @@ AyonApi::isSSL() const { void AyonApi::setSSL() { + // throw std::runtime_error("TEST!! should not be in the final build."); + // 1. ENVIRONMENT VARIABLE CHECK const char* envCertFile = getenv("SSL_CERT_FILE"); if (envCertFile) { diff --git a/src/AyonCppApi/CMakeLists.txt b/src/AyonCppApi/CMakeLists.txt index 1e3cc0f..9a58956 100755 --- a/src/AyonCppApi/CMakeLists.txt +++ b/src/AyonCppApi/CMakeLists.txt @@ -1,52 +1,4 @@ -# add_library(AyonCppApi STATIC AyonCppApi.cpp) - -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) -# #include the header only libary -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib) -# # precompile the header lib for better perfocmance -# target_precompile_headers(AyonCppApi PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/cpp-httplib/httplib.h) - -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json) -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/json/include) - - -# target_link_libraries(AyonCppApi PRIVATE nlohmann_json::nlohmann_json) -# target_link_libraries(AyonCppApi PRIVATE Backward::Interface) - -# target_compile_definitions(AyonCppApi PUBLIC CPPHTTPLIB_OPENSSL_SUPPORT) - -# if(WIN32) -# target_link_libraries(AyonCppApi PRIVATE -# ${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib -# ${OPENSSL_ROOT_DIR}/lib/libssl_static.lib -# ) -# else() -# target_link_libraries(AyonCppApi PRIVATE -# ${OPENSSL_ROOT_DIR}/lib/libssl.a -# ${OPENSSL_ROOT_DIR}/lib/libcrypto.a -# ) -# endif() -# target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) - -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) - -# target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) - -# # needed because off usd resovler -# set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) - - -# install ( -# TARGETS AyonCppApi -# DESTINATION ${CMAKE_INSTALL_PREFIX} -# ) - -# install ( -# FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h -# DESTINATION include -# ) - add_library(AyonCppApi STATIC AyonCppApi.cpp) target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) @@ -77,18 +29,14 @@ else() endif() target_include_directories(AyonCppApi PUBLIC ${OPENSSL_ROOT_DIR}/include) -target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) - -target_compile_definitions(AyonCppApi PUBLIC SPDLOG_HEADER_ONLY SPDLOG_FMT_EXTERNAL) +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog) -# CRITICAL: Link against the dynamic loading library for dladdr on Linux/UNIX -if(UNIX AND NOT APPLE) - target_link_libraries(AyonCppApi PRIVATE dl) -endif() +target_include_directories(AyonCppApi PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../../ext/spdlog/include) -# needed because of usd resovler +# needed because off usd resovler set_target_properties(AyonCppApi PROPERTIES POSITION_INDEPENDENT_CODE ON) + install ( TARGETS AyonCppApi DESTINATION ${CMAKE_INSTALL_PREFIX} @@ -97,4 +45,4 @@ install ( install ( FILES AyonCppApi.h appDataFoulder.h devMacros.h Instrumentor.h DESTINATION include -) \ No newline at end of file +) From 17ae0de8cf627d302e01426d787c07a405a42738 Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Tue, 16 Dec 2025 14:42:28 +0100 Subject: [PATCH 066/106] better handling in constructor + logger changes --- .../include/openssl/aes.h | 0 .../include/openssl/asn1.h | 0 .../include/openssl/asn1_mac.h | 0 .../include/openssl/asn1err.h | 0 .../include/openssl/asn1t.h | 0 .../include/openssl/async.h | 0 .../include/openssl/asyncerr.h | 0 .../include/openssl/bio.h | 0 .../include/openssl/bioerr.h | 0 .../include/openssl/blowfish.h | 0 .../include/openssl/bn.h | 0 .../include/openssl/bnerr.h | 0 .../include/openssl/buffer.h | 0 .../include/openssl/buffererr.h | 0 .../include/openssl/camellia.h | 0 .../include/openssl/cast.h | 0 .../include/openssl/cmac.h | 0 .../include/openssl/cmp.h | 0 .../include/openssl/cmp_util.h | 0 .../include/openssl/cmperr.h | 0 .../include/openssl/cms.h | 0 .../include/openssl/cmserr.h | 0 .../include/openssl/comp.h | 0 .../include/openssl/comperr.h | 0 .../include/openssl/conf.h | 0 .../include/openssl/conf_api.h | 0 .../include/openssl/conferr.h | 0 .../include/openssl/configuration.h | 0 .../include/openssl/conftypes.h | 0 .../include/openssl/core.h | 0 .../include/openssl/core_dispatch.h | 0 .../include/openssl/core_names.h | 0 .../include/openssl/core_object.h | 0 .../include/openssl/crmf.h | 0 .../include/openssl/crmferr.h | 0 .../include/openssl/crypto.h | 0 .../include/openssl/cryptoerr.h | 0 .../include/openssl/cryptoerr_legacy.h | 0 .../include/openssl/ct.h | 0 .../include/openssl/cterr.h | 0 .../include/openssl/decoder.h | 0 .../include/openssl/decodererr.h | 0 .../include/openssl/des.h | 0 .../include/openssl/dh.h | 0 .../include/openssl/dherr.h | 0 .../include/openssl/dsa.h | 0 .../include/openssl/dsaerr.h | 0 .../include/openssl/dtls1.h | 0 .../include/openssl/e_os2.h | 0 .../include/openssl/ebcdic.h | 0 .../include/openssl/ec.h | 0 .../include/openssl/ecdh.h | 0 .../include/openssl/ecdsa.h | 0 .../include/openssl/ecerr.h | 0 .../include/openssl/encoder.h | 0 .../include/openssl/encodererr.h | 0 .../include/openssl/engine.h | 0 .../include/openssl/engineerr.h | 0 .../include/openssl/err.h | 0 .../include/openssl/ess.h | 0 .../include/openssl/esserr.h | 0 .../include/openssl/evp.h | 0 .../include/openssl/evperr.h | 0 .../include/openssl/fips_names.h | 0 .../include/openssl/fipskey.h | 0 .../include/openssl/hmac.h | 0 .../include/openssl/http.h | 0 .../include/openssl/httperr.h | 0 .../include/openssl/idea.h | 0 .../include/openssl/kdf.h | 0 .../include/openssl/kdferr.h | 0 .../include/openssl/lhash.h | 0 .../include/openssl/macros.h | 0 .../include/openssl/md2.h | 0 .../include/openssl/md4.h | 0 .../include/openssl/md5.h | 0 .../include/openssl/mdc2.h | 0 .../include/openssl/modes.h | 0 .../include/openssl/obj_mac.h | 0 .../include/openssl/objects.h | 0 .../include/openssl/objectserr.h | 0 .../include/openssl/ocsp.h | 0 .../include/openssl/ocsperr.h | 0 .../include/openssl/opensslconf.h | 0 .../include/openssl/opensslv.h | 0 .../include/openssl/ossl_typ.h | 0 .../include/openssl/param_build.h | 0 .../include/openssl/params.h | 0 .../include/openssl/pem.h | 0 .../include/openssl/pem2.h | 0 .../include/openssl/pemerr.h | 0 .../include/openssl/pkcs12.h | 0 .../include/openssl/pkcs12err.h | 0 .../include/openssl/pkcs7.h | 0 .../include/openssl/pkcs7err.h | 0 .../include/openssl/prov_ssl.h | 0 .../include/openssl/proverr.h | 0 .../include/openssl/provider.h | 0 .../include/openssl/rand.h | 0 .../include/openssl/randerr.h | 0 .../include/openssl/rc2.h | 0 .../include/openssl/rc4.h | 0 .../include/openssl/rc5.h | 0 .../include/openssl/ripemd.h | 0 .../include/openssl/rsa.h | 0 .../include/openssl/rsaerr.h | 0 .../include/openssl/safestack.h | 0 .../include/openssl/seed.h | 0 .../include/openssl/self_test.h | 0 .../include/openssl/sha.h | 0 .../include/openssl/srp.h | 0 .../include/openssl/srtp.h | 0 .../include/openssl/ssl.h | 0 .../include/openssl/ssl2.h | 0 .../include/openssl/ssl3.h | 0 .../include/openssl/sslerr.h | 0 .../include/openssl/sslerr_legacy.h | 0 .../include/openssl/stack.h | 0 .../include/openssl/store.h | 0 .../include/openssl/storeerr.h | 0 .../include/openssl/symhacks.h | 0 .../include/openssl/tls1.h | 0 .../include/openssl/trace.h | 0 .../include/openssl/ts.h | 0 .../include/openssl/tserr.h | 0 .../include/openssl/txt_db.h | 0 .../include/openssl/types.h | 0 .../include/openssl/ui.h | 0 .../include/openssl/uierr.h | 0 .../include/openssl/whrlpool.h | 0 .../include/openssl/x509.h | 0 .../include/openssl/x509_vfy.h | 0 .../include/openssl/x509err.h | 0 .../include/openssl/x509v3.h | 0 .../include/openssl/x509v3err.h | 0 ext/{opensslL => openssl3L}/lib/libcrypto.a | Bin ext/{opensslL => openssl3L}/lib/libcrypto.so | 0 .../lib/libcrypto.so.3 | Bin ext/{opensslL => openssl3L}/lib/libssl.a | Bin ext/{opensslL => openssl3L}/lib/libssl.so | 0 ext/{opensslL => openssl3L}/lib/libssl.so.3 | Bin .../lib/pkgconfig/libcrypto.pc | 0 .../lib/pkgconfig/libssl.pc | 0 .../lib/pkgconfig/openssl.pc | 0 src/AyonCppApi/AyonCppApi.cpp | 86 ++++++------------ 145 files changed, 28 insertions(+), 58 deletions(-) rename ext/{opensslL => openssl3L}/include/openssl/aes.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/asn1.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/asn1_mac.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/asn1err.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/asn1t.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/async.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/asyncerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/bio.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/bioerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/blowfish.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/bn.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/bnerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/buffer.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/buffererr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/camellia.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cast.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cmac.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cmp.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cmp_util.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cmperr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cms.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cmserr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/comp.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/comperr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/conf.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/conf_api.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/conferr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/configuration.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/conftypes.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/core.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/core_dispatch.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/core_names.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/core_object.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/crmf.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/crmferr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/crypto.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cryptoerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cryptoerr_legacy.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ct.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/cterr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/decoder.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/decodererr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/des.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/dh.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/dherr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/dsa.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/dsaerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/dtls1.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/e_os2.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ebcdic.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ec.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ecdh.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ecdsa.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ecerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/encoder.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/encodererr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/engine.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/engineerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/err.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ess.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/esserr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/evp.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/evperr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/fips_names.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/fipskey.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/hmac.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/http.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/httperr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/idea.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/kdf.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/kdferr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/lhash.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/macros.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/md2.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/md4.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/md5.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/mdc2.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/modes.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/obj_mac.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/objects.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/objectserr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ocsp.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ocsperr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/opensslconf.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/opensslv.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ossl_typ.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/param_build.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/params.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/pem.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/pem2.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/pemerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/pkcs12.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/pkcs12err.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/pkcs7.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/pkcs7err.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/prov_ssl.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/proverr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/provider.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/rand.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/randerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/rc2.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/rc4.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/rc5.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ripemd.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/rsa.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/rsaerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/safestack.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/seed.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/self_test.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/sha.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/srp.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/srtp.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ssl.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ssl2.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ssl3.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/sslerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/sslerr_legacy.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/stack.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/store.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/storeerr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/symhacks.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/tls1.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/trace.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ts.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/tserr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/txt_db.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/types.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/ui.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/uierr.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/whrlpool.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/x509.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/x509_vfy.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/x509err.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/x509v3.h (100%) rename ext/{opensslL => openssl3L}/include/openssl/x509v3err.h (100%) rename ext/{opensslL => openssl3L}/lib/libcrypto.a (100%) rename ext/{opensslL => openssl3L}/lib/libcrypto.so (100%) rename ext/{opensslL => openssl3L}/lib/libcrypto.so.3 (100%) rename ext/{opensslL => openssl3L}/lib/libssl.a (100%) rename ext/{opensslL => openssl3L}/lib/libssl.so (100%) rename ext/{opensslL => openssl3L}/lib/libssl.so.3 (100%) rename ext/{opensslL => openssl3L}/lib/pkgconfig/libcrypto.pc (100%) rename ext/{opensslL => openssl3L}/lib/pkgconfig/libssl.pc (100%) rename ext/{opensslL => openssl3L}/lib/pkgconfig/openssl.pc (100%) diff --git a/ext/opensslL/include/openssl/aes.h b/ext/openssl3L/include/openssl/aes.h similarity index 100% rename from ext/opensslL/include/openssl/aes.h rename to ext/openssl3L/include/openssl/aes.h diff --git a/ext/opensslL/include/openssl/asn1.h b/ext/openssl3L/include/openssl/asn1.h similarity index 100% rename from ext/opensslL/include/openssl/asn1.h rename to ext/openssl3L/include/openssl/asn1.h diff --git a/ext/opensslL/include/openssl/asn1_mac.h b/ext/openssl3L/include/openssl/asn1_mac.h similarity index 100% rename from ext/opensslL/include/openssl/asn1_mac.h rename to ext/openssl3L/include/openssl/asn1_mac.h diff --git a/ext/opensslL/include/openssl/asn1err.h b/ext/openssl3L/include/openssl/asn1err.h similarity index 100% rename from ext/opensslL/include/openssl/asn1err.h rename to ext/openssl3L/include/openssl/asn1err.h diff --git a/ext/opensslL/include/openssl/asn1t.h b/ext/openssl3L/include/openssl/asn1t.h similarity index 100% rename from ext/opensslL/include/openssl/asn1t.h rename to ext/openssl3L/include/openssl/asn1t.h diff --git a/ext/opensslL/include/openssl/async.h b/ext/openssl3L/include/openssl/async.h similarity index 100% rename from ext/opensslL/include/openssl/async.h rename to ext/openssl3L/include/openssl/async.h diff --git a/ext/opensslL/include/openssl/asyncerr.h b/ext/openssl3L/include/openssl/asyncerr.h similarity index 100% rename from ext/opensslL/include/openssl/asyncerr.h rename to ext/openssl3L/include/openssl/asyncerr.h diff --git a/ext/opensslL/include/openssl/bio.h b/ext/openssl3L/include/openssl/bio.h similarity index 100% rename from ext/opensslL/include/openssl/bio.h rename to ext/openssl3L/include/openssl/bio.h diff --git a/ext/opensslL/include/openssl/bioerr.h b/ext/openssl3L/include/openssl/bioerr.h similarity index 100% rename from ext/opensslL/include/openssl/bioerr.h rename to ext/openssl3L/include/openssl/bioerr.h diff --git a/ext/opensslL/include/openssl/blowfish.h b/ext/openssl3L/include/openssl/blowfish.h similarity index 100% rename from ext/opensslL/include/openssl/blowfish.h rename to ext/openssl3L/include/openssl/blowfish.h diff --git a/ext/opensslL/include/openssl/bn.h b/ext/openssl3L/include/openssl/bn.h similarity index 100% rename from ext/opensslL/include/openssl/bn.h rename to ext/openssl3L/include/openssl/bn.h diff --git a/ext/opensslL/include/openssl/bnerr.h b/ext/openssl3L/include/openssl/bnerr.h similarity index 100% rename from ext/opensslL/include/openssl/bnerr.h rename to ext/openssl3L/include/openssl/bnerr.h diff --git a/ext/opensslL/include/openssl/buffer.h b/ext/openssl3L/include/openssl/buffer.h similarity index 100% rename from ext/opensslL/include/openssl/buffer.h rename to ext/openssl3L/include/openssl/buffer.h diff --git a/ext/opensslL/include/openssl/buffererr.h b/ext/openssl3L/include/openssl/buffererr.h similarity index 100% rename from ext/opensslL/include/openssl/buffererr.h rename to ext/openssl3L/include/openssl/buffererr.h diff --git a/ext/opensslL/include/openssl/camellia.h b/ext/openssl3L/include/openssl/camellia.h similarity index 100% rename from ext/opensslL/include/openssl/camellia.h rename to ext/openssl3L/include/openssl/camellia.h diff --git a/ext/opensslL/include/openssl/cast.h b/ext/openssl3L/include/openssl/cast.h similarity index 100% rename from ext/opensslL/include/openssl/cast.h rename to ext/openssl3L/include/openssl/cast.h diff --git a/ext/opensslL/include/openssl/cmac.h b/ext/openssl3L/include/openssl/cmac.h similarity index 100% rename from ext/opensslL/include/openssl/cmac.h rename to ext/openssl3L/include/openssl/cmac.h diff --git a/ext/opensslL/include/openssl/cmp.h b/ext/openssl3L/include/openssl/cmp.h similarity index 100% rename from ext/opensslL/include/openssl/cmp.h rename to ext/openssl3L/include/openssl/cmp.h diff --git a/ext/opensslL/include/openssl/cmp_util.h b/ext/openssl3L/include/openssl/cmp_util.h similarity index 100% rename from ext/opensslL/include/openssl/cmp_util.h rename to ext/openssl3L/include/openssl/cmp_util.h diff --git a/ext/opensslL/include/openssl/cmperr.h b/ext/openssl3L/include/openssl/cmperr.h similarity index 100% rename from ext/opensslL/include/openssl/cmperr.h rename to ext/openssl3L/include/openssl/cmperr.h diff --git a/ext/opensslL/include/openssl/cms.h b/ext/openssl3L/include/openssl/cms.h similarity index 100% rename from ext/opensslL/include/openssl/cms.h rename to ext/openssl3L/include/openssl/cms.h diff --git a/ext/opensslL/include/openssl/cmserr.h b/ext/openssl3L/include/openssl/cmserr.h similarity index 100% rename from ext/opensslL/include/openssl/cmserr.h rename to ext/openssl3L/include/openssl/cmserr.h diff --git a/ext/opensslL/include/openssl/comp.h b/ext/openssl3L/include/openssl/comp.h similarity index 100% rename from ext/opensslL/include/openssl/comp.h rename to ext/openssl3L/include/openssl/comp.h diff --git a/ext/opensslL/include/openssl/comperr.h b/ext/openssl3L/include/openssl/comperr.h similarity index 100% rename from ext/opensslL/include/openssl/comperr.h rename to ext/openssl3L/include/openssl/comperr.h diff --git a/ext/opensslL/include/openssl/conf.h b/ext/openssl3L/include/openssl/conf.h similarity index 100% rename from ext/opensslL/include/openssl/conf.h rename to ext/openssl3L/include/openssl/conf.h diff --git a/ext/opensslL/include/openssl/conf_api.h b/ext/openssl3L/include/openssl/conf_api.h similarity index 100% rename from ext/opensslL/include/openssl/conf_api.h rename to ext/openssl3L/include/openssl/conf_api.h diff --git a/ext/opensslL/include/openssl/conferr.h b/ext/openssl3L/include/openssl/conferr.h similarity index 100% rename from ext/opensslL/include/openssl/conferr.h rename to ext/openssl3L/include/openssl/conferr.h diff --git a/ext/opensslL/include/openssl/configuration.h b/ext/openssl3L/include/openssl/configuration.h similarity index 100% rename from ext/opensslL/include/openssl/configuration.h rename to ext/openssl3L/include/openssl/configuration.h diff --git a/ext/opensslL/include/openssl/conftypes.h b/ext/openssl3L/include/openssl/conftypes.h similarity index 100% rename from ext/opensslL/include/openssl/conftypes.h rename to ext/openssl3L/include/openssl/conftypes.h diff --git a/ext/opensslL/include/openssl/core.h b/ext/openssl3L/include/openssl/core.h similarity index 100% rename from ext/opensslL/include/openssl/core.h rename to ext/openssl3L/include/openssl/core.h diff --git a/ext/opensslL/include/openssl/core_dispatch.h b/ext/openssl3L/include/openssl/core_dispatch.h similarity index 100% rename from ext/opensslL/include/openssl/core_dispatch.h rename to ext/openssl3L/include/openssl/core_dispatch.h diff --git a/ext/opensslL/include/openssl/core_names.h b/ext/openssl3L/include/openssl/core_names.h similarity index 100% rename from ext/opensslL/include/openssl/core_names.h rename to ext/openssl3L/include/openssl/core_names.h diff --git a/ext/opensslL/include/openssl/core_object.h b/ext/openssl3L/include/openssl/core_object.h similarity index 100% rename from ext/opensslL/include/openssl/core_object.h rename to ext/openssl3L/include/openssl/core_object.h diff --git a/ext/opensslL/include/openssl/crmf.h b/ext/openssl3L/include/openssl/crmf.h similarity index 100% rename from ext/opensslL/include/openssl/crmf.h rename to ext/openssl3L/include/openssl/crmf.h diff --git a/ext/opensslL/include/openssl/crmferr.h b/ext/openssl3L/include/openssl/crmferr.h similarity index 100% rename from ext/opensslL/include/openssl/crmferr.h rename to ext/openssl3L/include/openssl/crmferr.h diff --git a/ext/opensslL/include/openssl/crypto.h b/ext/openssl3L/include/openssl/crypto.h similarity index 100% rename from ext/opensslL/include/openssl/crypto.h rename to ext/openssl3L/include/openssl/crypto.h diff --git a/ext/opensslL/include/openssl/cryptoerr.h b/ext/openssl3L/include/openssl/cryptoerr.h similarity index 100% rename from ext/opensslL/include/openssl/cryptoerr.h rename to ext/openssl3L/include/openssl/cryptoerr.h diff --git a/ext/opensslL/include/openssl/cryptoerr_legacy.h b/ext/openssl3L/include/openssl/cryptoerr_legacy.h similarity index 100% rename from ext/opensslL/include/openssl/cryptoerr_legacy.h rename to ext/openssl3L/include/openssl/cryptoerr_legacy.h diff --git a/ext/opensslL/include/openssl/ct.h b/ext/openssl3L/include/openssl/ct.h similarity index 100% rename from ext/opensslL/include/openssl/ct.h rename to ext/openssl3L/include/openssl/ct.h diff --git a/ext/opensslL/include/openssl/cterr.h b/ext/openssl3L/include/openssl/cterr.h similarity index 100% rename from ext/opensslL/include/openssl/cterr.h rename to ext/openssl3L/include/openssl/cterr.h diff --git a/ext/opensslL/include/openssl/decoder.h b/ext/openssl3L/include/openssl/decoder.h similarity index 100% rename from ext/opensslL/include/openssl/decoder.h rename to ext/openssl3L/include/openssl/decoder.h diff --git a/ext/opensslL/include/openssl/decodererr.h b/ext/openssl3L/include/openssl/decodererr.h similarity index 100% rename from ext/opensslL/include/openssl/decodererr.h rename to ext/openssl3L/include/openssl/decodererr.h diff --git a/ext/opensslL/include/openssl/des.h b/ext/openssl3L/include/openssl/des.h similarity index 100% rename from ext/opensslL/include/openssl/des.h rename to ext/openssl3L/include/openssl/des.h diff --git a/ext/opensslL/include/openssl/dh.h b/ext/openssl3L/include/openssl/dh.h similarity index 100% rename from ext/opensslL/include/openssl/dh.h rename to ext/openssl3L/include/openssl/dh.h diff --git a/ext/opensslL/include/openssl/dherr.h b/ext/openssl3L/include/openssl/dherr.h similarity index 100% rename from ext/opensslL/include/openssl/dherr.h rename to ext/openssl3L/include/openssl/dherr.h diff --git a/ext/opensslL/include/openssl/dsa.h b/ext/openssl3L/include/openssl/dsa.h similarity index 100% rename from ext/opensslL/include/openssl/dsa.h rename to ext/openssl3L/include/openssl/dsa.h diff --git a/ext/opensslL/include/openssl/dsaerr.h b/ext/openssl3L/include/openssl/dsaerr.h similarity index 100% rename from ext/opensslL/include/openssl/dsaerr.h rename to ext/openssl3L/include/openssl/dsaerr.h diff --git a/ext/opensslL/include/openssl/dtls1.h b/ext/openssl3L/include/openssl/dtls1.h similarity index 100% rename from ext/opensslL/include/openssl/dtls1.h rename to ext/openssl3L/include/openssl/dtls1.h diff --git a/ext/opensslL/include/openssl/e_os2.h b/ext/openssl3L/include/openssl/e_os2.h similarity index 100% rename from ext/opensslL/include/openssl/e_os2.h rename to ext/openssl3L/include/openssl/e_os2.h diff --git a/ext/opensslL/include/openssl/ebcdic.h b/ext/openssl3L/include/openssl/ebcdic.h similarity index 100% rename from ext/opensslL/include/openssl/ebcdic.h rename to ext/openssl3L/include/openssl/ebcdic.h diff --git a/ext/opensslL/include/openssl/ec.h b/ext/openssl3L/include/openssl/ec.h similarity index 100% rename from ext/opensslL/include/openssl/ec.h rename to ext/openssl3L/include/openssl/ec.h diff --git a/ext/opensslL/include/openssl/ecdh.h b/ext/openssl3L/include/openssl/ecdh.h similarity index 100% rename from ext/opensslL/include/openssl/ecdh.h rename to ext/openssl3L/include/openssl/ecdh.h diff --git a/ext/opensslL/include/openssl/ecdsa.h b/ext/openssl3L/include/openssl/ecdsa.h similarity index 100% rename from ext/opensslL/include/openssl/ecdsa.h rename to ext/openssl3L/include/openssl/ecdsa.h diff --git a/ext/opensslL/include/openssl/ecerr.h b/ext/openssl3L/include/openssl/ecerr.h similarity index 100% rename from ext/opensslL/include/openssl/ecerr.h rename to ext/openssl3L/include/openssl/ecerr.h diff --git a/ext/opensslL/include/openssl/encoder.h b/ext/openssl3L/include/openssl/encoder.h similarity index 100% rename from ext/opensslL/include/openssl/encoder.h rename to ext/openssl3L/include/openssl/encoder.h diff --git a/ext/opensslL/include/openssl/encodererr.h b/ext/openssl3L/include/openssl/encodererr.h similarity index 100% rename from ext/opensslL/include/openssl/encodererr.h rename to ext/openssl3L/include/openssl/encodererr.h diff --git a/ext/opensslL/include/openssl/engine.h b/ext/openssl3L/include/openssl/engine.h similarity index 100% rename from ext/opensslL/include/openssl/engine.h rename to ext/openssl3L/include/openssl/engine.h diff --git a/ext/opensslL/include/openssl/engineerr.h b/ext/openssl3L/include/openssl/engineerr.h similarity index 100% rename from ext/opensslL/include/openssl/engineerr.h rename to ext/openssl3L/include/openssl/engineerr.h diff --git a/ext/opensslL/include/openssl/err.h b/ext/openssl3L/include/openssl/err.h similarity index 100% rename from ext/opensslL/include/openssl/err.h rename to ext/openssl3L/include/openssl/err.h diff --git a/ext/opensslL/include/openssl/ess.h b/ext/openssl3L/include/openssl/ess.h similarity index 100% rename from ext/opensslL/include/openssl/ess.h rename to ext/openssl3L/include/openssl/ess.h diff --git a/ext/opensslL/include/openssl/esserr.h b/ext/openssl3L/include/openssl/esserr.h similarity index 100% rename from ext/opensslL/include/openssl/esserr.h rename to ext/openssl3L/include/openssl/esserr.h diff --git a/ext/opensslL/include/openssl/evp.h b/ext/openssl3L/include/openssl/evp.h similarity index 100% rename from ext/opensslL/include/openssl/evp.h rename to ext/openssl3L/include/openssl/evp.h diff --git a/ext/opensslL/include/openssl/evperr.h b/ext/openssl3L/include/openssl/evperr.h similarity index 100% rename from ext/opensslL/include/openssl/evperr.h rename to ext/openssl3L/include/openssl/evperr.h diff --git a/ext/opensslL/include/openssl/fips_names.h b/ext/openssl3L/include/openssl/fips_names.h similarity index 100% rename from ext/opensslL/include/openssl/fips_names.h rename to ext/openssl3L/include/openssl/fips_names.h diff --git a/ext/opensslL/include/openssl/fipskey.h b/ext/openssl3L/include/openssl/fipskey.h similarity index 100% rename from ext/opensslL/include/openssl/fipskey.h rename to ext/openssl3L/include/openssl/fipskey.h diff --git a/ext/opensslL/include/openssl/hmac.h b/ext/openssl3L/include/openssl/hmac.h similarity index 100% rename from ext/opensslL/include/openssl/hmac.h rename to ext/openssl3L/include/openssl/hmac.h diff --git a/ext/opensslL/include/openssl/http.h b/ext/openssl3L/include/openssl/http.h similarity index 100% rename from ext/opensslL/include/openssl/http.h rename to ext/openssl3L/include/openssl/http.h diff --git a/ext/opensslL/include/openssl/httperr.h b/ext/openssl3L/include/openssl/httperr.h similarity index 100% rename from ext/opensslL/include/openssl/httperr.h rename to ext/openssl3L/include/openssl/httperr.h diff --git a/ext/opensslL/include/openssl/idea.h b/ext/openssl3L/include/openssl/idea.h similarity index 100% rename from ext/opensslL/include/openssl/idea.h rename to ext/openssl3L/include/openssl/idea.h diff --git a/ext/opensslL/include/openssl/kdf.h b/ext/openssl3L/include/openssl/kdf.h similarity index 100% rename from ext/opensslL/include/openssl/kdf.h rename to ext/openssl3L/include/openssl/kdf.h diff --git a/ext/opensslL/include/openssl/kdferr.h b/ext/openssl3L/include/openssl/kdferr.h similarity index 100% rename from ext/opensslL/include/openssl/kdferr.h rename to ext/openssl3L/include/openssl/kdferr.h diff --git a/ext/opensslL/include/openssl/lhash.h b/ext/openssl3L/include/openssl/lhash.h similarity index 100% rename from ext/opensslL/include/openssl/lhash.h rename to ext/openssl3L/include/openssl/lhash.h diff --git a/ext/opensslL/include/openssl/macros.h b/ext/openssl3L/include/openssl/macros.h similarity index 100% rename from ext/opensslL/include/openssl/macros.h rename to ext/openssl3L/include/openssl/macros.h diff --git a/ext/opensslL/include/openssl/md2.h b/ext/openssl3L/include/openssl/md2.h similarity index 100% rename from ext/opensslL/include/openssl/md2.h rename to ext/openssl3L/include/openssl/md2.h diff --git a/ext/opensslL/include/openssl/md4.h b/ext/openssl3L/include/openssl/md4.h similarity index 100% rename from ext/opensslL/include/openssl/md4.h rename to ext/openssl3L/include/openssl/md4.h diff --git a/ext/opensslL/include/openssl/md5.h b/ext/openssl3L/include/openssl/md5.h similarity index 100% rename from ext/opensslL/include/openssl/md5.h rename to ext/openssl3L/include/openssl/md5.h diff --git a/ext/opensslL/include/openssl/mdc2.h b/ext/openssl3L/include/openssl/mdc2.h similarity index 100% rename from ext/opensslL/include/openssl/mdc2.h rename to ext/openssl3L/include/openssl/mdc2.h diff --git a/ext/opensslL/include/openssl/modes.h b/ext/openssl3L/include/openssl/modes.h similarity index 100% rename from ext/opensslL/include/openssl/modes.h rename to ext/openssl3L/include/openssl/modes.h diff --git a/ext/opensslL/include/openssl/obj_mac.h b/ext/openssl3L/include/openssl/obj_mac.h similarity index 100% rename from ext/opensslL/include/openssl/obj_mac.h rename to ext/openssl3L/include/openssl/obj_mac.h diff --git a/ext/opensslL/include/openssl/objects.h b/ext/openssl3L/include/openssl/objects.h similarity index 100% rename from ext/opensslL/include/openssl/objects.h rename to ext/openssl3L/include/openssl/objects.h diff --git a/ext/opensslL/include/openssl/objectserr.h b/ext/openssl3L/include/openssl/objectserr.h similarity index 100% rename from ext/opensslL/include/openssl/objectserr.h rename to ext/openssl3L/include/openssl/objectserr.h diff --git a/ext/opensslL/include/openssl/ocsp.h b/ext/openssl3L/include/openssl/ocsp.h similarity index 100% rename from ext/opensslL/include/openssl/ocsp.h rename to ext/openssl3L/include/openssl/ocsp.h diff --git a/ext/opensslL/include/openssl/ocsperr.h b/ext/openssl3L/include/openssl/ocsperr.h similarity index 100% rename from ext/opensslL/include/openssl/ocsperr.h rename to ext/openssl3L/include/openssl/ocsperr.h diff --git a/ext/opensslL/include/openssl/opensslconf.h b/ext/openssl3L/include/openssl/opensslconf.h similarity index 100% rename from ext/opensslL/include/openssl/opensslconf.h rename to ext/openssl3L/include/openssl/opensslconf.h diff --git a/ext/opensslL/include/openssl/opensslv.h b/ext/openssl3L/include/openssl/opensslv.h similarity index 100% rename from ext/opensslL/include/openssl/opensslv.h rename to ext/openssl3L/include/openssl/opensslv.h diff --git a/ext/opensslL/include/openssl/ossl_typ.h b/ext/openssl3L/include/openssl/ossl_typ.h similarity index 100% rename from ext/opensslL/include/openssl/ossl_typ.h rename to ext/openssl3L/include/openssl/ossl_typ.h diff --git a/ext/opensslL/include/openssl/param_build.h b/ext/openssl3L/include/openssl/param_build.h similarity index 100% rename from ext/opensslL/include/openssl/param_build.h rename to ext/openssl3L/include/openssl/param_build.h diff --git a/ext/opensslL/include/openssl/params.h b/ext/openssl3L/include/openssl/params.h similarity index 100% rename from ext/opensslL/include/openssl/params.h rename to ext/openssl3L/include/openssl/params.h diff --git a/ext/opensslL/include/openssl/pem.h b/ext/openssl3L/include/openssl/pem.h similarity index 100% rename from ext/opensslL/include/openssl/pem.h rename to ext/openssl3L/include/openssl/pem.h diff --git a/ext/opensslL/include/openssl/pem2.h b/ext/openssl3L/include/openssl/pem2.h similarity index 100% rename from ext/opensslL/include/openssl/pem2.h rename to ext/openssl3L/include/openssl/pem2.h diff --git a/ext/opensslL/include/openssl/pemerr.h b/ext/openssl3L/include/openssl/pemerr.h similarity index 100% rename from ext/opensslL/include/openssl/pemerr.h rename to ext/openssl3L/include/openssl/pemerr.h diff --git a/ext/opensslL/include/openssl/pkcs12.h b/ext/openssl3L/include/openssl/pkcs12.h similarity index 100% rename from ext/opensslL/include/openssl/pkcs12.h rename to ext/openssl3L/include/openssl/pkcs12.h diff --git a/ext/opensslL/include/openssl/pkcs12err.h b/ext/openssl3L/include/openssl/pkcs12err.h similarity index 100% rename from ext/opensslL/include/openssl/pkcs12err.h rename to ext/openssl3L/include/openssl/pkcs12err.h diff --git a/ext/opensslL/include/openssl/pkcs7.h b/ext/openssl3L/include/openssl/pkcs7.h similarity index 100% rename from ext/opensslL/include/openssl/pkcs7.h rename to ext/openssl3L/include/openssl/pkcs7.h diff --git a/ext/opensslL/include/openssl/pkcs7err.h b/ext/openssl3L/include/openssl/pkcs7err.h similarity index 100% rename from ext/opensslL/include/openssl/pkcs7err.h rename to ext/openssl3L/include/openssl/pkcs7err.h diff --git a/ext/opensslL/include/openssl/prov_ssl.h b/ext/openssl3L/include/openssl/prov_ssl.h similarity index 100% rename from ext/opensslL/include/openssl/prov_ssl.h rename to ext/openssl3L/include/openssl/prov_ssl.h diff --git a/ext/opensslL/include/openssl/proverr.h b/ext/openssl3L/include/openssl/proverr.h similarity index 100% rename from ext/opensslL/include/openssl/proverr.h rename to ext/openssl3L/include/openssl/proverr.h diff --git a/ext/opensslL/include/openssl/provider.h b/ext/openssl3L/include/openssl/provider.h similarity index 100% rename from ext/opensslL/include/openssl/provider.h rename to ext/openssl3L/include/openssl/provider.h diff --git a/ext/opensslL/include/openssl/rand.h b/ext/openssl3L/include/openssl/rand.h similarity index 100% rename from ext/opensslL/include/openssl/rand.h rename to ext/openssl3L/include/openssl/rand.h diff --git a/ext/opensslL/include/openssl/randerr.h b/ext/openssl3L/include/openssl/randerr.h similarity index 100% rename from ext/opensslL/include/openssl/randerr.h rename to ext/openssl3L/include/openssl/randerr.h diff --git a/ext/opensslL/include/openssl/rc2.h b/ext/openssl3L/include/openssl/rc2.h similarity index 100% rename from ext/opensslL/include/openssl/rc2.h rename to ext/openssl3L/include/openssl/rc2.h diff --git a/ext/opensslL/include/openssl/rc4.h b/ext/openssl3L/include/openssl/rc4.h similarity index 100% rename from ext/opensslL/include/openssl/rc4.h rename to ext/openssl3L/include/openssl/rc4.h diff --git a/ext/opensslL/include/openssl/rc5.h b/ext/openssl3L/include/openssl/rc5.h similarity index 100% rename from ext/opensslL/include/openssl/rc5.h rename to ext/openssl3L/include/openssl/rc5.h diff --git a/ext/opensslL/include/openssl/ripemd.h b/ext/openssl3L/include/openssl/ripemd.h similarity index 100% rename from ext/opensslL/include/openssl/ripemd.h rename to ext/openssl3L/include/openssl/ripemd.h diff --git a/ext/opensslL/include/openssl/rsa.h b/ext/openssl3L/include/openssl/rsa.h similarity index 100% rename from ext/opensslL/include/openssl/rsa.h rename to ext/openssl3L/include/openssl/rsa.h diff --git a/ext/opensslL/include/openssl/rsaerr.h b/ext/openssl3L/include/openssl/rsaerr.h similarity index 100% rename from ext/opensslL/include/openssl/rsaerr.h rename to ext/openssl3L/include/openssl/rsaerr.h diff --git a/ext/opensslL/include/openssl/safestack.h b/ext/openssl3L/include/openssl/safestack.h similarity index 100% rename from ext/opensslL/include/openssl/safestack.h rename to ext/openssl3L/include/openssl/safestack.h diff --git a/ext/opensslL/include/openssl/seed.h b/ext/openssl3L/include/openssl/seed.h similarity index 100% rename from ext/opensslL/include/openssl/seed.h rename to ext/openssl3L/include/openssl/seed.h diff --git a/ext/opensslL/include/openssl/self_test.h b/ext/openssl3L/include/openssl/self_test.h similarity index 100% rename from ext/opensslL/include/openssl/self_test.h rename to ext/openssl3L/include/openssl/self_test.h diff --git a/ext/opensslL/include/openssl/sha.h b/ext/openssl3L/include/openssl/sha.h similarity index 100% rename from ext/opensslL/include/openssl/sha.h rename to ext/openssl3L/include/openssl/sha.h diff --git a/ext/opensslL/include/openssl/srp.h b/ext/openssl3L/include/openssl/srp.h similarity index 100% rename from ext/opensslL/include/openssl/srp.h rename to ext/openssl3L/include/openssl/srp.h diff --git a/ext/opensslL/include/openssl/srtp.h b/ext/openssl3L/include/openssl/srtp.h similarity index 100% rename from ext/opensslL/include/openssl/srtp.h rename to ext/openssl3L/include/openssl/srtp.h diff --git a/ext/opensslL/include/openssl/ssl.h b/ext/openssl3L/include/openssl/ssl.h similarity index 100% rename from ext/opensslL/include/openssl/ssl.h rename to ext/openssl3L/include/openssl/ssl.h diff --git a/ext/opensslL/include/openssl/ssl2.h b/ext/openssl3L/include/openssl/ssl2.h similarity index 100% rename from ext/opensslL/include/openssl/ssl2.h rename to ext/openssl3L/include/openssl/ssl2.h diff --git a/ext/opensslL/include/openssl/ssl3.h b/ext/openssl3L/include/openssl/ssl3.h similarity index 100% rename from ext/opensslL/include/openssl/ssl3.h rename to ext/openssl3L/include/openssl/ssl3.h diff --git a/ext/opensslL/include/openssl/sslerr.h b/ext/openssl3L/include/openssl/sslerr.h similarity index 100% rename from ext/opensslL/include/openssl/sslerr.h rename to ext/openssl3L/include/openssl/sslerr.h diff --git a/ext/opensslL/include/openssl/sslerr_legacy.h b/ext/openssl3L/include/openssl/sslerr_legacy.h similarity index 100% rename from ext/opensslL/include/openssl/sslerr_legacy.h rename to ext/openssl3L/include/openssl/sslerr_legacy.h diff --git a/ext/opensslL/include/openssl/stack.h b/ext/openssl3L/include/openssl/stack.h similarity index 100% rename from ext/opensslL/include/openssl/stack.h rename to ext/openssl3L/include/openssl/stack.h diff --git a/ext/opensslL/include/openssl/store.h b/ext/openssl3L/include/openssl/store.h similarity index 100% rename from ext/opensslL/include/openssl/store.h rename to ext/openssl3L/include/openssl/store.h diff --git a/ext/opensslL/include/openssl/storeerr.h b/ext/openssl3L/include/openssl/storeerr.h similarity index 100% rename from ext/opensslL/include/openssl/storeerr.h rename to ext/openssl3L/include/openssl/storeerr.h diff --git a/ext/opensslL/include/openssl/symhacks.h b/ext/openssl3L/include/openssl/symhacks.h similarity index 100% rename from ext/opensslL/include/openssl/symhacks.h rename to ext/openssl3L/include/openssl/symhacks.h diff --git a/ext/opensslL/include/openssl/tls1.h b/ext/openssl3L/include/openssl/tls1.h similarity index 100% rename from ext/opensslL/include/openssl/tls1.h rename to ext/openssl3L/include/openssl/tls1.h diff --git a/ext/opensslL/include/openssl/trace.h b/ext/openssl3L/include/openssl/trace.h similarity index 100% rename from ext/opensslL/include/openssl/trace.h rename to ext/openssl3L/include/openssl/trace.h diff --git a/ext/opensslL/include/openssl/ts.h b/ext/openssl3L/include/openssl/ts.h similarity index 100% rename from ext/opensslL/include/openssl/ts.h rename to ext/openssl3L/include/openssl/ts.h diff --git a/ext/opensslL/include/openssl/tserr.h b/ext/openssl3L/include/openssl/tserr.h similarity index 100% rename from ext/opensslL/include/openssl/tserr.h rename to ext/openssl3L/include/openssl/tserr.h diff --git a/ext/opensslL/include/openssl/txt_db.h b/ext/openssl3L/include/openssl/txt_db.h similarity index 100% rename from ext/opensslL/include/openssl/txt_db.h rename to ext/openssl3L/include/openssl/txt_db.h diff --git a/ext/opensslL/include/openssl/types.h b/ext/openssl3L/include/openssl/types.h similarity index 100% rename from ext/opensslL/include/openssl/types.h rename to ext/openssl3L/include/openssl/types.h diff --git a/ext/opensslL/include/openssl/ui.h b/ext/openssl3L/include/openssl/ui.h similarity index 100% rename from ext/opensslL/include/openssl/ui.h rename to ext/openssl3L/include/openssl/ui.h diff --git a/ext/opensslL/include/openssl/uierr.h b/ext/openssl3L/include/openssl/uierr.h similarity index 100% rename from ext/opensslL/include/openssl/uierr.h rename to ext/openssl3L/include/openssl/uierr.h diff --git a/ext/opensslL/include/openssl/whrlpool.h b/ext/openssl3L/include/openssl/whrlpool.h similarity index 100% rename from ext/opensslL/include/openssl/whrlpool.h rename to ext/openssl3L/include/openssl/whrlpool.h diff --git a/ext/opensslL/include/openssl/x509.h b/ext/openssl3L/include/openssl/x509.h similarity index 100% rename from ext/opensslL/include/openssl/x509.h rename to ext/openssl3L/include/openssl/x509.h diff --git a/ext/opensslL/include/openssl/x509_vfy.h b/ext/openssl3L/include/openssl/x509_vfy.h similarity index 100% rename from ext/opensslL/include/openssl/x509_vfy.h rename to ext/openssl3L/include/openssl/x509_vfy.h diff --git a/ext/opensslL/include/openssl/x509err.h b/ext/openssl3L/include/openssl/x509err.h similarity index 100% rename from ext/opensslL/include/openssl/x509err.h rename to ext/openssl3L/include/openssl/x509err.h diff --git a/ext/opensslL/include/openssl/x509v3.h b/ext/openssl3L/include/openssl/x509v3.h similarity index 100% rename from ext/opensslL/include/openssl/x509v3.h rename to ext/openssl3L/include/openssl/x509v3.h diff --git a/ext/opensslL/include/openssl/x509v3err.h b/ext/openssl3L/include/openssl/x509v3err.h similarity index 100% rename from ext/opensslL/include/openssl/x509v3err.h rename to ext/openssl3L/include/openssl/x509v3err.h diff --git a/ext/opensslL/lib/libcrypto.a b/ext/openssl3L/lib/libcrypto.a similarity index 100% rename from ext/opensslL/lib/libcrypto.a rename to ext/openssl3L/lib/libcrypto.a diff --git a/ext/opensslL/lib/libcrypto.so b/ext/openssl3L/lib/libcrypto.so similarity index 100% rename from ext/opensslL/lib/libcrypto.so rename to ext/openssl3L/lib/libcrypto.so diff --git a/ext/opensslL/lib/libcrypto.so.3 b/ext/openssl3L/lib/libcrypto.so.3 similarity index 100% rename from ext/opensslL/lib/libcrypto.so.3 rename to ext/openssl3L/lib/libcrypto.so.3 diff --git a/ext/opensslL/lib/libssl.a b/ext/openssl3L/lib/libssl.a similarity index 100% rename from ext/opensslL/lib/libssl.a rename to ext/openssl3L/lib/libssl.a diff --git a/ext/opensslL/lib/libssl.so b/ext/openssl3L/lib/libssl.so similarity index 100% rename from ext/opensslL/lib/libssl.so rename to ext/openssl3L/lib/libssl.so diff --git a/ext/opensslL/lib/libssl.so.3 b/ext/openssl3L/lib/libssl.so.3 similarity index 100% rename from ext/opensslL/lib/libssl.so.3 rename to ext/openssl3L/lib/libssl.so.3 diff --git a/ext/opensslL/lib/pkgconfig/libcrypto.pc b/ext/openssl3L/lib/pkgconfig/libcrypto.pc similarity index 100% rename from ext/opensslL/lib/pkgconfig/libcrypto.pc rename to ext/openssl3L/lib/pkgconfig/libcrypto.pc diff --git a/ext/opensslL/lib/pkgconfig/libssl.pc b/ext/openssl3L/lib/pkgconfig/libssl.pc similarity index 100% rename from ext/opensslL/lib/pkgconfig/libssl.pc rename to ext/openssl3L/lib/pkgconfig/libssl.pc diff --git a/ext/opensslL/lib/pkgconfig/openssl.pc b/ext/openssl3L/lib/pkgconfig/openssl.pc similarity index 100% rename from ext/opensslL/lib/pkgconfig/openssl.pc rename to ext/openssl3L/lib/pkgconfig/openssl.pc diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 38947f6..6efcc2d 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -1,4 +1,3 @@ - #include "AyonCppApi.h" #include #include "httplib.h" @@ -40,12 +39,10 @@ // TODO implement the better Crash handler backward::StackTrace st; - // ------------------------------------------------ // helper functions for getting the ca cert path // ------------------------------------------------ std::string parseOutput(std::string& output) { - // Parse the output to extract the directory path std::string::size_type start = output.find('"'); std::string::size_type end = output.find('"', start + 1); if (start != std::string::npos && end != std::string::npos) { @@ -79,23 +76,20 @@ std::string getOpenSSLDirByCLI() { while (fgets(buffer.data(), static_cast(buffer.size()), pipe.get()) != nullptr) { result += buffer.data(); } - return parseOutput(result); } - std::string getOpenSSLDir() { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0+ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L const char* sslVersion = OpenSSL_version(OPENSSL_DIR); std::string sslVersionStr(sslVersion); return parseOutput(sslVersionStr); -#else // OpenSSL 1.0.x +#else return parseOutput(SSLeay_version(SSLEAY_DIR)); #endif } // ------------------------------------------------ - AyonApi::AyonApi(const std::optional &logFilePos, const std::string &authKey, const std::string &serverUrl, @@ -109,62 +103,52 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_siteId(siteId) { PerfTimer("AyonApi::AyonApi"); - std::cout << "before logFilePos.has_value()" << std::endl; - // TODO remove - // logFilePos = "/home/ynput/dev/ayon-usd-resolver/logFile.json"; - - // ----------- Init m_Logger + // ----------- Resolve Log Path std::filesystem::path logPath; if (logFilePos.has_value()) { try { std::filesystem::path inPath(logFilePos.value()); - // std::cout << "Original path: " << inPath << std::endl; + std::cout << "Input log path: " << inPath << std::endl; - std::cout << "is_relative" << std::endl; if (inPath.is_relative()) { logPath = std::filesystem::weakly_canonical(inPath); } else { logPath = inPath; } - std::cout << "has_parent_path" << std::endl; if (!inPath.has_parent_path()) { - // if the input path is just a filename we will just throw it into tmp logPath = std::filesystem::temp_directory_path() / inPath; } - // std::cout << "replace_extension" << std::endl; - // we always want the data to be a json, so we just enforce it. - // logPath.replace_extension(".json"); - - std::cout << "std::filesystem::exists - " << logPath << std::endl; + // Validate / Create directories if (std::filesystem::exists(logPath)) { - std::cout << "std::filesystem::canonical" << std::endl; logPath = std::filesystem::canonical(logPath); } else { - std::cout << "std::filesystem::create_directories" << std::endl; - // Check if parent path exists before trying to create it to avoid empty path errors if (logPath.has_parent_path()) { std::filesystem::create_directories(logPath.parent_path()); } } } - catch (const std::filesystem::filesystem_error& e) { - std::cerr << "Filesystem error: " << e.what() << std::endl; - std::cerr << "Path 1: " << e.path1() << std::endl; - std::cerr << "Path 2: " << e.path2() << std::endl; - } catch (const std::exception& e) { - std::cerr << "General error processing path: " << e.what() << std::endl; + std::cerr << "[AyonApi] Path error: " << e.what() << std::endl; } } - std::cout << "before AyonLogger init - logPath: " << logPath << std::endl; - m_Log = std::make_shared(AyonLogger::getInstance(logPath.string())); - std::cout << "after AyonLogger init" << std::endl; + // ----------- Init m_Logger (Singleton Logic) + std::cout << "[AyonApi] Retrieving AyonLogger Singleton..." << std::endl; + + AyonLogger& loggerRef = AyonLogger::getInstance(); + + if (!logPath.empty()) { + loggerRef.initFileLogger(logPath.string()); + } + + m_Log = std::shared_ptr(&loggerRef, [](AyonLogger*){}); + + m_Log->registerLoggingKey("AyonApi"); m_Log->LogLevelInfo(); - // m_Log->LogLevelWarn(); m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); + m_AyonServer = std::make_unique(m_serverUrl); m_Log->info(m_Log->key("AyonApi"), "After creating httplib::Client - {}", m_serverUrl); @@ -175,7 +159,6 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_AyonServer->set_ca_cert_path(ayonSSLPath.c_str()); } else { m_Log->warn(m_Log->key("AyonApi"), "No AYON_SSL_CERT_PATH set, trying to get OpenSSL dir"); - try { setSSL(); } catch (const std::exception &e) { @@ -183,23 +166,17 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_AyonServer->set_ca_cert_path(nullptr); } } - m_AyonServer->enable_server_certificate_verification(true); } - m_Log->info(m_Log->key("AyonApi"), "Before"); + if (!m_AyonServer) { m_Log->error("m_AyonServer is null. serverUrl='{}'", m_serverUrl); throw std::runtime_error("AyonApi: HTTP client not initialized"); } - m_Log->info(m_Log->key("AyonApi"), "After m_AyonServer check"); - if (m_serverUrl.empty()) { - m_Log->warn("m_serverUrl empty"); - } - m_Log->info(m_Log->key("AyonApi"), "Before GET"); + httplib::Result res; try { res = m_AyonServer->Get("/api/info"); - m_Log->info(m_Log->key("AyonApi"), "After GET try"); } catch (const std::exception& e) { m_Log->error("Exception during GET /api/info: {}", e.what()); throw; @@ -210,7 +187,6 @@ AyonApi::AyonApi(const std::optional &logFilePos, } else { m_Log->info(m_Log->key("AyonApi"), "Ayon server info: {}", res->body); m_Log->info(m_Log->key("AyonApi"), "Status code: {}", res->status); - m_Log->info(m_Log->key("AyonApi"), "After"); m_headers = { {"X-Api-Key", m_authKey}, @@ -774,40 +750,35 @@ AyonApi::isSSL() const { void AyonApi::setSSL() { - // throw std::runtime_error("TEST!! should not be in the final build."); - - // 1. ENVIRONMENT VARIABLE CHECK const char* envCertFile = getenv("SSL_CERT_FILE"); if (envCertFile) { - m_Log->info("Using cert based on env variable (SSL_CERT_FILE)."); - m_AyonServer->set_ca_cert_path(envCertFile); - return; + if (std::filesystem::exists(envCertFile)) { + m_Log->info("Using cert based on env variable (SSL_CERT_FILE): {}", envCertFile); + m_AyonServer->set_ca_cert_path(envCertFile); + return; + } } - // 2. CLI CHECK (getOpenSSLDirByCLI) - // Note: If getOpenSSLDirByCLI() returns an empty path, the filesystem::exists() check will fail safely. std::filesystem::path opensslDirCLI(getOpenSSLDirByCLI()); opensslDirCLI /= "cert.pem"; std::string certFileCLI = opensslDirCLI.string(); if (std::filesystem::exists(certFileCLI)) { - m_Log->info("Using cert based on CLI var."); + m_Log->info("Using cert based on CLI var: {}", certFileCLI); m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); return; } - // 3. SSLEAY_DIR / OPENSSLDIR CHECK (getOpenSSLDir) std::filesystem::path opensslDirSSLEAY(getOpenSSLDir()); opensslDirSSLEAY /= "cert.pem"; std::string certFileSSLEAY = opensslDirSSLEAY.string(); if (std::filesystem::exists(certFileSSLEAY)) { - m_Log->info("Using cert based on SSLEAY_DIR."); + m_Log->info("Using cert based on SSLEAY_DIR: {}", certFileSSLEAY); m_AyonServer->set_ca_cert_path(certFileSSLEAY.c_str()); return; } - // 4. FALLBACK TO BUNDLED CERTIFICATE (VIA SHARED OBJECT PATH) m_Log->info("Failed to determine the OpenSSL directory or load system CAs. Falling back to bundled certificate path."); std::filesystem::path soPath; @@ -837,6 +808,5 @@ AyonApi::setSSL() { m_Log->error("Failed to determine the path of the loaded shared library (dladdr failed)."); } - // 5. FINAL FAILURE POINT throw std::runtime_error("Failed to set SSL certificate path. No valid certificate found."); } From bf69889bd6c7ce9d2452b6fd654da471c0d87dea Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Tue, 16 Dec 2025 14:43:41 +0100 Subject: [PATCH 067/106] Revert "better handling in constructor + logger changes" This reverts commit 17ae0de8cf627d302e01426d787c07a405a42738. --- .../include/openssl/aes.h | 0 .../include/openssl/asn1.h | 0 .../include/openssl/asn1_mac.h | 0 .../include/openssl/asn1err.h | 0 .../include/openssl/asn1t.h | 0 .../include/openssl/async.h | 0 .../include/openssl/asyncerr.h | 0 .../include/openssl/bio.h | 0 .../include/openssl/bioerr.h | 0 .../include/openssl/blowfish.h | 0 .../include/openssl/bn.h | 0 .../include/openssl/bnerr.h | 0 .../include/openssl/buffer.h | 0 .../include/openssl/buffererr.h | 0 .../include/openssl/camellia.h | 0 .../include/openssl/cast.h | 0 .../include/openssl/cmac.h | 0 .../include/openssl/cmp.h | 0 .../include/openssl/cmp_util.h | 0 .../include/openssl/cmperr.h | 0 .../include/openssl/cms.h | 0 .../include/openssl/cmserr.h | 0 .../include/openssl/comp.h | 0 .../include/openssl/comperr.h | 0 .../include/openssl/conf.h | 0 .../include/openssl/conf_api.h | 0 .../include/openssl/conferr.h | 0 .../include/openssl/configuration.h | 0 .../include/openssl/conftypes.h | 0 .../include/openssl/core.h | 0 .../include/openssl/core_dispatch.h | 0 .../include/openssl/core_names.h | 0 .../include/openssl/core_object.h | 0 .../include/openssl/crmf.h | 0 .../include/openssl/crmferr.h | 0 .../include/openssl/crypto.h | 0 .../include/openssl/cryptoerr.h | 0 .../include/openssl/cryptoerr_legacy.h | 0 .../include/openssl/ct.h | 0 .../include/openssl/cterr.h | 0 .../include/openssl/decoder.h | 0 .../include/openssl/decodererr.h | 0 .../include/openssl/des.h | 0 .../include/openssl/dh.h | 0 .../include/openssl/dherr.h | 0 .../include/openssl/dsa.h | 0 .../include/openssl/dsaerr.h | 0 .../include/openssl/dtls1.h | 0 .../include/openssl/e_os2.h | 0 .../include/openssl/ebcdic.h | 0 .../include/openssl/ec.h | 0 .../include/openssl/ecdh.h | 0 .../include/openssl/ecdsa.h | 0 .../include/openssl/ecerr.h | 0 .../include/openssl/encoder.h | 0 .../include/openssl/encodererr.h | 0 .../include/openssl/engine.h | 0 .../include/openssl/engineerr.h | 0 .../include/openssl/err.h | 0 .../include/openssl/ess.h | 0 .../include/openssl/esserr.h | 0 .../include/openssl/evp.h | 0 .../include/openssl/evperr.h | 0 .../include/openssl/fips_names.h | 0 .../include/openssl/fipskey.h | 0 .../include/openssl/hmac.h | 0 .../include/openssl/http.h | 0 .../include/openssl/httperr.h | 0 .../include/openssl/idea.h | 0 .../include/openssl/kdf.h | 0 .../include/openssl/kdferr.h | 0 .../include/openssl/lhash.h | 0 .../include/openssl/macros.h | 0 .../include/openssl/md2.h | 0 .../include/openssl/md4.h | 0 .../include/openssl/md5.h | 0 .../include/openssl/mdc2.h | 0 .../include/openssl/modes.h | 0 .../include/openssl/obj_mac.h | 0 .../include/openssl/objects.h | 0 .../include/openssl/objectserr.h | 0 .../include/openssl/ocsp.h | 0 .../include/openssl/ocsperr.h | 0 .../include/openssl/opensslconf.h | 0 .../include/openssl/opensslv.h | 0 .../include/openssl/ossl_typ.h | 0 .../include/openssl/param_build.h | 0 .../include/openssl/params.h | 0 .../include/openssl/pem.h | 0 .../include/openssl/pem2.h | 0 .../include/openssl/pemerr.h | 0 .../include/openssl/pkcs12.h | 0 .../include/openssl/pkcs12err.h | 0 .../include/openssl/pkcs7.h | 0 .../include/openssl/pkcs7err.h | 0 .../include/openssl/prov_ssl.h | 0 .../include/openssl/proverr.h | 0 .../include/openssl/provider.h | 0 .../include/openssl/rand.h | 0 .../include/openssl/randerr.h | 0 .../include/openssl/rc2.h | 0 .../include/openssl/rc4.h | 0 .../include/openssl/rc5.h | 0 .../include/openssl/ripemd.h | 0 .../include/openssl/rsa.h | 0 .../include/openssl/rsaerr.h | 0 .../include/openssl/safestack.h | 0 .../include/openssl/seed.h | 0 .../include/openssl/self_test.h | 0 .../include/openssl/sha.h | 0 .../include/openssl/srp.h | 0 .../include/openssl/srtp.h | 0 .../include/openssl/ssl.h | 0 .../include/openssl/ssl2.h | 0 .../include/openssl/ssl3.h | 0 .../include/openssl/sslerr.h | 0 .../include/openssl/sslerr_legacy.h | 0 .../include/openssl/stack.h | 0 .../include/openssl/store.h | 0 .../include/openssl/storeerr.h | 0 .../include/openssl/symhacks.h | 0 .../include/openssl/tls1.h | 0 .../include/openssl/trace.h | 0 .../include/openssl/ts.h | 0 .../include/openssl/tserr.h | 0 .../include/openssl/txt_db.h | 0 .../include/openssl/types.h | 0 .../include/openssl/ui.h | 0 .../include/openssl/uierr.h | 0 .../include/openssl/whrlpool.h | 0 .../include/openssl/x509.h | 0 .../include/openssl/x509_vfy.h | 0 .../include/openssl/x509err.h | 0 .../include/openssl/x509v3.h | 0 .../include/openssl/x509v3err.h | 0 ext/{openssl3L => opensslL}/lib/libcrypto.a | Bin ext/{openssl3L => opensslL}/lib/libcrypto.so | 0 .../lib/libcrypto.so.3 | Bin ext/{openssl3L => opensslL}/lib/libssl.a | Bin ext/{openssl3L => opensslL}/lib/libssl.so | 0 ext/{openssl3L => opensslL}/lib/libssl.so.3 | Bin .../lib/pkgconfig/libcrypto.pc | 0 .../lib/pkgconfig/libssl.pc | 0 .../lib/pkgconfig/openssl.pc | 0 src/AyonCppApi/AyonCppApi.cpp | 86 ++++++++++++------ 145 files changed, 58 insertions(+), 28 deletions(-) rename ext/{openssl3L => opensslL}/include/openssl/aes.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/asn1.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/asn1_mac.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/asn1err.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/asn1t.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/async.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/asyncerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/bio.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/bioerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/blowfish.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/bn.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/bnerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/buffer.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/buffererr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/camellia.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cast.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cmac.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cmp.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cmp_util.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cmperr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cms.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cmserr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/comp.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/comperr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/conf.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/conf_api.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/conferr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/configuration.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/conftypes.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/core.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/core_dispatch.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/core_names.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/core_object.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/crmf.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/crmferr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/crypto.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cryptoerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cryptoerr_legacy.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ct.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/cterr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/decoder.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/decodererr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/des.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/dh.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/dherr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/dsa.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/dsaerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/dtls1.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/e_os2.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ebcdic.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ec.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ecdh.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ecdsa.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ecerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/encoder.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/encodererr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/engine.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/engineerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/err.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ess.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/esserr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/evp.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/evperr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/fips_names.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/fipskey.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/hmac.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/http.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/httperr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/idea.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/kdf.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/kdferr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/lhash.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/macros.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/md2.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/md4.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/md5.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/mdc2.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/modes.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/obj_mac.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/objects.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/objectserr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ocsp.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ocsperr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/opensslconf.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/opensslv.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ossl_typ.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/param_build.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/params.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/pem.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/pem2.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/pemerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/pkcs12.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/pkcs12err.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/pkcs7.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/pkcs7err.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/prov_ssl.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/proverr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/provider.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/rand.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/randerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/rc2.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/rc4.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/rc5.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ripemd.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/rsa.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/rsaerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/safestack.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/seed.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/self_test.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/sha.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/srp.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/srtp.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ssl.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ssl2.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ssl3.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/sslerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/sslerr_legacy.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/stack.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/store.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/storeerr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/symhacks.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/tls1.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/trace.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ts.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/tserr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/txt_db.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/types.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/ui.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/uierr.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/whrlpool.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/x509.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/x509_vfy.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/x509err.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/x509v3.h (100%) rename ext/{openssl3L => opensslL}/include/openssl/x509v3err.h (100%) rename ext/{openssl3L => opensslL}/lib/libcrypto.a (100%) rename ext/{openssl3L => opensslL}/lib/libcrypto.so (100%) rename ext/{openssl3L => opensslL}/lib/libcrypto.so.3 (100%) rename ext/{openssl3L => opensslL}/lib/libssl.a (100%) rename ext/{openssl3L => opensslL}/lib/libssl.so (100%) rename ext/{openssl3L => opensslL}/lib/libssl.so.3 (100%) rename ext/{openssl3L => opensslL}/lib/pkgconfig/libcrypto.pc (100%) rename ext/{openssl3L => opensslL}/lib/pkgconfig/libssl.pc (100%) rename ext/{openssl3L => opensslL}/lib/pkgconfig/openssl.pc (100%) diff --git a/ext/openssl3L/include/openssl/aes.h b/ext/opensslL/include/openssl/aes.h similarity index 100% rename from ext/openssl3L/include/openssl/aes.h rename to ext/opensslL/include/openssl/aes.h diff --git a/ext/openssl3L/include/openssl/asn1.h b/ext/opensslL/include/openssl/asn1.h similarity index 100% rename from ext/openssl3L/include/openssl/asn1.h rename to ext/opensslL/include/openssl/asn1.h diff --git a/ext/openssl3L/include/openssl/asn1_mac.h b/ext/opensslL/include/openssl/asn1_mac.h similarity index 100% rename from ext/openssl3L/include/openssl/asn1_mac.h rename to ext/opensslL/include/openssl/asn1_mac.h diff --git a/ext/openssl3L/include/openssl/asn1err.h b/ext/opensslL/include/openssl/asn1err.h similarity index 100% rename from ext/openssl3L/include/openssl/asn1err.h rename to ext/opensslL/include/openssl/asn1err.h diff --git a/ext/openssl3L/include/openssl/asn1t.h b/ext/opensslL/include/openssl/asn1t.h similarity index 100% rename from ext/openssl3L/include/openssl/asn1t.h rename to ext/opensslL/include/openssl/asn1t.h diff --git a/ext/openssl3L/include/openssl/async.h b/ext/opensslL/include/openssl/async.h similarity index 100% rename from ext/openssl3L/include/openssl/async.h rename to ext/opensslL/include/openssl/async.h diff --git a/ext/openssl3L/include/openssl/asyncerr.h b/ext/opensslL/include/openssl/asyncerr.h similarity index 100% rename from ext/openssl3L/include/openssl/asyncerr.h rename to ext/opensslL/include/openssl/asyncerr.h diff --git a/ext/openssl3L/include/openssl/bio.h b/ext/opensslL/include/openssl/bio.h similarity index 100% rename from ext/openssl3L/include/openssl/bio.h rename to ext/opensslL/include/openssl/bio.h diff --git a/ext/openssl3L/include/openssl/bioerr.h b/ext/opensslL/include/openssl/bioerr.h similarity index 100% rename from ext/openssl3L/include/openssl/bioerr.h rename to ext/opensslL/include/openssl/bioerr.h diff --git a/ext/openssl3L/include/openssl/blowfish.h b/ext/opensslL/include/openssl/blowfish.h similarity index 100% rename from ext/openssl3L/include/openssl/blowfish.h rename to ext/opensslL/include/openssl/blowfish.h diff --git a/ext/openssl3L/include/openssl/bn.h b/ext/opensslL/include/openssl/bn.h similarity index 100% rename from ext/openssl3L/include/openssl/bn.h rename to ext/opensslL/include/openssl/bn.h diff --git a/ext/openssl3L/include/openssl/bnerr.h b/ext/opensslL/include/openssl/bnerr.h similarity index 100% rename from ext/openssl3L/include/openssl/bnerr.h rename to ext/opensslL/include/openssl/bnerr.h diff --git a/ext/openssl3L/include/openssl/buffer.h b/ext/opensslL/include/openssl/buffer.h similarity index 100% rename from ext/openssl3L/include/openssl/buffer.h rename to ext/opensslL/include/openssl/buffer.h diff --git a/ext/openssl3L/include/openssl/buffererr.h b/ext/opensslL/include/openssl/buffererr.h similarity index 100% rename from ext/openssl3L/include/openssl/buffererr.h rename to ext/opensslL/include/openssl/buffererr.h diff --git a/ext/openssl3L/include/openssl/camellia.h b/ext/opensslL/include/openssl/camellia.h similarity index 100% rename from ext/openssl3L/include/openssl/camellia.h rename to ext/opensslL/include/openssl/camellia.h diff --git a/ext/openssl3L/include/openssl/cast.h b/ext/opensslL/include/openssl/cast.h similarity index 100% rename from ext/openssl3L/include/openssl/cast.h rename to ext/opensslL/include/openssl/cast.h diff --git a/ext/openssl3L/include/openssl/cmac.h b/ext/opensslL/include/openssl/cmac.h similarity index 100% rename from ext/openssl3L/include/openssl/cmac.h rename to ext/opensslL/include/openssl/cmac.h diff --git a/ext/openssl3L/include/openssl/cmp.h b/ext/opensslL/include/openssl/cmp.h similarity index 100% rename from ext/openssl3L/include/openssl/cmp.h rename to ext/opensslL/include/openssl/cmp.h diff --git a/ext/openssl3L/include/openssl/cmp_util.h b/ext/opensslL/include/openssl/cmp_util.h similarity index 100% rename from ext/openssl3L/include/openssl/cmp_util.h rename to ext/opensslL/include/openssl/cmp_util.h diff --git a/ext/openssl3L/include/openssl/cmperr.h b/ext/opensslL/include/openssl/cmperr.h similarity index 100% rename from ext/openssl3L/include/openssl/cmperr.h rename to ext/opensslL/include/openssl/cmperr.h diff --git a/ext/openssl3L/include/openssl/cms.h b/ext/opensslL/include/openssl/cms.h similarity index 100% rename from ext/openssl3L/include/openssl/cms.h rename to ext/opensslL/include/openssl/cms.h diff --git a/ext/openssl3L/include/openssl/cmserr.h b/ext/opensslL/include/openssl/cmserr.h similarity index 100% rename from ext/openssl3L/include/openssl/cmserr.h rename to ext/opensslL/include/openssl/cmserr.h diff --git a/ext/openssl3L/include/openssl/comp.h b/ext/opensslL/include/openssl/comp.h similarity index 100% rename from ext/openssl3L/include/openssl/comp.h rename to ext/opensslL/include/openssl/comp.h diff --git a/ext/openssl3L/include/openssl/comperr.h b/ext/opensslL/include/openssl/comperr.h similarity index 100% rename from ext/openssl3L/include/openssl/comperr.h rename to ext/opensslL/include/openssl/comperr.h diff --git a/ext/openssl3L/include/openssl/conf.h b/ext/opensslL/include/openssl/conf.h similarity index 100% rename from ext/openssl3L/include/openssl/conf.h rename to ext/opensslL/include/openssl/conf.h diff --git a/ext/openssl3L/include/openssl/conf_api.h b/ext/opensslL/include/openssl/conf_api.h similarity index 100% rename from ext/openssl3L/include/openssl/conf_api.h rename to ext/opensslL/include/openssl/conf_api.h diff --git a/ext/openssl3L/include/openssl/conferr.h b/ext/opensslL/include/openssl/conferr.h similarity index 100% rename from ext/openssl3L/include/openssl/conferr.h rename to ext/opensslL/include/openssl/conferr.h diff --git a/ext/openssl3L/include/openssl/configuration.h b/ext/opensslL/include/openssl/configuration.h similarity index 100% rename from ext/openssl3L/include/openssl/configuration.h rename to ext/opensslL/include/openssl/configuration.h diff --git a/ext/openssl3L/include/openssl/conftypes.h b/ext/opensslL/include/openssl/conftypes.h similarity index 100% rename from ext/openssl3L/include/openssl/conftypes.h rename to ext/opensslL/include/openssl/conftypes.h diff --git a/ext/openssl3L/include/openssl/core.h b/ext/opensslL/include/openssl/core.h similarity index 100% rename from ext/openssl3L/include/openssl/core.h rename to ext/opensslL/include/openssl/core.h diff --git a/ext/openssl3L/include/openssl/core_dispatch.h b/ext/opensslL/include/openssl/core_dispatch.h similarity index 100% rename from ext/openssl3L/include/openssl/core_dispatch.h rename to ext/opensslL/include/openssl/core_dispatch.h diff --git a/ext/openssl3L/include/openssl/core_names.h b/ext/opensslL/include/openssl/core_names.h similarity index 100% rename from ext/openssl3L/include/openssl/core_names.h rename to ext/opensslL/include/openssl/core_names.h diff --git a/ext/openssl3L/include/openssl/core_object.h b/ext/opensslL/include/openssl/core_object.h similarity index 100% rename from ext/openssl3L/include/openssl/core_object.h rename to ext/opensslL/include/openssl/core_object.h diff --git a/ext/openssl3L/include/openssl/crmf.h b/ext/opensslL/include/openssl/crmf.h similarity index 100% rename from ext/openssl3L/include/openssl/crmf.h rename to ext/opensslL/include/openssl/crmf.h diff --git a/ext/openssl3L/include/openssl/crmferr.h b/ext/opensslL/include/openssl/crmferr.h similarity index 100% rename from ext/openssl3L/include/openssl/crmferr.h rename to ext/opensslL/include/openssl/crmferr.h diff --git a/ext/openssl3L/include/openssl/crypto.h b/ext/opensslL/include/openssl/crypto.h similarity index 100% rename from ext/openssl3L/include/openssl/crypto.h rename to ext/opensslL/include/openssl/crypto.h diff --git a/ext/openssl3L/include/openssl/cryptoerr.h b/ext/opensslL/include/openssl/cryptoerr.h similarity index 100% rename from ext/openssl3L/include/openssl/cryptoerr.h rename to ext/opensslL/include/openssl/cryptoerr.h diff --git a/ext/openssl3L/include/openssl/cryptoerr_legacy.h b/ext/opensslL/include/openssl/cryptoerr_legacy.h similarity index 100% rename from ext/openssl3L/include/openssl/cryptoerr_legacy.h rename to ext/opensslL/include/openssl/cryptoerr_legacy.h diff --git a/ext/openssl3L/include/openssl/ct.h b/ext/opensslL/include/openssl/ct.h similarity index 100% rename from ext/openssl3L/include/openssl/ct.h rename to ext/opensslL/include/openssl/ct.h diff --git a/ext/openssl3L/include/openssl/cterr.h b/ext/opensslL/include/openssl/cterr.h similarity index 100% rename from ext/openssl3L/include/openssl/cterr.h rename to ext/opensslL/include/openssl/cterr.h diff --git a/ext/openssl3L/include/openssl/decoder.h b/ext/opensslL/include/openssl/decoder.h similarity index 100% rename from ext/openssl3L/include/openssl/decoder.h rename to ext/opensslL/include/openssl/decoder.h diff --git a/ext/openssl3L/include/openssl/decodererr.h b/ext/opensslL/include/openssl/decodererr.h similarity index 100% rename from ext/openssl3L/include/openssl/decodererr.h rename to ext/opensslL/include/openssl/decodererr.h diff --git a/ext/openssl3L/include/openssl/des.h b/ext/opensslL/include/openssl/des.h similarity index 100% rename from ext/openssl3L/include/openssl/des.h rename to ext/opensslL/include/openssl/des.h diff --git a/ext/openssl3L/include/openssl/dh.h b/ext/opensslL/include/openssl/dh.h similarity index 100% rename from ext/openssl3L/include/openssl/dh.h rename to ext/opensslL/include/openssl/dh.h diff --git a/ext/openssl3L/include/openssl/dherr.h b/ext/opensslL/include/openssl/dherr.h similarity index 100% rename from ext/openssl3L/include/openssl/dherr.h rename to ext/opensslL/include/openssl/dherr.h diff --git a/ext/openssl3L/include/openssl/dsa.h b/ext/opensslL/include/openssl/dsa.h similarity index 100% rename from ext/openssl3L/include/openssl/dsa.h rename to ext/opensslL/include/openssl/dsa.h diff --git a/ext/openssl3L/include/openssl/dsaerr.h b/ext/opensslL/include/openssl/dsaerr.h similarity index 100% rename from ext/openssl3L/include/openssl/dsaerr.h rename to ext/opensslL/include/openssl/dsaerr.h diff --git a/ext/openssl3L/include/openssl/dtls1.h b/ext/opensslL/include/openssl/dtls1.h similarity index 100% rename from ext/openssl3L/include/openssl/dtls1.h rename to ext/opensslL/include/openssl/dtls1.h diff --git a/ext/openssl3L/include/openssl/e_os2.h b/ext/opensslL/include/openssl/e_os2.h similarity index 100% rename from ext/openssl3L/include/openssl/e_os2.h rename to ext/opensslL/include/openssl/e_os2.h diff --git a/ext/openssl3L/include/openssl/ebcdic.h b/ext/opensslL/include/openssl/ebcdic.h similarity index 100% rename from ext/openssl3L/include/openssl/ebcdic.h rename to ext/opensslL/include/openssl/ebcdic.h diff --git a/ext/openssl3L/include/openssl/ec.h b/ext/opensslL/include/openssl/ec.h similarity index 100% rename from ext/openssl3L/include/openssl/ec.h rename to ext/opensslL/include/openssl/ec.h diff --git a/ext/openssl3L/include/openssl/ecdh.h b/ext/opensslL/include/openssl/ecdh.h similarity index 100% rename from ext/openssl3L/include/openssl/ecdh.h rename to ext/opensslL/include/openssl/ecdh.h diff --git a/ext/openssl3L/include/openssl/ecdsa.h b/ext/opensslL/include/openssl/ecdsa.h similarity index 100% rename from ext/openssl3L/include/openssl/ecdsa.h rename to ext/opensslL/include/openssl/ecdsa.h diff --git a/ext/openssl3L/include/openssl/ecerr.h b/ext/opensslL/include/openssl/ecerr.h similarity index 100% rename from ext/openssl3L/include/openssl/ecerr.h rename to ext/opensslL/include/openssl/ecerr.h diff --git a/ext/openssl3L/include/openssl/encoder.h b/ext/opensslL/include/openssl/encoder.h similarity index 100% rename from ext/openssl3L/include/openssl/encoder.h rename to ext/opensslL/include/openssl/encoder.h diff --git a/ext/openssl3L/include/openssl/encodererr.h b/ext/opensslL/include/openssl/encodererr.h similarity index 100% rename from ext/openssl3L/include/openssl/encodererr.h rename to ext/opensslL/include/openssl/encodererr.h diff --git a/ext/openssl3L/include/openssl/engine.h b/ext/opensslL/include/openssl/engine.h similarity index 100% rename from ext/openssl3L/include/openssl/engine.h rename to ext/opensslL/include/openssl/engine.h diff --git a/ext/openssl3L/include/openssl/engineerr.h b/ext/opensslL/include/openssl/engineerr.h similarity index 100% rename from ext/openssl3L/include/openssl/engineerr.h rename to ext/opensslL/include/openssl/engineerr.h diff --git a/ext/openssl3L/include/openssl/err.h b/ext/opensslL/include/openssl/err.h similarity index 100% rename from ext/openssl3L/include/openssl/err.h rename to ext/opensslL/include/openssl/err.h diff --git a/ext/openssl3L/include/openssl/ess.h b/ext/opensslL/include/openssl/ess.h similarity index 100% rename from ext/openssl3L/include/openssl/ess.h rename to ext/opensslL/include/openssl/ess.h diff --git a/ext/openssl3L/include/openssl/esserr.h b/ext/opensslL/include/openssl/esserr.h similarity index 100% rename from ext/openssl3L/include/openssl/esserr.h rename to ext/opensslL/include/openssl/esserr.h diff --git a/ext/openssl3L/include/openssl/evp.h b/ext/opensslL/include/openssl/evp.h similarity index 100% rename from ext/openssl3L/include/openssl/evp.h rename to ext/opensslL/include/openssl/evp.h diff --git a/ext/openssl3L/include/openssl/evperr.h b/ext/opensslL/include/openssl/evperr.h similarity index 100% rename from ext/openssl3L/include/openssl/evperr.h rename to ext/opensslL/include/openssl/evperr.h diff --git a/ext/openssl3L/include/openssl/fips_names.h b/ext/opensslL/include/openssl/fips_names.h similarity index 100% rename from ext/openssl3L/include/openssl/fips_names.h rename to ext/opensslL/include/openssl/fips_names.h diff --git a/ext/openssl3L/include/openssl/fipskey.h b/ext/opensslL/include/openssl/fipskey.h similarity index 100% rename from ext/openssl3L/include/openssl/fipskey.h rename to ext/opensslL/include/openssl/fipskey.h diff --git a/ext/openssl3L/include/openssl/hmac.h b/ext/opensslL/include/openssl/hmac.h similarity index 100% rename from ext/openssl3L/include/openssl/hmac.h rename to ext/opensslL/include/openssl/hmac.h diff --git a/ext/openssl3L/include/openssl/http.h b/ext/opensslL/include/openssl/http.h similarity index 100% rename from ext/openssl3L/include/openssl/http.h rename to ext/opensslL/include/openssl/http.h diff --git a/ext/openssl3L/include/openssl/httperr.h b/ext/opensslL/include/openssl/httperr.h similarity index 100% rename from ext/openssl3L/include/openssl/httperr.h rename to ext/opensslL/include/openssl/httperr.h diff --git a/ext/openssl3L/include/openssl/idea.h b/ext/opensslL/include/openssl/idea.h similarity index 100% rename from ext/openssl3L/include/openssl/idea.h rename to ext/opensslL/include/openssl/idea.h diff --git a/ext/openssl3L/include/openssl/kdf.h b/ext/opensslL/include/openssl/kdf.h similarity index 100% rename from ext/openssl3L/include/openssl/kdf.h rename to ext/opensslL/include/openssl/kdf.h diff --git a/ext/openssl3L/include/openssl/kdferr.h b/ext/opensslL/include/openssl/kdferr.h similarity index 100% rename from ext/openssl3L/include/openssl/kdferr.h rename to ext/opensslL/include/openssl/kdferr.h diff --git a/ext/openssl3L/include/openssl/lhash.h b/ext/opensslL/include/openssl/lhash.h similarity index 100% rename from ext/openssl3L/include/openssl/lhash.h rename to ext/opensslL/include/openssl/lhash.h diff --git a/ext/openssl3L/include/openssl/macros.h b/ext/opensslL/include/openssl/macros.h similarity index 100% rename from ext/openssl3L/include/openssl/macros.h rename to ext/opensslL/include/openssl/macros.h diff --git a/ext/openssl3L/include/openssl/md2.h b/ext/opensslL/include/openssl/md2.h similarity index 100% rename from ext/openssl3L/include/openssl/md2.h rename to ext/opensslL/include/openssl/md2.h diff --git a/ext/openssl3L/include/openssl/md4.h b/ext/opensslL/include/openssl/md4.h similarity index 100% rename from ext/openssl3L/include/openssl/md4.h rename to ext/opensslL/include/openssl/md4.h diff --git a/ext/openssl3L/include/openssl/md5.h b/ext/opensslL/include/openssl/md5.h similarity index 100% rename from ext/openssl3L/include/openssl/md5.h rename to ext/opensslL/include/openssl/md5.h diff --git a/ext/openssl3L/include/openssl/mdc2.h b/ext/opensslL/include/openssl/mdc2.h similarity index 100% rename from ext/openssl3L/include/openssl/mdc2.h rename to ext/opensslL/include/openssl/mdc2.h diff --git a/ext/openssl3L/include/openssl/modes.h b/ext/opensslL/include/openssl/modes.h similarity index 100% rename from ext/openssl3L/include/openssl/modes.h rename to ext/opensslL/include/openssl/modes.h diff --git a/ext/openssl3L/include/openssl/obj_mac.h b/ext/opensslL/include/openssl/obj_mac.h similarity index 100% rename from ext/openssl3L/include/openssl/obj_mac.h rename to ext/opensslL/include/openssl/obj_mac.h diff --git a/ext/openssl3L/include/openssl/objects.h b/ext/opensslL/include/openssl/objects.h similarity index 100% rename from ext/openssl3L/include/openssl/objects.h rename to ext/opensslL/include/openssl/objects.h diff --git a/ext/openssl3L/include/openssl/objectserr.h b/ext/opensslL/include/openssl/objectserr.h similarity index 100% rename from ext/openssl3L/include/openssl/objectserr.h rename to ext/opensslL/include/openssl/objectserr.h diff --git a/ext/openssl3L/include/openssl/ocsp.h b/ext/opensslL/include/openssl/ocsp.h similarity index 100% rename from ext/openssl3L/include/openssl/ocsp.h rename to ext/opensslL/include/openssl/ocsp.h diff --git a/ext/openssl3L/include/openssl/ocsperr.h b/ext/opensslL/include/openssl/ocsperr.h similarity index 100% rename from ext/openssl3L/include/openssl/ocsperr.h rename to ext/opensslL/include/openssl/ocsperr.h diff --git a/ext/openssl3L/include/openssl/opensslconf.h b/ext/opensslL/include/openssl/opensslconf.h similarity index 100% rename from ext/openssl3L/include/openssl/opensslconf.h rename to ext/opensslL/include/openssl/opensslconf.h diff --git a/ext/openssl3L/include/openssl/opensslv.h b/ext/opensslL/include/openssl/opensslv.h similarity index 100% rename from ext/openssl3L/include/openssl/opensslv.h rename to ext/opensslL/include/openssl/opensslv.h diff --git a/ext/openssl3L/include/openssl/ossl_typ.h b/ext/opensslL/include/openssl/ossl_typ.h similarity index 100% rename from ext/openssl3L/include/openssl/ossl_typ.h rename to ext/opensslL/include/openssl/ossl_typ.h diff --git a/ext/openssl3L/include/openssl/param_build.h b/ext/opensslL/include/openssl/param_build.h similarity index 100% rename from ext/openssl3L/include/openssl/param_build.h rename to ext/opensslL/include/openssl/param_build.h diff --git a/ext/openssl3L/include/openssl/params.h b/ext/opensslL/include/openssl/params.h similarity index 100% rename from ext/openssl3L/include/openssl/params.h rename to ext/opensslL/include/openssl/params.h diff --git a/ext/openssl3L/include/openssl/pem.h b/ext/opensslL/include/openssl/pem.h similarity index 100% rename from ext/openssl3L/include/openssl/pem.h rename to ext/opensslL/include/openssl/pem.h diff --git a/ext/openssl3L/include/openssl/pem2.h b/ext/opensslL/include/openssl/pem2.h similarity index 100% rename from ext/openssl3L/include/openssl/pem2.h rename to ext/opensslL/include/openssl/pem2.h diff --git a/ext/openssl3L/include/openssl/pemerr.h b/ext/opensslL/include/openssl/pemerr.h similarity index 100% rename from ext/openssl3L/include/openssl/pemerr.h rename to ext/opensslL/include/openssl/pemerr.h diff --git a/ext/openssl3L/include/openssl/pkcs12.h b/ext/opensslL/include/openssl/pkcs12.h similarity index 100% rename from ext/openssl3L/include/openssl/pkcs12.h rename to ext/opensslL/include/openssl/pkcs12.h diff --git a/ext/openssl3L/include/openssl/pkcs12err.h b/ext/opensslL/include/openssl/pkcs12err.h similarity index 100% rename from ext/openssl3L/include/openssl/pkcs12err.h rename to ext/opensslL/include/openssl/pkcs12err.h diff --git a/ext/openssl3L/include/openssl/pkcs7.h b/ext/opensslL/include/openssl/pkcs7.h similarity index 100% rename from ext/openssl3L/include/openssl/pkcs7.h rename to ext/opensslL/include/openssl/pkcs7.h diff --git a/ext/openssl3L/include/openssl/pkcs7err.h b/ext/opensslL/include/openssl/pkcs7err.h similarity index 100% rename from ext/openssl3L/include/openssl/pkcs7err.h rename to ext/opensslL/include/openssl/pkcs7err.h diff --git a/ext/openssl3L/include/openssl/prov_ssl.h b/ext/opensslL/include/openssl/prov_ssl.h similarity index 100% rename from ext/openssl3L/include/openssl/prov_ssl.h rename to ext/opensslL/include/openssl/prov_ssl.h diff --git a/ext/openssl3L/include/openssl/proverr.h b/ext/opensslL/include/openssl/proverr.h similarity index 100% rename from ext/openssl3L/include/openssl/proverr.h rename to ext/opensslL/include/openssl/proverr.h diff --git a/ext/openssl3L/include/openssl/provider.h b/ext/opensslL/include/openssl/provider.h similarity index 100% rename from ext/openssl3L/include/openssl/provider.h rename to ext/opensslL/include/openssl/provider.h diff --git a/ext/openssl3L/include/openssl/rand.h b/ext/opensslL/include/openssl/rand.h similarity index 100% rename from ext/openssl3L/include/openssl/rand.h rename to ext/opensslL/include/openssl/rand.h diff --git a/ext/openssl3L/include/openssl/randerr.h b/ext/opensslL/include/openssl/randerr.h similarity index 100% rename from ext/openssl3L/include/openssl/randerr.h rename to ext/opensslL/include/openssl/randerr.h diff --git a/ext/openssl3L/include/openssl/rc2.h b/ext/opensslL/include/openssl/rc2.h similarity index 100% rename from ext/openssl3L/include/openssl/rc2.h rename to ext/opensslL/include/openssl/rc2.h diff --git a/ext/openssl3L/include/openssl/rc4.h b/ext/opensslL/include/openssl/rc4.h similarity index 100% rename from ext/openssl3L/include/openssl/rc4.h rename to ext/opensslL/include/openssl/rc4.h diff --git a/ext/openssl3L/include/openssl/rc5.h b/ext/opensslL/include/openssl/rc5.h similarity index 100% rename from ext/openssl3L/include/openssl/rc5.h rename to ext/opensslL/include/openssl/rc5.h diff --git a/ext/openssl3L/include/openssl/ripemd.h b/ext/opensslL/include/openssl/ripemd.h similarity index 100% rename from ext/openssl3L/include/openssl/ripemd.h rename to ext/opensslL/include/openssl/ripemd.h diff --git a/ext/openssl3L/include/openssl/rsa.h b/ext/opensslL/include/openssl/rsa.h similarity index 100% rename from ext/openssl3L/include/openssl/rsa.h rename to ext/opensslL/include/openssl/rsa.h diff --git a/ext/openssl3L/include/openssl/rsaerr.h b/ext/opensslL/include/openssl/rsaerr.h similarity index 100% rename from ext/openssl3L/include/openssl/rsaerr.h rename to ext/opensslL/include/openssl/rsaerr.h diff --git a/ext/openssl3L/include/openssl/safestack.h b/ext/opensslL/include/openssl/safestack.h similarity index 100% rename from ext/openssl3L/include/openssl/safestack.h rename to ext/opensslL/include/openssl/safestack.h diff --git a/ext/openssl3L/include/openssl/seed.h b/ext/opensslL/include/openssl/seed.h similarity index 100% rename from ext/openssl3L/include/openssl/seed.h rename to ext/opensslL/include/openssl/seed.h diff --git a/ext/openssl3L/include/openssl/self_test.h b/ext/opensslL/include/openssl/self_test.h similarity index 100% rename from ext/openssl3L/include/openssl/self_test.h rename to ext/opensslL/include/openssl/self_test.h diff --git a/ext/openssl3L/include/openssl/sha.h b/ext/opensslL/include/openssl/sha.h similarity index 100% rename from ext/openssl3L/include/openssl/sha.h rename to ext/opensslL/include/openssl/sha.h diff --git a/ext/openssl3L/include/openssl/srp.h b/ext/opensslL/include/openssl/srp.h similarity index 100% rename from ext/openssl3L/include/openssl/srp.h rename to ext/opensslL/include/openssl/srp.h diff --git a/ext/openssl3L/include/openssl/srtp.h b/ext/opensslL/include/openssl/srtp.h similarity index 100% rename from ext/openssl3L/include/openssl/srtp.h rename to ext/opensslL/include/openssl/srtp.h diff --git a/ext/openssl3L/include/openssl/ssl.h b/ext/opensslL/include/openssl/ssl.h similarity index 100% rename from ext/openssl3L/include/openssl/ssl.h rename to ext/opensslL/include/openssl/ssl.h diff --git a/ext/openssl3L/include/openssl/ssl2.h b/ext/opensslL/include/openssl/ssl2.h similarity index 100% rename from ext/openssl3L/include/openssl/ssl2.h rename to ext/opensslL/include/openssl/ssl2.h diff --git a/ext/openssl3L/include/openssl/ssl3.h b/ext/opensslL/include/openssl/ssl3.h similarity index 100% rename from ext/openssl3L/include/openssl/ssl3.h rename to ext/opensslL/include/openssl/ssl3.h diff --git a/ext/openssl3L/include/openssl/sslerr.h b/ext/opensslL/include/openssl/sslerr.h similarity index 100% rename from ext/openssl3L/include/openssl/sslerr.h rename to ext/opensslL/include/openssl/sslerr.h diff --git a/ext/openssl3L/include/openssl/sslerr_legacy.h b/ext/opensslL/include/openssl/sslerr_legacy.h similarity index 100% rename from ext/openssl3L/include/openssl/sslerr_legacy.h rename to ext/opensslL/include/openssl/sslerr_legacy.h diff --git a/ext/openssl3L/include/openssl/stack.h b/ext/opensslL/include/openssl/stack.h similarity index 100% rename from ext/openssl3L/include/openssl/stack.h rename to ext/opensslL/include/openssl/stack.h diff --git a/ext/openssl3L/include/openssl/store.h b/ext/opensslL/include/openssl/store.h similarity index 100% rename from ext/openssl3L/include/openssl/store.h rename to ext/opensslL/include/openssl/store.h diff --git a/ext/openssl3L/include/openssl/storeerr.h b/ext/opensslL/include/openssl/storeerr.h similarity index 100% rename from ext/openssl3L/include/openssl/storeerr.h rename to ext/opensslL/include/openssl/storeerr.h diff --git a/ext/openssl3L/include/openssl/symhacks.h b/ext/opensslL/include/openssl/symhacks.h similarity index 100% rename from ext/openssl3L/include/openssl/symhacks.h rename to ext/opensslL/include/openssl/symhacks.h diff --git a/ext/openssl3L/include/openssl/tls1.h b/ext/opensslL/include/openssl/tls1.h similarity index 100% rename from ext/openssl3L/include/openssl/tls1.h rename to ext/opensslL/include/openssl/tls1.h diff --git a/ext/openssl3L/include/openssl/trace.h b/ext/opensslL/include/openssl/trace.h similarity index 100% rename from ext/openssl3L/include/openssl/trace.h rename to ext/opensslL/include/openssl/trace.h diff --git a/ext/openssl3L/include/openssl/ts.h b/ext/opensslL/include/openssl/ts.h similarity index 100% rename from ext/openssl3L/include/openssl/ts.h rename to ext/opensslL/include/openssl/ts.h diff --git a/ext/openssl3L/include/openssl/tserr.h b/ext/opensslL/include/openssl/tserr.h similarity index 100% rename from ext/openssl3L/include/openssl/tserr.h rename to ext/opensslL/include/openssl/tserr.h diff --git a/ext/openssl3L/include/openssl/txt_db.h b/ext/opensslL/include/openssl/txt_db.h similarity index 100% rename from ext/openssl3L/include/openssl/txt_db.h rename to ext/opensslL/include/openssl/txt_db.h diff --git a/ext/openssl3L/include/openssl/types.h b/ext/opensslL/include/openssl/types.h similarity index 100% rename from ext/openssl3L/include/openssl/types.h rename to ext/opensslL/include/openssl/types.h diff --git a/ext/openssl3L/include/openssl/ui.h b/ext/opensslL/include/openssl/ui.h similarity index 100% rename from ext/openssl3L/include/openssl/ui.h rename to ext/opensslL/include/openssl/ui.h diff --git a/ext/openssl3L/include/openssl/uierr.h b/ext/opensslL/include/openssl/uierr.h similarity index 100% rename from ext/openssl3L/include/openssl/uierr.h rename to ext/opensslL/include/openssl/uierr.h diff --git a/ext/openssl3L/include/openssl/whrlpool.h b/ext/opensslL/include/openssl/whrlpool.h similarity index 100% rename from ext/openssl3L/include/openssl/whrlpool.h rename to ext/opensslL/include/openssl/whrlpool.h diff --git a/ext/openssl3L/include/openssl/x509.h b/ext/opensslL/include/openssl/x509.h similarity index 100% rename from ext/openssl3L/include/openssl/x509.h rename to ext/opensslL/include/openssl/x509.h diff --git a/ext/openssl3L/include/openssl/x509_vfy.h b/ext/opensslL/include/openssl/x509_vfy.h similarity index 100% rename from ext/openssl3L/include/openssl/x509_vfy.h rename to ext/opensslL/include/openssl/x509_vfy.h diff --git a/ext/openssl3L/include/openssl/x509err.h b/ext/opensslL/include/openssl/x509err.h similarity index 100% rename from ext/openssl3L/include/openssl/x509err.h rename to ext/opensslL/include/openssl/x509err.h diff --git a/ext/openssl3L/include/openssl/x509v3.h b/ext/opensslL/include/openssl/x509v3.h similarity index 100% rename from ext/openssl3L/include/openssl/x509v3.h rename to ext/opensslL/include/openssl/x509v3.h diff --git a/ext/openssl3L/include/openssl/x509v3err.h b/ext/opensslL/include/openssl/x509v3err.h similarity index 100% rename from ext/openssl3L/include/openssl/x509v3err.h rename to ext/opensslL/include/openssl/x509v3err.h diff --git a/ext/openssl3L/lib/libcrypto.a b/ext/opensslL/lib/libcrypto.a similarity index 100% rename from ext/openssl3L/lib/libcrypto.a rename to ext/opensslL/lib/libcrypto.a diff --git a/ext/openssl3L/lib/libcrypto.so b/ext/opensslL/lib/libcrypto.so similarity index 100% rename from ext/openssl3L/lib/libcrypto.so rename to ext/opensslL/lib/libcrypto.so diff --git a/ext/openssl3L/lib/libcrypto.so.3 b/ext/opensslL/lib/libcrypto.so.3 similarity index 100% rename from ext/openssl3L/lib/libcrypto.so.3 rename to ext/opensslL/lib/libcrypto.so.3 diff --git a/ext/openssl3L/lib/libssl.a b/ext/opensslL/lib/libssl.a similarity index 100% rename from ext/openssl3L/lib/libssl.a rename to ext/opensslL/lib/libssl.a diff --git a/ext/openssl3L/lib/libssl.so b/ext/opensslL/lib/libssl.so similarity index 100% rename from ext/openssl3L/lib/libssl.so rename to ext/opensslL/lib/libssl.so diff --git a/ext/openssl3L/lib/libssl.so.3 b/ext/opensslL/lib/libssl.so.3 similarity index 100% rename from ext/openssl3L/lib/libssl.so.3 rename to ext/opensslL/lib/libssl.so.3 diff --git a/ext/openssl3L/lib/pkgconfig/libcrypto.pc b/ext/opensslL/lib/pkgconfig/libcrypto.pc similarity index 100% rename from ext/openssl3L/lib/pkgconfig/libcrypto.pc rename to ext/opensslL/lib/pkgconfig/libcrypto.pc diff --git a/ext/openssl3L/lib/pkgconfig/libssl.pc b/ext/opensslL/lib/pkgconfig/libssl.pc similarity index 100% rename from ext/openssl3L/lib/pkgconfig/libssl.pc rename to ext/opensslL/lib/pkgconfig/libssl.pc diff --git a/ext/openssl3L/lib/pkgconfig/openssl.pc b/ext/opensslL/lib/pkgconfig/openssl.pc similarity index 100% rename from ext/openssl3L/lib/pkgconfig/openssl.pc rename to ext/opensslL/lib/pkgconfig/openssl.pc diff --git a/src/AyonCppApi/AyonCppApi.cpp b/src/AyonCppApi/AyonCppApi.cpp index 6efcc2d..38947f6 100644 --- a/src/AyonCppApi/AyonCppApi.cpp +++ b/src/AyonCppApi/AyonCppApi.cpp @@ -1,3 +1,4 @@ + #include "AyonCppApi.h" #include #include "httplib.h" @@ -39,10 +40,12 @@ // TODO implement the better Crash handler backward::StackTrace st; + // ------------------------------------------------ // helper functions for getting the ca cert path // ------------------------------------------------ std::string parseOutput(std::string& output) { + // Parse the output to extract the directory path std::string::size_type start = output.find('"'); std::string::size_type end = output.find('"', start + 1); if (start != std::string::npos && end != std::string::npos) { @@ -76,20 +79,23 @@ std::string getOpenSSLDirByCLI() { while (fgets(buffer.data(), static_cast(buffer.size()), pipe.get()) != nullptr) { result += buffer.data(); } + return parseOutput(result); } + std::string getOpenSSLDir() { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.0+ const char* sslVersion = OpenSSL_version(OPENSSL_DIR); std::string sslVersionStr(sslVersion); return parseOutput(sslVersionStr); -#else +#else // OpenSSL 1.0.x return parseOutput(SSLeay_version(SSLEAY_DIR)); #endif } // ------------------------------------------------ + AyonApi::AyonApi(const std::optional &logFilePos, const std::string &authKey, const std::string &serverUrl, @@ -103,52 +109,62 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_siteId(siteId) { PerfTimer("AyonApi::AyonApi"); - // ----------- Resolve Log Path + std::cout << "before logFilePos.has_value()" << std::endl; + // TODO remove + // logFilePos = "/home/ynput/dev/ayon-usd-resolver/logFile.json"; + + // ----------- Init m_Logger std::filesystem::path logPath; if (logFilePos.has_value()) { try { std::filesystem::path inPath(logFilePos.value()); - std::cout << "Input log path: " << inPath << std::endl; + // std::cout << "Original path: " << inPath << std::endl; + std::cout << "is_relative" << std::endl; if (inPath.is_relative()) { logPath = std::filesystem::weakly_canonical(inPath); } else { logPath = inPath; } + std::cout << "has_parent_path" << std::endl; if (!inPath.has_parent_path()) { + // if the input path is just a filename we will just throw it into tmp logPath = std::filesystem::temp_directory_path() / inPath; } - // Validate / Create directories + // std::cout << "replace_extension" << std::endl; + // we always want the data to be a json, so we just enforce it. + // logPath.replace_extension(".json"); + + std::cout << "std::filesystem::exists - " << logPath << std::endl; if (std::filesystem::exists(logPath)) { + std::cout << "std::filesystem::canonical" << std::endl; logPath = std::filesystem::canonical(logPath); } else { + std::cout << "std::filesystem::create_directories" << std::endl; + // Check if parent path exists before trying to create it to avoid empty path errors if (logPath.has_parent_path()) { std::filesystem::create_directories(logPath.parent_path()); } } } + catch (const std::filesystem::filesystem_error& e) { + std::cerr << "Filesystem error: " << e.what() << std::endl; + std::cerr << "Path 1: " << e.path1() << std::endl; + std::cerr << "Path 2: " << e.path2() << std::endl; + } catch (const std::exception& e) { - std::cerr << "[AyonApi] Path error: " << e.what() << std::endl; + std::cerr << "General error processing path: " << e.what() << std::endl; } } - // ----------- Init m_Logger (Singleton Logic) - std::cout << "[AyonApi] Retrieving AyonLogger Singleton..." << std::endl; - - AyonLogger& loggerRef = AyonLogger::getInstance(); - - if (!logPath.empty()) { - loggerRef.initFileLogger(logPath.string()); - } - - m_Log = std::shared_ptr(&loggerRef, [](AyonLogger*){}); - - m_Log->registerLoggingKey("AyonApi"); + std::cout << "before AyonLogger init - logPath: " << logPath << std::endl; + m_Log = std::make_shared(AyonLogger::getInstance(logPath.string())); + std::cout << "after AyonLogger init" << std::endl; m_Log->LogLevelInfo(); + // m_Log->LogLevelWarn(); m_Log->info(m_Log->key("AyonApi"), "Init AyonServer httplib::Client"); - m_AyonServer = std::make_unique(m_serverUrl); m_Log->info(m_Log->key("AyonApi"), "After creating httplib::Client - {}", m_serverUrl); @@ -159,6 +175,7 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_AyonServer->set_ca_cert_path(ayonSSLPath.c_str()); } else { m_Log->warn(m_Log->key("AyonApi"), "No AYON_SSL_CERT_PATH set, trying to get OpenSSL dir"); + try { setSSL(); } catch (const std::exception &e) { @@ -166,17 +183,23 @@ AyonApi::AyonApi(const std::optional &logFilePos, m_AyonServer->set_ca_cert_path(nullptr); } } + m_AyonServer->enable_server_certificate_verification(true); } - + m_Log->info(m_Log->key("AyonApi"), "Before"); if (!m_AyonServer) { m_Log->error("m_AyonServer is null. serverUrl='{}'", m_serverUrl); throw std::runtime_error("AyonApi: HTTP client not initialized"); } - + m_Log->info(m_Log->key("AyonApi"), "After m_AyonServer check"); + if (m_serverUrl.empty()) { + m_Log->warn("m_serverUrl empty"); + } + m_Log->info(m_Log->key("AyonApi"), "Before GET"); httplib::Result res; try { res = m_AyonServer->Get("/api/info"); + m_Log->info(m_Log->key("AyonApi"), "After GET try"); } catch (const std::exception& e) { m_Log->error("Exception during GET /api/info: {}", e.what()); throw; @@ -187,6 +210,7 @@ AyonApi::AyonApi(const std::optional &logFilePos, } else { m_Log->info(m_Log->key("AyonApi"), "Ayon server info: {}", res->body); m_Log->info(m_Log->key("AyonApi"), "Status code: {}", res->status); + m_Log->info(m_Log->key("AyonApi"), "After"); m_headers = { {"X-Api-Key", m_authKey}, @@ -750,35 +774,40 @@ AyonApi::isSSL() const { void AyonApi::setSSL() { + // throw std::runtime_error("TEST!! should not be in the final build."); + + // 1. ENVIRONMENT VARIABLE CHECK const char* envCertFile = getenv("SSL_CERT_FILE"); if (envCertFile) { - if (std::filesystem::exists(envCertFile)) { - m_Log->info("Using cert based on env variable (SSL_CERT_FILE): {}", envCertFile); - m_AyonServer->set_ca_cert_path(envCertFile); - return; - } + m_Log->info("Using cert based on env variable (SSL_CERT_FILE)."); + m_AyonServer->set_ca_cert_path(envCertFile); + return; } + // 2. CLI CHECK (getOpenSSLDirByCLI) + // Note: If getOpenSSLDirByCLI() returns an empty path, the filesystem::exists() check will fail safely. std::filesystem::path opensslDirCLI(getOpenSSLDirByCLI()); opensslDirCLI /= "cert.pem"; std::string certFileCLI = opensslDirCLI.string(); if (std::filesystem::exists(certFileCLI)) { - m_Log->info("Using cert based on CLI var: {}", certFileCLI); + m_Log->info("Using cert based on CLI var."); m_AyonServer->set_ca_cert_path(certFileCLI.c_str()); return; } + // 3. SSLEAY_DIR / OPENSSLDIR CHECK (getOpenSSLDir) std::filesystem::path opensslDirSSLEAY(getOpenSSLDir()); opensslDirSSLEAY /= "cert.pem"; std::string certFileSSLEAY = opensslDirSSLEAY.string(); if (std::filesystem::exists(certFileSSLEAY)) { - m_Log->info("Using cert based on SSLEAY_DIR: {}", certFileSSLEAY); + m_Log->info("Using cert based on SSLEAY_DIR."); m_AyonServer->set_ca_cert_path(certFileSSLEAY.c_str()); return; } + // 4. FALLBACK TO BUNDLED CERTIFICATE (VIA SHARED OBJECT PATH) m_Log->info("Failed to determine the OpenSSL directory or load system CAs. Falling back to bundled certificate path."); std::filesystem::path soPath; @@ -808,5 +837,6 @@ AyonApi::setSSL() { m_Log->error("Failed to determine the path of the loaded shared library (dladdr failed)."); } + // 5. FINAL FAILURE POINT throw std::runtime_error("Failed to set SSL certificate path. No valid certificate found."); } From fec1c3c24511ee4086a8261ce68a8110899bc46d Mon Sep 17 00:00:00 2001 From: Tadeas Hejnic Date: Tue, 16 Dec 2025 15:13:11 +0100 Subject: [PATCH 068/106] openssl v1 --- .../include/crypto/__DECC_INCLUDE_EPILOGUE.H | 16 + .../include/crypto/__DECC_INCLUDE_PROLOGUE.H | 20 + ext/openssl1L/include/crypto/aria.h | 50 + ext/openssl1L/include/crypto/asn1.h | 113 + ext/openssl1L/include/crypto/async.h | 15 + ext/openssl1L/include/crypto/bn.h | 90 + ext/openssl1L/include/crypto/bn_conf.h | 28 + ext/openssl1L/include/crypto/bn_conf.h.in | 27 + ext/openssl1L/include/crypto/bn_dh.h | 24 + ext/openssl1L/include/crypto/bn_srp.h | 32 + ext/openssl1L/include/crypto/chacha.h | 42 + ext/openssl1L/include/crypto/cryptlib.h | 35 + ext/openssl1L/include/crypto/ctype.h | 82 + ext/openssl1L/include/crypto/dso_conf.h | 17 + ext/openssl1L/include/crypto/dso_conf.h.in | 31 + ext/openssl1L/include/crypto/ec.h | 53 + ext/openssl1L/include/crypto/engine.h | 20 + ext/openssl1L/include/crypto/err.h | 19 + ext/openssl1L/include/crypto/evp.h | 442 ++ ext/openssl1L/include/crypto/lhash.h | 15 + ext/openssl1L/include/crypto/md32_common.h | 256 + ext/openssl1L/include/crypto/objects.h | 12 + ext/openssl1L/include/crypto/poly1305.h | 21 + ext/openssl1L/include/crypto/rand.h | 144 + ext/openssl1L/include/crypto/sha.h | 19 + ext/openssl1L/include/crypto/siphash.h | 25 + ext/openssl1L/include/crypto/sm2.h | 77 + ext/openssl1L/include/crypto/sm2err.h | 65 + ext/openssl1L/include/crypto/sm3.h | 39 + ext/openssl1L/include/crypto/sm4.h | 37 + ext/openssl1L/include/crypto/store.h | 28 + ext/openssl1L/include/crypto/x509.h | 291 + .../internal/__DECC_INCLUDE_EPILOGUE.H | 16 + .../internal/__DECC_INCLUDE_PROLOGUE.H | 20 + ext/openssl1L/include/internal/bio.h | 33 + ext/openssl1L/include/internal/comp.h | 12 + ext/openssl1L/include/internal/conf.h | 30 + .../include/internal/constant_time.h | 387 ++ ext/openssl1L/include/internal/cryptlib.h | 99 + ext/openssl1L/include/internal/dane.h | 103 + ext/openssl1L/include/internal/dso.h | 165 + ext/openssl1L/include/internal/dsoerr.h | 82 + ext/openssl1L/include/internal/err.h | 15 + ext/openssl1L/include/internal/nelem.h | 14 + ext/openssl1L/include/internal/numbers.h | 68 + ext/openssl1L/include/internal/o_dir.h | 52 + ext/openssl1L/include/internal/o_str.h | 17 + ext/openssl1L/include/internal/refcount.h | 150 + ext/openssl1L/include/internal/sockets.h | 157 + ext/openssl1L/include/internal/sslconf.h | 20 + ext/openssl1L/include/internal/thread_once.h | 137 + ext/openssl1L/include/internal/tsan_assist.h | 144 + .../include/openssl/__DECC_INCLUDE_EPILOGUE.H | 22 + .../include/openssl/__DECC_INCLUDE_PROLOGUE.H | 26 + ext/openssl1L/include/openssl/aes.h | 92 + ext/openssl1L/include/openssl/asn1.h | 886 +++ ext/openssl1L/include/openssl/asn1_mac.h | 10 + ext/openssl1L/include/openssl/asn1err.h | 256 + ext/openssl1L/include/openssl/asn1t.h | 945 +++ ext/openssl1L/include/openssl/async.h | 76 + ext/openssl1L/include/openssl/asyncerr.h | 42 + ext/openssl1L/include/openssl/bio.h | 801 +++ ext/openssl1L/include/openssl/bioerr.h | 124 + ext/openssl1L/include/openssl/blowfish.h | 61 + ext/openssl1L/include/openssl/bn.h | 539 ++ ext/openssl1L/include/openssl/bnerr.h | 101 + ext/openssl1L/include/openssl/buffer.h | 58 + ext/openssl1L/include/openssl/buffererr.h | 34 + ext/openssl1L/include/openssl/camellia.h | 83 + ext/openssl1L/include/openssl/cast.h | 53 + ext/openssl1L/include/openssl/cmac.h | 41 + ext/openssl1L/include/openssl/cms.h | 339 ++ ext/openssl1L/include/openssl/cmserr.h | 203 + ext/openssl1L/include/openssl/comp.h | 53 + ext/openssl1L/include/openssl/comperr.h | 44 + ext/openssl1L/include/openssl/conf.h | 168 + ext/openssl1L/include/openssl/conf_api.h | 40 + ext/openssl1L/include/openssl/conferr.h | 76 + ext/openssl1L/include/openssl/crypto.h | 445 ++ ext/openssl1L/include/openssl/cryptoerr.h | 57 + ext/openssl1L/include/openssl/ct.h | 474 ++ ext/openssl1L/include/openssl/cterr.h | 80 + ext/openssl1L/include/openssl/des.h | 174 + ext/openssl1L/include/openssl/dh.h | 343 ++ ext/openssl1L/include/openssl/dherr.h | 89 + ext/openssl1L/include/openssl/dsa.h | 244 + ext/openssl1L/include/openssl/dsaerr.h | 72 + ext/openssl1L/include/openssl/dtls1.h | 55 + ext/openssl1L/include/openssl/e_os2.h | 301 + ext/openssl1L/include/openssl/ebcdic.h | 33 + ext/openssl1L/include/openssl/ec.h | 1484 +++++ ext/openssl1L/include/openssl/ecdh.h | 10 + ext/openssl1L/include/openssl/ecdsa.h | 10 + ext/openssl1L/include/openssl/ecerr.h | 276 + ext/openssl1L/include/openssl/engine.h | 752 +++ ext/openssl1L/include/openssl/engineerr.h | 111 + ext/openssl1L/include/openssl/err.h | 274 + ext/openssl1L/include/openssl/evp.h | 1666 ++++++ ext/openssl1L/include/openssl/evperr.h | 204 + ext/openssl1L/include/openssl/hmac.h | 51 + ext/openssl1L/include/openssl/idea.h | 64 + ext/openssl1L/include/openssl/kdf.h | 97 + ext/openssl1L/include/openssl/kdferr.h | 55 + ext/openssl1L/include/openssl/lhash.h | 241 + ext/openssl1L/include/openssl/md2.h | 44 + ext/openssl1L/include/openssl/md4.h | 51 + ext/openssl1L/include/openssl/md5.h | 50 + ext/openssl1L/include/openssl/mdc2.h | 42 + ext/openssl1L/include/openssl/modes.h | 208 + ext/openssl1L/include/openssl/obj_mac.h | 5198 +++++++++++++++++ ext/openssl1L/include/openssl/objects.h | 175 + ext/openssl1L/include/openssl/objectserr.h | 42 + ext/openssl1L/include/openssl/ocsp.h | 352 ++ ext/openssl1L/include/openssl/ocsperr.h | 78 + ext/openssl1L/include/openssl/opensslconf.h | 197 + .../include/openssl/opensslconf.h.in | 160 + ext/openssl1L/include/openssl/opensslv.h | 101 + ext/openssl1L/include/openssl/ossl_typ.h | 197 + ext/openssl1L/include/openssl/pem.h | 378 ++ ext/openssl1L/include/openssl/pem2.h | 13 + ext/openssl1L/include/openssl/pemerr.h | 105 + ext/openssl1L/include/openssl/pkcs12.h | 223 + ext/openssl1L/include/openssl/pkcs12err.h | 81 + ext/openssl1L/include/openssl/pkcs7.h | 319 + ext/openssl1L/include/openssl/pkcs7err.h | 103 + ext/openssl1L/include/openssl/rand.h | 77 + ext/openssl1L/include/openssl/rand_drbg.h | 130 + ext/openssl1L/include/openssl/randerr.h | 94 + ext/openssl1L/include/openssl/rc2.h | 51 + ext/openssl1L/include/openssl/rc4.h | 36 + ext/openssl1L/include/openssl/rc5.h | 63 + ext/openssl1L/include/openssl/ripemd.h | 47 + ext/openssl1L/include/openssl/rsa.h | 513 ++ ext/openssl1L/include/openssl/rsaerr.h | 167 + ext/openssl1L/include/openssl/safestack.h | 207 + ext/openssl1L/include/openssl/seed.h | 96 + ext/openssl1L/include/openssl/sha.h | 119 + ext/openssl1L/include/openssl/srp.h | 135 + ext/openssl1L/include/openssl/srtp.h | 50 + ext/openssl1L/include/openssl/ssl.h | 2448 ++++++++ ext/openssl1L/include/openssl/ssl2.h | 24 + ext/openssl1L/include/openssl/ssl3.h | 342 ++ ext/openssl1L/include/openssl/sslerr.h | 776 +++ ext/openssl1L/include/openssl/stack.h | 83 + ext/openssl1L/include/openssl/store.h | 266 + ext/openssl1L/include/openssl/storeerr.h | 91 + ext/openssl1L/include/openssl/symhacks.h | 37 + ext/openssl1L/include/openssl/tls1.h | 1237 ++++ ext/openssl1L/include/openssl/ts.h | 559 ++ ext/openssl1L/include/openssl/tserr.h | 132 + ext/openssl1L/include/openssl/txt_db.h | 57 + ext/openssl1L/include/openssl/ui.h | 368 ++ ext/openssl1L/include/openssl/uierr.h | 65 + ext/openssl1L/include/openssl/whrlpool.h | 48 + ext/openssl1L/include/openssl/x509.h | 1050 ++++ ext/openssl1L/include/openssl/x509_vfy.h | 632 ++ ext/openssl1L/include/openssl/x509err.h | 129 + ext/openssl1L/include/openssl/x509v3.h | 938 +++ ext/openssl1L/include/openssl/x509v3err.h | 164 + ext/openssl1L/lib/libcrypto.a | Bin 0 -> 5631964 bytes ext/openssl1L/lib/libssl.a | Bin 0 -> 1028074 bytes ext/openssl1L/lib/pkgconfig/libcrypto.pc | 12 + ext/openssl1L/lib/pkgconfig/libssl.pc | 11 + ext/openssl1L/lib/pkgconfig/openssl.pc | 9 + 164 files changed, 36121 insertions(+) create mode 100644 ext/openssl1L/include/crypto/__DECC_INCLUDE_EPILOGUE.H create mode 100644 ext/openssl1L/include/crypto/__DECC_INCLUDE_PROLOGUE.H create mode 100644 ext/openssl1L/include/crypto/aria.h create mode 100644 ext/openssl1L/include/crypto/asn1.h create mode 100644 ext/openssl1L/include/crypto/async.h create mode 100644 ext/openssl1L/include/crypto/bn.h create mode 100644 ext/openssl1L/include/crypto/bn_conf.h create mode 100644 ext/openssl1L/include/crypto/bn_conf.h.in create mode 100644 ext/openssl1L/include/crypto/bn_dh.h create mode 100644 ext/openssl1L/include/crypto/bn_srp.h create mode 100644 ext/openssl1L/include/crypto/chacha.h create mode 100644 ext/openssl1L/include/crypto/cryptlib.h create mode 100644 ext/openssl1L/include/crypto/ctype.h create mode 100644 ext/openssl1L/include/crypto/dso_conf.h create mode 100644 ext/openssl1L/include/crypto/dso_conf.h.in create mode 100644 ext/openssl1L/include/crypto/ec.h create mode 100644 ext/openssl1L/include/crypto/engine.h create mode 100644 ext/openssl1L/include/crypto/err.h create mode 100644 ext/openssl1L/include/crypto/evp.h create mode 100644 ext/openssl1L/include/crypto/lhash.h create mode 100644 ext/openssl1L/include/crypto/md32_common.h create mode 100644 ext/openssl1L/include/crypto/objects.h create mode 100644 ext/openssl1L/include/crypto/poly1305.h create mode 100644 ext/openssl1L/include/crypto/rand.h create mode 100644 ext/openssl1L/include/crypto/sha.h create mode 100644 ext/openssl1L/include/crypto/siphash.h create mode 100644 ext/openssl1L/include/crypto/sm2.h create mode 100644 ext/openssl1L/include/crypto/sm2err.h create mode 100644 ext/openssl1L/include/crypto/sm3.h create mode 100644 ext/openssl1L/include/crypto/sm4.h create mode 100644 ext/openssl1L/include/crypto/store.h create mode 100644 ext/openssl1L/include/crypto/x509.h create mode 100644 ext/openssl1L/include/internal/__DECC_INCLUDE_EPILOGUE.H create mode 100644 ext/openssl1L/include/internal/__DECC_INCLUDE_PROLOGUE.H create mode 100644 ext/openssl1L/include/internal/bio.h create mode 100644 ext/openssl1L/include/internal/comp.h create mode 100644 ext/openssl1L/include/internal/conf.h create mode 100644 ext/openssl1L/include/internal/constant_time.h create mode 100644 ext/openssl1L/include/internal/cryptlib.h create mode 100644 ext/openssl1L/include/internal/dane.h create mode 100644 ext/openssl1L/include/internal/dso.h create mode 100644 ext/openssl1L/include/internal/dsoerr.h create mode 100644 ext/openssl1L/include/internal/err.h create mode 100644 ext/openssl1L/include/internal/nelem.h create mode 100644 ext/openssl1L/include/internal/numbers.h create mode 100644 ext/openssl1L/include/internal/o_dir.h create mode 100644 ext/openssl1L/include/internal/o_str.h create mode 100644 ext/openssl1L/include/internal/refcount.h create mode 100644 ext/openssl1L/include/internal/sockets.h create mode 100644 ext/openssl1L/include/internal/sslconf.h create mode 100644 ext/openssl1L/include/internal/thread_once.h create mode 100644 ext/openssl1L/include/internal/tsan_assist.h create mode 100644 ext/openssl1L/include/openssl/__DECC_INCLUDE_EPILOGUE.H create mode 100644 ext/openssl1L/include/openssl/__DECC_INCLUDE_PROLOGUE.H create mode 100644 ext/openssl1L/include/openssl/aes.h create mode 100644 ext/openssl1L/include/openssl/asn1.h create mode 100644 ext/openssl1L/include/openssl/asn1_mac.h create mode 100644 ext/openssl1L/include/openssl/asn1err.h create mode 100644 ext/openssl1L/include/openssl/asn1t.h create mode 100644 ext/openssl1L/include/openssl/async.h create mode 100644 ext/openssl1L/include/openssl/asyncerr.h create mode 100644 ext/openssl1L/include/openssl/bio.h create mode 100644 ext/openssl1L/include/openssl/bioerr.h create mode 100644 ext/openssl1L/include/openssl/blowfish.h create mode 100644 ext/openssl1L/include/openssl/bn.h create mode 100644 ext/openssl1L/include/openssl/bnerr.h create mode 100644 ext/openssl1L/include/openssl/buffer.h create mode 100644 ext/openssl1L/include/openssl/buffererr.h create mode 100644 ext/openssl1L/include/openssl/camellia.h create mode 100644 ext/openssl1L/include/openssl/cast.h create mode 100644 ext/openssl1L/include/openssl/cmac.h create mode 100644 ext/openssl1L/include/openssl/cms.h create mode 100644 ext/openssl1L/include/openssl/cmserr.h create mode 100644 ext/openssl1L/include/openssl/comp.h create mode 100644 ext/openssl1L/include/openssl/comperr.h create mode 100644 ext/openssl1L/include/openssl/conf.h create mode 100644 ext/openssl1L/include/openssl/conf_api.h create mode 100644 ext/openssl1L/include/openssl/conferr.h create mode 100644 ext/openssl1L/include/openssl/crypto.h create mode 100644 ext/openssl1L/include/openssl/cryptoerr.h create mode 100644 ext/openssl1L/include/openssl/ct.h create mode 100644 ext/openssl1L/include/openssl/cterr.h create mode 100644 ext/openssl1L/include/openssl/des.h create mode 100644 ext/openssl1L/include/openssl/dh.h create mode 100644 ext/openssl1L/include/openssl/dherr.h create mode 100644 ext/openssl1L/include/openssl/dsa.h create mode 100644 ext/openssl1L/include/openssl/dsaerr.h create mode 100644 ext/openssl1L/include/openssl/dtls1.h create mode 100644 ext/openssl1L/include/openssl/e_os2.h create mode 100644 ext/openssl1L/include/openssl/ebcdic.h create mode 100644 ext/openssl1L/include/openssl/ec.h create mode 100644 ext/openssl1L/include/openssl/ecdh.h create mode 100644 ext/openssl1L/include/openssl/ecdsa.h create mode 100644 ext/openssl1L/include/openssl/ecerr.h create mode 100644 ext/openssl1L/include/openssl/engine.h create mode 100644 ext/openssl1L/include/openssl/engineerr.h create mode 100644 ext/openssl1L/include/openssl/err.h create mode 100644 ext/openssl1L/include/openssl/evp.h create mode 100644 ext/openssl1L/include/openssl/evperr.h create mode 100644 ext/openssl1L/include/openssl/hmac.h create mode 100644 ext/openssl1L/include/openssl/idea.h create mode 100644 ext/openssl1L/include/openssl/kdf.h create mode 100644 ext/openssl1L/include/openssl/kdferr.h create mode 100644 ext/openssl1L/include/openssl/lhash.h create mode 100644 ext/openssl1L/include/openssl/md2.h create mode 100644 ext/openssl1L/include/openssl/md4.h create mode 100644 ext/openssl1L/include/openssl/md5.h create mode 100644 ext/openssl1L/include/openssl/mdc2.h create mode 100644 ext/openssl1L/include/openssl/modes.h create mode 100644 ext/openssl1L/include/openssl/obj_mac.h create mode 100644 ext/openssl1L/include/openssl/objects.h create mode 100644 ext/openssl1L/include/openssl/objectserr.h create mode 100644 ext/openssl1L/include/openssl/ocsp.h create mode 100644 ext/openssl1L/include/openssl/ocsperr.h create mode 100644 ext/openssl1L/include/openssl/opensslconf.h create mode 100644 ext/openssl1L/include/openssl/opensslconf.h.in create mode 100644 ext/openssl1L/include/openssl/opensslv.h create mode 100644 ext/openssl1L/include/openssl/ossl_typ.h create mode 100644 ext/openssl1L/include/openssl/pem.h create mode 100644 ext/openssl1L/include/openssl/pem2.h create mode 100644 ext/openssl1L/include/openssl/pemerr.h create mode 100644 ext/openssl1L/include/openssl/pkcs12.h create mode 100644 ext/openssl1L/include/openssl/pkcs12err.h create mode 100644 ext/openssl1L/include/openssl/pkcs7.h create mode 100644 ext/openssl1L/include/openssl/pkcs7err.h create mode 100644 ext/openssl1L/include/openssl/rand.h create mode 100644 ext/openssl1L/include/openssl/rand_drbg.h create mode 100644 ext/openssl1L/include/openssl/randerr.h create mode 100644 ext/openssl1L/include/openssl/rc2.h create mode 100644 ext/openssl1L/include/openssl/rc4.h create mode 100644 ext/openssl1L/include/openssl/rc5.h create mode 100644 ext/openssl1L/include/openssl/ripemd.h create mode 100644 ext/openssl1L/include/openssl/rsa.h create mode 100644 ext/openssl1L/include/openssl/rsaerr.h create mode 100644 ext/openssl1L/include/openssl/safestack.h create mode 100644 ext/openssl1L/include/openssl/seed.h create mode 100644 ext/openssl1L/include/openssl/sha.h create mode 100644 ext/openssl1L/include/openssl/srp.h create mode 100644 ext/openssl1L/include/openssl/srtp.h create mode 100644 ext/openssl1L/include/openssl/ssl.h create mode 100644 ext/openssl1L/include/openssl/ssl2.h create mode 100644 ext/openssl1L/include/openssl/ssl3.h create mode 100644 ext/openssl1L/include/openssl/sslerr.h create mode 100644 ext/openssl1L/include/openssl/stack.h create mode 100644 ext/openssl1L/include/openssl/store.h create mode 100644 ext/openssl1L/include/openssl/storeerr.h create mode 100644 ext/openssl1L/include/openssl/symhacks.h create mode 100644 ext/openssl1L/include/openssl/tls1.h create mode 100644 ext/openssl1L/include/openssl/ts.h create mode 100644 ext/openssl1L/include/openssl/tserr.h create mode 100644 ext/openssl1L/include/openssl/txt_db.h create mode 100644 ext/openssl1L/include/openssl/ui.h create mode 100644 ext/openssl1L/include/openssl/uierr.h create mode 100644 ext/openssl1L/include/openssl/whrlpool.h create mode 100644 ext/openssl1L/include/openssl/x509.h create mode 100644 ext/openssl1L/include/openssl/x509_vfy.h create mode 100644 ext/openssl1L/include/openssl/x509err.h create mode 100644 ext/openssl1L/include/openssl/x509v3.h create mode 100644 ext/openssl1L/include/openssl/x509v3err.h create mode 100644 ext/openssl1L/lib/libcrypto.a create mode 100644 ext/openssl1L/lib/libssl.a create mode 100644 ext/openssl1L/lib/pkgconfig/libcrypto.pc create mode 100644 ext/openssl1L/lib/pkgconfig/libssl.pc create mode 100644 ext/openssl1L/lib/pkgconfig/openssl.pc diff --git a/ext/openssl1L/include/crypto/__DECC_INCLUDE_EPILOGUE.H b/ext/openssl1L/include/crypto/__DECC_INCLUDE_EPILOGUE.H new file mode 100644 index 0000000..c350018 --- /dev/null +++ b/ext/openssl1L/include/crypto/__DECC_INCLUDE_EPILOGUE.H @@ -0,0 +1,16 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* restore state. Must correspond to the save in __decc_include_prologue.h */ +#pragma names restore diff --git a/ext/openssl1L/include/crypto/__DECC_INCLUDE_PROLOGUE.H b/ext/openssl1L/include/crypto/__DECC_INCLUDE_PROLOGUE.H new file mode 100644 index 0000000..9a9c777 --- /dev/null +++ b/ext/openssl1L/include/crypto/__DECC_INCLUDE_PROLOGUE.H @@ -0,0 +1,20 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* save state */ +#pragma names save +/* have the compiler shorten symbols larger than 31 chars to 23 chars + * followed by a 8 hex char CRC + */ +#pragma names as_is,shortened diff --git a/ext/openssl1L/include/crypto/aria.h b/ext/openssl1L/include/crypto/aria.h new file mode 100644 index 0000000..03a6295 --- /dev/null +++ b/ext/openssl1L/include/crypto/aria.h @@ -0,0 +1,50 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ + +#ifndef OSSL_CRYPTO_ARIA_H +# define OSSL_CRYPTO_ARIA_H + +# include + +# ifdef OPENSSL_NO_ARIA +# error ARIA is disabled. +# endif + +# define ARIA_ENCRYPT 1 +# define ARIA_DECRYPT 0 + +# define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */ +# define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ + +typedef union { + unsigned char c[ARIA_BLOCK_SIZE]; + unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)]; +} ARIA_u128; + +typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE]; + +struct aria_key_st { + ARIA_u128 rd_key[ARIA_MAX_KEYS]; + unsigned int rounds; +}; +typedef struct aria_key_st ARIA_KEY; + + +int aria_set_encrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); +int aria_set_decrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); + +void aria_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key); + +#endif diff --git a/ext/openssl1L/include/crypto/asn1.h b/ext/openssl1L/include/crypto/asn1.h new file mode 100644 index 0000000..9c9b4d8 --- /dev/null +++ b/ext/openssl1L/include/crypto/asn1.h @@ -0,0 +1,113 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal ASN1 structures and functions: not for application use */ + +/* ASN1 public key method structure */ + +struct evp_pkey_asn1_method_st { + int pkey_id; + int pkey_base_id; + unsigned long pkey_flags; + char *pem_str; + char *info; + int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); + int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); + int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); + int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); + int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*pkey_size) (const EVP_PKEY *pk); + int (*pkey_bits) (const EVP_PKEY *pk); + int (*pkey_security_bits) (const EVP_PKEY *pk); + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); + int (*param_missing) (const EVP_PKEY *pk); + int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); + int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); + int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*sig_print) (BIO *out, + const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx); + void (*pkey_free) (EVP_PKEY *pkey); + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); + /* Legacy functions for old PEM */ + int (*old_priv_decode) (EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); + /* Custom ASN1 signature verification */ + int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); + int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *sig); + int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); + /* Check */ + int (*pkey_check) (const EVP_PKEY *pk); + int (*pkey_public_check) (const EVP_PKEY *pk); + int (*pkey_param_check) (const EVP_PKEY *pk); + /* Get/set raw private/public key data */ + int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); + int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); + int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); + int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); +} /* EVP_PKEY_ASN1_METHOD */ ; + +DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) + +extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5]; +extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth; + +extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2]; +extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth; + +/* + * These are used internally in the ASN1_OBJECT to keep track of whether the + * names and data need to be free()ed + */ +# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ +# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ +# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ +# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ +struct asn1_object_st { + const char *sn, *ln; + int nid; + int length; + const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ +}; + +/* ASN1 print context structure */ + +struct asn1_pctx_st { + unsigned long flags; + unsigned long nm_flags; + unsigned long cert_flags; + unsigned long oid_flags; + unsigned long str_flags; +} /* ASN1_PCTX */ ; + +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); diff --git a/ext/openssl1L/include/crypto/async.h b/ext/openssl1L/include/crypto/async.h new file mode 100644 index 0000000..dc8e937 --- /dev/null +++ b/ext/openssl1L/include/crypto/async.h @@ -0,0 +1,15 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +int async_init(void); +void async_deinit(void); +void async_delete_thread_state(void); + diff --git a/ext/openssl1L/include/crypto/bn.h b/ext/openssl1L/include/crypto/bn.h new file mode 100644 index 0000000..250914c --- /dev/null +++ b/ext/openssl1L/include/crypto/bn.h @@ -0,0 +1,90 @@ +/* + * Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BN_H +# define OSSL_CRYPTO_BN_H + +# include +# include + +BIGNUM *bn_wexpand(BIGNUM *a, int words); +BIGNUM *bn_expand2(BIGNUM *a, int words); + +void bn_correct_top(BIGNUM *a); + +/* + * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. + * This is an array r[] of values that are either zero or odd with an + * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at + * most one of any w+1 consecutive digits is non-zero with the exception that + * the most significant digit may be only w-1 zeros away from that next + * non-zero digit. + */ +signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len); + +int bn_get_top(const BIGNUM *a); + +int bn_get_dmax(const BIGNUM *a); + +/* Set all words to zero */ +void bn_set_all_zero(BIGNUM *a); + +/* + * Copy the internal BIGNUM words into out which holds size elements (and size + * must be bigger than top) + */ +int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size); + +BN_ULONG *bn_get_words(const BIGNUM *a); + +/* + * Set the internal data words in a to point to words which contains size + * elements. The BN_FLG_STATIC_DATA flag is set + */ +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); + +/* + * Copy words into the BIGNUM |a|, reallocating space as necessary. + * The negative flag of |a| is not modified. + * Returns 1 on success and 0 on failure. + */ +/* + * |num_words| is int because bn_expand2 takes an int. This is an internal + * function so we simply trust callers not to pass negative values. + */ +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); + +/* + * Some BIGNUM functions assume most significant limb to be non-zero, which + * is customarily arranged by bn_correct_top. Output from below functions + * is not processed with bn_correct_top, and for this reason it may not be + * returned out of public API. It may only be passed internally into other + * functions known to support non-minimal or zero-padded BIGNUMs. Even + * though the goal is to facilitate constant-time-ness, not each subroutine + * is constant-time by itself. They all have pre-conditions, consult source + * code... + */ +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + const BIGNUM *d, BN_CTX *ctx); + +#endif diff --git a/ext/openssl1L/include/crypto/bn_conf.h b/ext/openssl1L/include/crypto/bn_conf.h new file mode 100644 index 0000000..5312ef5 --- /dev/null +++ b/ext/openssl1L/include/crypto/bn_conf.h @@ -0,0 +1,28 @@ +/* WARNING: do not edit! */ +/* Generated by Makefile from include/crypto/bn_conf.h.in */ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BN_CONF_H +# define OSSL_CRYPTO_BN_CONF_H + +/* + * The contents of this file are not used in the UEFI build, as + * both 32-bit and 64-bit builds are supported from a single run + * of the Configure script. + */ + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT + +#endif diff --git a/ext/openssl1L/include/crypto/bn_conf.h.in b/ext/openssl1L/include/crypto/bn_conf.h.in new file mode 100644 index 0000000..b6b9eb7 --- /dev/null +++ b/ext/openssl1L/include/crypto/bn_conf.h.in @@ -0,0 +1,27 @@ +{- join("\n",map { "/* $_ */" } @autowarntext) -} +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BN_CONF_H +# define OSSL_CRYPTO_BN_CONF_H + +/* + * The contents of this file are not used in the UEFI build, as + * both 32-bit and 64-bit builds are supported from a single run + * of the Configure script. + */ + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +{- $config{b64l} ? "#define" : "#undef" -} SIXTY_FOUR_BIT_LONG +{- $config{b64} ? "#define" : "#undef" -} SIXTY_FOUR_BIT +{- $config{b32} ? "#define" : "#undef" -} THIRTY_TWO_BIT + +#endif diff --git a/ext/openssl1L/include/crypto/bn_dh.h b/ext/openssl1L/include/crypto/bn_dh.h new file mode 100644 index 0000000..70ebca2 --- /dev/null +++ b/ext/openssl1L/include/crypto/bn_dh.h @@ -0,0 +1,24 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define declare_dh_bn(x) \ + extern const BIGNUM _bignum_dh##x##_p; \ + extern const BIGNUM _bignum_dh##x##_g; \ + extern const BIGNUM _bignum_dh##x##_q; + +declare_dh_bn(1024_160) +declare_dh_bn(2048_224) +declare_dh_bn(2048_256) + +extern const BIGNUM _bignum_ffdhe2048_p; +extern const BIGNUM _bignum_ffdhe3072_p; +extern const BIGNUM _bignum_ffdhe4096_p; +extern const BIGNUM _bignum_ffdhe6144_p; +extern const BIGNUM _bignum_ffdhe8192_p; +extern const BIGNUM _bignum_const_2; diff --git a/ext/openssl1L/include/crypto/bn_srp.h b/ext/openssl1L/include/crypto/bn_srp.h new file mode 100644 index 0000000..d4b282a --- /dev/null +++ b/ext/openssl1L/include/crypto/bn_srp.h @@ -0,0 +1,32 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_NO_SRP + +extern const BIGNUM bn_group_1024; + +extern const BIGNUM bn_group_1536; + +extern const BIGNUM bn_group_2048; + +extern const BIGNUM bn_group_3072; + +extern const BIGNUM bn_group_4096; + +extern const BIGNUM bn_group_6144; + +extern const BIGNUM bn_group_8192; + +extern const BIGNUM bn_generator_19; + +extern const BIGNUM bn_generator_5; + +extern const BIGNUM bn_generator_2; + +#endif diff --git a/ext/openssl1L/include/crypto/chacha.h b/ext/openssl1L/include/crypto/chacha.h new file mode 100644 index 0000000..4029400 --- /dev/null +++ b/ext/openssl1L/include/crypto/chacha.h @@ -0,0 +1,42 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CHACHA_H +#define OSSL_CRYPTO_CHACHA_H + +#include + +/* + * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and + * nonce and writes the result to |out|, which may be equal to |inp|. + * The |key| is not 32 bytes of verbatim key material though, but the + * said material collected into 8 32-bit elements array in host byte + * order. Same approach applies to nonce: the |counter| argument is + * pointer to concatenated nonce and counter values collected into 4 + * 32-bit elements. This, passing crypto material collected into 32-bit + * elements as opposite to passing verbatim byte vectors, is chosen for + * efficiency in multi-call scenarios. + */ +void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); +/* + * You can notice that there is no key setup procedure. Because it's + * as trivial as collecting bytes into 32-bit elements, it's reckoned + * that below macro is sufficient. + */ +#define CHACHA_U8TOU32(p) ( \ + ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ + ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) + +#define CHACHA_KEY_SIZE 32 +#define CHACHA_CTR_SIZE 16 +#define CHACHA_BLK_SIZE 64 + +#endif diff --git a/ext/openssl1L/include/crypto/cryptlib.h b/ext/openssl1L/include/crypto/cryptlib.h new file mode 100644 index 0000000..38b5dac --- /dev/null +++ b/ext/openssl1L/include/crypto/cryptlib.h @@ -0,0 +1,35 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" + +/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */ + +struct thread_local_inits_st { + int async; + int err_state; + int rand; +}; + +int ossl_init_thread_start(uint64_t opts); + +/* + * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below + * are those omitted from crypto.h because they are "reserved for internal + * use". + */ +# define OPENSSL_INIT_ZLIB 0x00010000L +# define OPENSSL_INIT_BASE_ONLY 0x00040000L + +/* OPENSSL_INIT_THREAD flags */ +# define OPENSSL_INIT_THREAD_ASYNC 0x01 +# define OPENSSL_INIT_THREAD_ERR_STATE 0x02 +# define OPENSSL_INIT_THREAD_RAND 0x04 + +void ossl_malloc_setup_failures(void); diff --git a/ext/openssl1L/include/crypto/ctype.h b/ext/openssl1L/include/crypto/ctype.h new file mode 100644 index 0000000..81ef8f5 --- /dev/null +++ b/ext/openssl1L/include/crypto/ctype.h @@ -0,0 +1,82 @@ +/* + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This version of ctype.h provides a standardised and platform + * independent implementation that supports seven bit ASCII characters. + * The specific intent is to not pass extended ASCII characters (> 127) + * even if the host operating system would. + * + * There is EBCDIC support included for machines which use this. However, + * there are a number of concerns about how well EBCDIC is supported + * throughout the rest of the source code. Refer to issue #4154 for + * details. + */ +#ifndef OSSL_CRYPTO_CTYPE_H +# define OSSL_CRYPTO_CTYPE_H + +# define CTYPE_MASK_lower 0x1 +# define CTYPE_MASK_upper 0x2 +# define CTYPE_MASK_digit 0x4 +# define CTYPE_MASK_space 0x8 +# define CTYPE_MASK_xdigit 0x10 +# define CTYPE_MASK_blank 0x20 +# define CTYPE_MASK_cntrl 0x40 +# define CTYPE_MASK_graph 0x80 +# define CTYPE_MASK_print 0x100 +# define CTYPE_MASK_punct 0x200 +# define CTYPE_MASK_base64 0x400 +# define CTYPE_MASK_asn1print 0x800 + +# define CTYPE_MASK_alpha (CTYPE_MASK_lower | CTYPE_MASK_upper) +# define CTYPE_MASK_alnum (CTYPE_MASK_alpha | CTYPE_MASK_digit) + +/* + * The ascii mask assumes that any other classification implies that + * the character is ASCII and that there are no ASCII characters + * that aren't in any of the classifications. + * + * This assumption holds at the moment, but it might not in the future. + */ +# define CTYPE_MASK_ascii (~0) + +# ifdef CHARSET_EBCDIC +int ossl_toascii(int c); +int ossl_fromascii(int c); +# else +# define ossl_toascii(c) (c) +# define ossl_fromascii(c) (c) +# endif +int ossl_ctype_check(int c, unsigned int mask); +int ossl_tolower(int c); +int ossl_toupper(int c); + +int ascii_isdigit(const char inchar); + +# define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) +# define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) +# ifdef CHARSET_EBCDIC +# define ossl_isascii(c) (ossl_ctype_check((c), CTYPE_MASK_ascii)) +# else +# define ossl_isascii(c) (((c) & ~127) == 0) +# endif +# define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank)) +# define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl)) +# define ossl_isdigit(c) (ossl_ctype_check((c), CTYPE_MASK_digit)) +# define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph)) +# define ossl_islower(c) (ossl_ctype_check((c), CTYPE_MASK_lower)) +# define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print)) +# define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct)) +# define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space)) +# define ossl_isupper(c) (ossl_ctype_check((c), CTYPE_MASK_upper)) +# define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) +# define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) +# define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) + +#endif diff --git a/ext/openssl1L/include/crypto/dso_conf.h b/ext/openssl1L/include/crypto/dso_conf.h new file mode 100644 index 0000000..4b1167c --- /dev/null +++ b/ext/openssl1L/include/crypto/dso_conf.h @@ -0,0 +1,17 @@ +/* WARNING: do not edit! */ +/* Generated by Makefile from include/crypto/dso_conf.h.in */ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DSO_CONF_H +# define OSSL_CRYPTO_DSO_CONF_H +# define DSO_DLFCN +# define HAVE_DLFCN_H +# define DSO_EXTENSION ".so" +#endif diff --git a/ext/openssl1L/include/crypto/dso_conf.h.in b/ext/openssl1L/include/crypto/dso_conf.h.in new file mode 100644 index 0000000..57a09b1 --- /dev/null +++ b/ext/openssl1L/include/crypto/dso_conf.h.in @@ -0,0 +1,31 @@ +{- join("\n",map { "/* $_ */" } @autowarntext) -} +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DSO_CONF_H +# define OSSL_CRYPTO_DSO_CONF_H +{- # The DSO code currently always implements all functions so that no + # applications will have to worry about that from a compilation point + # of view. However, the "method"s may return zero unless that platform + # has support compiled in for them. Currently each method is enabled + # by a define "DSO_" ... we translate the "dso_scheme" config + # string entry into using the following logic; + my $scheme = $disabled{dso} ? undef : uc $target{dso_scheme}; + if (!$scheme) { + $scheme = "NONE"; + } + my @macros = ( "DSO_$scheme" ); + if ($scheme eq 'DLFCN') { + @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" ); + } elsif ($scheme eq "DLFCN_NO_H") { + @macros = ( "DSO_DLFCN" ); + } + join("\n", map { "# define $_" } @macros); -} +# define DSO_EXTENSION "{- $target{dso_extension} -}" +#endif diff --git a/ext/openssl1L/include/crypto/ec.h b/ext/openssl1L/include/crypto/ec.h new file mode 100644 index 0000000..fe52ae7 --- /dev/null +++ b/ext/openssl1L/include/crypto/ec.h @@ -0,0 +1,53 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal EC functions for other submodules: not for application use */ + +#ifndef OSSL_CRYPTO_EC_H +# define OSSL_CRYPTO_EC_H +# include + +# ifndef OPENSSL_NO_EC + +# include + +/*- + * Computes the multiplicative inverse of x in the range + * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the + * subgroup generated by the generator G: + * + * res := x^(-1) (mod EC_GROUP::order). + * + * This function expects the following two conditions to hold: + * - the EC_GROUP order is prime, and + * - x is included in the range [1, EC_GROUP::order). + * + * This function returns 1 on success, 0 on error. + * + * If the EC_GROUP order is even, this function explicitly returns 0 as + * an error. + * In case any of the two conditions stated above is not satisfied, + * the correctness of its output is not guaranteed, even if the return + * value could still be 1 (as primality testing and a conditional modular + * reduction round on the input can be omitted by the underlying + * implementations for better SCA properties on regular input values). + */ +__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx); + +/*- + * ECDH Key Derivation Function as defined in ANSI X9.63 + */ +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +# endif /* OPENSSL_NO_EC */ +#endif diff --git a/ext/openssl1L/include/crypto/engine.h b/ext/openssl1L/include/crypto/engine.h new file mode 100644 index 0000000..f80ae3e --- /dev/null +++ b/ext/openssl1L/include/crypto/engine.h @@ -0,0 +1,20 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void engine_load_openssl_int(void); +void engine_load_devcrypto_int(void); +void engine_load_rdrand_int(void); +void engine_load_dynamic_int(void); +void engine_load_padlock_int(void); +void engine_load_capi_int(void); +void engine_load_dasync_int(void); +void engine_load_afalg_int(void); +void engine_cleanup_int(void); diff --git a/ext/openssl1L/include/crypto/err.h b/ext/openssl1L/include/crypto/err.h new file mode 100644 index 0000000..8ab0e5b --- /dev/null +++ b/ext/openssl1L/include/crypto/err.h @@ -0,0 +1,19 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ERR_H +# define OSSL_CRYPTO_ERR_H + +int err_load_crypto_strings_int(void); +void err_cleanup(void); +void err_delete_thread_state(void); +int err_shelve_state(void **); +void err_unshelve_state(void *); + +#endif diff --git a/ext/openssl1L/include/crypto/evp.h b/ext/openssl1L/include/crypto/evp.h new file mode 100644 index 0000000..d86aed3 --- /dev/null +++ b/ext/openssl1L/include/crypto/evp.h @@ -0,0 +1,442 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/refcount.h" + +/* + * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag + * values in evp.h + */ +#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 + +struct evp_pkey_ctx_st { + /* Method associated with this operation */ + const EVP_PKEY_METHOD *pmeth; + /* Engine that implements this method or NULL if builtin */ + ENGINE *engine; + /* Key: may be NULL */ + EVP_PKEY *pkey; + /* Peer key for key agreement, may be NULL */ + EVP_PKEY *peerkey; + /* Actual operation */ + int operation; + /* Algorithm specific data */ + void *data; + /* Application specific data */ + void *app_data; + /* Keygen callback */ + EVP_PKEY_gen_cb *pkey_gencb; + /* implementation specific keygen data */ + int *keygen_info; + int keygen_info_count; +} /* EVP_PKEY_CTX */ ; + +#define EVP_PKEY_FLAG_DYNAMIC 1 + +struct evp_pkey_method_st { + int pkey_id; + int flags; + int (*init) (EVP_PKEY_CTX *ctx); + int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); + void (*cleanup) (EVP_PKEY_CTX *ctx); + int (*paramgen_init) (EVP_PKEY_CTX *ctx); + int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + int (*keygen_init) (EVP_PKEY_CTX *ctx); + int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + int (*sign_init) (EVP_PKEY_CTX *ctx); + int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*verify_init) (EVP_PKEY_CTX *ctx); + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + int (*verify_recover_init) (EVP_PKEY_CTX *ctx); + int (*verify_recover) (EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx); + int (*encrypt_init) (EVP_PKEY_CTX *ctx); + int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + int (*decrypt_init) (EVP_PKEY_CTX *ctx); + int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + int (*derive_init) (EVP_PKEY_CTX *ctx); + int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + int (*check) (EVP_PKEY *pkey); + int (*public_check) (EVP_PKEY *pkey); + int (*param_check) (EVP_PKEY *pkey); + + int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +} /* EVP_PKEY_METHOD */ ; + +DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) + +void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); + +extern const EVP_PKEY_METHOD cmac_pkey_meth; +extern const EVP_PKEY_METHOD dh_pkey_meth; +extern const EVP_PKEY_METHOD dhx_pkey_meth; +extern const EVP_PKEY_METHOD dsa_pkey_meth; +extern const EVP_PKEY_METHOD ec_pkey_meth; +extern const EVP_PKEY_METHOD sm2_pkey_meth; +extern const EVP_PKEY_METHOD ecx25519_pkey_meth; +extern const EVP_PKEY_METHOD ecx448_pkey_meth; +extern const EVP_PKEY_METHOD ed25519_pkey_meth; +extern const EVP_PKEY_METHOD ed448_pkey_meth; +extern const EVP_PKEY_METHOD hmac_pkey_meth; +extern const EVP_PKEY_METHOD rsa_pkey_meth; +extern const EVP_PKEY_METHOD rsa_pss_pkey_meth; +extern const EVP_PKEY_METHOD scrypt_pkey_meth; +extern const EVP_PKEY_METHOD tls1_prf_pkey_meth; +extern const EVP_PKEY_METHOD hkdf_pkey_meth; +extern const EVP_PKEY_METHOD poly1305_pkey_meth; +extern const EVP_PKEY_METHOD siphash_pkey_meth; + +struct evp_md_st { + int type; + int pkey_type; + int md_size; + unsigned long flags; + int (*init) (EVP_MD_CTX *ctx); + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final) (EVP_MD_CTX *ctx, unsigned char *md); + int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); + int (*cleanup) (EVP_MD_CTX *ctx); + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +} /* EVP_MD */ ; + +struct evp_cipher_st { + int nid; + int block_size; + /* Default value for variable length ciphers */ + int key_len; + int iv_len; + /* Various flags */ + unsigned long flags; + /* init key */ + int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + /* encrypt/decrypt data */ + int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + /* cleanup ctx */ + int (*cleanup) (EVP_CIPHER_CTX *); + /* how big ctx->cipher_data needs to be */ + int ctx_size; + /* Populate a ASN1_TYPE with parameters */ + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Get parameters from a ASN1_TYPE */ + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Miscellaneous operations */ + int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); + /* Application data */ + void *app_data; +} /* EVP_CIPHER */ ; + +/* Macros to code block cipher wrappers */ + +/* Wrapper functions for each cipher mode */ + +#define EVP_C_DATA(kstruct, ctx) \ + ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) + +#define BLOCK_CIPHER_ecb_loop() \ + size_t i, bl; \ + bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \ + if (inl < bl) return 1;\ + inl -= bl; \ + for (i=0; i <= inl; i+=bl) + +#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ +static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + BLOCK_CIPHER_ecb_loop() \ + cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \ + return 1;\ +} + +#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) + +#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ + static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + while(inl>=EVP_MAXCHUNK) {\ + int num = EVP_CIPHER_CTX_num(ctx);\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ + EVP_CIPHER_CTX_set_num(ctx, num);\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl) {\ + int num = EVP_CIPHER_CTX_num(ctx);\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ + EVP_CIPHER_CTX_set_num(ctx, num);\ + }\ + return 1;\ +} + +#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ +static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + while(inl>=EVP_MAXCHUNK) \ + {\ + cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl)\ + cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ + return 1;\ +} + +#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ +static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + size_t chunk = EVP_MAXCHUNK;\ + if (cbits == 1) chunk >>= 3;\ + if (inl < chunk) chunk = inl;\ + while (inl && inl >= chunk)\ + {\ + int num = EVP_CIPHER_CTX_num(ctx);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long) \ + ((cbits == 1) \ + && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ + ? chunk*8 : chunk), \ + &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ + &num, EVP_CIPHER_CTX_encrypting(ctx));\ + EVP_CIPHER_CTX_set_num(ctx, num);\ + inl -= chunk;\ + in += chunk;\ + out += chunk;\ + if (inl < chunk) chunk = inl;\ + }\ + return 1;\ +} + +#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) + +#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +static const EVP_CIPHER cname##_##mode = { \ + nid##_##nmode, block_size, key_len, iv_len, \ + flags | EVP_CIPH_##MODE##_MODE, \ + init_key, \ + cname##_##mode##_cipher, \ + cleanup, \ + sizeof(kstruct), \ + set_asn1, get_asn1,\ + ctrl, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } + +#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ + flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ + 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, cbits, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) + +/*- +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, flags,\ + init_key, cleanup, set_asn1, get_asn1, ctrl)\ +static const EVP_CIPHER cname##_cbc = {\ + nid##_cbc, block_size, key_len, iv_len, \ + flags | EVP_CIPH_CBC_MODE,\ + init_key,\ + cname##_cbc_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl, \ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ +static const EVP_CIPHER cname##_cfb = {\ + nid##_cfb64, 1, key_len, iv_len, \ + flags | EVP_CIPH_CFB_MODE,\ + init_key,\ + cname##_cfb_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl,\ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ +static const EVP_CIPHER cname##_ofb = {\ + nid##_ofb64, 1, key_len, iv_len, \ + flags | EVP_CIPH_OFB_MODE,\ + init_key,\ + cname##_ofb_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl,\ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ +static const EVP_CIPHER cname##_ecb = {\ + nid##_ecb, block_size, key_len, iv_len, \ + flags | EVP_CIPH_ECB_MODE,\ + init_key,\ + cname##_ecb_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl,\ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } +*/ + +#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ + block_size, key_len, iv_len, cbits, \ + flags, init_key, \ + cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ + cbits, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ + BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ + BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ + NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ + (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ + cipher##_init_key, NULL, NULL, NULL, NULL) + + +# ifndef OPENSSL_NO_EC + +#define X25519_KEYLEN 32 +#define X448_KEYLEN 56 +#define ED448_KEYLEN 57 + +#define MAX_KEYLEN ED448_KEYLEN + +typedef struct { + unsigned char pubkey[MAX_KEYLEN]; + unsigned char *privkey; +} ECX_KEY; + +#endif + +/* + * Type needs to be a bit field Sub-type needs to be for variations on the + * method, as in, can it do arbitrary encryption.... + */ +struct evp_pkey_st { + int type; + int save_type; + CRYPTO_REF_COUNT references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; + ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ + union { + void *ptr; +# ifndef OPENSSL_NO_RSA + struct rsa_st *rsa; /* RSA */ +# endif +# ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +# endif +# ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +# endif +# ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ + ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ +# endif + } pkey; + int save_parameters; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + CRYPTO_RWLOCK *lock; +} /* EVP_PKEY */ ; + + +void openssl_add_all_ciphers_int(void); +void openssl_add_all_digests_int(void); +void evp_cleanup_int(void); +void evp_app_cleanup_int(void); + +/* Pulling defines out of C source files */ + +#define EVP_RC4_KEY_SIZE 16 +#ifndef TLS1_1_VERSION +# define TLS1_1_VERSION 0x0302 +#endif + +void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); + +/* EVP_ENCODE_CTX flags */ +/* Don't generate new lines when encoding */ +#define EVP_ENCODE_CTX_NO_NEWLINES 1 +/* Use the SRP base64 alphabet instead of the standard one */ +#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 diff --git a/ext/openssl1L/include/crypto/lhash.h b/ext/openssl1L/include/crypto/lhash.h new file mode 100644 index 0000000..ab060cc --- /dev/null +++ b/ext/openssl1L/include/crypto/lhash.h @@ -0,0 +1,15 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_LHASH_H +# define OSSL_CRYPTO_LHASH_H + +unsigned long openssl_lh_strcasehash(const char *); + +#endif diff --git a/ext/openssl1L/include/crypto/md32_common.h b/ext/openssl1L/include/crypto/md32_common.h new file mode 100644 index 0000000..1124e9c --- /dev/null +++ b/ext/openssl1L/include/crypto/md32_common.h @@ -0,0 +1,256 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * This is a generic 32 bit "collector" for message digest algorithms. + * Whenever needed it collects input character stream into chunks of + * 32 bit values and invokes a block function that performs actual hash + * calculations. + * + * Porting guide. + * + * Obligatory macros: + * + * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN + * this macro defines byte order of input stream. + * HASH_CBLOCK + * size of a unit chunk HASH_BLOCK operates on. + * HASH_LONG + * has to be at least 32 bit wide. + * HASH_CTX + * context structure that at least contains following + * members: + * typedef struct { + * ... + * HASH_LONG Nl,Nh; + * either { + * HASH_LONG data[HASH_LBLOCK]; + * unsigned char data[HASH_CBLOCK]; + * }; + * unsigned int num; + * ... + * } HASH_CTX; + * data[] vector is expected to be zeroed upon first call to + * HASH_UPDATE. + * HASH_UPDATE + * name of "Update" function, implemented here. + * HASH_TRANSFORM + * name of "Transform" function, implemented here. + * HASH_FINAL + * name of "Final" function, implemented here. + * HASH_BLOCK_DATA_ORDER + * name of "block" function capable of treating *unaligned* input + * message in original (data) byte order, implemented externally. + * HASH_MAKE_STRING + * macro converting context variables to an ASCII hash string. + * + * MD5 example: + * + * #define DATA_ORDER_IS_LITTLE_ENDIAN + * + * #define HASH_LONG MD5_LONG + * #define HASH_CTX MD5_CTX + * #define HASH_CBLOCK MD5_CBLOCK + * #define HASH_UPDATE MD5_Update + * #define HASH_TRANSFORM MD5_Transform + * #define HASH_FINAL MD5_Final + * #define HASH_BLOCK_DATA_ORDER md5_block_data_order + */ + +#include + +#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# error "DATA_ORDER must be defined!" +#endif + +#ifndef HASH_CBLOCK +# error "HASH_CBLOCK must be defined!" +#endif +#ifndef HASH_LONG +# error "HASH_LONG must be defined!" +#endif +#ifndef HASH_CTX +# error "HASH_CTX must be defined!" +#endif + +#ifndef HASH_UPDATE +# error "HASH_UPDATE must be defined!" +#endif +#ifndef HASH_TRANSFORM +# error "HASH_TRANSFORM must be defined!" +#endif +#ifndef HASH_FINAL +# error "HASH_FINAL must be defined!" +#endif + +#ifndef HASH_BLOCK_DATA_ORDER +# error "HASH_BLOCK_DATA_ORDER must be defined!" +#endif + +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) + +#if defined(DATA_ORDER_IS_BIG_ENDIAN) + +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++))) ) ) +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff), \ + l) + +#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24) ) +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + l) + +#endif + +/* + * Time for some action :-) + */ + +int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) +{ + const unsigned char *data = data_; + unsigned char *p; + HASH_LONG l; + size_t n; + + if (len == 0) + return 1; + + l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; + if (l < c->Nl) /* overflow */ + c->Nh++; + c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on + * 16-bit */ + c->Nl = l; + + n = c->num; + if (n != 0) { + p = (unsigned char *)c->data; + + if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { + memcpy(p + n, data, HASH_CBLOCK - n); + HASH_BLOCK_DATA_ORDER(c, p, 1); + n = HASH_CBLOCK - n; + data += n; + len -= n; + c->num = 0; + /* + * We use memset rather than OPENSSL_cleanse() here deliberately. + * Using OPENSSL_cleanse() here could be a performance issue. It + * will get properly cleansed on finalisation so this isn't a + * security problem. + */ + memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ + } else { + memcpy(p + n, data, len); + c->num += (unsigned int)len; + return 1; + } + } + + n = len / HASH_CBLOCK; + if (n > 0) { + HASH_BLOCK_DATA_ORDER(c, data, n); + n *= HASH_CBLOCK; + data += n; + len -= n; + } + + if (len != 0) { + p = (unsigned char *)c->data; + c->num = (unsigned int)len; + memcpy(p, data, len); + } + return 1; +} + +void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) +{ + HASH_BLOCK_DATA_ORDER(c, data, 1); +} + +int HASH_FINAL(unsigned char *md, HASH_CTX *c) +{ + unsigned char *p = (unsigned char *)c->data; + size_t n = c->num; + + p[n] = 0x80; /* there is always room for one */ + n++; + + if (n > (HASH_CBLOCK - 8)) { + memset(p + n, 0, HASH_CBLOCK - n); + n = 0; + HASH_BLOCK_DATA_ORDER(c, p, 1); + } + memset(p + n, 0, HASH_CBLOCK - 8 - n); + + p += HASH_CBLOCK - 8; +#if defined(DATA_ORDER_IS_BIG_ENDIAN) + (void)HOST_l2c(c->Nh, p); + (void)HOST_l2c(c->Nl, p); +#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + (void)HOST_l2c(c->Nl, p); + (void)HOST_l2c(c->Nh, p); +#endif + p -= HASH_CBLOCK; + HASH_BLOCK_DATA_ORDER(c, p, 1); + c->num = 0; + OPENSSL_cleanse(p, HASH_CBLOCK); + +#ifndef HASH_MAKE_STRING +# error "HASH_MAKE_STRING must be defined!" +#else + HASH_MAKE_STRING(c, md); +#endif + + return 1; +} + +#ifndef MD32_REG_T +# if defined(__alpha) || defined(__sparcv9) || defined(__mips) +# define MD32_REG_T long +/* + * This comment was originally written for MD5, which is why it + * discusses A-D. But it basically applies to all 32-bit digests, + * which is why it was moved to common header file. + * + * In case you wonder why A-D are declared as long and not + * as MD5_LONG. Doing so results in slight performance + * boost on LP64 architectures. The catch is we don't + * really care if 32 MSBs of a 64-bit register get polluted + * with eventual overflows as we *save* only 32 LSBs in + * *either* case. Now declaring 'em long excuses the compiler + * from keeping 32 MSBs zeroed resulting in 13% performance + * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. + * Well, to be honest it should say that this *prevents* + * performance degradation. + */ +# else +/* + * Above is not absolute and there are LP64 compilers that + * generate better code if MD32_REG_T is defined int. The above + * pre-processor condition reflects the circumstances under which + * the conclusion was made and is subject to further extension. + */ +# define MD32_REG_T int +# endif +#endif diff --git a/ext/openssl1L/include/crypto/objects.h b/ext/openssl1L/include/crypto/objects.h new file mode 100644 index 0000000..76e1b4d --- /dev/null +++ b/ext/openssl1L/include/crypto/objects.h @@ -0,0 +1,12 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void obj_cleanup_int(void); diff --git a/ext/openssl1L/include/crypto/poly1305.h b/ext/openssl1L/include/crypto/poly1305.h new file mode 100644 index 0000000..5fef239 --- /dev/null +++ b/ext/openssl1L/include/crypto/poly1305.h @@ -0,0 +1,21 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#define POLY1305_BLOCK_SIZE 16 +#define POLY1305_DIGEST_SIZE 16 +#define POLY1305_KEY_SIZE 32 + +typedef struct poly1305_context POLY1305; + +size_t Poly1305_ctx_size(void); +void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]); +void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len); +void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]); diff --git a/ext/openssl1L/include/crypto/rand.h b/ext/openssl1L/include/crypto/rand.h new file mode 100644 index 0000000..9e02bb0 --- /dev/null +++ b/ext/openssl1L/include/crypto/rand.h @@ -0,0 +1,144 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#ifndef OSSL_CRYPTO_RAND_H +# define OSSL_CRYPTO_RAND_H + +# include + +# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) +# include +# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \ + (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) +# define OPENSSL_APPLE_CRYPTO_RANDOM 1 +# include +# include +# endif +# endif + +/* forward declaration */ +typedef struct rand_pool_st RAND_POOL; + +void rand_cleanup_int(void); +void rand_drbg_cleanup_int(void); +void drbg_delete_thread_state(void); + +/* Hardware-based seeding functions. */ +size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); +size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool); + +/* DRBG entropy callbacks. */ +size_t rand_drbg_get_entropy(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance); +void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); +size_t rand_drbg_get_nonce(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, size_t max_len); +void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout); + +void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); + +/* + * RAND_POOL functions + */ +RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len); +RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, + size_t entropy); +void rand_pool_free(RAND_POOL *pool); + +const unsigned char *rand_pool_buffer(RAND_POOL *pool); +unsigned char *rand_pool_detach(RAND_POOL *pool); +void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer); + +size_t rand_pool_entropy(RAND_POOL *pool); +size_t rand_pool_length(RAND_POOL *pool); + +size_t rand_pool_entropy_available(RAND_POOL *pool); +size_t rand_pool_entropy_needed(RAND_POOL *pool); +/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */ +size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor); +size_t rand_pool_bytes_remaining(RAND_POOL *pool); + +int rand_pool_add(RAND_POOL *pool, + const unsigned char *buffer, size_t len, size_t entropy); +unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len); +int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); + + +/* + * Add random bytes to the pool to acquire requested amount of entropy + * + * This function is platform specific and tries to acquire the requested + * amount of entropy by polling platform specific entropy sources. + * + * If the function succeeds in acquiring at least |entropy_requested| bits + * of entropy, the total entropy count is returned. If it fails, it returns + * an entropy count of 0. + */ +size_t rand_pool_acquire_entropy(RAND_POOL *pool); + +/* + * Add some application specific nonce data + * + * This function is platform specific and adds some application specific + * data to the nonce used for instantiating the drbg. + * + * This data currently consists of the process and thread id, and a high + * resolution timestamp. The data does not include an atomic counter, + * because that is added by the calling function rand_drbg_get_nonce(). + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_add_nonce_data(RAND_POOL *pool); + + +/* + * Add some platform specific additional data + * + * This function is platform specific and adds some random noise to the + * additional data used for generating random bytes and for reseeding + * the drbg. + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_add_additional_data(RAND_POOL *pool); + +/* + * Initialise the random pool reseeding sources. + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_init(void); + +/* + * Finalise the random pool reseeding sources. + */ +void rand_pool_cleanup(void); + +/* + * Control the random pool use of open file descriptors. + */ +void rand_pool_keep_random_devices_open(int keep); + +#endif diff --git a/ext/openssl1L/include/crypto/sha.h b/ext/openssl1L/include/crypto/sha.h new file mode 100644 index 0000000..6d15edb --- /dev/null +++ b/ext/openssl1L/include/crypto/sha.h @@ -0,0 +1,19 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SHA_H +# define OSSL_CRYPTO_SHA_H + +# include + +int sha512_224_init(SHA512_CTX *); +int sha512_256_init(SHA512_CTX *); + +#endif diff --git a/ext/openssl1L/include/crypto/siphash.h b/ext/openssl1L/include/crypto/siphash.h new file mode 100644 index 0000000..9573680 --- /dev/null +++ b/ext/openssl1L/include/crypto/siphash.h @@ -0,0 +1,25 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#define SIPHASH_BLOCK_SIZE 8 +#define SIPHASH_KEY_SIZE 16 +#define SIPHASH_MIN_DIGEST_SIZE 8 +#define SIPHASH_MAX_DIGEST_SIZE 16 + +typedef struct siphash_st SIPHASH; + +size_t SipHash_ctx_size(void); +size_t SipHash_hash_size(SIPHASH *ctx); +int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size); +int SipHash_Init(SIPHASH *ctx, const unsigned char *k, + int crounds, int drounds); +void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen); +int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen); diff --git a/ext/openssl1L/include/crypto/sm2.h b/ext/openssl1L/include/crypto/sm2.h new file mode 100644 index 0000000..a7f5548 --- /dev/null +++ b/ext/openssl1L/include/crypto/sm2.h @@ -0,0 +1,77 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SM2_H +# define OSSL_CRYPTO_SM2_H +# include + +# ifndef OPENSSL_NO_SM2 + +# include + +/* The default user id as specified in GM/T 0009-2012 */ +# define SM2_DEFAULT_USERID "1234567812345678" + +int sm2_compute_z_digest(uint8_t *out, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const EC_KEY *key); + +/* + * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2 + */ +ECDSA_SIG *sm2_do_sign(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); + +int sm2_do_verify(const EC_KEY *key, + const EVP_MD *digest, + const ECDSA_SIG *signature, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); + +/* + * SM2 signature generation. + */ +int sm2_sign(const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/* + * SM2 signature verification. + */ +int sm2_verify(const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/* + * SM2 encryption + */ +int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *ct_size); + +int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size); + +int sm2_encrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *msg, + size_t msg_len, + uint8_t *ciphertext_buf, size_t *ciphertext_len); + +int sm2_decrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *ciphertext, + size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len); + +# endif /* OPENSSL_NO_SM2 */ +#endif diff --git a/ext/openssl1L/include/crypto/sm2err.h b/ext/openssl1L/include/crypto/sm2err.h new file mode 100644 index 0000000..d1c0ee2 --- /dev/null +++ b/ext/openssl1L/include/crypto/sm2err.h @@ -0,0 +1,65 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SM2ERR_H +# define OSSL_CRYPTO_SM2ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_SM2 + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SM2_strings(void); + +/* + * SM2 function codes. + */ +# define SM2_F_PKEY_SM2_COPY 115 +# define SM2_F_PKEY_SM2_CTRL 109 +# define SM2_F_PKEY_SM2_CTRL_STR 110 +# define SM2_F_PKEY_SM2_DIGEST_CUSTOM 114 +# define SM2_F_PKEY_SM2_INIT 111 +# define SM2_F_PKEY_SM2_SIGN 112 +# define SM2_F_SM2_COMPUTE_MSG_HASH 100 +# define SM2_F_SM2_COMPUTE_USERID_DIGEST 101 +# define SM2_F_SM2_COMPUTE_Z_DIGEST 113 +# define SM2_F_SM2_DECRYPT 102 +# define SM2_F_SM2_ENCRYPT 103 +# define SM2_F_SM2_PLAINTEXT_SIZE 104 +# define SM2_F_SM2_SIGN 105 +# define SM2_F_SM2_SIG_GEN 106 +# define SM2_F_SM2_SIG_VERIFY 107 +# define SM2_F_SM2_VERIFY 108 + +/* + * SM2 reason codes. + */ +# define SM2_R_ASN1_ERROR 100 +# define SM2_R_BAD_SIGNATURE 101 +# define SM2_R_BUFFER_TOO_SMALL 107 +# define SM2_R_DIST_ID_TOO_LARGE 110 +# define SM2_R_ID_NOT_SET 112 +# define SM2_R_ID_TOO_LARGE 111 +# define SM2_R_INVALID_CURVE 108 +# define SM2_R_INVALID_DIGEST 102 +# define SM2_R_INVALID_DIGEST_TYPE 103 +# define SM2_R_INVALID_ENCODING 104 +# define SM2_R_INVALID_FIELD 105 +# define SM2_R_NO_PARAMETERS_SET 109 +# define SM2_R_USER_ID_TOO_LARGE 106 + +# endif +#endif diff --git a/ext/openssl1L/include/crypto/sm3.h b/ext/openssl1L/include/crypto/sm3.h new file mode 100644 index 0000000..97e7460 --- /dev/null +++ b/ext/openssl1L/include/crypto/sm3.h @@ -0,0 +1,39 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SM3_H +# define OSSL_CRYPTO_SM3_H + +# include + +# ifdef OPENSSL_NO_SM3 +# error SM3 is disabled. +# endif + +# define SM3_DIGEST_LENGTH 32 +# define SM3_WORD unsigned int + +# define SM3_CBLOCK 64 +# define SM3_LBLOCK (SM3_CBLOCK/4) + +typedef struct SM3state_st { + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD Nl, Nh; + SM3_WORD data[SM3_LBLOCK]; + unsigned int num; +} SM3_CTX; + +int sm3_init(SM3_CTX *c); +int sm3_update(SM3_CTX *c, const void *data, size_t len); +int sm3_final(unsigned char *md, SM3_CTX *c); + +void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num); + +#endif diff --git a/ext/openssl1L/include/crypto/sm4.h b/ext/openssl1L/include/crypto/sm4.h new file mode 100644 index 0000000..abe28f3 --- /dev/null +++ b/ext/openssl1L/include/crypto/sm4.h @@ -0,0 +1,37 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SM4_H +# define OSSL_CRYPTO_SM4_H + +# include +# include + +# ifdef OPENSSL_NO_SM4 +# error SM4 is disabled. +# endif + +# define SM4_ENCRYPT 1 +# define SM4_DECRYPT 0 + +# define SM4_BLOCK_SIZE 16 +# define SM4_KEY_SCHEDULE 32 + +typedef struct SM4_KEY_st { + uint32_t rk[SM4_KEY_SCHEDULE]; +} SM4_KEY; + +int SM4_set_key(const uint8_t *key, SM4_KEY *ks); + +void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +#endif diff --git a/ext/openssl1L/include/crypto/store.h b/ext/openssl1L/include/crypto/store.h new file mode 100644 index 0000000..428d3c6 --- /dev/null +++ b/ext/openssl1L/include/crypto/store.h @@ -0,0 +1,28 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_STORE_H +# define OSSL_CRYPTO_STORE_H + +# include +# include +# include + +/* + * Two functions to read PEM data off an already opened BIO. To be used + * instead of OSSLSTORE_open() and OSSLSTORE_close(). Everything is done + * as usual with OSSLSTORE_load() and OSSLSTORE_eof(). + */ +OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, + void *ui_data); +int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx); + +void ossl_store_cleanup_int(void); + +#endif diff --git a/ext/openssl1L/include/crypto/x509.h b/ext/openssl1L/include/crypto/x509.h new file mode 100644 index 0000000..243ea74 --- /dev/null +++ b/ext/openssl1L/include/crypto/x509.h @@ -0,0 +1,291 @@ +/* + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/refcount.h" +#include +#include + +/* Internal X509 structures and functions: not for application use */ + +/* Note: unless otherwise stated a field pointer is mandatory and should + * never be set to NULL: the ASN.1 code and accessors rely on mandatory + * fields never being NULL. + */ + +/* + * name entry structure, equivalent to AttributeTypeAndValue defined + * in RFC5280 et al. + */ +struct X509_name_entry_st { + ASN1_OBJECT *object; /* AttributeType */ + ASN1_STRING *value; /* AttributeValue */ + int set; /* index of RDNSequence for this entry */ + int size; /* temp variable */ +}; + +/* Name from RFC 5280. */ +struct X509_name_st { + STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ + int modified; /* true if 'bytes' needs to be built */ + BUF_MEM *bytes; /* cached encoding: cannot be NULL */ + /* canonical encoding used for rapid Name comparison */ + unsigned char *canon_enc; + int canon_enclen; +} /* X509_NAME */ ; + +/* Signature info structure */ + +struct x509_sig_info_st { + /* NID of message digest */ + int mdnid; + /* NID of public key algorithm */ + int pknid; + /* Security bits */ + int secbits; + /* Various flags */ + uint32_t flags; +}; + +/* PKCS#10 certificate request */ + +struct X509_req_info_st { + ASN1_ENCODING enc; /* cached encoding of signed part */ + ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ + X509_NAME *subject; /* certificate request DN */ + X509_PUBKEY *pubkey; /* public key of request */ + /* + * Zero or more attributes. + * NB: although attributes is a mandatory field some broken + * encodings omit it so this may be NULL in that case. + */ + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +struct X509_req_st { + X509_REQ_INFO req_info; /* signed certificate request data */ + X509_ALGOR sig_alg; /* signature algorithm */ + ASN1_BIT_STRING *signature; /* signature */ + CRYPTO_REF_COUNT references; + CRYPTO_RWLOCK *lock; +}; + +struct X509_crl_info_st { + ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ + X509_ALGOR sig_alg; /* signature algorithm */ + X509_NAME *issuer; /* CRL issuer name */ + ASN1_TIME *lastUpdate; /* lastUpdate field */ + ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ + STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ + STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ + ASN1_ENCODING enc; /* encoding of signed portion of CRL */ +}; + +struct X509_crl_st { + X509_CRL_INFO crl; /* signed CRL data */ + X509_ALGOR sig_alg; /* CRL signature algorithm */ + ASN1_BIT_STRING signature; /* CRL signature */ + CRYPTO_REF_COUNT references; + int flags; + /* + * Cached copies of decoded extension values, since extensions + * are optional any of these can be NULL. + */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; + STACK_OF(GENERAL_NAMES) *issuers; + /* hash of CRL */ + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; + /* alternative method to handle this CRL */ + const X509_CRL_METHOD *meth; + void *meth_data; + CRYPTO_RWLOCK *lock; +}; + +struct x509_revoked_st { + ASN1_INTEGER serialNumber; /* revoked entry serial number */ + ASN1_TIME *revocationDate; /* revocation date */ + STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ + /* decoded value of CRLissuer extension: set if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ + int reason; + /* + * CRL entries are reordered for faster lookup of serial numbers. This + * field contains the original load sequence for this entry. + */ + int sequence; +}; + +/* + * This stuff is certificate "auxiliary info": it contains details which are + * useful in certificate stores and databases. When used this is tagged onto + * the end of the certificate itself. OpenSSL specific structure not defined + * in any RFC. + */ + +struct x509_cert_aux_st { + STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ + STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ + STACK_OF(X509_ALGOR) *other; /* other unspecified info */ +}; + +struct x509_cinf_st { + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER serialNumber; + X509_ALGOR signature; + X509_NAME *issuer; + X509_VAL validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ + ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ + STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; +}; + +struct x509_st { + X509_CINF cert_info; + X509_ALGOR sig_alg; + ASN1_BIT_STRING signature; + X509_SIG_INFO siginf; + CRYPTO_REF_COUNT references; + CRYPTO_EX_DATA ex_data; + /* These contain copies of various extension values */ + long ex_pathlen; + long ex_pcpathlen; + uint32_t ex_flags; + uint32_t ex_kusage; + uint32_t ex_xkusage; + uint32_t ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; +#ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +# endif + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; + X509_CERT_AUX *aux; + CRYPTO_RWLOCK *lock; + volatile int ex_cached; +} /* X509 */ ; + +/* + * This is a used when verifying cert chains. Since the gathering of the + * cert chain can take some time (and have to be 'retried', this needs to be + * kept and passed around. + */ +struct x509_store_ctx_st { /* X509_STORE_CTX */ + X509_STORE *ctx; + /* The following are set by the caller */ + /* The cert to check */ + X509 *cert; + /* chain of X509s - untrusted - passed in */ + STACK_OF(X509) *untrusted; + /* set of CRLs passed in */ + STACK_OF(X509_CRL) *crls; + X509_VERIFY_PARAM *param; + /* Other info for use with get_issuer() */ + void *other_ctx; + /* Callbacks for various operations */ + /* called to verify a certificate */ + int (*verify) (X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb) (int ok, X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation) (X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + /* Check policy status of the chain */ + int (*check_policy) (X509_STORE_CTX *ctx); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup) (X509_STORE_CTX *ctx); + /* The following is built up */ + /* if 0, rebuild chain */ + int valid; + /* number of untrusted certs */ + int num_untrusted; + /* chain of X509s - built up and trusted */ + STACK_OF(X509) *chain; + /* Valid policy tree */ + X509_POLICY_TREE *tree; + /* Require explicit policy value */ + int explicit_policy; + /* When something goes wrong, this is why */ + int error_depth; + int error; + X509 *current_cert; + /* cert currently being tested as valid issuer */ + X509 *current_issuer; + /* current CRL */ + X509_CRL *current_crl; + /* score of current CRL */ + int current_crl_score; + /* Reason mask */ + unsigned int current_reasons; + /* For CRL path validation: parent context */ + X509_STORE_CTX *parent; + CRYPTO_EX_DATA ex_data; + SSL_DANE *dane; + /* signed via bare TA public key, rather than CA certificate */ + int bare_ta_signed; +}; + +/* PKCS#8 private key info structure */ + +struct pkcs8_priv_key_info_st { + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_OCTET_STRING *pkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +struct X509_sig_st { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; +}; + +struct x509_object_st { + /* one of the above types */ + X509_LOOKUP_TYPE type; + union { + char *ptr; + X509 *x509; + X509_CRL *crl; + EVP_PKEY *pkey; + } data; +}; + +int a2i_ipadd(unsigned char *ipout, const char *ipasc); +int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); + +void x509_init_sig_info(X509 *x); + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist); diff --git a/ext/openssl1L/include/internal/__DECC_INCLUDE_EPILOGUE.H b/ext/openssl1L/include/internal/__DECC_INCLUDE_EPILOGUE.H new file mode 100644 index 0000000..c350018 --- /dev/null +++ b/ext/openssl1L/include/internal/__DECC_INCLUDE_EPILOGUE.H @@ -0,0 +1,16 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* restore state. Must correspond to the save in __decc_include_prologue.h */ +#pragma names restore diff --git a/ext/openssl1L/include/internal/__DECC_INCLUDE_PROLOGUE.H b/ext/openssl1L/include/internal/__DECC_INCLUDE_PROLOGUE.H new file mode 100644 index 0000000..9a9c777 --- /dev/null +++ b/ext/openssl1L/include/internal/__DECC_INCLUDE_PROLOGUE.H @@ -0,0 +1,20 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* save state */ +#pragma names save +/* have the compiler shorten symbols larger than 31 chars to 23 chars + * followed by a 8 hex char CRC + */ +#pragma names as_is,shortened diff --git a/ext/openssl1L/include/internal/bio.h b/ext/openssl1L/include/internal/bio.h new file mode 100644 index 0000000..c343b27 --- /dev/null +++ b/ext/openssl1L/include/internal/bio.h @@ -0,0 +1,33 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +struct bio_method_st { + int type; + char *name; + int (*bwrite) (BIO *, const char *, size_t, size_t *); + int (*bwrite_old) (BIO *, const char *, int); + int (*bread) (BIO *, char *, size_t, size_t *); + int (*bread_old) (BIO *, char *, int); + int (*bputs) (BIO *, const char *); + int (*bgets) (BIO *, char *, int); + long (*ctrl) (BIO *, int, long, void *); + int (*create) (BIO *); + int (*destroy) (BIO *); + long (*callback_ctrl) (BIO *, int, BIO_info_cb *); +}; + +void bio_free_ex_data(BIO *bio); +void bio_cleanup(void); + + +/* Old style to new style BIO_METHOD conversion functions */ +int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); +int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); diff --git a/ext/openssl1L/include/internal/comp.h b/ext/openssl1L/include/internal/comp.h new file mode 100644 index 0000000..ac6e38b --- /dev/null +++ b/ext/openssl1L/include/internal/comp.h @@ -0,0 +1,12 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void comp_zlib_cleanup_int(void); diff --git a/ext/openssl1L/include/internal/conf.h b/ext/openssl1L/include/internal/conf.h new file mode 100644 index 0000000..163fea8 --- /dev/null +++ b/ext/openssl1L/include/internal/conf.h @@ -0,0 +1,30 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CONF_H +# define OSSL_INTERNAL_CONF_H + +#include + +#define DEFAULT_CONF_MFLAGS \ + (CONF_MFLAGS_DEFAULT_SECTION | \ + CONF_MFLAGS_IGNORE_MISSING_FILE | \ + CONF_MFLAGS_IGNORE_RETURN_CODES) + +struct ossl_init_settings_st { + char *filename; + char *appname; + unsigned long flags; +}; + +int openssl_config_int(const OPENSSL_INIT_SETTINGS *); +void openssl_no_config_int(void); +void conf_modules_free_int(void); + +#endif diff --git a/ext/openssl1L/include/internal/constant_time.h b/ext/openssl1L/include/internal/constant_time.h new file mode 100644 index 0000000..6600a1d --- /dev/null +++ b/ext/openssl1L/include/internal/constant_time.h @@ -0,0 +1,387 @@ +/* + * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CONSTANT_TIME_H +# define OSSL_INTERNAL_CONSTANT_TIME_H + +# include +# include +# include /* For 'ossl_inline' */ + +/*- + * The boolean methods return a bitmask of all ones (0xff...f) for true + * and 0 for false. This is useful for choosing a value based on the result + * of a conditional in constant time. For example, + * if (a < b) { + * c = a; + * } else { + * c = b; + * } + * can be written as + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); + */ + +/* Returns the given value with the MSB copied to all the other bits. */ +static ossl_inline unsigned int constant_time_msb(unsigned int a); +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t constant_time_msb_32(uint32_t a); +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_msb_64(uint64_t a); + +/* Returns 0xff..f if a < b and 0 otherwise. */ +static ossl_inline unsigned int constant_time_lt(unsigned int a, + unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_lt_8(unsigned int a, + unsigned int b); +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b); + +/* Returns 0xff..f if a >= b and 0 otherwise. */ +static ossl_inline unsigned int constant_time_ge(unsigned int a, + unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_ge_8(unsigned int a, + unsigned int b); + +/* Returns 0xff..f if a == 0 and 0 otherwise. */ +static ossl_inline unsigned int constant_time_is_zero(unsigned int a); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a); +/* Convenience method for getting a 32-bit mask. */ +static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a); + +/* Returns 0xff..f if a == b and 0 otherwise. */ +static ossl_inline unsigned int constant_time_eq(unsigned int a, + unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_eq_8(unsigned int a, + unsigned int b); +/* Signed integers. */ +static ossl_inline unsigned int constant_time_eq_int(int a, int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_eq_int_8(int a, int b); + +/*- + * Returns (mask & a) | (~mask & b). + * + * When |mask| is all 1s or all 0s (as returned by the methods above), + * the select methods return either |a| (if |mask| is nonzero) or |b| + * (if |mask| is zero). + */ +static ossl_inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b); +/* Convenience method for unsigned chars. */ +static ossl_inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b); + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, + uint32_t b); + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, + uint64_t b); +/* Convenience method for signed integers. */ +static ossl_inline int constant_time_select_int(unsigned int mask, int a, + int b); + + +static ossl_inline unsigned int constant_time_msb(unsigned int a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + + +static ossl_inline uint32_t constant_time_msb_32(uint32_t a) +{ + return 0 - (a >> 31); +} + +static ossl_inline uint64_t constant_time_msb_64(uint64_t a) +{ + return 0 - (a >> 63); +} + +static ossl_inline size_t constant_time_msb_s(size_t a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + +static ossl_inline unsigned int constant_time_lt(unsigned int a, + unsigned int b) +{ + return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static ossl_inline size_t constant_time_lt_s(size_t a, size_t b) +{ + return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static ossl_inline unsigned char constant_time_lt_8(unsigned int a, + unsigned int b) +{ + return (unsigned char)constant_time_lt(a, b); +} + +static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b) +{ + return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static ossl_inline unsigned int constant_time_ge(unsigned int a, + unsigned int b) +{ + return ~constant_time_lt(a, b); +} + +static ossl_inline size_t constant_time_ge_s(size_t a, size_t b) +{ + return ~constant_time_lt_s(a, b); +} + +static ossl_inline unsigned char constant_time_ge_8(unsigned int a, + unsigned int b) +{ + return (unsigned char)constant_time_ge(a, b); +} + +static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b) +{ + return (unsigned char)constant_time_ge_s(a, b); +} + +static ossl_inline unsigned int constant_time_is_zero(unsigned int a) +{ + return constant_time_msb(~a & (a - 1)); +} + +static ossl_inline size_t constant_time_is_zero_s(size_t a) +{ + return constant_time_msb_s(~a & (a - 1)); +} + +static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a) +{ + return (unsigned char)constant_time_is_zero(a); +} + +static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a) +{ + return constant_time_msb_32(~a & (a - 1)); +} + +static ossl_inline unsigned int constant_time_eq(unsigned int a, + unsigned int b) +{ + return constant_time_is_zero(a ^ b); +} + +static ossl_inline size_t constant_time_eq_s(size_t a, size_t b) +{ + return constant_time_is_zero_s(a ^ b); +} + +static ossl_inline unsigned char constant_time_eq_8(unsigned int a, + unsigned int b) +{ + return (unsigned char)constant_time_eq(a, b); +} + +static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b) +{ + return (unsigned char)constant_time_eq_s(a, b); +} + +static ossl_inline unsigned int constant_time_eq_int(int a, int b) +{ + return constant_time_eq((unsigned)(a), (unsigned)(b)); +} + +static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) +{ + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); +} + +/* + * Returns the value unmodified, but avoids optimizations. + * The barriers prevent the compiler from narrowing down the + * possible value range of the mask and ~mask in the select + * statements, which avoids the recognition of the select + * and turning it into a conditional load or branch. + */ +static ossl_inline unsigned int value_barrier(unsigned int a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned int r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned int r = a; +#endif + return r; +} + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t value_barrier_32(uint32_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint32_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint32_t r = a; +#endif + return r; +} + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t value_barrier_64(uint64_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint64_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint64_t r = a; +#endif + return r; +} + +/* Convenience method for size_t. */ +static ossl_inline size_t value_barrier_s(size_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + size_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile size_t r = a; +#endif + return r; +} + +static ossl_inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b) +{ + return (value_barrier(mask) & a) | (value_barrier(~mask) & b); +} + +static ossl_inline size_t constant_time_select_s(size_t mask, + size_t a, + size_t b) +{ + return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); +} + +static ossl_inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b) +{ + return (unsigned char)constant_time_select(mask, a, b); +} + +static ossl_inline int constant_time_select_int(unsigned int mask, int a, + int b) +{ + return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b)); +} + +static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) +{ + return (int)constant_time_select((unsigned)mask, (unsigned)(a), + (unsigned)(b)); +} + +static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, + uint32_t b) +{ + return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); +} + +static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, + uint64_t b) +{ + return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); +} + +/* + * mask must be 0xFFFFFFFF or 0x00000000. + * + * if (mask) { + * uint32_t tmp = *a; + * + * *a = *b; + * *b = tmp; + * } + */ +static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a, + uint32_t *b) +{ + uint32_t xor = *a ^ *b; + + xor &= mask; + *a ^= xor; + *b ^= xor; +} + +/* + * mask must be 0xFFFFFFFF or 0x00000000. + * + * if (mask) { + * uint64_t tmp = *a; + * + * *a = *b; + * *b = tmp; + * } + */ +static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a, + uint64_t *b) +{ + uint64_t xor = *a ^ *b; + + xor &= mask; + *a ^= xor; + *b ^= xor; +} + +/* + * table is a two dimensional array of bytes. Each row has rowsize elements. + * Copies row number idx into out. rowsize and numrows are not considered + * private. + */ +static ossl_inline void constant_time_lookup(void *out, + const void *table, + size_t rowsize, + size_t numrows, + size_t idx) +{ + size_t i, j; + const unsigned char *tablec = (const unsigned char *)table; + unsigned char *outc = (unsigned char *)out; + unsigned char mask; + + memset(out, 0, rowsize); + + /* Note idx may underflow - but that is well defined */ + for (i = 0; i < numrows; i++, idx--) { + mask = (unsigned char)constant_time_is_zero_s(idx); + for (j = 0; j < rowsize; j++) + *(outc + j) |= constant_time_select_8(mask, *(tablec++), 0); + } +} + +/* + * Expected usage pattern is to unconditionally set error and then + * wipe it if there was no actual error. |clear| is 1 or 0. + */ +void err_clear_last_constant_time(int clear); + +#endif /* OSSL_INTERNAL_CONSTANT_TIME_H */ diff --git a/ext/openssl1L/include/internal/cryptlib.h b/ext/openssl1L/include/internal/cryptlib.h new file mode 100644 index 0000000..6e7291a --- /dev/null +++ b/ext/openssl1L/include/internal/cryptlib.h @@ -0,0 +1,99 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CRYPTLIB_H +# define OSSL_INTERNAL_CRYPTLIB_H + +# include +# include + +# ifdef OPENSSL_USE_APPLINK +# undef BIO_FLAGS_UPLINK +# define BIO_FLAGS_UPLINK 0x8000 +# include "ms/uplink.h" +# endif + +# include +# include +# include +# include +# include "internal/nelem.h" + +#ifdef NDEBUG +# define ossl_assert(x) ((x) != 0) +#else +__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, + const char *file, int line) +{ + if (!expr) + OPENSSL_die(exprstr, file, line); + + return expr; +} + +# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ + __FILE__, __LINE__) + +#endif + +typedef struct ex_callback_st EX_CALLBACK; + +DEFINE_STACK_OF(EX_CALLBACK) + +typedef struct app_mem_info_st APP_INFO; + +typedef struct mem_st MEM; +DEFINE_LHASH_OF(MEM); + +# define OPENSSL_CONF "openssl.cnf" + +# ifndef OPENSSL_SYS_VMS +# define X509_CERT_AREA OPENSSLDIR +# define X509_CERT_DIR OPENSSLDIR "/certs" +# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_PRIVATE_DIR OPENSSLDIR "/private" +# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +# else +# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" +# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" +# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" +# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" +# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" +# endif + +# define X509_CERT_DIR_EVP "SSL_CERT_DIR" +# define X509_CERT_FILE_EVP "SSL_CERT_FILE" +# define CTLOG_FILE_EVP "CTLOG_FILE" + +/* size of string representations */ +# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +# define HEX_SIZE(type) (sizeof(type)*2) + +void OPENSSL_cpuid_setup(void); +extern unsigned int OPENSSL_ia32cap_P[]; +void OPENSSL_showfatal(const char *fmta, ...); +void crypto_cleanup_all_ex_data_int(void); +int openssl_init_fork_handlers(void); +int openssl_get_fork_id(void); + +char *ossl_safe_getenv(const char *name); + +extern CRYPTO_RWLOCK *memdbg_lock; +int openssl_strerror_r(int errnum, char *buf, size_t buflen); +# if !defined(OPENSSL_NO_STDIO) +FILE *openssl_fopen(const char *filename, const char *mode); +# else +void *openssl_fopen(const char *filename, const char *mode); +# endif + +uint32_t OPENSSL_rdtsc(void); +size_t OPENSSL_instrument_bus(unsigned int *, size_t); +size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t); + +#endif diff --git a/ext/openssl1L/include/internal/dane.h b/ext/openssl1L/include/internal/dane.h new file mode 100644 index 0000000..7a39bd7 --- /dev/null +++ b/ext/openssl1L/include/internal/dane.h @@ -0,0 +1,103 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DANE_H +#define OSSL_INTERNAL_DANE_H + +#include + +/*- + * Certificate usages: + * https://tools.ietf.org/html/rfc6698#section-2.1.1 + */ +#define DANETLS_USAGE_PKIX_TA 0 +#define DANETLS_USAGE_PKIX_EE 1 +#define DANETLS_USAGE_DANE_TA 2 +#define DANETLS_USAGE_DANE_EE 3 +#define DANETLS_USAGE_LAST DANETLS_USAGE_DANE_EE + +/*- + * Selectors: + * https://tools.ietf.org/html/rfc6698#section-2.1.2 + */ +#define DANETLS_SELECTOR_CERT 0 +#define DANETLS_SELECTOR_SPKI 1 +#define DANETLS_SELECTOR_LAST DANETLS_SELECTOR_SPKI + +/*- + * Matching types: + * https://tools.ietf.org/html/rfc6698#section-2.1.3 + */ +#define DANETLS_MATCHING_FULL 0 +#define DANETLS_MATCHING_2256 1 +#define DANETLS_MATCHING_2512 2 +#define DANETLS_MATCHING_LAST DANETLS_MATCHING_2512 + +typedef struct danetls_record_st { + uint8_t usage; + uint8_t selector; + uint8_t mtype; + unsigned char *data; + size_t dlen; + EVP_PKEY *spki; +} danetls_record; + +DEFINE_STACK_OF(danetls_record) + +/* + * Shared DANE context + */ +struct dane_ctx_st { + const EVP_MD **mdevp; /* mtype -> digest */ + uint8_t *mdord; /* mtype -> preference */ + uint8_t mdmax; /* highest supported mtype */ + unsigned long flags; /* feature bitmask */ +}; + +/* + * Per connection DANE state + */ +struct ssl_dane_st { + struct dane_ctx_st *dctx; + STACK_OF(danetls_record) *trecs; + STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ + danetls_record *mtlsa; /* Matching TLSA record */ + X509 *mcert; /* DANE matched cert */ + uint32_t umask; /* Usages present */ + int mdpth; /* Depth of matched cert */ + int pdpth; /* Depth of PKIX trust */ + unsigned long flags; /* feature bitmask */ +}; + +#define DANETLS_ENABLED(dane) \ + ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0) + +#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u) + +#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA)) +#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE)) +#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA)) +#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE)) + +#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK) +#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK) +#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK) +#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK) + +#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) +#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) +#define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) +#define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) + +#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) +#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) +#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) +#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) + +#endif /* OSSL_INTERNAL_DANE_H */ diff --git a/ext/openssl1L/include/internal/dso.h b/ext/openssl1L/include/internal/dso.h new file mode 100644 index 0000000..c57c0c4 --- /dev/null +++ b/ext/openssl1L/include/internal/dso.h @@ -0,0 +1,165 @@ +/* + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DSO_H +# define OSSL_INTERNAL_DSO_H + +# include +# include "internal/dsoerr.h" + +/* These values are used as commands to DSO_ctrl() */ +# define DSO_CTRL_GET_FLAGS 1 +# define DSO_CTRL_SET_FLAGS 2 +# define DSO_CTRL_OR_FLAGS 3 + +/* + * By default, DSO_load() will translate the provided filename into a form + * typical for the platform using the dso_name_converter function of the + * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will + * transform it into "libblah.so". This callback could even utilise the + * DSO_METHOD's converter too if it only wants to override behaviour for + * one or two possible DSO methods. However, the following flag can be + * set in a DSO to prevent *any* native name-translation at all - eg. if + * the caller has prompted the user for a path to a driver library so the + * filename should be interpreted as-is. + */ +# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +/* + * An extra flag to give if only the extension should be added as + * translation. This is obviously only of importance on Unix and other + * operating systems where the translation also may prefix the name with + * something, like 'lib', and ignored everywhere else. This flag is also + * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. + */ +# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 + +/* + * Don't unload the DSO when we call DSO_free() + */ +# define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 + +/* + * This flag loads the library with public symbols. Meaning: The exported + * symbols of this library are public to all libraries loaded after this + * library. At the moment only implemented in unix. + */ +# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + +typedef void (*DSO_FUNC_TYPE) (void); + +typedef struct dso_st DSO; +typedef struct dso_meth_st DSO_METHOD; + +/* + * The function prototype used for method functions (or caller-provided + * callbacks) that transform filenames. They are passed a DSO structure + * pointer (or NULL if they are to be used independently of a DSO object) and + * a filename to transform. They should either return NULL (if there is an + * error condition) or a newly allocated string containing the transformed + * form that the caller will need to free with OPENSSL_free() when done. + */ +typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); +/* + * The function prototype used for method functions (or caller-provided + * callbacks) that merge two file specifications. They are passed a DSO + * structure pointer (or NULL if they are to be used independently of a DSO + * object) and two file specifications to merge. They should either return + * NULL (if there is an error condition) or a newly allocated string + * containing the result of merging that the caller will need to free with + * OPENSSL_free() when done. Here, merging means that bits and pieces are + * taken from each of the file specifications and added together in whatever + * fashion that is sensible for the DSO method in question. The only rule + * that really applies is that if the two specification contain pieces of the + * same type, the copy from the first string takes priority. One could see + * it as the first specification is the one given by the user and the second + * being a bunch of defaults to add on if they're missing in the first. + */ +typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); + +DSO *DSO_new(void); +int DSO_free(DSO *dso); +int DSO_flags(DSO *dso); +int DSO_up_ref(DSO *dso); +long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); + +/* + * These functions can be used to get/set the platform-independent filename + * used for a DSO. NB: set will fail if the DSO is already loaded. + */ +const char *DSO_get_filename(DSO *dso); +int DSO_set_filename(DSO *dso, const char *filename); +/* + * This function will invoke the DSO's name_converter callback to translate a + * filename, or if the callback isn't set it will instead use the DSO_METHOD's + * converter. If "filename" is NULL, the "filename" in the DSO itself will be + * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is + * simply duplicated. NB: This function is usually called from within a + * DSO_METHOD during the processing of a DSO_load() call, and is exposed so + * that caller-created DSO_METHODs can do the same thing. A non-NULL return + * value will need to be OPENSSL_free()'d. + */ +char *DSO_convert_filename(DSO *dso, const char *filename); +/* + * This function will invoke the DSO's merger callback to merge two file + * specifications, or if the callback isn't set it will instead use the + * DSO_METHOD's merger. A non-NULL return value will need to be + * OPENSSL_free()'d. + */ +char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); + +/* + * The all-singing all-dancing load function, you normally pass NULL for the + * first and third parameters. Use DSO_up_ref and DSO_free for subsequent + * reference count handling. Any flags passed in will be set in the + * constructed DSO after its init() function but before the load operation. + * If 'dso' is non-NULL, 'flags' is ignored. + */ +DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); + +/* This function binds to a function inside a shared library. */ +DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); + +/* + * This method is the default, but will beg, borrow, or steal whatever method + * should be the default on any particular platform (including + * DSO_METH_null() if necessary). + */ +DSO_METHOD *DSO_METHOD_openssl(void); + +/* + * This function writes null-terminated pathname of DSO module containing + * 'addr' into 'sz' large caller-provided 'path' and returns the number of + * characters [including trailing zero] written to it. If 'sz' is 0 or + * negative, 'path' is ignored and required amount of characters [including + * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero return value + * denotes error. + */ +int DSO_pathbyaddr(void *addr, char *path, int sz); + +/* + * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol + * or NULL on error. + */ +DSO *DSO_dsobyaddr(void *addr, int flags); + +/* + * This function should be used with caution! It looks up symbols in *all* + * loaded modules and if module gets unloaded by somebody else attempt to + * dereference the pointer is doomed to have fatal consequences. Primary + * usage for this function is to probe *core* system functionality, e.g. + * check if getnameinfo(3) is available at run-time without bothering about + * OS-specific details such as libc.so.versioning or where does it actually + * reside: in libc itself or libsocket. + */ +void *DSO_global_lookup(const char *name); + +int ERR_load_DSO_strings(void); + +#endif diff --git a/ext/openssl1L/include/internal/dsoerr.h b/ext/openssl1L/include/internal/dsoerr.h new file mode 100644 index 0000000..94d642a --- /dev/null +++ b/ext/openssl1L/include/internal/dsoerr.h @@ -0,0 +1,82 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DSOERR_H +# define OSSL_INTERNAL_DSOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSO_strings(void); + +/* + * DSO function codes. + */ +# define DSO_F_DLFCN_BIND_FUNC 100 +# define DSO_F_DLFCN_LOAD 102 +# define DSO_F_DLFCN_MERGER 130 +# define DSO_F_DLFCN_NAME_CONVERTER 123 +# define DSO_F_DLFCN_UNLOAD 103 +# define DSO_F_DL_BIND_FUNC 104 +# define DSO_F_DL_LOAD 106 +# define DSO_F_DL_MERGER 131 +# define DSO_F_DL_NAME_CONVERTER 124 +# define DSO_F_DL_UNLOAD 107 +# define DSO_F_DSO_BIND_FUNC 108 +# define DSO_F_DSO_CONVERT_FILENAME 126 +# define DSO_F_DSO_CTRL 110 +# define DSO_F_DSO_FREE 111 +# define DSO_F_DSO_GET_FILENAME 127 +# define DSO_F_DSO_GLOBAL_LOOKUP 139 +# define DSO_F_DSO_LOAD 112 +# define DSO_F_DSO_MERGE 132 +# define DSO_F_DSO_NEW_METHOD 113 +# define DSO_F_DSO_PATHBYADDR 105 +# define DSO_F_DSO_SET_FILENAME 129 +# define DSO_F_DSO_UP_REF 114 +# define DSO_F_VMS_BIND_SYM 115 +# define DSO_F_VMS_LOAD 116 +# define DSO_F_VMS_MERGER 133 +# define DSO_F_VMS_UNLOAD 117 +# define DSO_F_WIN32_BIND_FUNC 101 +# define DSO_F_WIN32_GLOBALLOOKUP 142 +# define DSO_F_WIN32_JOINER 135 +# define DSO_F_WIN32_LOAD 120 +# define DSO_F_WIN32_MERGER 134 +# define DSO_F_WIN32_NAME_CONVERTER 125 +# define DSO_F_WIN32_PATHBYADDR 109 +# define DSO_F_WIN32_SPLITTER 136 +# define DSO_F_WIN32_UNLOAD 121 + +/* + * DSO reason codes. + */ +# define DSO_R_CTRL_FAILED 100 +# define DSO_R_DSO_ALREADY_LOADED 110 +# define DSO_R_EMPTY_FILE_STRUCTURE 113 +# define DSO_R_FAILURE 114 +# define DSO_R_FILENAME_TOO_BIG 101 +# define DSO_R_FINISH_FAILED 102 +# define DSO_R_INCORRECT_FILE_SYNTAX 115 +# define DSO_R_LOAD_FAILED 103 +# define DSO_R_NAME_TRANSLATION_FAILED 109 +# define DSO_R_NO_FILENAME 111 +# define DSO_R_NULL_HANDLE 104 +# define DSO_R_SET_FILENAME_FAILED 112 +# define DSO_R_STACK_ERROR 105 +# define DSO_R_SYM_FAILURE 106 +# define DSO_R_UNLOAD_FAILED 107 +# define DSO_R_UNSUPPORTED 108 + +#endif diff --git a/ext/openssl1L/include/internal/err.h b/ext/openssl1L/include/internal/err.h new file mode 100644 index 0000000..88dde70 --- /dev/null +++ b/ext/openssl1L/include/internal/err.h @@ -0,0 +1,15 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_ERR_H +# define OSSL_INTERNAL_ERR_H + +void err_free_strings_int(void); + +#endif diff --git a/ext/openssl1L/include/internal/nelem.h b/ext/openssl1L/include/internal/nelem.h new file mode 100644 index 0000000..699ef88 --- /dev/null +++ b/ext/openssl1L/include/internal/nelem.h @@ -0,0 +1,14 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_NELEM_H +# define OSSL_INTERNAL_NELEM_H + +# define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) +#endif diff --git a/ext/openssl1L/include/internal/numbers.h b/ext/openssl1L/include/internal/numbers.h new file mode 100644 index 0000000..f5ade52 --- /dev/null +++ b/ext/openssl1L/include/internal/numbers.h @@ -0,0 +1,68 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_NUMBERS_H +# define OSSL_INTERNAL_NUMBERS_H + +# include + +# if (-1 & 3) == 0x03 /* Two's complement */ + +# define __MAXUINT__(T) ((T) -1) +# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +# define __MININT__(T) (-__MAXINT__(T) - 1) + +# elif (-1 & 3) == 0x02 /* One's complement */ + +# define __MAXUINT__(T) (((T) -1) + 1) +# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +# define __MININT__(T) (-__MAXINT__(T)) + +# elif (-1 & 3) == 0x01 /* Sign/magnitude */ + +# define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) +# define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) +# define __MININT__(T) (-__MAXINT__(T)) + +# else + +# error "do not know the integer encoding on this architecture" + +# endif + +# ifndef INT8_MAX +# define INT8_MIN __MININT__(int8_t) +# define INT8_MAX __MAXINT__(int8_t) +# define UINT8_MAX __MAXUINT__(uint8_t) +# endif + +# ifndef INT16_MAX +# define INT16_MIN __MININT__(int16_t) +# define INT16_MAX __MAXINT__(int16_t) +# define UINT16_MAX __MAXUINT__(uint16_t) +# endif + +# ifndef INT32_MAX +# define INT32_MIN __MININT__(int32_t) +# define INT32_MAX __MAXINT__(int32_t) +# define UINT32_MAX __MAXUINT__(uint32_t) +# endif + +# ifndef INT64_MAX +# define INT64_MIN __MININT__(int64_t) +# define INT64_MAX __MAXINT__(int64_t) +# define UINT64_MAX __MAXUINT__(uint64_t) +# endif + +# ifndef SIZE_MAX +# define SIZE_MAX __MAXUINT__(size_t) +# endif + +#endif + diff --git a/ext/openssl1L/include/internal/o_dir.h b/ext/openssl1L/include/internal/o_dir.h new file mode 100644 index 0000000..dafc8dd --- /dev/null +++ b/ext/openssl1L/include/internal/o_dir.h @@ -0,0 +1,52 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is dual-licensed and is also available under the following + * terms: + * + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef OSSL_INTERNAL_O_DIR_H +# define OSSL_INTERNAL_O_DIR_H + +typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; + +/* + * returns NULL on error or end-of-directory. If it is end-of-directory, + * errno will be zero + */ +const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); +/* returns 1 on success, 0 on error */ +int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); + +#endif /* LPDIR_H */ diff --git a/ext/openssl1L/include/internal/o_str.h b/ext/openssl1L/include/internal/o_str.h new file mode 100644 index 0000000..15c12e8 --- /dev/null +++ b/ext/openssl1L/include/internal/o_str.h @@ -0,0 +1,17 @@ +/* + * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_O_STR_H +# define OSSL_INTERNAL_O_STR_H + +# include /* to get size_t */ + +int OPENSSL_memcmp(const void *p1, const void *p2, size_t n); + +#endif diff --git a/ext/openssl1L/include/internal/refcount.h b/ext/openssl1L/include/internal/refcount.h new file mode 100644 index 0000000..8fb536e --- /dev/null +++ b/ext/openssl1L/include/internal/refcount.h @@ -0,0 +1,150 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_INTERNAL_REFCOUNT_H +# define OSSL_INTERNAL_REFCOUNT_H + +/* Used to checking reference counts, most while doing perl5 stuff :-) */ +# if defined(OPENSSL_NO_STDIO) +# if defined(REF_PRINT) +# error "REF_PRINT requires stdio" +# endif +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +# include +# define HAVE_C11_ATOMICS +# endif + +# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ + && ATOMIC_INT_LOCK_FREE > 0 + +# define HAVE_ATOMICS 1 + +typedef _Atomic int CRYPTO_REF_COUNT; + +static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock) +{ + *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1; + return 1; +} + +/* + * Changes to shared structure other than reference counter have to be + * serialized. And any kind of serialization implies a release fence. This + * means that by the time reference counter is decremented all other + * changes are visible on all processors. Hence decrement itself can be + * relaxed. In case it hits zero, object will be destructed. Since it's + * last use of the object, destructor programmer might reason that access + * to mutable members doesn't have to be serialized anymore, which would + * otherwise imply an acquire fence. Hence conditional acquire fence... + */ +static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock) +{ + *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1; + if (*ret == 0) + atomic_thread_fence(memory_order_acquire); + return 1; +} + +# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 + +# define HAVE_ATOMICS 1 + +typedef int CRYPTO_REF_COUNT; + +static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock) +{ + *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1; + return 1; +} + +static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock) +{ + *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1; + if (*ret == 0) + __atomic_thread_fence(__ATOMIC_ACQUIRE); + return 1; +} + +# elif defined(_MSC_VER) && _MSC_VER>=1200 + +# define HAVE_ATOMICS 1 + +typedef volatile int CRYPTO_REF_COUNT; + +# if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) +# include +# if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) +# define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH +# endif + +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd_nf(val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd_nf(val, -1) - 1; + if (*ret == 0) + __dmb(_ARM_BARRIER_ISH); + return 1; +} +# else +# if !defined(_WIN32_WCE) +# pragma intrinsic(_InterlockedExchangeAdd) +# else +# if _WIN32_WCE >= 0x600 + extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); +# else + /* under Windows CE we still have old-style Interlocked* functions */ + extern long __cdecl InterlockedExchangeAdd(long volatile*, long); +# define _InterlockedExchangeAdd InterlockedExchangeAdd +# endif +# endif + +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd(val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd(val, -1) - 1; + return 1; +} +# endif + +# else + +typedef int CRYPTO_REF_COUNT; + +# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock) +# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock) + +# endif + +# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) +# define REF_ASSERT_ISNT(test) \ + (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) +# else +# define REF_ASSERT_ISNT(i) +# endif + +# ifdef REF_PRINT +# define REF_PRINT_COUNT(a, b) \ + fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) +# else +# define REF_PRINT_COUNT(a, b) +# endif + +#endif diff --git a/ext/openssl1L/include/internal/sockets.h b/ext/openssl1L/include/internal/sockets.h new file mode 100644 index 0000000..4fc1aec --- /dev/null +++ b/ext/openssl1L/include/internal/sockets.h @@ -0,0 +1,157 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +#ifndef OSSL_INTERNAL_SOCKETS_H +# define OSSL_INTERNAL_SOCKETS_H + +# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) +# define NO_SYS_PARAM_H +# endif +# ifdef WIN32 +# define NO_SYS_UN_H +# endif +# ifdef OPENSSL_SYS_VMS +# define NO_SYS_PARAM_H +# define NO_SYS_UN_H +# endif + +# ifdef OPENSSL_NO_SOCK + +# elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +# if defined(__DJGPP__) +# include +# include +# include +# include +# include +# include +# elif defined(_WIN32_WCE) && _WIN32_WCE<410 +# define getservbyname _masked_declaration_getservbyname +# endif +# if !defined(IPPROTO_IP) + /* winsock[2].h was included already? */ +# include +# endif +# ifdef getservbyname + /* this is used to be wcecompat/include/winsock_extras.h */ +# undef getservbyname +struct servent *PASCAL getservbyname(const char *, const char *); +# endif + +# ifdef _WIN64 +/* + * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because + * the value constitutes an index in per-process table of limited size + * and not a real pointer. And we also depend on fact that all processors + * Windows run on happen to be two's-complement, which allows to + * interchange INVALID_SOCKET and -1. + */ +# define socket(d,t,p) ((int)socket(d,t,p)) +# define accept(s,f,l) ((int)accept(s,f,l)) +# endif + +# else + +# ifndef NO_SYS_PARAM_H +# include +# endif +# ifdef OPENSSL_SYS_VXWORKS +# include +# endif + +# include +# if defined(OPENSSL_SYS_VMS_NODECC) +# include +# include +# include +# else +# include +# ifndef NO_SYS_UN_H +# include +# ifndef UNIX_PATH_MAX +# define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) +# endif +# endif +# ifdef FILIO_H +# include /* FIONBIO in some SVR4, e.g. unixware, solaris */ +# endif +# include +# include +# include +# endif + +# ifdef OPENSSL_SYS_AIX +# include +# endif + +# ifndef VMS +# include +# else +# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) + /* ioctl is only in VMS > 7.0 and when socketshr is not used */ +# include +# endif +# include +# if defined(TCPIP_TYPE_SOCKETSHR) +# include +# endif +# endif + +# ifndef INVALID_SOCKET +# define INVALID_SOCKET (-1) +# endif +# endif + +/* + * Some IPv6 implementations are broken, you can disable them in known + * bad versions. + */ +# if !defined(OPENSSL_USE_IPV6) +# if defined(AF_INET6) +# define OPENSSL_USE_IPV6 1 +# else +# define OPENSSL_USE_IPV6 0 +# endif +# endif + +# define get_last_socket_error() errno +# define clear_socket_error() errno=0 + +# if defined(OPENSSL_SYS_WINDOWS) +# undef get_last_socket_error +# undef clear_socket_error +# define get_last_socket_error() WSAGetLastError() +# define clear_socket_error() WSASetLastError(0) +# define readsocket(s,b,n) recv((s),(b),(n),0) +# define writesocket(s,b,n) send((s),(b),(n),0) +# elif defined(__DJGPP__) +# define WATT32 +# define WATT32_NO_OLDIES +# define closesocket(s) close_s(s) +# define readsocket(s,b,n) read_s(s,b,n) +# define writesocket(s,b,n) send(s,b,n,0) +# elif defined(OPENSSL_SYS_VMS) +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) recv((s),(b),(n),0) +# define writesocket(s,b,n) send((s),(b),(n),0) +# elif defined(OPENSSL_SYS_VXWORKS) +# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(char *)(b),(n)) +# else +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(b),(n)) +# endif + +#endif diff --git a/ext/openssl1L/include/internal/sslconf.h b/ext/openssl1L/include/internal/sslconf.h new file mode 100644 index 0000000..92c8941 --- /dev/null +++ b/ext/openssl1L/include/internal/sslconf.h @@ -0,0 +1,20 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SSLCONF_H +# define OSSL_INTERNAL_SSLCONF_H + +typedef struct ssl_conf_cmd_st SSL_CONF_CMD; + +const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt); +int conf_ssl_name_find(const char *name, size_t *idx); +void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg); + +#endif diff --git a/ext/openssl1L/include/internal/thread_once.h b/ext/openssl1L/include/internal/thread_once.h new file mode 100644 index 0000000..8f8aa6e --- /dev/null +++ b/ext/openssl1L/include/internal/thread_once.h @@ -0,0 +1,137 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +/* + * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly + * once. It takes no arguments and returns and int result (1 for success or + * 0 for failure). Typical usage might be: + * + * DEFINE_RUN_ONCE(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ +#define DEFINE_RUN_ONCE(init) \ + static int init(void); \ + int init##_ossl_ret_ = 0; \ + void init##_ossl_(void) \ + { \ + init##_ossl_ret_ = init(); \ + } \ + static int init(void) + +/* + * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly + * once that has been defined in another file via DEFINE_RUN_ONCE(). + */ +#define DECLARE_RUN_ONCE(init) \ + extern int init##_ossl_ret_; \ + void init##_ossl_(void); + +/* + * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run + * exactly once. This function will be declared as static within the file. It + * takes no arguments and returns and int result (1 for success or 0 for + * failure). Typical usage might be: + * + * DEFINE_RUN_ONCE_STATIC(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ +#define DEFINE_RUN_ONCE_STATIC(init) \ + static int init(void); \ + static int init##_ossl_ret_ = 0; \ + static void init##_ossl_(void) \ + { \ + init##_ossl_ret_ = init(); \ + } \ + static int init(void) + +/* + * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This + * function will be declared as static within the file. It takes no arguments + * and returns an int result (1 for success or 0 for failure). An alternative + * initialiser function is expected to be associated with a primary initialiser + * function defined via DEFINE_ONCE_STATIC where both functions use the same + * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function + * is used only one of the primary or the alternative initialiser function will + * ever be called - and that function will be called exactly once. Definition + * of an alternative initialiser function MUST occur AFTER the definition of the + * primary initialiser function. + * + * Typical usage might be: + * + * DEFINE_RUN_ONCE_STATIC(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + * + * DEFINE_RUN_ONCE_STATIC_ALT(myaltinitfunc, myinitfunc) + * { + * do_some_alternative_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ +#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ + static int initalt(void); \ + static void initalt##_ossl_(void) \ + { \ + init##_ossl_ret_ = initalt(); \ + } \ + static int initalt(void) + +/* + * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded + * @once: pointer to static object of type CRYPTO_ONCE + * @init: function name that was previously given to DEFINE_RUN_ONCE, + * DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE. This function + * must return 1 for success or 0 for failure. + * + * The return value is 1 on success (*) or 0 in case of error. + * + * (*) by convention, since the init function must return 1 on success. + */ +#define RUN_ONCE(once, init) \ + (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) + +/* + * RUN_ONCE_ALT - use CRYPTO_THREAD_run_once, to run an alternative initialiser + * function and check if that initialisation succeeded + * @once: pointer to static object of type CRYPTO_ONCE + * @initalt: alternative initialiser function name that was previously given to + * DEFINE_RUN_ONCE_STATIC_ALT. This function must return 1 for + * success or 0 for failure. + * @init: primary initialiser function name that was previously given to + * DEFINE_RUN_ONCE_STATIC. This function must return 1 for success or + * 0 for failure. + * + * The return value is 1 on success (*) or 0 in case of error. + * + * (*) by convention, since the init function must return 1 on success. + */ +#define RUN_ONCE_ALT(once, initalt, init) \ + (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0) diff --git a/ext/openssl1L/include/internal/tsan_assist.h b/ext/openssl1L/include/internal/tsan_assist.h new file mode 100644 index 0000000..cc30162 --- /dev/null +++ b/ext/openssl1L/include/internal/tsan_assist.h @@ -0,0 +1,144 @@ +/* + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Contemporary compilers implement lock-free atomic memory access + * primitives that facilitate writing "thread-opportunistic" or even real + * multi-threading low-overhead code. "Thread-opportunistic" is when + * exact result is not required, e.g. some statistics, or execution flow + * doesn't have to be unambiguous. Simplest example is lazy "constant" + * initialization when one can synchronize on variable itself, e.g. + * + * if (var == NOT_YET_INITIALIZED) + * var = function_returning_same_value(); + * + * This does work provided that loads and stores are single-instruction + * operations (and integer ones are on *all* supported platforms), but + * it upsets Thread Sanitizer. Suggested solution is + * + * if (tsan_load(&var) == NOT_YET_INITIALIZED) + * tsan_store(&var, function_returning_same_value()); + * + * Production machine code would be the same, so one can wonder why + * bother. Having Thread Sanitizer accept "thread-opportunistic" code + * allows to move on trouble-shooting real bugs. + * + * Resolving Thread Sanitizer nits was the initial purpose for this module, + * but it was later extended with more nuanced primitives that are useful + * even in "non-opportunistic" scenarios. Most notably verifying if a shared + * structure is fully initialized and bypassing the initialization lock. + * It's suggested to view macros defined in this module as "annotations" for + * thread-safe lock-free code, "Thread-Safe ANnotations"... + * + * It's assumed that ATOMIC_{LONG|INT}_LOCK_FREE are assigned same value as + * ATOMIC_POINTER_LOCK_FREE. And check for >= 2 ensures that corresponding + * code is inlined. It should be noted that statistics counters become + * accurate in such case. + * + * Special note about TSAN_QUALIFIER. It might be undesired to use it in + * a shared header. Because whether operation on specific variable or member + * is atomic or not might be irrelevant in other modules. In such case one + * can use TSAN_QUALIFIER in cast specifically when it has to count. + */ + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +# include + +# if defined(ATOMIC_POINTER_LOCK_FREE) \ + && ATOMIC_POINTER_LOCK_FREE >= 2 +# define TSAN_QUALIFIER _Atomic +# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) +# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) +# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed) +# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed) +# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) +# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) +# endif + +#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) + +# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ + && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2 +# define TSAN_QUALIFIER volatile +# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) +# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) +# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED) +# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED) +# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) +# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) +# endif + +#elif defined(_MSC_VER) && _MSC_VER>=1200 \ + && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE))) +/* + * There is subtle dependency on /volatile: command-line option. + * "ms" implies same semantic as memory_order_acquire for loads and + * memory_order_release for stores, while "iso" - memory_order_relaxed for + * either. Real complication is that defaults are different on x86 and ARM. + * There is explanation for that, "ms" is backward compatible with earlier + * compiler versions, while multi-processor ARM can be viewed as brand new + * platform to MSC and its users, and with non-relaxed semantic taking toll + * with additional instructions and penalties, it kind of makes sense to + * default to "iso"... + */ +# define TSAN_QUALIFIER volatile +# if defined(_M_ARM) || defined(_M_ARM64) +# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf +# pragma intrinsic(_InterlockedExchangeAdd_nf) +# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) +# ifdef _WIN64 +# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf +# pragma intrinsic(_InterlockedExchangeAdd64_nf) +# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) +# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ + : __iso_volatile_load32(ptr)) +# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ + : __iso_volatile_store32((ptr), (val))) +# else +# define tsan_load(ptr) __iso_volatile_load32(ptr) +# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +# endif +# else +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) +# endif +# pragma intrinsic(_InterlockedExchangeAdd) +# ifdef _WIN64 +# pragma intrinsic(_InterlockedExchangeAdd64) +# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \ + : _InterlockedExchangeAdd((ptr), 1)) +# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \ + : _InterlockedExchangeAdd((ptr), -1)) +# else +# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1) +# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1) +# endif +# if !defined(_ISO_VOLATILE) +# define tsan_ld_acq(ptr) (*(ptr)) +# define tsan_st_rel(ptr, val) (*(ptr) = (val)) +# endif + +#endif + +#ifndef TSAN_QUALIFIER + +# define TSAN_QUALIFIER volatile +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) +# define tsan_counter(ptr) ((*(ptr))++) +# define tsan_decr(ptr) ((*(ptr))--) +/* + * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not + * sophisticated enough to support them. Code that relies on them should be + * protected with #ifdef tsan_ld_acq with locked fallback. + */ + +#endif diff --git a/ext/openssl1L/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/ext/openssl1L/include/openssl/__DECC_INCLUDE_EPILOGUE.H new file mode 100644 index 0000000..ad0a5f5 --- /dev/null +++ b/ext/openssl1L/include/openssl/__DECC_INCLUDE_EPILOGUE.H @@ -0,0 +1,22 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C/C++ on VMS, and is included automatically + * after each header file from this directory + */ + +/* + * The C++ compiler doesn't understand these pragmas, even though it + * understands the corresponding command line qualifier. + */ +#ifndef __cplusplus +/* restore state. Must correspond to the save in __decc_include_prologue.h */ +# pragma names restore +#endif diff --git a/ext/openssl1L/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/ext/openssl1L/include/openssl/__DECC_INCLUDE_PROLOGUE.H new file mode 100644 index 0000000..5f5513e --- /dev/null +++ b/ext/openssl1L/include/openssl/__DECC_INCLUDE_PROLOGUE.H @@ -0,0 +1,26 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C/C++ on VMS, and is included automatically + * after each header file from this directory + */ + +/* + * The C++ compiler doesn't understand these pragmas, even though it + * understands the corresponding command line qualifier. + */ +#ifndef __cplusplus +/* save state */ +# pragma names save +/* have the compiler shorten symbols larger than 31 chars to 23 chars + * followed by a 8 hex char CRC + */ +# pragma names as_is,shortened +#endif diff --git a/ext/openssl1L/include/openssl/aes.h b/ext/openssl1L/include/openssl/aes.h new file mode 100644 index 0000000..245c552 --- /dev/null +++ b/ext/openssl1L/include/openssl/aes.h @@ -0,0 +1,92 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_AES_H +# define HEADER_AES_H + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ +# define AES_MAXNR 14 +# define AES_BLOCK_SIZE 16 + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +const char *AES_options(void); + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/asn1.h b/ext/openssl1L/include/openssl/asn1.h new file mode 100644 index 0000000..9522eec --- /dev/null +++ b/ext/openssl1L/include/openssl/asn1.h @@ -0,0 +1,886 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1_H +# define HEADER_ASN1_H + +# include +# include +# include +# include +# include +# include +# include + +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DEFINE_STACK_OF(X509_ALGOR) + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DEFINE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +# define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(type *,unsigned char **) +# define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +# define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +# define DECLARE_ASN1_ITEM(name) \ + OPENSSL_EXTERN const ASN1_ITEM name##_it; + +# else + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +# endif + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DEFINE_STACK_OF(ASN1_INTEGER) + +DEFINE_STACK_OF(ASN1_GENERALSTRING) + +DEFINE_STACK_OF(ASN1_UTF8STRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DEFINE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + +DECLARE_ASN1_ITEM(ASN1_OBJECT) + +DEFINE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/asn1_mac.h b/ext/openssl1L/include/openssl/asn1_mac.h new file mode 100644 index 0000000..7ac1782 --- /dev/null +++ b/ext/openssl1L/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/ext/openssl1L/include/openssl/asn1err.h b/ext/openssl1L/include/openssl/asn1err.h new file mode 100644 index 0000000..e1ad1fe --- /dev/null +++ b/ext/openssl1L/include/openssl/asn1err.h @@ -0,0 +1,256 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1ERR_H +# define HEADER_ASN1ERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# define ASN1_F_A2D_ASN1_OBJECT 100 +# define ASN1_F_A2I_ASN1_INTEGER 102 +# define ASN1_F_A2I_ASN1_STRING 103 +# define ASN1_F_APPEND_EXP 176 +# define ASN1_F_ASN1_BIO_INIT 113 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +# define ASN1_F_ASN1_CB 177 +# define ASN1_F_ASN1_CHECK_TLEN 104 +# define ASN1_F_ASN1_COLLECT 106 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +# define ASN1_F_ASN1_D2I_FP 109 +# define ASN1_F_ASN1_D2I_READ_BIO 107 +# define ASN1_F_ASN1_DIGEST 184 +# define ASN1_F_ASN1_DO_ADB 110 +# define ASN1_F_ASN1_DO_LOCK 233 +# define ASN1_F_ASN1_DUP 111 +# define ASN1_F_ASN1_ENC_SAVE 115 +# define ASN1_F_ASN1_EX_C2I 204 +# define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +# define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 +# define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 +# define ASN1_F_ASN1_I2D_BIO 116 +# define ASN1_F_ASN1_I2D_FP 117 +# define ASN1_F_ASN1_ITEM_D2I_FP 206 +# define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_EX_I2D 144 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 +# define ASN1_F_ASN1_ITEM_I2D_BIO 192 +# define ASN1_F_ASN1_ITEM_I2D_FP 193 +# define ASN1_F_ASN1_ITEM_PACK 198 +# define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +# define ASN1_F_ASN1_ITEM_UNPACK 199 +# define ASN1_F_ASN1_ITEM_VERIFY 197 +# define ASN1_F_ASN1_MBSTRING_NCOPY 122 +# define ASN1_F_ASN1_OBJECT_NEW 123 +# define ASN1_F_ASN1_OUTPUT_DATA 214 +# define ASN1_F_ASN1_PCTX_NEW 205 +# define ASN1_F_ASN1_PRIMITIVE_NEW 119 +# define ASN1_F_ASN1_SCTX_NEW 221 +# define ASN1_F_ASN1_SIGN 128 +# define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 +# define ASN1_F_ASN1_STRING_SET 186 +# define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 +# define ASN1_F_ASN1_STRING_TYPE_NEW 130 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +# define ASN1_F_ASN1_TEMPLATE_NEW 133 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 +# define ASN1_F_ASN1_VERIFY 137 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 +# define ASN1_F_BITSTR_CB 180 +# define ASN1_F_BN_TO_ASN1_STRING 229 +# define ASN1_F_C2I_ASN1_BIT_STRING 189 +# define ASN1_F_C2I_ASN1_INTEGER 194 +# define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 +# define ASN1_F_C2I_UINT64_INT 101 +# define ASN1_F_COLLECT_DATA 140 +# define ASN1_F_D2I_ASN1_OBJECT 147 +# define ASN1_F_D2I_ASN1_UINTEGER 150 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 +# define ASN1_F_D2I_PRIVATEKEY 154 +# define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 +# define ASN1_F_DO_CREATE 124 +# define ASN1_F_DO_DUMP 125 +# define ASN1_F_DO_TCREATE 222 +# define ASN1_F_I2A_ASN1_OBJECT 126 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 +# define ASN1_F_I2D_DSA_PUBKEY 161 +# define ASN1_F_I2D_EC_PUBKEY 181 +# define ASN1_F_I2D_PRIVATEKEY 163 +# define ASN1_F_I2D_PUBLICKEY 164 +# define ASN1_F_I2D_RSA_PUBKEY 165 +# define ASN1_F_LONG_C2I 166 +# define ASN1_F_NDEF_PREFIX 127 +# define ASN1_F_NDEF_SUFFIX 136 +# define ASN1_F_OID_MODULE_INIT 174 +# define ASN1_F_PARSE_TAGGING 182 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 +# define ASN1_F_PKCS5_PBE_SET 202 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_STABLE_GET 138 +# define ASN1_F_STBL_MODULE_INIT 223 +# define ASN1_F_UINT32_C2I 105 +# define ASN1_F_UINT32_NEW 139 +# define ASN1_F_UINT64_C2I 112 +# define ASN1_F_UINT64_NEW 141 +# define ASN1_F_X509_CRL_ADD0_REVOKED 169 +# define ASN1_F_X509_INFO_NEW 170 +# define ASN1_F_X509_NAME_ENCODE 203 +# define ASN1_F_X509_NAME_EX_D2I 158 +# define ASN1_F_X509_NAME_EX_NEW 171 +# define ASN1_F_X509_PKEY_NEW 173 + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BAD_TEMPLATE 230 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/ext/openssl1L/include/openssl/asn1t.h b/ext/openssl1L/include/openssl/asn1t.h new file mode 100644 index 0000000..a450ba0 --- /dev/null +++ b/ext/openssl1L/include/openssl/asn1t.h @@ -0,0 +1,945 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1T_H +# define HEADER_ASN1T_H + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM itname##_it = { + +# define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ + }; + +# else + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +# endif + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ + static_ASN1_SEQUENCE_END_ref(stname, stname) + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# else +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +# endif +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + +# else + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# endif + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +/* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. + */ +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +DEFINE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/async.h b/ext/openssl1L/include/openssl/async.h new file mode 100644 index 0000000..7052b89 --- /dev/null +++ b/ext/openssl1L/include/openssl/async.h @@ -0,0 +1,76 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef HEADER_ASYNC_H +# define HEADER_ASYNC_H + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/asyncerr.h b/ext/openssl1L/include/openssl/asyncerr.h new file mode 100644 index 0000000..91afbbb --- /dev/null +++ b/ext/openssl1L/include/openssl/asyncerr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNCERR_H +# define HEADER_ASYNCERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# define ASYNC_F_ASYNC_CTX_NEW 100 +# define ASYNC_F_ASYNC_INIT_THREAD 101 +# define ASYNC_F_ASYNC_JOB_NEW 102 +# define ASYNC_F_ASYNC_PAUSE_JOB 103 +# define ASYNC_F_ASYNC_START_FUNC 104 +# define ASYNC_F_ASYNC_START_JOB 105 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/ext/openssl1L/include/openssl/bio.h b/ext/openssl1L/include/openssl/bio.h new file mode 100644 index 0000000..ae559a5 --- /dev/null +++ b/ext/openssl1L/include/openssl/bio.h @@ -0,0 +1,801 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIO_H +# define HEADER_BIO_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif + +#define BIO_TYPE_START 128 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef BIO_FLAGS_UPLINK +/* + * "UPLINK" flag denotes file descriptors provided by application. It + * defaults to 0, as most platforms don't require UPLINK interface. + */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +DEFINE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void *context, + void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +# endif + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# if OPENSSL_API_COMPAT < 0x10100000L +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); + +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/bioerr.h b/ext/openssl1L/include/openssl/bioerr.h new file mode 100644 index 0000000..46e2c96 --- /dev/null +++ b/ext/openssl1L/include/openssl/bioerr.h @@ -0,0 +1,124 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIOERR_H +# define HEADER_BIOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# define BIO_F_ACPT_STATE 100 +# define BIO_F_ADDRINFO_WRAP 148 +# define BIO_F_ADDR_STRINGS 134 +# define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_ACCEPT_EX 137 +# define BIO_F_BIO_ACCEPT_NEW 152 +# define BIO_F_BIO_ADDR_NEW 144 +# define BIO_F_BIO_BIND 147 +# define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CONNECT 138 +# define BIO_F_BIO_CONNECT_NEW 153 +# define BIO_F_BIO_CTRL 103 +# define BIO_F_BIO_GETS 104 +# define BIO_F_BIO_GET_HOST_IP 106 +# define BIO_F_BIO_GET_NEW_INDEX 102 +# define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_LISTEN 139 +# define BIO_F_BIO_LOOKUP 135 +# define BIO_F_BIO_LOOKUP_EX 143 +# define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 +# define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_DGRAM_SCTP 145 +# define BIO_F_BIO_NEW_FILE 109 +# define BIO_F_BIO_NEW_MEM_BUF 126 +# define BIO_F_BIO_NREAD 123 +# define BIO_F_BIO_NREAD0 124 +# define BIO_F_BIO_NWRITE 125 +# define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PARSE_HOSTSERV 136 +# define BIO_F_BIO_PUTS 110 +# define BIO_F_BIO_READ 111 +# define BIO_F_BIO_READ_EX 105 +# define BIO_F_BIO_READ_INTERN 120 +# define BIO_F_BIO_SOCKET 140 +# define BIO_F_BIO_SOCKET_NBIO 142 +# define BIO_F_BIO_SOCK_INFO 141 +# define BIO_F_BIO_SOCK_INIT 112 +# define BIO_F_BIO_WRITE 113 +# define BIO_F_BIO_WRITE_EX 119 +# define BIO_F_BIO_WRITE_INTERN 128 +# define BIO_F_BUFFER_CTRL 114 +# define BIO_F_CONN_CTRL 127 +# define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_NEW 149 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 +# define BIO_F_DOAPR_OUTCH 150 +# define BIO_F_FILE_CTRL 116 +# define BIO_F_FILE_READ 130 +# define BIO_F_LINEBUFFER_CTRL 129 +# define BIO_F_LINEBUFFER_NEW 151 +# define BIO_F_MEM_WRITE 117 +# define BIO_F_NBIOF_NEW 154 +# define BIO_F_SLG_WRITE 155 +# define BIO_F_SSL_NEW 118 + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/ext/openssl1L/include/openssl/blowfish.h b/ext/openssl1L/include/openssl/blowfish.h new file mode 100644 index 0000000..cd3e460 --- /dev/null +++ b/ext/openssl1L/include/openssl/blowfish.h @@ -0,0 +1,61 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BLOWFISH_H +# define HEADER_BLOWFISH_H + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 +# define BF_BLOCK 8 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data, const BF_KEY *key); +void BF_decrypt(BF_LONG *data, const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); +const char *BF_options(void); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/bn.h b/ext/openssl1L/include/openssl/bn.h new file mode 100644 index 0000000..d877660 --- /dev/null +++ b/ext/openssl1L/include/openssl/bn.h @@ -0,0 +1,539 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BN_H +# define HEADER_BN_H + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call bn_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_COMPAT >= 0x00908000L +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/bnerr.h b/ext/openssl1L/include/openssl/bnerr.h new file mode 100644 index 0000000..5c83777 --- /dev/null +++ b/ext/openssl1L/include/openssl/bnerr.h @@ -0,0 +1,101 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BNERR_H +# define HEADER_BNERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# define BN_F_BNRAND 127 +# define BN_F_BNRAND_RANGE 138 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_COMPUTE_WNAF 142 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GENCB_NEW 143 +# define BN_F_BN_GENERATE_DSA_NONCE 140 +# define BN_F_BN_GENERATE_PRIME_EX 141 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MONT_CTX_NEW 149 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_POOL_GET 147 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RECP_CTX_NEW 150 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_SET_WORDS 144 +# define BN_F_BN_STACK_PUSH 148 +# define BN_F_BN_USUB 115 +# define BN_F_OSSL_BN_RSA_DO_UNBLIND 151 + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/ext/openssl1L/include/openssl/buffer.h b/ext/openssl1L/include/openssl/buffer.h new file mode 100644 index 0000000..d276576 --- /dev/null +++ b/ext/openssl1L/include/openssl/buffer.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFFER_H +# define HEADER_BUFFER_H + +# include +# ifndef HEADER_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +/* + * These names are outdated as of OpenSSL 1.1; a future release + * will move them to be deprecated. + */ +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/buffererr.h b/ext/openssl1L/include/openssl/buffererr.h new file mode 100644 index 0000000..04f6ff7 --- /dev/null +++ b/ext/openssl1L/include/openssl/buffererr.h @@ -0,0 +1,34 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFERR_H +# define HEADER_BUFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# define BUF_F_BUF_MEM_GROW 100 +# define BUF_F_BUF_MEM_GROW_CLEAN 105 +# define BUF_F_BUF_MEM_NEW 101 + +/* + * BUF reason codes. + */ + +#endif diff --git a/ext/openssl1L/include/openssl/camellia.h b/ext/openssl1L/include/openssl/camellia.h new file mode 100644 index 0000000..151f3c1 --- /dev/null +++ b/ext/openssl1L/include/openssl/camellia.h @@ -0,0 +1,83 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAMELLIA_H +# define HEADER_CAMELLIA_H + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_BLOCK_SIZE 16 +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/cast.h b/ext/openssl1L/include/openssl/cast.h new file mode 100644 index 0000000..2cc89ae --- /dev/null +++ b/ext/openssl1L/include/openssl/cast.h @@ -0,0 +1,53 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAST_H +# define HEADER_CAST_H + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/cmac.h b/ext/openssl1L/include/openssl/cmac.h new file mode 100644 index 0000000..3535a9a --- /dev/null +++ b/ext/openssl1L/include/openssl/cmac.h @@ -0,0 +1,41 @@ +/* + * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMAC_H +# define HEADER_CMAC_H + +# ifndef OPENSSL_NO_CMAC + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/cms.h b/ext/openssl1L/include/openssl/cms.h new file mode 100644 index 0000000..c762796 --- /dev/null +++ b/ext/openssl1L/include/openssl/cms.h @@ -0,0 +1,339 @@ +/* + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMS_H +# define HEADER_CMS_H + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/cmserr.h b/ext/openssl1L/include/openssl/cmserr.h new file mode 100644 index 0000000..d589f59 --- /dev/null +++ b/ext/openssl1L/include/openssl/cmserr.h @@ -0,0 +1,203 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMSERR_H +# define HEADER_CMSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 +# define CMS_F_KEK_UNWRAP_KEY 180 + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/comp.h b/ext/openssl1L/include/openssl/comp.h new file mode 100644 index 0000000..d814d3c --- /dev/null +++ b/ext/openssl1L/include/openssl/comp.h @@ -0,0 +1,53 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMP_H +# define HEADER_COMP_H + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +#define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef HEADER_BIO_H +# ifdef ZLIB +const BIO_METHOD *BIO_f_zlib(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/comperr.h b/ext/openssl1L/include/openssl/comperr.h new file mode 100644 index 0000000..90231e9 --- /dev/null +++ b/ext/openssl1L/include/openssl/comperr.h @@ -0,0 +1,44 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMPERR_H +# define HEADER_COMPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# define COMP_F_BIO_ZLIB_FLUSH 99 +# define COMP_F_BIO_ZLIB_NEW 100 +# define COMP_F_BIO_ZLIB_READ 101 +# define COMP_F_BIO_ZLIB_WRITE 102 +# define COMP_F_COMP_CTX_NEW 103 + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/conf.h b/ext/openssl1L/include/openssl/conf.h new file mode 100644 index 0000000..7336cd2 --- /dev/null +++ b/ext/openssl1L/include/openssl/conf.h @@ -0,0 +1,168 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_H +# define HEADER_CONF_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#if OPENSSL_API_COMPAT < 0x10100000L +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/conf_api.h b/ext/openssl1L/include/openssl/conf_api.h new file mode 100644 index 0000000..a0275ad --- /dev/null +++ b/ext/openssl1L/include/openssl/conf_api.h @@ -0,0 +1,40 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_API_H +# define HEADER_CONF_API_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/conferr.h b/ext/openssl1L/include/openssl/conferr.h new file mode 100644 index 0000000..32b9229 --- /dev/null +++ b/ext/openssl1L/include/openssl/conferr.h @@ -0,0 +1,76 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONFERR_H +# define HEADER_CONFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# define CONF_F_CONF_DUMP_FP 104 +# define CONF_F_CONF_LOAD 100 +# define CONF_F_CONF_LOAD_FP 103 +# define CONF_F_CONF_PARSE_LIST 119 +# define CONF_F_DEF_LOAD 120 +# define CONF_F_DEF_LOAD_BIO 121 +# define CONF_F_GET_NEXT_FILE 107 +# define CONF_F_MODULE_ADD 122 +# define CONF_F_MODULE_INIT 115 +# define CONF_F_MODULE_LOAD_DSO 117 +# define CONF_F_MODULE_RUN 118 +# define CONF_F_NCONF_DUMP_BIO 105 +# define CONF_F_NCONF_DUMP_FP 106 +# define CONF_F_NCONF_GET_NUMBER_E 112 +# define CONF_F_NCONF_GET_SECTION 108 +# define CONF_F_NCONF_GET_STRING 109 +# define CONF_F_NCONF_LOAD 113 +# define CONF_F_NCONF_LOAD_BIO 110 +# define CONF_F_NCONF_LOAD_FP 114 +# define CONF_F_NCONF_NEW 111 +# define CONF_F_PROCESS_INCLUDE 116 +# define CONF_F_SSL_MODULE_INIT 123 +# define CONF_F_STR_COPY 101 + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/ext/openssl1L/include/openssl/crypto.h b/ext/openssl1L/include/openssl/crypto.h new file mode 100644 index 0000000..7d0b526 --- /dev/null +++ b/ext/openssl1L/include/openssl/crypto.h @@ -0,0 +1,445 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTO_H +# define HEADER_CRYPTO_H + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_API_COMPAT */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); + +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +struct crypto_ex_data_st { + STACK_OF(void) *sk; +}; +DEFINE_STACK_OF(void) + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_DRBG 15 +# define CRYPTO_EX_INDEX__COUNT 16 + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +int CRYPTO_mem_ctrl(int mode); + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +int OPENSSL_hexchar2int(unsigned char c); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 + +int OPENSSL_issetugid(void); + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# if OPENSSL_API_COMPAT < 0x10000000L +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_API_COMPAT < 0x10000000L */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_API_COMPAT < 0x10100000L */ + +int CRYPTO_set_mem_functions( + void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), + void (*f) (void *, const char *, int)); +int CRYPTO_set_mem_debug(int flag); +void CRYPTO_get_mem_functions( + void *(**m) (size_t, const char *, int), + void *(**r) (void *, size_t, const char *, int), + void (**f) (void *, const char *, int)); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, int minsize); +int CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +int CRYPTO_mem_debug_pop(void); +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); + +/*- + * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) + * The flag argument has the following significance: + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line); + +int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +int CRYPTO_mem_leaks_fp(FILE *); +# endif +int CRYPTO_mem_leaks(BIO *bio); +# endif + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* OPENSSL_INIT_ZLIB 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/cryptoerr.h b/ext/openssl1L/include/openssl/cryptoerr.h new file mode 100644 index 0000000..3db5a4e --- /dev/null +++ b/ext/openssl1L/include/openssl/cryptoerr.h @@ -0,0 +1,57 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTOERR_H +# define HEADER_CRYPTOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# define CRYPTO_F_CMAC_CTX_NEW 120 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +# define CRYPTO_F_CRYPTO_MEMDUP 115 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 +# define CRYPTO_F_CRYPTO_OCB128_INIT 122 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +# define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 +# define CRYPTO_F_OPENSSL_ATEXIT 114 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 +# define CRYPTO_F_OPENSSL_FOPEN 119 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_OPENSSL_LH_NEW 126 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 +# define CRYPTO_F_OPENSSL_SK_DUP 128 +# define CRYPTO_F_PKEY_HMAC_INIT 123 +# define CRYPTO_F_PKEY_POLY1305_INIT 124 +# define CRYPTO_F_PKEY_SIPHASH_INIT 125 +# define CRYPTO_F_SK_RESERVE 129 + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 + +#endif diff --git a/ext/openssl1L/include/openssl/ct.h b/ext/openssl1L/include/openssl/ct.h new file mode 100644 index 0000000..ebdba34 --- /dev/null +++ b/ext/openssl1L/include/openssl/ct.h @@ -0,0 +1,474 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CT_H +# define HEADER_CT_H + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/cterr.h b/ext/openssl1L/include/openssl/cterr.h new file mode 100644 index 0000000..feb7bc5 --- /dev/null +++ b/ext/openssl1L/include/openssl/cterr.h @@ -0,0 +1,80 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CTERR_H +# define HEADER_CTERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/des.h b/ext/openssl1L/include/openssl/des.h new file mode 100644 index 0000000..be4abbd --- /dev/null +++ b/ext/openssl1L/include/openssl/des.h @@ -0,0 +1,174 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DES_H +# define HEADER_DES_H + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ +# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc); +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +char *DES_crypt(const char *buf, const char *salt); +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. + */ +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_string_to_key(const char *str, DES_cblock *key); +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); + +# define DES_fixup_key_parity DES_set_odd_parity + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/dh.h b/ext/openssl1L/include/openssl/dh.h new file mode 100644 index 0000000..6c6ff36 --- /dev/null +++ b/ext/openssl1L/include/openssl/dh.h @@ -0,0 +1,343 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DH_H +# define HEADER_DH_H + +# include + +# ifndef OPENSSL_NO_DH +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif +# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS +# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_bits(const DH *dh); +int DH_size(const DH *dh); +int DH_security_bits(const DH *dh); +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check_params_ex(const DH *dh); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +int DH_check_params(const DH *dh, int *ret); +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_STDIO +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +int DHparams_print(BIO *bp, const DH *x); + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 */ +DH *DH_new_by_nid(int nid); +int DH_get_nid(const DH *dh); + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +ENGINE *DH_get0_engine(DH *d); +long DH_get_length(const DH *dh); +int DH_set_length(DH *dh, long length); + +DH_METHOD *DH_meth_new(const char *name, int flags); +void DH_meth_free(DH_METHOD *dhm); +DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +const char *DH_meth_get0_name(const DH_METHOD *dhm); +int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +int DH_meth_get_flags(const DH_METHOD *dhm); +int DH_meth_set_flags(DH_METHOD *dhm, int flags); +void *DH_meth_get0_app_data(const DH_METHOD *dhm); +int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); +int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); +int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); +int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, BN_GENCB *); +int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) (DH *, int, int, BN_GENCB *)); + + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_PAD, pad, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS +# define EVP_PKEY_DH_KDF_X9_42 2 +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/dherr.h b/ext/openssl1L/include/openssl/dherr.h new file mode 100644 index 0000000..528c819 --- /dev/null +++ b/ext/openssl1L/include/openssl/dherr.h @@ -0,0 +1,89 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DHERR_H +# define HEADER_DHERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CHECK 126 +# define DH_F_DH_CHECK_EX 121 +# define DH_F_DH_CHECK_PARAMS_EX 122 +# define DH_F_DH_CHECK_PUB_KEY_EX 123 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 +# define DH_F_DH_METH_DUP 117 +# define DH_F_DH_METH_NEW 118 +# define DH_F_DH_METH_SET1_NAME 119 +# define DH_F_DH_NEW_BY_NID 104 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PKEY_PUBLIC_CHECK 124 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_PKEY_DH_CTRL_STR 120 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_INIT 125 +# define DH_F_PKEY_DH_KEYGEN 113 + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/dsa.h b/ext/openssl1L/include/openssl/dsa.h new file mode 100644 index 0000000..6d8a18a --- /dev/null +++ b/ext/openssl1L/include/openssl/dsa.h @@ -0,0 +1,244 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSA_H +# define HEADER_DSA_H + +# include + +# ifndef OPENSSL_NO_DSA +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +# define DSA_FLAG_CACHE_MONT_P 0x01 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st DSA_SIG; + +# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + +DSA *DSAparams_dup(DSA *x); +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); +const DSA_METHOD *DSA_get_method(DSA *d); + +DSA *DSA_new(void); +DSA *DSA_new_method(ENGINE *engine); +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); +int DSA_bits(const DSA *d); +int DSA_security_bits(const DSA *d); + /* next 4 return -1 on error */ +DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)) +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +int DSA_generate_key(DSA *a); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a, unsigned char **pp); + +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +# ifndef OPENSSL_NO_STDIO +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); +# endif + +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DH *DSA_dup_DH(const DSA *r); +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +ENGINE *DSA_get0_engine(DSA *d); + +DSA_METHOD *DSA_meth_new(const char *name, int flags); +void DSA_meth_free(DSA_METHOD *dsam); +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); +const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +int DSA_meth_get_flags(const DSA_METHOD *dsam); +int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *); +int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); +int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); +int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *); +int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); +int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); +int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *); +int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)); +int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/dsaerr.h b/ext/openssl1L/include/openssl/dsaerr.h new file mode 100644 index 0000000..495a1ac --- /dev/null +++ b/ext/openssl1L/include/openssl/dsaerr.h @@ -0,0 +1,72 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSAERR_H +# define HEADER_DSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# define DSA_F_DSAPARAMS_PRINT 100 +# define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_PARAMGEN 125 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 +# define DSA_F_DSA_DO_SIGN 112 +# define DSA_F_DSA_DO_VERIFY 113 +# define DSA_F_DSA_METH_DUP 127 +# define DSA_F_DSA_METH_NEW 128 +# define DSA_F_DSA_METH_SET1_NAME 129 +# define DSA_F_DSA_NEW_METHOD 103 +# define DSA_F_DSA_PARAM_DECODE 119 +# define DSA_F_DSA_PRINT_FP 105 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 +# define DSA_F_DSA_SIGN 106 +# define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 102 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 +# define DSA_F_PKEY_DSA_KEYGEN 121 + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/dtls1.h b/ext/openssl1L/include/openssl/dtls1.h new file mode 100644 index 0000000..d55ca9c --- /dev/null +++ b/ext/openssl1L/include/openssl/dtls1.h @@ -0,0 +1,55 @@ +/* + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DTLS1_H +# define HEADER_DTLS1_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/e_os2.h b/ext/openssl1L/include/openssl/e_os2.h new file mode 100644 index 0000000..5c88e51 --- /dev/null +++ b/ext/openssl1L/include/openssl/e_os2.h @@ -0,0 +1,301 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_E_OS2_H +# define HEADER_E_OS2_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/* Specials for I/O an exit */ +# ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_UNISTD_IO +# define OPENSSL_DECLARE_EXIT extern void exit(int); +# else +# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +# endif + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +/*- + * Macros to allow global variables to be reached through function calls when + * required (if a shared library version requires it, for example. + * The way it's done allows definitions like this: + * + * // in foobar.c + * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + * // in foobar.h + * OPENSSL_DECLARE_GLOBAL(int,foobar); + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ +# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } +# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +# else +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value; +# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +# define OPENSSL_GLOBAL_REF(name) _shadow_##name +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# elif defined(_MSC_VER) && _MSC_VER<1600 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \ + !defined(__cplusplus) +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/ebcdic.h b/ext/openssl1L/include/openssl/ebcdic.h new file mode 100644 index 0000000..aa01285 --- /dev/null +++ b/ext/openssl1L/include/openssl/ebcdic.h @@ -0,0 +1,33 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EBCDIC_H +# define HEADER_EBCDIC_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/ec.h b/ext/openssl1L/include/openssl/ec.h new file mode 100644 index 0000000..24baf53 --- /dev/null +++ b/ext/openssl1L/include/openssl/ec.h @@ -0,0 +1,1484 @@ +/* + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EC_H +# define HEADER_EC_H + +# include + +# ifndef OPENSSL_NO_EC +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of_const(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ + (void **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# ifndef OPENSSL_NO_STDIO +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); + +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) + +# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/ecdh.h b/ext/openssl1L/include/openssl/ecdh.h new file mode 100644 index 0000000..681f3d5 --- /dev/null +++ b/ext/openssl1L/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/ext/openssl1L/include/openssl/ecdsa.h b/ext/openssl1L/include/openssl/ecdsa.h new file mode 100644 index 0000000..681f3d5 --- /dev/null +++ b/ext/openssl1L/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/ext/openssl1L/include/openssl/ecerr.h b/ext/openssl1L/include/openssl/ecerr.h new file mode 100644 index 0000000..5173811 --- /dev/null +++ b/ext/openssl1L/include/openssl/ecerr.h @@ -0,0 +1,276 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ECERR_H +# define HEADER_ECERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# define EC_F_BN_TO_FELEM 224 +# define EC_F_D2I_ECPARAMETERS 144 +# define EC_F_D2I_ECPKPARAMETERS 145 +# define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECDH_COMPUTE_KEY 246 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +# define EC_F_ECDSA_DO_SIGN_EX 251 +# define EC_F_ECDSA_DO_VERIFY 252 +# define EC_F_ECDSA_SIGN_EX 254 +# define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_SIG_NEW 265 +# define EC_F_ECDSA_VERIFY 253 +# define EC_F_ECD_ITEM_VERIFY 270 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 +# define EC_F_ECPARAMETERS_PRINT 147 +# define EC_F_ECPARAMETERS_PRINT_FP 148 +# define EC_F_ECPKPARAMETERS_PRINT 149 +# define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 275 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +# define EC_F_ECX_KEY_OP 266 +# define EC_F_ECX_PRIV_ENCODE 267 +# define EC_F_ECX_PUB_ENCODE 268 +# define EC_F_EC_ASN1_GROUP2CURVE 153 +# define EC_F_EC_ASN1_GROUP2FIELDID 154 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 296 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_INV 297 +# define EC_F_EC_GFP_MONT_FIELD_MUL 131 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +# define EC_F_EC_GFP_MONT_FIELD_SQR 132 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +# define EC_F_EC_GFP_NIST_FIELD_MUL 200 +# define EC_F_EC_GFP_NIST_FIELD_SQR 201 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 298 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +# define EC_F_EC_GROUP_CHECK 170 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +# define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET_CURVE 291 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +# define EC_F_EC_GROUP_GET_CURVE_GFP 130 +# define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +# define EC_F_EC_GROUP_NEW 108 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +# define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 +# define EC_F_EC_GROUP_SET_CURVE 292 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +# define EC_F_EC_GROUP_SET_CURVE_GFP 109 +# define EC_F_EC_GROUP_SET_GENERATOR 111 +# define EC_F_EC_GROUP_SET_SEED 286 +# define EC_F_EC_KEY_CHECK_KEY 177 +# define EC_F_EC_KEY_COPY 178 +# define EC_F_EC_KEY_GENERATE_KEY 179 +# define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_NEW_METHOD 245 +# define EC_F_EC_KEY_OCT2PRIV 255 +# define EC_F_EC_KEY_PRINT 180 +# define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_PRIV2BUF 279 +# define EC_F_EC_KEY_PRIV2OCT 256 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 +# define EC_F_EC_PKEY_CHECK 273 +# define EC_F_EC_PKEY_PARAM_CHECK 274 +# define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINTS_MUL 290 +# define EC_F_EC_POINT_ADD 112 +# define EC_F_EC_POINT_BN2POINT 280 +# define EC_F_EC_POINT_CMP 113 +# define EC_F_EC_POINT_COPY 114 +# define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +# define EC_F_EC_POINT_INVERT 210 +# define EC_F_EC_POINT_IS_AT_INFINITY 118 +# define EC_F_EC_POINT_IS_ON_CURVE 119 +# define EC_F_EC_POINT_MAKE_AFFINE 120 +# define EC_F_EC_POINT_NEW 121 +# define EC_F_EC_POINT_OCT2POINT 122 +# define EC_F_EC_POINT_POINT2BUF 281 +# define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +# define EC_F_EC_POINT_SET_TO_INFINITY 127 +# define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_SCALAR_MUL_LADDER 284 +# define EC_F_EC_WNAF_MUL 187 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +# define EC_F_I2D_ECPARAMETERS 190 +# define EC_F_I2D_ECPKPARAMETERS 191 +# define EC_F_I2D_ECPRIVATEKEY 192 +# define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 +# define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +# define EC_F_PKEY_ECD_CTRL 271 +# define EC_F_PKEY_ECD_DIGESTSIGN 272 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 276 +# define EC_F_PKEY_ECD_DIGESTSIGN448 277 +# define EC_F_PKEY_ECX_DERIVE 269 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_INIT 282 +# define EC_F_PKEY_EC_KDF_DERIVE 283 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 +# define EC_F_VALIDATE_ECX_DERIVE 278 + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/engine.h b/ext/openssl1L/include/openssl/engine.h new file mode 100644 index 0000000..d707eae --- /dev/null +++ b/ext/openssl1L/include/openssl/engine.h @@ -0,0 +1,752 @@ +/* + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINE_H +# define HEADER_ENGINE_H + +# include + +# ifndef OPENSSL_NO_ENGINE +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +#endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_EC(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/engineerr.h b/ext/openssl1L/include/openssl/engineerr.h new file mode 100644 index 0000000..05e84bd --- /dev/null +++ b/ext/openssl1L/include/openssl/engineerr.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINEERR_H +# define HEADER_ENGINEERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# define ENGINE_F_DIGEST_UPDATE 198 +# define ENGINE_F_DYNAMIC_CTRL 180 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +# define ENGINE_F_DYNAMIC_LOAD 182 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +# define ENGINE_F_ENGINE_ADD 105 +# define ENGINE_F_ENGINE_BY_ID 106 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +# define ENGINE_F_ENGINE_CTRL 142 +# define ENGINE_F_ENGINE_CTRL_CMD 178 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +# define ENGINE_F_ENGINE_FINISH 107 +# define ENGINE_F_ENGINE_GET_CIPHER 185 +# define ENGINE_F_ENGINE_GET_DIGEST 186 +# define ENGINE_F_ENGINE_GET_FIRST 195 +# define ENGINE_F_ENGINE_GET_LAST 196 +# define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 +# define ENGINE_F_ENGINE_GET_PREV 116 +# define ENGINE_F_ENGINE_INIT 119 +# define ENGINE_F_ENGINE_LIST_ADD 120 +# define ENGINE_F_ENGINE_LIST_REMOVE 121 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +# define ENGINE_F_ENGINE_NEW 122 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 +# define ENGINE_F_ENGINE_REMOVE 123 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +# define ENGINE_F_ENGINE_SET_ID 129 +# define ENGINE_F_ENGINE_SET_NAME 130 +# define ENGINE_F_ENGINE_TABLE_REGISTER 184 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +# define ENGINE_F_ENGINE_UP_REF 190 +# define ENGINE_F_INT_CLEANUP_ITEM 199 +# define ENGINE_F_INT_CTRL_HELPER 172 +# define ENGINE_F_INT_ENGINE_CONFIGURE 188 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +# define ENGINE_F_OSSL_HMAC_INIT 200 + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/err.h b/ext/openssl1L/include/openssl/err.h new file mode 100644 index 0000000..b49f881 --- /dev/null +++ b/ext/openssl1L/include/openssl/err.h @@ -0,0 +1,274 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ERR_H +# define HEADER_ERR_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_ERR +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +# else +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +typedef struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top, bottom; +} ERR_STATE; + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 + +# define ERR_LIB_USER 128 + +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + +# define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ + (((unsigned int)(f) & 0xFFF) << 12L) | \ + (((unsigned int)(r) & 0xFFF) ) ) +# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) + +/* OS functions */ +# define SYS_F_FOPEN 1 +# define SYS_F_CONNECT 2 +# define SYS_F_GETSERVBYNAME 3 +# define SYS_F_SOCKET 4 +# define SYS_F_IOCTLSOCKET 5 +# define SYS_F_BIND 6 +# define SYS_F_LISTEN 7 +# define SYS_F_ACCEPT 8 +# define SYS_F_WSASTARTUP 9/* Winsock stuff */ +# define SYS_F_OPENDIR 10 +# define SYS_F_FREAD 11 +# define SYS_F_GETADDRINFO 12 +# define SYS_F_GETNAMEINFO 13 +# define SYS_F_SETSOCKOPT 14 +# define SYS_F_GETSOCKOPT 15 +# define SYS_F_GETSOCKNAME 16 +# define SYS_F_GETHOSTBYNAME 17 +# define SYS_F_FFLUSH 18 +# define SYS_F_OPEN 19 +# define SYS_F_CLOSE 20 +# define SYS_F_IOCTL 21 +# define SYS_F_STAT 22 +# define SYS_F_FCNTL 23 +# define SYS_F_FSTAT 24 + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF(ERR_STRING_DATA); + +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +void ERR_clear_error(void); +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_ERR_strings(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif + +DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) +ERR_STATE *ERR_get_state(void); + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/evp.h b/ext/openssl1L/include/openssl/evp.h new file mode 100644 index 0000000..a411f3f --- /dev/null +++ b/ext/openssl1L/include/openssl/evp.h @@ -0,0 +1,1666 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENVELOPE_H +# define HEADER_ENVELOPE_H + +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage */ + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 + +# define EVP_CTRL_GET_IVLEN 0x25 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\ + (char *)(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\ + (char *)(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \ + (char *)(c_pp)) + +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, int key_len, + EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_SIGN (1<<3) +# define EVP_PKEY_OP_VERIFY (1<<4) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define EVP_PKEY_OP_SIGNCTX (1<<6) +# define EVP_PKEY_OP_VERIFYCTX (1<<7) +# define EVP_PKEY_OP_ENCRYPT (1<<8) +# define EVP_PKEY_OP_DECRYPT (1<<9) +# define EVP_PKEY_OP_DERIVE (1<<10) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); +void EVP_add_alg_module(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/evperr.h b/ext/openssl1L/include/openssl/evperr.h new file mode 100644 index 0000000..b4ea90a --- /dev/null +++ b/ext/openssl1L/include/openssl/evperr.h @@ -0,0 +1,204 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EVPERR_H +# define HEADER_EVPERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_INIT_KEY 207 +# define EVP_F_AES_GCM_CTRL 196 +# define EVP_F_AES_INIT_KEY 133 +# define EVP_F_AES_OCB_CIPHER 169 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_T4_XTS_INIT_KEY 208 +# define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_AES_XTS_INIT_KEY 209 +# define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_ARIA_CCM_INIT_KEY 175 +# define EVP_F_ARIA_GCM_CTRL 197 +# define EVP_F_ARIA_GCM_INIT_KEY 176 +# define EVP_F_ARIA_INIT_KEY 185 +# define EVP_F_B64_NEW 198 +# define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 +# define EVP_F_CMLL_T4_INIT_KEY 179 +# define EVP_F_DES_EDE3_WRAP_CIPHER 171 +# define EVP_F_DO_SIGVER_INIT 161 +# define EVP_F_ENC_NEW 199 +# define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 +# define EVP_F_EVP_CIPHER_CTX_CTRL 124 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 +# define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DECRYPTUPDATE 166 +# define EVP_F_EVP_DIGESTFINALXOF 174 +# define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 +# define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_ENCRYPTUPDATE 167 +# define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 +# define EVP_F_EVP_OPENINIT 102 +# define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +# define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 +# define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 188 +# define EVP_F_EVP_PKEY_CHECK 186 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 +# define EVP_F_EVP_PKEY_CTX_MD 168 +# define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +# define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +# define EVP_F_EVP_PKEY_GET0_DH 119 +# define EVP_F_EVP_PKEY_GET0_DSA 120 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 183 +# define EVP_F_EVP_PKEY_GET0_POLY1305 184 +# define EVP_F_EVP_PKEY_GET0_RSA 121 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 172 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 194 +# define EVP_F_EVP_PKEY_METH_NEW 195 +# define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_PARAM_CHECK 189 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_SIGNFINAL 107 +# define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_INT_CTX_NEW 157 +# define EVP_F_OK_NEW 200 +# define EVP_F_PKCS5_PBE_KEYIVGEN 117 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 +# define EVP_F_PKEY_SET_TYPE 158 +# define EVP_F_RC2_MAGIC_TO_METH 109 +# define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 +# define EVP_F_S390X_AES_GCM_CTRL 201 +# define EVP_F_UPDATE 173 + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_OUTPUT_WOULD_OVERFLOW 184 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DUPLICATED_KEYS 183 + +#endif diff --git a/ext/openssl1L/include/openssl/hmac.h b/ext/openssl1L/include/openssl/hmac.h new file mode 100644 index 0000000..458efc1 --- /dev/null +++ b/ext/openssl1L/include/openssl/hmac.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_HMAC_H +# define HEADER_HMAC_H + +# include + +# include + +# if OPENSSL_API_COMPAT < 0x10200000L +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +size_t HMAC_size(const HMAC_CTX *e); +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); + +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) + +/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len); +/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/idea.h b/ext/openssl1L/include/openssl/idea.h new file mode 100644 index 0000000..4334f3e --- /dev/null +++ b/ext/openssl1L/include/openssl/idea.h @@ -0,0 +1,64 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_IDEA_H +# define HEADER_IDEA_H + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; + +const char *IDEA_options(void); +void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num); +void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/kdf.h b/ext/openssl1L/include/openssl/kdf.h new file mode 100644 index 0000000..5abd4c3 --- /dev/null +++ b/ext/openssl1L/include/openssl/kdf.h @@ -0,0 +1,97 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) + +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) + +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) + +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/kdferr.h b/ext/openssl1L/include/openssl/kdferr.h new file mode 100644 index 0000000..3f51bd0 --- /dev/null +++ b/ext/openssl1L/include/openssl/kdferr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDFERR_H +# define HEADER_KDFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 104 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 +# define KDF_F_PKEY_SCRYPT_DERIVE 109 +# define KDF_F_PKEY_SCRYPT_INIT 106 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define KDF_F_PKEY_TLS1_PRF_INIT 110 +# define KDF_F_TLS1_PRF_ALG 111 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 + +#endif diff --git a/ext/openssl1L/include/openssl/lhash.h b/ext/openssl1L/include/openssl/lhash.h new file mode 100644 index 0000000..2e42d72 --- /dev/null +++ b/ext/openssl1L/include/openssl/lhash.h @@ -0,0 +1,241 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +# define HEADER_LHASH_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF(OPENSSL_STRING); +# ifdef _MSC_VER +/* + * push and pop this warning: + * warning C4090: 'function': different 'const' qualifiers + */ +# pragma warning (push) +# pragma warning (disable: 4090) +# endif + +DEFINE_LHASH_OF(OPENSSL_CSTRING); + +# ifdef _MSC_VER +# pragma warning (pop) +# endif + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/md2.h b/ext/openssl1L/include/openssl/md2.h new file mode 100644 index 0000000..7faf8e3 --- /dev/null +++ b/ext/openssl1L/include/openssl/md2.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD2_H +# define HEADER_MD2_H + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned char MD2_INT; + +# define MD2_DIGEST_LENGTH 16 +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; + +const char *MD2_options(void); +int MD2_Init(MD2_CTX *c); +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +int MD2_Final(unsigned char *md, MD2_CTX *c); +unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/md4.h b/ext/openssl1L/include/openssl/md4.h new file mode 100644 index 0000000..940e29d --- /dev/null +++ b/ext/openssl1L/include/openssl/md4.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD4_H +# define HEADER_MD4_H + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) +# define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; + +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/md5.h b/ext/openssl1L/include/openssl/md5.h new file mode 100644 index 0000000..2deb772 --- /dev/null +++ b/ext/openssl1L/include/openssl/md5.h @@ -0,0 +1,50 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD5_H +# define HEADER_MD5_H + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/mdc2.h b/ext/openssl1L/include/openssl/mdc2.h new file mode 100644 index 0000000..aabd2bf --- /dev/null +++ b/ext/openssl1L/include/openssl/mdc2.h @@ -0,0 +1,42 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MDC2_H +# define HEADER_MDC2_H + +# include + +#ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_BLOCK 8 +# define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; + +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/modes.h b/ext/openssl1L/include/openssl/modes.h new file mode 100644 index 0000000..d544f98 --- /dev/null +++ b/ext/openssl1L/include/openssl/modes.h @@ -0,0 +1,208 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MODES_H +# define HEADER_MODES_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/obj_mac.h b/ext/openssl1L/include/openssl/obj_mac.h new file mode 100644 index 0000000..53516a0 --- /dev/null +++ b/ext/openssl1L/include/openssl/obj_mac.h @@ -0,0 +1,5198 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft User Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L diff --git a/ext/openssl1L/include/openssl/objects.h b/ext/openssl1L/include/openssl/objects.h new file mode 100644 index 0000000..5e8b576 --- /dev/null +++ b/ext/openssl1L/include/openssl/objects.h @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJECTS_H +# define HEADER_OBJECTS_H + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_NUM 0x05 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#if OPENSSL_API_COMPAT < 0x10100000L +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/objectserr.h b/ext/openssl1L/include/openssl/objectserr.h new file mode 100644 index 0000000..02e166f --- /dev/null +++ b/ext/openssl1L/include/openssl/objectserr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJERR_H +# define HEADER_OBJERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# define OBJ_F_OBJ_ADD_OBJECT 105 +# define OBJ_F_OBJ_ADD_SIGID 107 +# define OBJ_F_OBJ_CREATE 100 +# define OBJ_F_OBJ_DUP 101 +# define OBJ_F_OBJ_NAME_NEW_INDEX 106 +# define OBJ_F_OBJ_NID2LN 102 +# define OBJ_F_OBJ_NID2OBJ 103 +# define OBJ_F_OBJ_NID2SN 104 +# define OBJ_F_OBJ_TXT2OBJ 108 + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/ext/openssl1L/include/openssl/ocsp.h b/ext/openssl1L/include/openssl/ocsp.h new file mode 100644 index 0000000..4d759a4 --- /dev/null +++ b/ext/openssl1L/include/openssl/ocsp.h @@ -0,0 +1,352 @@ +/* + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSP_H +# define HEADER_OCSP_H + +#include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +DEFINE_STACK_OF(OCSP_RESPID) + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, + const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/ocsperr.h b/ext/openssl1L/include/openssl/ocsperr.h new file mode 100644 index 0000000..8dd9e01 --- /dev/null +++ b/ext/openssl1L/include/openssl/ocsperr.h @@ -0,0 +1,78 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSPERR_H +# define HEADER_OCSPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# define OCSP_F_D2I_OCSP_NONCE 102 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +# define OCSP_F_OCSP_BASIC_SIGN 104 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 119 +# define OCSP_F_OCSP_BASIC_VERIFY 105 +# define OCSP_F_OCSP_CERT_ID_NEW 101 +# define OCSP_F_OCSP_CHECK_DELEGATED 106 +# define OCSP_F_OCSP_CHECK_IDS 107 +# define OCSP_F_OCSP_CHECK_ISSUER 108 +# define OCSP_F_OCSP_CHECK_VALIDITY 115 +# define OCSP_F_OCSP_MATCH_ISSUERID 109 +# define OCSP_F_OCSP_PARSE_URL 114 +# define OCSP_F_OCSP_REQUEST_SIGN 110 +# define OCSP_F_OCSP_REQUEST_VERIFY 116 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +# define OCSP_F_PARSE_HTTP_LINE1 118 + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_ERROR_PARSING_URL 121 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SERVER_RESPONSE_ERROR 114 +# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/opensslconf.h b/ext/openssl1L/include/openssl/opensslconf.h new file mode 100644 index 0000000..3b49d9c --- /dev/null +++ b/ext/openssl1L/include/openssl/opensslconf.h @@ -0,0 +1,197 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/opensslconf.h.in + * + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned int + +#ifdef __cplusplus +} +#endif diff --git a/ext/openssl1L/include/openssl/opensslconf.h.in b/ext/openssl1L/include/openssl/opensslconf.h.in new file mode 100644 index 0000000..0627092 --- /dev/null +++ b/ext/openssl1L/include/openssl/opensslconf.h.in @@ -0,0 +1,160 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +{- if (@{$config{openssl_sys_defines}}) { + foreach (@{$config{openssl_sys_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_ 1\n"; + $OUT .= "#endif\n"; + } + } + foreach (@{$config{openssl_api_defines}}) { + (my $macro, my $value) = $_ =~ /^(.*?)=(.*?)$/; + $OUT .= "#define $macro $value\n"; + } + if (@{$config{openssl_algorithm_defines}}) { + foreach (@{$config{openssl_algorithm_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + if (@{$config{openssl_thread_defines}}) { + foreach (@{$config{openssl_thread_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + if (@{$config{openssl_other_defines}}) { + foreach (@{$config{openssl_other_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + ""; +-} + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +{- $config{processor} eq "386" ? "#define" : "#undef" -} I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD {- $target{unistd} -} + +{- $config{export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +{- $config{bn_ll} ? "# define" : "# undef" -} BN_LLONG +/* Only one for the following should be defined */ +{- $config{b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG +{- $config{b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT +{- $config{b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT +#endif + +#define RC4_INT {- $config{rc4_int} -} + +#ifdef __cplusplus +} +#endif diff --git a/ext/openssl1L/include/openssl/opensslv.h b/ext/openssl1L/include/openssl/opensslv.h new file mode 100644 index 0000000..5667d47 --- /dev/null +++ b/ext/openssl1L/include/openssl/opensslv.h @@ -0,0 +1,101 @@ +/* + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSLV_H +# define HEADER_OPENSSLV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +# define OPENSSL_VERSION_NUMBER 0x1010117fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w 11 Sep 2023" + +/*- + * The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major version number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +# define SHLIB_VERSION_HISTORY "" +# define SHLIB_VERSION_NUMBER "1.1" + + +#ifdef __cplusplus +} +#endif +#endif /* HEADER_OPENSSLV_H */ diff --git a/ext/openssl1L/include/openssl/ossl_typ.h b/ext/openssl1L/include/openssl/ossl_typ.h new file mode 100644 index 0000000..e0edfaa --- /dev/null +++ b/ext/openssl1L/include/openssl/ossl_typ.h @@ -0,0 +1,197 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSL_TYPES_H +# define HEADER_OPENSSL_TYPES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef _WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif +struct dane_st; +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + +#ifdef __cplusplus +} +#endif +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/ext/openssl1L/include/openssl/pem.h b/ext/openssl1L/include/openssl/pem.h new file mode 100644 index 0000000..2ef5b5d --- /dev/null +++ b/ext/openssl1L/include/openssl/pem.h @@ -0,0 +1,378 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM_H +# define HEADER_PEM_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +# define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +# define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# endif + +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +# define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +# define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +# ifndef OPENSSL_NO_DSA +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/pem2.h b/ext/openssl1L/include/openssl/pem2.h new file mode 100644 index 0000000..038fe79 --- /dev/null +++ b/ext/openssl1L/include/openssl/pem2.h @@ -0,0 +1,13 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM2_H +# define HEADER_PEM2_H +# include +#endif diff --git a/ext/openssl1L/include/openssl/pemerr.h b/ext/openssl1L/include/openssl/pemerr.h new file mode 100644 index 0000000..4f7e357 --- /dev/null +++ b/ext/openssl1L/include/openssl/pemerr.h @@ -0,0 +1,105 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEMERR_H +# define HEADER_PEMERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 +# define PEM_F_DO_I2B 146 +# define PEM_F_DO_PK8PKEY 126 +# define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_GET_HEADER_AND_DATA 143 +# define PEM_F_GET_NAME 144 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 +# define PEM_F_LOAD_IV 101 +# define PEM_F_PEM_ASN1_READ 102 +# define PEM_F_PEM_ASN1_READ_BIO 103 +# define PEM_F_PEM_ASN1_WRITE 104 +# define PEM_F_PEM_ASN1_WRITE_BIO 105 +# define PEM_F_PEM_DEF_CALLBACK 100 +# define PEM_F_PEM_DO_HEADER 106 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +# define PEM_F_PEM_READ 108 +# define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_EX 145 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 +# define PEM_F_PEM_READ_PRIVATEKEY 124 +# define PEM_F_PEM_SIGNFINAL 112 +# define PEM_F_PEM_WRITE 113 +# define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 147 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 +# define PEM_F_PEM_X509_INFO_READ 115 +# define PEM_F_PEM_X509_INFO_READ_BIO 116 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 + +#endif diff --git a/ext/openssl1L/include/openssl/pkcs12.h b/ext/openssl1L/include/openssl/pkcs12.h new file mode 100644 index 0000000..3f43dad --- /dev/null +++ b/ext/openssl1L/include/openssl/pkcs12.h @@ -0,0 +1,223 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12_H +# define HEADER_PKCS12_H + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DEFINE_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#if OPENSSL_API_COMPAT < 0x10100000L + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif + +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/pkcs12err.h b/ext/openssl1L/include/openssl/pkcs12err.h new file mode 100644 index 0000000..eff5eb2 --- /dev/null +++ b/ext/openssl1L/include/openssl/pkcs12err.h @@ -0,0 +1,81 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12ERR_H +# define HEADER_PKCS12ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# define PKCS12_F_OPENSSL_ASC2UNI 121 +# define PKCS12_F_OPENSSL_UNI2ASC 124 +# define PKCS12_F_OPENSSL_UNI2UTF8 127 +# define PKCS12_F_OPENSSL_UTF82UNI 129 +# define PKCS12_F_PKCS12_CREATE 105 +# define PKCS12_F_PKCS12_GEN_MAC 107 +# define PKCS12_F_PKCS12_INIT 109 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 +# define PKCS12_F_PKCS12_NEWPASS 128 +# define PKCS12_F_PKCS12_PACK_P7DATA 114 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +# define PKCS12_F_PKCS12_PARSE 118 +# define PKCS12_F_PKCS12_PBE_CRYPT 119 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 +# define PKCS12_F_PKCS12_SETUP_MAC 122 +# define PKCS12_F_PKCS12_SET_MAC 123 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +# define PKCS12_F_PKCS12_VERIFY_MAC 126 +# define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/ext/openssl1L/include/openssl/pkcs7.h b/ext/openssl1L/include/openssl/pkcs7.h new file mode 100644 index 0000000..9b66e00 --- /dev/null +++ b/ext/openssl1L/include/openssl/pkcs7.h @@ -0,0 +1,319 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7_H +# define HEADER_PKCS7_H + +# include +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DEFINE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DEFINE_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +# endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/pkcs7err.h b/ext/openssl1L/include/openssl/pkcs7err.h new file mode 100644 index 0000000..02e0299 --- /dev/null +++ b/ext/openssl1L/include/openssl/pkcs7err.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7ERR_H +# define HEADER_PKCS7ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/ext/openssl1L/include/openssl/rand.h b/ext/openssl1L/include/openssl/rand.h new file mode 100644 index 0000000..38a2a27 --- /dev/null +++ b/ext/openssl1L/include/openssl/rand.h @@ -0,0 +1,77 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RAND_H +# define HEADER_RAND_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif + +RAND_METHOD *RAND_OpenSSL(void); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +DEPRECATEDIN_1_1_0(void RAND_screen(void)) +DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +# endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/rand_drbg.h b/ext/openssl1L/include/openssl/rand_drbg.h new file mode 100644 index 0000000..45b731b --- /dev/null +++ b/ext/openssl1L/include/openssl/rand_drbg.h @@ -0,0 +1,130 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 + + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/randerr.h b/ext/openssl1L/include/openssl/randerr.h new file mode 100644 index 0000000..79d5790 --- /dev/null +++ b/ext/openssl1L/include/openssl/randerr.h @@ -0,0 +1,94 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RANDERR_H +# define HEADER_RANDERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# define RAND_F_DATA_COLLECT_METHOD 127 +# define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_GET_ENTROPY 105 +# define RAND_F_DRBG_SETUP 117 +# define RAND_F_GET_ENTROPY 106 +# define RAND_F_RAND_BYTES 100 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 +# define RAND_F_RAND_DRBG_GENERATE 107 +# define RAND_F_RAND_DRBG_GET_ENTROPY 120 +# define RAND_F_RAND_DRBG_GET_NONCE 123 +# define RAND_F_RAND_DRBG_INSTANTIATE 108 +# define RAND_F_RAND_DRBG_NEW 109 +# define RAND_F_RAND_DRBG_RESEED 110 +# define RAND_F_RAND_DRBG_RESTART 102 +# define RAND_F_RAND_DRBG_SET 104 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 121 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 118 +# define RAND_F_RAND_LOAD_FILE 111 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 +# define RAND_F_RAND_POOL_ADD 103 +# define RAND_F_RAND_POOL_ADD_BEGIN 113 +# define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 +# define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_GROW 125 +# define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_PSEUDO_BYTES 126 +# define RAND_F_RAND_WRITE_FILE 112 + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/ext/openssl1L/include/openssl/rc2.h b/ext/openssl1L/include/openssl/rc2.h new file mode 100644 index 0000000..585f9e4 --- /dev/null +++ b/ext/openssl1L/include/openssl/rc2.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC2_H +# define HEADER_RC2_H + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; + +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC2_KEY *key, int enc); +void RC2_encrypt(unsigned long *data, RC2_KEY *key); +void RC2_decrypt(unsigned long *data, RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/rc4.h b/ext/openssl1L/include/openssl/rc4.h new file mode 100644 index 0000000..86803b3 --- /dev/null +++ b/ext/openssl1L/include/openssl/rc4.h @@ -0,0 +1,36 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC4_H +# define HEADER_RC4_H + +# include + +# ifndef OPENSSL_NO_RC4 +# include +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; + +const char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/rc5.h b/ext/openssl1L/include/openssl/rc5.h new file mode 100644 index 0000000..793f88e --- /dev/null +++ b/ext/openssl1L/include/openssl/rc5.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC5_H +# define HEADER_RC5_H + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *key, int enc); +void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int enc); +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/ripemd.h b/ext/openssl1L/include/openssl/ripemd.h new file mode 100644 index 0000000..c42026a --- /dev/null +++ b/ext/openssl1L/include/openssl/ripemd.h @@ -0,0 +1,47 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RIPEMD_H +# define HEADER_RIPEMD_H + +# include + +#ifndef OPENSSL_NO_RMD160 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +# define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; + +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + + +#endif diff --git a/ext/openssl1L/include/openssl/rsa.h b/ext/openssl1L/include/openssl/rsa.h new file mode 100644 index 0000000..5e76365 --- /dev/null +++ b/ext/openssl1L/include/openssl/rsa.h @@ -0,0 +1,513 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSA_H +# define HEADER_RSA_H + +# include + +# ifndef OPENSSL_NO_RSA +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 + +# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private + * match */ + +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) + +# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); +int RSA_size(const RSA *rsa); +int RSA_security_bits(const RSA *rsa); + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); +int RSA_get_version(RSA *r); +ENGINE *RSA_get0_engine(const RSA *r); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +/* Multi-prime version */ +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); + +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, + BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, + const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, + BN_GENCB *cb); + +int RSA_check_key(const RSA *); +int RSA_check_key_ex(const RSA *, BN_GENCB *cb); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* these are the actual RSA functions */ +const RSA_METHOD *RSA_PKCS1_OpenSSL(void); + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +}; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_STDIO +int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif + +int RSA_print(BIO *bp, const RSA *r, int offset); + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +int RSA_set_ex_data(RSA *r, int idx, void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + +RSA_METHOD *RSA_meth_new(const char *name, int flags); +void RSA_meth_free(RSA_METHOD *meth); +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +const char *RSA_meth_get0_name(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +int RSA_meth_get_flags(const RSA_METHOD *meth); +int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); +int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); +int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); +int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)); +int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); +int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/rsaerr.h b/ext/openssl1L/include/openssl/rsaerr.h new file mode 100644 index 0000000..59b15e1 --- /dev/null +++ b/ext/openssl1L/include/openssl/rsaerr.h @@ -0,0 +1,167 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSAERR_H +# define HEADER_RSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_INT_RSA_VERIFY 145 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_PSS_INIT 165 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 156 +# define RSA_F_RSA_BUILTIN_KEYGEN 129 +# define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CHECK_KEY_EX 160 +# define RSA_F_RSA_CMS_DECRYPT 159 +# define RSA_F_RSA_CMS_VERIFY 158 +# define RSA_F_RSA_ITEM_VERIFY 148 +# define RSA_F_RSA_METH_DUP 161 +# define RSA_F_RSA_METH_NEW 162 +# define RSA_F_RSA_METH_SET1_NAME 163 +# define RSA_F_RSA_MGF1_TO_MD 157 +# define RSA_F_RSA_MULTIP_INFO_NEW 166 +# define RSA_F_RSA_NEW_METHOD 106 +# define RSA_F_RSA_NULL 124 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_PADDING_ADD_NONE 107 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +# define RSA_F_RSA_PADDING_ADD_SSLV23 110 +# define RSA_F_RSA_PADDING_ADD_X931 127 +# define RSA_F_RSA_PADDING_CHECK_NONE 111 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +# define RSA_F_RSA_PADDING_CHECK_X931 128 +# define RSA_F_RSA_PARAM_DECODE 164 +# define RSA_F_RSA_PRINT 115 +# define RSA_F_RSA_PRINT_FP 116 +# define RSA_F_RSA_PRIV_DECODE 150 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_GET_PARAM 151 +# define RSA_F_RSA_PSS_TO_CTX 155 +# define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_SETUP_BLINDING 136 +# define RSA_F_RSA_SIGN 117 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +# define RSA_F_RSA_VERIFY 119 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 +# define RSA_F_SETUP_TBUF 167 + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/ext/openssl1L/include/openssl/safestack.h b/ext/openssl1L/include/openssl/safestack.h new file mode 100644 index 0000000..38b5578 --- /dev/null +++ b/ext/openssl1L/include/openssl/safestack.h @@ -0,0 +1,207 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SAFESTACK_H +# define HEADER_SAFESTACK_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/seed.h b/ext/openssl1L/include/openssl/seed.h new file mode 100644 index 0000000..de10b08 --- /dev/null +++ b/ext/openssl1L/include/openssl/seed.h @@ -0,0 +1,96 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEADER_SEED_H +# define HEADER_SEED_H + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + +# include + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; + +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/sha.h b/ext/openssl1L/include/openssl/sha.h new file mode 100644 index 0000000..6a1eb0d --- /dev/null +++ b/ext/openssl1L/include/openssl/sha.h @@ -0,0 +1,119 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SHA_H +# define HEADER_SHA_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/srp.h b/ext/openssl1L/include/openssl/srp.h new file mode 100644 index 0000000..aaf1355 --- /dev/null +++ b/ext/openssl1L/include/openssl/srp.h @@ -0,0 +1,135 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + +#ifndef HEADER_SRP_H +# define HEADER_SRP_H + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DEFINE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +DEFINE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; + +DEFINE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +void SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/srtp.h b/ext/openssl1L/include/openssl/srtp.h new file mode 100644 index 0000000..0b57c23 --- /dev/null +++ b/ext/openssl1L/include/openssl/srtp.h @@ -0,0 +1,50 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +# define HEADER_D1_SRTP_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/ssl.h b/ext/openssl1L/include/openssl/ssl.h new file mode 100644 index 0000000..9af0c89 --- /dev/null +++ b/ext/openssl1L/include/openssl/ssl.h @@ -0,0 +1,2448 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL_H +# define HEADER_SSL_H + +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* This is the default set of TLSv1.3 ciphersuites */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +#endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; + +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* + * Some values are reserved until OpenSSL 1.2.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + * + * Reserved value (until OpenSSL 1.2.0) 0x00000001U + * Reserved value (until OpenSSL 1.2.0) 0x00000002U + */ +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ +# define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 1.2.0) 0x00000080U + * Reserved value (until OpenSSL 1.2.0) 0x00000100U + * Reserved value (until OpenSSL 1.2.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000U +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000U +# ifndef OPENSSL_NO_DTLS1_METHOD +/* Use Cisco's "speshul" version of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +# endif + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000U +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U + +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U + +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. + * This used to be 0x80000BFFU before 1.1.1. + */ +# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ + SSL_OP_LEGACY_SERVER_CONNECT|\ + SSL_OP_TLSEXT_PADDING|\ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + +/* OBSOLETE OPTIONS: retained for compatibility */ + +/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ +/* Related to removed SSLv2. */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ +/* Related to removed SSLv2. */ +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ +/* Dead forever, see CVE-2010-4180 */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ +/* Refers to ancient SSLREF and SSLv2. */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ +/* Ancient SSLeay version. */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ +# define SSL_OP_TLS_D5_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ +# define SSL_OP_SINGLE_DH_USE 0x0 +/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ +# define SSL_OP_NO_SSLv2 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ +# define SSL_OP_PKCS1_CHECK_2 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U + +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL *s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) +# endif + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP + +/* see tls_srp.c */ +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); + +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 +# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +#define SSL_get0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +#define SSL_get0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# if OPENSSL_API_COMPAT < 0x10100000L +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef HEADER_X509_H +__owur X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned const char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); + +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL3_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +/* NB: the |keylength| is only applicable when is_export is true */ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +extern const char SSL_version_str[]; + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/ssl2.h b/ext/openssl1L/include/openssl/ssl2.h new file mode 100644 index 0000000..5321bd2 --- /dev/null +++ b/ext/openssl1L/include/openssl/ssl2.h @@ -0,0 +1,24 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL2_H +# define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/ssl3.h b/ext/openssl1L/include/openssl/ssl3.h new file mode 100644 index 0000000..07effba --- /dev/null +++ b/ext/openssl1L/include/openssl/ssl3.h @@ -0,0 +1,342 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL3_H +# define HEADER_SSL3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 +# define DTLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/sslerr.h b/ext/openssl1L/include/openssl/sslerr.h new file mode 100644 index 0000000..701d61c --- /dev/null +++ b/ext/openssl1L/include/openssl/sslerr.h @@ -0,0 +1,776 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSLERR_H +# define HEADER_SSLERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 438 +# define SSL_F_ADD_KEY_SHARE 512 +# define SSL_F_BYTES_TO_CIPHER_LIST 519 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CIPHERSUITE_CB 622 +# define SSL_F_CONSTRUCT_CA_NAMES 552 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 +# define SSL_F_CREATE_TICKET_PREQUEL 638 +# define SSL_F_CT_MOVE_SCTS 345 +# define SSL_F_CT_STRICT 349 +# define SSL_F_CUSTOM_EXT_ADD 554 +# define SSL_F_CUSTOM_EXT_PARSE 555 +# define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DANE_CTX_ENABLE 347 +# define SSL_F_DANE_MTYPE_SET 393 +# define SSL_F_DANE_TLSA_ADD 394 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514 +# define SSL_F_DO_DTLS1_WRITE 245 +# define SSL_F_DO_SSL3_WRITE 104 +# define SSL_F_DTLS1_BUFFER_RECORD 247 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 +# define SSL_F_DTLS1_HEARTBEAT 305 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 +# define SSL_F_DTLS1_PROCESS_RECORD 257 +# define SSL_F_DTLS1_READ_BYTES 258 +# define SSL_F_DTLS1_READ_FAILED 339 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_DTLS1_WRITE_BYTES 545 +# define SSL_F_DTLSV1_LISTEN 350 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_RECORD_LAYER_NEW 635 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 +# define SSL_F_EARLY_DATA_COUNT_OK 532 +# define SSL_F_FINAL_EARLY_DATA 556 +# define SSL_F_FINAL_EC_PT_FORMATS 485 +# define SSL_F_FINAL_EMS 486 +# define SSL_F_FINAL_KEY_SHARE 503 +# define SSL_F_FINAL_MAXFRAGMENTLEN 557 +# define SSL_F_FINAL_PSK 639 +# define SSL_F_FINAL_RENEGOTIATE 483 +# define SSL_F_FINAL_SERVER_NAME 558 +# define SSL_F_FINAL_SIG_ALGS 497 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 +# define SSL_F_NSS_KEYLOG_INT 500 +# define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 598 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 593 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 594 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 599 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 437 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 600 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 640 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 +# define SSL_F_PARSE_CA_NAMES 541 +# define SSL_F_PITEM_NEW 624 +# define SSL_F_PQUEUE_NEW 625 +# define SSL_F_PROCESS_KEY_SHARE_EXT 439 +# define SSL_F_READ_STATE_MACHINE 352 +# define SSL_F_SET_CLIENT_CIPHERSUITE 540 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 596 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +# define SSL_F_SSL3_CTRL 213 +# define SSL_F_SSL3_CTX_CTRL 133 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +# define SSL_F_SSL3_ENC 608 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 +# define SSL_F_SSL3_FINISH_MAC 587 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 +# define SSL_F_SSL3_GET_RECORD 143 +# define SSL_F_SSL3_INIT_FINISHED_MAC 397 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +# define SSL_F_SSL3_READ_BYTES 148 +# define SSL_F_SSL3_READ_N 149 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_WRITE_BYTES 158 +# define SSL_F_SSL3_WRITE_PENDING 159 +# define SSL_F_SSL_ADD_CERT_CHAIN 316 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +# define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CACHE_CIPHERLIST 520 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 +# define SSL_F_SSL_CERT_DUP 221 +# define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CERT_SET0_CHAIN 340 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 +# define SSL_F_SSL_CIPHER_DESCRIPTION 626 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +# define SSL_F_SSL_CLEAR 164 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 +# define SSL_F_SSL_CREATE_CIPHER_LIST 166 +# define SSL_F_SSL_CTRL 232 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_ENABLE_CT 398 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 +# define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 551 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 543 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DANE_DUP 403 +# define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DERIVE 590 +# define SSL_F_SSL_DO_CONFIG 391 +# define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_DUP_CA_LIST 408 +# define SSL_F_SSL_ENABLE_CT 402 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 +# define SSL_F_SSL_GENERATE_SESSION_ID 547 +# define SSL_F_SSL_GET_NEW_SESSION 181 +# define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 +# define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_HANDSHAKE_HASH 560 +# define SSL_F_SSL_INIT_WBIO_BUFFER 184 +# define SSL_F_SSL_KEY_UPDATE 515 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_LOG_MASTER_SECRET 498 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 +# define SSL_F_SSL_MODULE_INIT 392 +# define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +# define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 432 +# define SSL_F_SSL_PEEK_INTERNAL 522 +# define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EARLY_DATA 529 +# define SSL_F_SSL_READ_EX 434 +# define SSL_F_SSL_READ_INTERNAL 523 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 +# define SSL_F_SSL_SESSION_NEW 189 +# define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID 423 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +# define SSL_F_SSL_SET_ALPN_PROTOS 344 +# define SSL_F_SSL_SET_CERT 191 +# define SSL_F_SSL_SET_CERT_AND_KEY 621 +# define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 +# define SSL_F_SSL_SET_FD 192 +# define SSL_F_SSL_SET_PKEY 193 +# define SSL_F_SSL_SET_RFD 194 +# define SSL_F_SSL_SET_SESSION 195 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 +# define SSL_F_SSL_SET_WFD 196 +# define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_START_ASYNC_JOB 389 +# define SSL_F_SSL_UNDEFINED_FUNCTION 197 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +# define SSL_F_SSL_USE_CERTIFICATE 198 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +# define SSL_F_SSL_USE_PRIVATEKEY 201 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VALIDATE_CT 400 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 616 +# define SSL_F_SSL_WRITE 208 +# define SSL_F_SSL_WRITE_EARLY_DATA 526 +# define SSL_F_SSL_WRITE_EARLY_FINISH 527 +# define SSL_F_SSL_WRITE_EX 433 +# define SSL_F_SSL_WRITE_INTERNAL 524 +# define SSL_F_STATE_MACHINE 353 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS12_COPY_SIGALGS 533 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_ENC 609 +# define SSL_F_TLS13_FINAL_FINISH_MAC 605 +# define SSL_F_TLS13_GENERATE_SECRET 591 +# define SSL_F_TLS13_HKDF_EXPAND 561 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 617 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 618 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 +# define SSL_F_TLS1_ENC 401 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_PRF 284 +# define SSL_F_TLS1_SAVE_U16 628 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_GROUPS 629 +# define SSL_F_TLS1_SET_RAW_SIGALGS 630 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 631 +# define SSL_F_TLS1_SET_SIGALGS 632 +# define SSL_F_TLS_CHOOSE_SIGALG 513 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +# define SSL_F_TLS_COLLECT_EXTENSIONS 435 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 542 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 549 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 536 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447 +# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 517 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 525 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 544 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 611 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 +# define SSL_F_TLS_FINISH_HANDSHAKE 597 +# define SSL_F_TLS_GET_MESSAGE_BODY 351 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_HANDLE_ALPN 562 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 +# define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 +# define SSL_F_TLS_PARSE_CTOS_EMS 570 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 +# define SSL_F_TLS_PARSE_CTOS_PSK 505 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 615 +# define SSL_F_TLS_PARSE_CTOS_SRP 576 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 +# define SSL_F_TLS_PARSE_STOC_ALPN 579 +# define SSL_F_TLS_PARSE_STOC_COOKIE 534 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 +# define SSL_F_TLS_PARSE_STOC_NPN 582 +# define SSL_F_TLS_PARSE_STOC_PSK 502 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 +# define SSL_F_TLS_PARSE_STOC_SCT 564 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 612 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 610 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +# define SSL_F_TLS_PROCESS_CKE_DHE 411 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 +# define SSL_F_TLS_PROCESS_CKE_GOST 413 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 +# define SSL_F_TLS_PROCESS_CKE_RSA 415 +# define SSL_F_TLS_PROCESS_CKE_SRP 416 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 537 +# define SSL_F_TLS_PROCESS_FINISHED 364 +# define SSL_F_TLS_PROCESS_HELLO_REQ 507 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 511 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 518 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_TLS_PROCESS_SKE_DHE 419 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +# define SSL_F_TLS_PROCESS_SKE_SRP 422 +# define SSL_F_TLS_PSK_DO_BINDER 506 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 +# define SSL_F_TLS_SETUP_HANDSHAKE 508 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_WPACKET_INTERN_INIT_LEN 633 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 +# define SSL_F_WRITE_STATE_MACHINE 586 + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OCSP_CALLBACK_FAILURE 294 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/ext/openssl1L/include/openssl/stack.h b/ext/openssl1L/include/openssl/stack.h new file mode 100644 index 0000000..cfc0750 --- /dev/null +++ b/ext/openssl1L/include/openssl/stack.h @@ -0,0 +1,83 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_STACK_H +# define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/store.h b/ext/openssl1L/include/openssl/store.h new file mode 100644 index 0000000..a40a733 --- /dev/null +++ b/ext/openssl1L/include/openssl/store.h @@ -0,0 +1,266 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STORE_H +# define HEADER_OSSL_STORE_H + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/storeerr.h b/ext/openssl1L/include/openssl/storeerr.h new file mode 100644 index 0000000..190eab0 --- /dev/null +++ b/ext/openssl1L/include/openssl/storeerr.h @@ -0,0 +1,91 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STOREERR_H +# define HEADER_OSSL_STOREERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# define OSSL_STORE_F_FILE_CTRL 129 +# define OSSL_STORE_F_FILE_FIND 138 +# define OSSL_STORE_F_FILE_GET_PASS 118 +# define OSSL_STORE_F_FILE_LOAD 119 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 124 +# define OSSL_STORE_F_FILE_NAME_TO_URI 126 +# define OSSL_STORE_F_FILE_OPEN 120 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 127 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 130 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 128 +# define OSSL_STORE_F_OSSL_STORE_FIND 131 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 100 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 101 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 102 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 103 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 104 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 105 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 106 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 107 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 123 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 109 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 110 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 111 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 112 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 113 +# define OSSL_STORE_F_OSSL_STORE_OPEN 114 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 115 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 117 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 132 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 133 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 137 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 116 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 121 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 122 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 125 + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/ext/openssl1L/include/openssl/symhacks.h b/ext/openssl1L/include/openssl/symhacks.h new file mode 100644 index 0000000..156ea6e --- /dev/null +++ b/ext/openssl1L/include/openssl/symhacks.h @@ -0,0 +1,37 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SYMHACKS_H +# define HEADER_SYMHACKS_H + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/ext/openssl1L/include/openssl/tls1.h b/ext/openssl1L/include/openssl/tls1.h new file mode 100644 index 0000000..76d9fda --- /dev/null +++ b/ext/openssl1L/include/openssl/tls1.h @@ -0,0 +1,1237 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TLS1_H +# define HEADER_TLS1_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +# define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_DTLSEXT_HB_ENABLED 0x01 +# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# define SSL_get_dtlsext_heartbeat_pending(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ + SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ + SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ + SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +# define SSL_TLSEXT_HB_ENABLED \ + SSL_DTLSEXT_HB_ENABLED +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ + SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ + SSL_DTLSEXT_HB_DONT_RECV_REQUESTS +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_get_dtlsext_heartbeat_pending(ssl) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_set_dtlsext_heartbeat_no_requests(ssl,arg) +# endif +# endif + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/ts.h b/ext/openssl1L/include/openssl/ts.h new file mode 100644 index 0000000..3b58aa5 --- /dev/null +++ b/ext/openssl1L/include/openssl/ts.h @@ -0,0 +1,559 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TS_H +# define HEADER_TS_H + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +DEFINE_STACK_OF(ESS_CERT_ID) + +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + +typedef struct TS_resp_st TS_RESP; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, + long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, + const unsigned char **pp, long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, + long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF_CONST(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/ext/openssl1L/include/openssl/tserr.h b/ext/openssl1L/include/openssl/tserr.h new file mode 100644 index 0000000..07f2333 --- /dev/null +++ b/ext/openssl1L/include/openssl/tserr.h @@ -0,0 +1,132 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TSERR_H +# define HEADER_TSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_ADD_SIGNING_CERT_V2 147 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_CERT_ID_V2_NEW_INIT 156 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 157 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/ext/openssl1L/include/openssl/txt_db.h b/ext/openssl1L/include/openssl/txt_db.h new file mode 100644 index 0000000..ec981a4 --- /dev/null +++ b/ext/openssl1L/include/openssl/txt_db.h @@ -0,0 +1,57 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TXT_DB_H +# define HEADER_TXT_DB_H + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ext/openssl1L/include/openssl/ui.h b/ext/openssl1L/include/openssl/ui.h new file mode 100644 index 0000000..7c721ec --- /dev/null +++ b/ext/openssl1L/include/openssl/ui.h @@ -0,0 +1,368 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UI_H +# define HEADER_UI_H + +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# if OPENSSL_API_COMPAT < 0x10200000L +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DEFINE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/uierr.h b/ext/openssl1L/include/openssl/uierr.h new file mode 100644 index 0000000..bd68864 --- /dev/null +++ b/ext/openssl1L/include/openssl/uierr.h @@ -0,0 +1,65 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UIERR_H +# define HEADER_UIERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# define UI_F_CLOSE_CONSOLE 115 +# define UI_F_ECHO_CONSOLE 116 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +# define UI_F_GENERAL_ALLOCATE_PROMPT 109 +# define UI_F_NOECHO_CONSOLE 117 +# define UI_F_OPEN_CONSOLE 114 +# define UI_F_UI_CONSTRUCT_PROMPT 121 +# define UI_F_UI_CREATE_METHOD 112 +# define UI_F_UI_CTRL 111 +# define UI_F_UI_DUP_ERROR_STRING 101 +# define UI_F_UI_DUP_INFO_STRING 102 +# define UI_F_UI_DUP_INPUT_BOOLEAN 110 +# define UI_F_UI_DUP_INPUT_STRING 103 +# define UI_F_UI_DUP_USER_DATA 118 +# define UI_F_UI_DUP_VERIFY_STRING 106 +# define UI_F_UI_GET0_RESULT 107 +# define UI_F_UI_GET_RESULT_LENGTH 119 +# define UI_F_UI_NEW_METHOD 104 +# define UI_F_UI_PROCESS 113 +# define UI_F_UI_SET_RESULT 105 +# define UI_F_UI_SET_RESULT_EX 120 + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/ext/openssl1L/include/openssl/whrlpool.h b/ext/openssl1L/include/openssl/whrlpool.h new file mode 100644 index 0000000..20ea350 --- /dev/null +++ b/ext/openssl1L/include/openssl/whrlpool.h @@ -0,0 +1,48 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_WHRLPOOL_H +# define HEADER_WHRLPOOL_H + +#include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; + +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); +int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/ext/openssl1L/include/openssl/x509.h b/ext/openssl1L/include/openssl/x509.h new file mode 100644 index 0000000..3ff86ec --- /dev/null +++ b/ext/openssl1L/include/openssl/x509.h @@ -0,0 +1,1050 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_H +# define HEADER_X509_H + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DEFINE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DEFINE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; + +DEFINE_STACK_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DEFINE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DEFINE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DEFINE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; + +DEFINE_STACK_OF(X509_INFO) + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); +# endif +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); +# endif +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +# ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a, unsigned char **pp); +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_trusted(const X509 *x); +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); + +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type); + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/x509_vfy.h b/ext/openssl1L/include/openssl/x509_vfy.h new file mode 100644 index 0000000..25c79f1 --- /dev/null +++ b/ext/openssl1L/include/openssl/x509_vfy.h @@ -0,0 +1,632 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_VFY_H +# define HEADER_X509_VFY_H + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef HEADER_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#if OPENSSL_API_COMPAT < 0x10100000L +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_VERIFY_PARAM) + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 +# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79 + +/* Certificate verify flags */ + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); +int X509_STORE_up_ref(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +void X509_STORE_set_get_issuer(X509_STORE *ctx, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +void X509_STORE_set_check_revocation(X509_STORE *ctx, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +void X509_STORE_set_check_crl(X509_STORE *ctx, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +void X509_STORE_set_cert_crl(X509_STORE *ctx, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +void X509_STORE_set_lookup_certs(X509_STORE *ctx, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +void X509_STORE_set_lookup_crls(X509_STORE *ctx, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +void X509_STORE_set_cleanup(X509_STORE *ctx, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/ext/openssl1L/include/openssl/x509err.h b/ext/openssl1L/include/openssl/x509err.h new file mode 100644 index 0000000..cd08673 --- /dev/null +++ b/ext/openssl1L/include/openssl/x509err.h @@ -0,0 +1,129 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509ERR_H +# define HEADER_X509ERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# define X509_F_ADD_CERT_DIR 100 +# define X509_F_BUILD_CHAIN 106 +# define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 149 +# define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 +# define X509_F_DIR_CTRL 102 +# define X509_F_GET_CERT_BY_SUBJECT 103 +# define X509_F_I2D_X509_AUX 151 +# define X509_F_LOOKUP_CERTS_SK 152 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +# define X509_F_NEW_DIR 153 +# define X509_F_X509AT_ADD1_ATTR 135 +# define X509_F_X509V3_ADD_EXT 104 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +# define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 +# define X509_F_X509_CRL_METHOD_NEW 154 +# define X509_F_X509_CRL_PRINT_FP 147 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +# define X509_F_X509_LOAD_CERT_CRL_FILE 132 +# define X509_F_X509_LOAD_CERT_FILE 111 +# define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 +# define X509_F_X509_LOOKUP_NEW 155 +# define X509_F_X509_NAME_ADD_ENTRY 113 +# define X509_F_X509_NAME_CANON 156 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +# define X509_F_X509_NAME_ONELINE 116 +# define X509_F_X509_NAME_PRINT 117 +# define X509_F_X509_OBJECT_NEW 150 +# define X509_F_X509_PRINT_EX_FP 118 +# define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET 161 +# define X509_F_X509_PUBKEY_GET0 119 +# define X509_F_X509_PUBKEY_SET 120 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +# define X509_F_X509_REQ_PRINT_EX 121 +# define X509_F_X509_REQ_PRINT_FP 122 +# define X509_F_X509_REQ_TO_X509 123 +# define X509_F_X509_STORE_ADD_CERT 124 +# define X509_F_X509_STORE_ADD_CRL 125 +# define X509_F_X509_STORE_ADD_LOOKUP 157 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +# define X509_F_X509_STORE_CTX_INIT 143 +# define X509_F_X509_STORE_CTX_NEW 142 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +# define X509_F_X509_STORE_NEW 158 +# define X509_F_X509_TO_X509_REQ 126 +# define X509_F_X509_TRUST_ADD 133 +# define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY_CERT 127 +# define X509_F_X509_VERIFY_PARAM_NEW 159 + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/ext/openssl1L/include/openssl/x509v3.h b/ext/openssl1L/include/openssl/x509v3.h new file mode 100644 index 0000000..3a4f04c --- /dev/null +++ b/ext/openssl1L/include/openssl/x509v3.h @@ -0,0 +1,938 @@ +/* + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3_H +# define HEADER_X509V3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DEFINE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_STRING *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) + +DEFINE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DEFINE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DEFINE_STACK_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DEFINE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DEFINE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DEFINE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DEFINE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +# define EXFLAG_NO_FINGERPRINT 0x100000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DEFINE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DEFINE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DEFINE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DEFINE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DEFINE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +DEFINE_STACK_OF(ASN1_STRING) + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/ext/openssl1L/include/openssl/x509v3err.h b/ext/openssl1L/include/openssl/x509v3err.h new file mode 100644 index 0000000..3b9f713 --- /dev/null +++ b/ext/openssl1L/include/openssl/x509v3err.h @@ -0,0 +1,164 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3ERR_H +# define HEADER_X509V3ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 +# define X509V3_F_COPY_EMAIL 122 +# define X509V3_F_COPY_ISSUER 123 +# define X509V3_F_DO_DIRNAME 144 +# define X509V3_F_DO_EXT_I2D 135 +# define X509V3_F_DO_EXT_NCONF 151 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 +# define X509V3_F_I2S_ASN1_ENUMERATED 121 +# define X509V3_F_I2S_ASN1_IA5STRING 149 +# define X509V3_F_I2S_ASN1_INTEGER 120 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_I2V_AUTHORITY_KEYID 173 +# define X509V3_F_LEVEL_ADD_NODE 168 +# define X509V3_F_NOTICE_SECTION 132 +# define X509V3_F_NREF_NOS 133 +# define X509V3_F_POLICY_CACHE_CREATE 169 +# define X509V3_F_POLICY_CACHE_NEW 170 +# define X509V3_F_POLICY_DATA_NEW 171 +# define X509V3_F_POLICY_SECTION 131 +# define X509V3_F_PROCESS_PCI_VALUE 150 +# define X509V3_F_R2I_CERTPOL 130 +# define X509V3_F_R2I_PCI 155 +# define X509V3_F_S2I_ASN1_IA5STRING 100 +# define X509V3_F_S2I_ASN1_INTEGER 108 +# define X509V3_F_S2I_ASN1_OCTET_STRING 112 +# define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 +# define X509V3_F_SXNET_ADD_ID_ASC 125 +# define X509V3_F_SXNET_ADD_ID_INTEGER 126 +# define X509V3_F_SXNET_ADD_ID_ULONG 127 +# define X509V3_F_SXNET_GET_ID_ASC 128 +# define X509V3_F_SXNET_GET_ID_ULONG 129 +# define X509V3_F_TREE_INIT 172 +# define X509V3_F_V2I_ASIDENTIFIERS 163 +# define X509V3_F_V2I_ASN1_BIT_STRING 101 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +# define X509V3_F_V2I_AUTHORITY_KEYID 119 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +# define X509V3_F_V2I_CRLD 134 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +# define X509V3_F_V2I_GENERAL_NAMES 118 +# define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 +# define X509V3_F_V2I_IPADDRBLOCKS 159 +# define X509V3_F_V2I_ISSUER_ALT 153 +# define X509V3_F_V2I_NAME_CONSTRAINTS 147 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +# define X509V3_F_V2I_POLICY_MAPPINGS 145 +# define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V2I_TLS_FEATURE 165 +# define X509V3_F_V3_GENERIC_EXTENSION 116 +# define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_LEN_VALUE 174 +# define X509V3_F_X509V3_ADD_VALUE 105 +# define X509V3_F_X509V3_EXT_ADD 104 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +# define X509V3_F_X509V3_EXT_I2D 136 +# define X509V3_F_X509V3_EXT_NCONF 152 +# define X509V3_F_X509V3_GET_SECTION 142 +# define X509V3_F_X509V3_GET_STRING 143 +# define X509V3_F_X509V3_GET_VALUE_BOOL 110 +# define X509V3_F_X509V3_PARSE_LIST 109 +# define X509V3_F_X509_PURPOSE_ADD 137 +# define X509V3_F_X509_PURPOSE_SET 141 + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/ext/openssl1L/lib/libcrypto.a b/ext/openssl1L/lib/libcrypto.a new file mode 100644 index 0000000000000000000000000000000000000000..347793982a8d0a705971a18d99f1f52d4e6c0bb5 GIT binary patch literal 5631964 zcmeFa4UnBzc_w&*4VH}n+t?t35{&VHAqIE1BwNM;yVc#28cE$vcgx5?_Hz5)+v`Vk@7f3LrObZpOUdv7J-eOEYl&7JPM{_Tg|cYXEd%^JD5(fYbfxBkl#iw#!}eg4Jj5PV9G=l&*WfyCk@uIq5E`bH8}0 zyQFmg?1;OB?)Pq1_phFGm(;m0J>f2~?yEPsOD?jz^bJotag!f%m!8kP|3-IdaQEKj zE)DMcKjkhB?x#+=OH22qWA4&n?yo=LF1<+Zg@5lOuGWq1axWa_-u_b`HM zd*Sope)t*p!he2EbT9g@9ZuZngYHEa+a3F~dr@%bo^UU!bH6|5Ui6jEx)(k3IdPX= zvfEYM>%QnN+qbH2>MnQL+|JxJce%@~yZ32#8Ql*#ciD%ZaF_k$Q`@_r+jN(e?%~JX zWy9QO+wQVw>;B(QxXXsP9hZFFo!7nMNw*`o*M8jXpc}p3?RfiFlKZho-HzaX*XbC(ZuPaScWUx<6=v+nZ3U9n@g%iOh(xGSEmd)r;^iX%I> zcXxlnUD3Ev-SSiJir{_#;r-~>+!g=R&Cief-S@dGhPf|a>aH;E#czAqJuCN~FSr-i zxicf~#UFp#z4+Iid-4BqqkHiakGmKD>Co6S-A^1lzkBqE z+iBgOKj?OP_mUev;WBr}0r!&NzVC7OlJ&1A_t72hCI7?6a`#K0b}tF;@!jqv!F}~1 z_mcl`%)R9Q``QJ$m%ic=m$@6~+)KX^ch_g!OSg0HKIvXs=T1N2UK-pM!v03xKl-?P zDcys++)IC>J=DEy=O^6DZa9|Qk&n8UT`c$E$K1=db3gNdd)d$L{JZ7;pE>ukXY2mv z3HP!KbXQ*gs1x_S54tP2bBmvIS6-<5$a~$D*8SG??#k`lA02R4ZsV@nIpT)8*Y0#z z)j5n0ud;69Qg_w&0lN^l*>+cz?nlnKtAhLK1MaF}?l+!vR}FJdKH;u{yZVw{?&_V7 zxvO8dG2Asi<*r`&TD|*$_qwa=+$W!OR|ogMe8FA)YtCK$ncd0#_UGKyzxTAe`d@v> zUHu1($^H4G?&|+^>3QAD-|}Ji@~yABm;d1P?&bgJ3+H#gbk4o}Id<3VT67oP?QOej zf*b#^yT-cryw_cGvE0u*?5_FW4_vtWlXLExXW_1OyWIu5*L}!c`+U2lRd;Q0_dn&X zeXiV-NQaByUa@C~6Zh8lx>rn|+}_Q8*1ckwJN1lv1>GkX-79|m%ID90`Rnc#|IU5W z?v*b;;G)}o(!J8U(T}-T-uY1OX76{eqfO5^cCUJ_-I<;4RTta+*e>@fx?jD~z3MmTlKZ{A?p1VOe8|1}+NZy9ck7CK_1oL- z)iX~e_d{QCum16k=idFo7u>6#FNgWutAl%L((T@HW$vzBbi3(Z^=Y^Jbq~4S2cLGk z-{rnB_oJV2y9@W-|MaAb?pJrZ@BRkd_uMk##QoSY_dOTteqo3Ep7Xiiz1e-wg}6VS zbKm3LYc4zBo;UaI9qu*O{nk$Rnr~ru{rEHP`k4o-?yC>G>*@aLX7}3t4}5F7!DrlS zFP8g<``v55x28DyWH#lw%y;Xy4P>x z-tg{o?t{hN=vn})f6|Dd~RJNF+Sb~g=iZ+zin zZm7HJN%zL{x!1ney>Xa(^M~9Uhq>E7?%w#V*~hd=iW5^ zG54naL+(wFJ?P%_Y6*<&Ci$n!(HxX z>;3{^Uu5^@*FWSk_qNZvH`ASdwBG#$XwTOD&Mx<6>%RO!_vU~1z=b))_suo#E!R3H z?lm8AZ@FVNckg`My`^+(pK)*bz(=3G`>EaTE&uZ~&#n9Ns=MXN9aZ2CR*&kT2eG~#ZlbN}fH zcT0^MdHFMLR!9ojcw=N`-~g=!JTgGBcFC-pM1iN{qEQ5-M@L-jXhiU z%t<#^xII^V%l0Rue&|xb9Y1TJ)0NiJ_+4)zm9O| ze(!KoT^g~YEHBY#`+qql6=JsBwd;bBqcRTkFA9i~$#C`fPxA)OcL~M%`04y1jINcD>t+`R(5S`1l38eJ}aCi|)Fo+`jGH_!r#1i{SR(_K@3u@Md+# zcDeo5ojTz5f5%-|8vM%RZvVw}|N3dSA7jUFCwKd`_q%89_J6|NUgu`N;%+b9eIxGn zXX_p~=57z}GhcMK4|89-)ZPAHp?m9VceuB{^~U7xdCI-@n{mIf*S+<(q4Q$6uYAzG z^*rv57p}PIUbffWVco8;xjU@8;W2l|c5dT(cgJ?_A1t~%o(uO2SGqgS=YH*ecL&{X zy|3!Nbimya+@I}ocRaH@x&tr%usd+m$Lrl8=MKDQ(j90%sc!AF?!Y(We&l+0U_1BI zA9M$P@r&-jFMr|huKVjp-GLhSwks}m-;mqd;of#J-9wA+ZPxwDmF{iB++Quax4&$z z>gFch+pT-gh+ZbquD^Y^vfJHR=l(m`7TnK&#@!j* zr$6fM{O6PI&fj~VyA$iicmBb{?#@3wmfU}S#@$)CyLPwTU9bB@?*8#L?yigFe)B`_ zF1p|U%!Ro>UU7H*s9y5z^(f) zPq=a84qmn5#Qis)atG;F9?jj40HgcpnknZyv(M|09l$&_@ zNjGub2i?SLKI|s`9{hA;pKueue9TS0;G~c)4uL+|)V)&0PTI~3f5H@ia@ z;vWC7JG6~EeA%V$IdyN?aEF8YZ=ZID|H+5ced>Ta{O#zTa_;a&az`%zm^*Uq&EL4Y z`5JfRJ8pOy{NR=D$i;NO`Jg-UrMs%`&v&{bU;o;3>ZY%~(M5OLE;s#LxS!hTroUa> zKRf59gZs}LlW1qj&9ed)+=g<9@``xkU$Q{4tQFp;^ z&u({o>2u$>!#TX;{}s8JTR-Z)Wn6E!n|UtW55LdNTrBtCqMHd0d;c@mefkME^IIps z1Lk~_s&P$?D<@C&dq+K?!W(vo4r`>Gf0yQb&pTF*^A-+>O*e! zn{ab4+v%da;d5?|?#+*#-|au*=ElEL@8+*}b99?u{o8ea{eYYMHg)fO>(|{o7k5?N z``YfE+qqAkbMJh<-Cy7D-dW@3U+i4wZfLvti{P*zFdrd)E%P_E zp>eu%pC}^M?ug=u*?>Gvcss47ATR#zsZQo!>NZNKx3Ssntq+8~SGD{ zW@oV8ZLDprZg#V%mw2#FaVFAWr8!EYTn3HpyVZape#(;TuyOP%T5GrN4e@L&t@c`{ z2SK}#Lh|LL&HkRTdZ}}pgFx_lh~#GUOj4^EL~dd!#usKr8waNs8w-o`(=&%D&Kv{^&m`R^5JR!akM*?}0SeEIT#i_$n^Nkq$ z0JPRNQigjl<#qs=8)DvxfQTS3vIMzLDD-GvlbpBHQSktAS$OvcZs5B2j=PGb}x^cnF6o zn1`O1<*VIUZlYgptThLxGa`%SP+}?BXbxJLv?d%YMH%4IeT|vv$qZKJX1iU3wpKgM zbu@@E-`U(LpEP`E+hZ9lNU=N#qm(9TR!v)){LB5`T5MfKAhwI*i^W2GrnwE&tRNI% zgZXQWMrMSDTsYw`+Iqv>?k+DIuPIz=%GyRlV`P}td;K-(I1JY6t!*^>z928&GdIPS z$J6OcG4#GsLyUDr1UH(k)8M~%3nKxmaBDrMNb+uNwoHmkaX7I!p|(qJn?WpDwn_!o zm>U6z<^}*JW(g5+O)wUIM!4nV*9NT8=$+~GyUV_9lRD~wsk`SIb4RD{LD9xwfVH93 z+d?~8!AA;cxx3!3ff%a-Mu{(l5zYvjgl}c^?O5b%rr#>cqOI zkXSVYt)Mm5N(B9IsfNtR45dnRkq|O$t_u4E971IYLQxzhEaa^v6`r4OtoAVSl$xQn z0dpp{+}ccRb{c2)6acztq(qPyOYQme;?!}d>zxjROaTy{GD}La$aU9|$QZ8sRv79A z$S&5<8Y<20Exo_f@>)=zD*jH-S21O53^0(@FjN1N`O_dHF^ps!?1|Gj!E>>QOO4Q! zYIN3?Iv9v@^dQOM*(yLB6?g`AHT|kwZ2COgYG?h_=1Qhoq11wU&NOcD08(wF(Qa-w zGwB3uHcySQnGmzlSPy&*&TAQ6sEklMPCB2qH8H}8_kt?Zj^c!X@%`k@vK;$sP_sC?h$fqR> z<8D70@_rTr6K(OvXfs`ArWO|_#?kFh%}mVSGslStdpjvV!)QZrsgT2HQtPq+tHB5o z6-cMcI-Mg`MH5r=7~xO7^8}(WmAEsw;m3zjS4JHsl!cy2X!F4M%pIJX8=oIP?!u1{ zRPZMP)df@)%pILr*w@%t>afiiL3ezr*LNAHW%=OLSPVpenNTVuAC6~?2{w1|=;Wcu z9DgTG5rUQRx8$nzi@spv>GtxNw08mMh_}%_lcJ#vOsfScVhxGPg3EltiVQ4R7_W?8 zB%%gA(B)7y=nSy9irGDbZc`H!>At^#ncdwD4(+CA4$X?a1s05=u7Xs{E(u@dO=j+I zY+(6JGTSQKi$fS&ghd%k+FDC-w`Ewu0Xo3tm_pM{1DGbsxASP?w&F-0w zrk`LMNb1-H#F%hn6{Aw+lg3>5q@*S<0vcwX7a}$dv(*Q$!Nmjh<50+P(r~H6S zFs5dSk#Bvi0+Y1{CU>jTuc{$`ErAm3nagk~P=}Krom(w`flDHq^0bg8iuh8Zh?mMK zrAZp0kU<4(Ocqv}+}zl(BO``Lr4eQ`BKc*Pa8$2FLe0Gp)|ly;0*P4+E%eKx&wH{k zY8j&DAdxFI{kZ5&{!Dd(HJ-_zN~po|Fj8Gt;pET4NN|NMMk4WOJ&K9LnY15oNIa51 z3nRfAM)Ie47%Y!RT!pg%6<`)xLDL`$FojzZ^1v5w9kszmZx&!gHK^!Kfg~tbKRv$B zs*m1GeMD7#^d|KQ%GLXg02@RGWx-?=4Jw0Da5DOFTJ}ki4CAwOMSki(-uG9w@ z_Bt}-0$3N9K&uysffnkEGJf~;!Zg-^Z6an+7H~$3Zl34XsQ}kx~B3d#<&5UN<*{y=CQXj zJAaSQnaSzQpY&!hbY*_YoD$2EBuu6nNLG!oMM5~z)?0#3v}I!fdoD&+JcXEH$ogGQ z;K?f54;`GHJvKEy6M@ANDE-l%pu%q=!7F1$4klVFy>5$Bu2rmCVZtQ@8DP~B+C8kA zh0S0rbYrd`l+hl1l7&<2Ot>!N_eui zAmJr1laoUlK^CSDYh>_)(p)&H5@HUJE2*O|rI+`uiE=xY8lOn(4wzYuPlSNBXJVi^ zN6LDOPiI`yb;?VYQuTDwERnx^{FtT+egu70LQEBMNve!5+%tpN4H~WH2Gc%x968=EU!NcEDcDoM7{Oki%QJY4XUtz|~YTb_%HU0eNr2P=Y9qQMY7 z+eA>h=}T!j7t|0tJ=4~@#ir8gKiPFblCw?v-ZhSMF=;xMK__2?zZ{|&Ni?k< zZLY3@QVCLGxYArd#ntsH*)N~BeZq%WvoSO4L7S8)P7nPA+_$_~+0T$7PQpd&Wb-29-01fCok_pW%*f!h5}7I!i{L3(MDxIuzmy3H!sS`u!7>~EY;Dp?Iw(!{@l1tgQkXJln$ zSxDyRnZdg8zx!S+0r3vXn?rl zM+wSKD^7&coQ4J6iTQ%kg0vW`%qQW%A;=oEzfMDbkb z#vkD&Zg%s>YIm@SMOOaw0sH)Ft@Z{TW5jX;%Zkj;WsvUR*t%s8|z!E z8mBh+PN64RU0vcPQ*0*578*(ZW;Z0F+yE3J;wpP=^e|HqmX?gH%pezqkC*$E)+=3;#_!R<-(Fx=XV4wjAisnek$S~SoB~7 zoIEjRk<1^B4QxU4up)&8IBSuOtpQ$90coR`YDd4b*}o4*MrVb>h%16f40@V>OtuQh zqZ)d;iyGIt>&YMFjUHw*HfVeqL|(U6nqAe&p{_8h<|xa>aBlKa7mcz0^(`!7_a%9S z?)^+y)*lvr2{FhJ@YUTdY4W4~opBf~;edetWQF0zcx(t6D5?R{zU}jh`AkT{6i+O^ z;-f^$<{S#8Oi-px!5E>8QF8&KE2ctJXp2?UM=-HzP9bvEbZU#`EehrcdEm4tMxGoY zPb_YcCr5+_HetLMZKqNGcwxlI*G2{J_p||x>MEdU40SdSOcYm01K)^>0nAC;bjy)i zT0sKK$40ZO&8buu2Brn&)E17jU@)!mh(yVQK2LA?Mph^~Osmk=iHxWn{Hec0zeiJP zn3$cJ!9qnWXTcwf8YTj!@1XhCk3;XMHK%x-D8#NEeew%qqxHrzm{v`9I^ZZa2>74N zXyR&E0S{JsTbPPVQy@|h?_y>W6=WW5Vg{&L+8zy1lGQq%m~RCSV}jr8*}Tr!Yk@Cy zz~nPt{;aiA2)U)l#*a>oEj6aO2651PPHZ5-V7m7n>aI7@Oo?w`IR}l5bI?#uo?u#9 z#fW!oY2WCW9HLV10QVytb^&qW0_zm*#@SvU!+j4#&*0vEqO@_aDN-_-0S+}q3N_*! z;!<;eP$#~<^if};Mc-Z?YTklM`3r6Q>%HE0@YwXsByS36L7Qnrpu3LKd~ARzRG>M8 zqUk4Zeo|-!q>>INBU>|N+76olx7I5VYpEX!7)AzEMYZ8UHJ7Sk*tdKEFc5o$nkaji zW-{dda%*fajvQmeiml_@Zrxu`7#$gt zF9TDCXuEZE?+^?2kKQiY!ekgR<4-wAsAt4H5(_LzlD8|$kI7un}(h3>S{KVW9Ckd>EF{pwH4qn;r z!2oGWa3IfzV!WqXQjQKE8pBx&ZKvcnrJ8;8%rlMXXR}sf(##fojBd#XSR8W!bX&lnAhfKS)Va$+na zG#*LMQ|nu(k!NSd57E!2hy}<0Y_B!X@i!YzjG`JJ==6IkhM{@vb|@4*WaVmJx0Pec zfH z?AM=EGcBO1EiS3!um6KK2#RTm#0+a3F)rYsbs=_?3Duzyg2<0ngN142yTsUZNf7iCa#;#MHIxv@*IU&(8vsT| zsnpKdGIXC+<)q232LAHQF#b>l4?uyb)x(-^OA2L5{DMFcq~O?+B;sl({Z{*^3M@Rc zEoDgfCDAuH;+7l`DeqlhM=cQvHZe$R*deVA25VW{8o+zEx>zz{5D?&~$qR6BRuLeW z3HY``Wbc()!Jn&xmG1K9Xwd4txuk-1m{@?(ptRu?6WAo0q5^B>eomD+!oE;})0eV5 zUdLx=blp7E$_V)C8U3N;L;!isI7WXc3K3vo;P|c+vTALkE2*;4Wsbunrl_f=OngL8 zFX@DYKq1=d4_L1}Sp+I*o>XYWJ@;zwY@v`y5=RWyu|y{Yz>l1we@sVt$&cZ`<=?Y^ zZ|2`OCb^E9GNMX#80poPu-9IJHINeaVU@5CGMXqmKCn^iELW0fA=(=?C5+H~GZ$}7 zC{?Eeky*WHns5O3#TUiFDTPdhWy}#JBY;1jF|@J-o8Z0GGOq6 z`%I(}r00}0r;%i!L1zow#ZfqU6Hkm@d(h;35_hs-2{!-dWSkp{d<1-vkN!~PBjAfX zN>3My{zzTwW2X#6V#)f?BAj!W7NPGO2b50V24n?SF_v9r%qy#6q;j~FstJ9mM0;|k z7aTOzw^Y(T`^4$>b@-XQ`xrp-j@~Z*eh*80GPfXAd@=`#KAEdTpUi2ZPv$<+Cv&9a z^K&UCW9X%5XZX!FBK$^^9)B~L1Ag-MJ-C;S3u_qip{!u)rX^PJSPD*V+{;AB!N}ep zG(XUgAv%+@dFI@hOArGqpnj)4#w;jtVq+kd_@IRY%$@$e633unC5IVMqqB-DT-+KK zBd`v^JWn1NlzAGeW^WGqFbfo?r8ziBiq$g16_nvd@4Gckm?JXwX1WMWlRU}-qT^d6 z(-;`wXNs{~vcJ8NQouHPXAx^s5wHC?295Q&KG$g!Iafev_hba15yyvSlujH< zQziU9j!QmLvD0rU9p0;T+2v0`C7y2LC{zk~Gy%yTBNIkk#wf{iKNggq!r7`13) z9ycSgLKKOU`hrLyV$q7o6n1P;f|Cxr%NrGA@7TU`lHqZ;*rMshlZ0;eYjxPY=g7>y zoqNd<2wTz-K+ho0utcDE*JNURVX@fr7AOmjJW(?}QL9Ls*Iq<6-|`kH8cKnM#wL$j z-0FnneS0(CZJBRh=G&9`#xmb%<{NPnD^2`AHo{f)J!7u5)@ zyMzUs=n2~!5s=OwT@Ts|s6FQ*K?-s7=}9B1lvPo|{X(bw)>TgViN) z;1YCu8vB||@m^ce`A)0T-N0_(rZ9Q$ye^UlbR0J`x=Wai4jOmMt>GHN0&nZiJs50t`s3^E1tflR zbw+p6e8SH5c@?;cV|Vd-UyzGRp=+9l1G+el*ALVQtd;^mQ`?!4V}O_uheB`$V;??P z#2i#&ph-UVZO-y(2lR$)z3DttU zJXGk80^wqjF)5>MVq?_Mq<(U*#_HT!FXNd~ph`1oP)iJ!R)}IpM9Y+jglK-wAK_Zd zGb$gcV4SNeDH~EGQft#>faj{@0yVQrTMjgdgGN@p{kCES=dc}PfnHSt^8xH!V+=u= zSW|qpmUX8nS4)+6MT#^==srfJqsvrkJ7w*VXm&!AB?iE!Ek3sqMYS-+TE|L)u>q1Y zgLL1$3X8CG8QSzOAcnSu^vP8fJdGq~^^@zAbpa*@DXC}y+BIegm)yAG@>?|+q|}Jq z=BuHd?wp1VxRez{QKCk4lEl_nM-r8UP${vz)*=bH{`?}6+_Hc>kW#!hIJM9{r4>^WKv1uzfgv#;31MO)VKHb3MoExJ4qm1Y zslhtSbHlWTzj^&$_SLyp4=@42quceCtO)60W17E>R^~zVZaf!IO8}Dd?dy9#Xp)h$qKd677g>5_|pH3XySaQ%fZ>+g8;W+tAEJ zE2LK!1)+K|-)qRSurh=e>R%`nX3!P0(PB(awinJBs)8CKX_J87&CiK9UsynU%;Y(^b-{nOKI)SW)pp#wy5Ar024?$l1fK6 z&TH@30$9uYEUkozh`tUjs>}nVZ5nA*$82Jpw6-i1!8fXH7Y!HMe5X313%r=Y`0h)Z zzu=J;h&r{ztGB?0UsbqF}}7#x_E?1g3Zemi0E1TxH*~C z54AMWs%35i4F)2>_dpq2G-Yv`!4o4fY$5d1C|D>Zs8w%39nwisy22A98N<`zu#~y1 z|MsGsaS3rP<)-)(J*M%94w`WfzR)fS=q-ymofMRo7t)!{MwRAbB`~oLZ!^>rXhm~# z3)g&#P)JDWs*^n(uN91@SCJ_Ad0`lD)pB!>iId7uJ{p5HtOMeHMFM0my9VFHT643H z{hvZ&)F-xRV2hwXWC|L3KH3u7Ua8HYZ6w7m)=hkdqc^6$w?g0o~)(ONL83O2Zu zn6x&W%VX$mHQJ03bE8A6OkT;R@FO$Wa^Yr)pJI#E$uoO=uJM7@?vf)Uzrs09uJM`i z5*fpQX@Z`(01`YXXL3RkdwRk^zYfO8L7$x0jl$XwkQU6*OC>6;o0b+~fKg`yr}7So z7aPNz+`0;@jSP1 zqy&SpC^&q963<&H4c_=Np`2&-in#o#DkX)|Pqjvb4TVo^d473qi(@t6srn3#Z5~xD zT+zq$4UrTj7El2}G~E)1`V#~8-FZG3jY`NSMSP%gpCKArk~q?s1*Au^VXnm3Q!PW%GFbt&l*-$ zm!4b5?4cq98!L15o=^=J;c-_;-|;k=nJ1VQSDtQ_(6PIWdvd(B5etNhI;=&m4+cD^ zDaC^67oc^VMNcSyHpmGB&9lRMNC0@@CEHwumJO(_mcx?7C>p_MlD;85* zEu2z#RcHZMu%~ojE+q9=7)(MNHbFxs$%*4=iMI)$Xu-ZB30^S`NBJQAx#zy)O zzU#Hiv!qfQ(ZX~wWz}E0_-Bb&wo` zj2cA}378pAe~s}moxKrcV}2%MiA2@WSdl9X6D+c-{b4N6BP1MD@#?QoO1}it+v?+t zMNFdPCAE^r!st~+=FO^G%;s^0(_F%4! z$I~$3?MXMl0;J2>3T*apvIzB2sGB%0u>lWG#dNXqIlurM)6H3QAsln~Qpv-FCFUmm zXDsmf1W-b+bf2V zeOsU>MigQ$wnhTExXy+^gb;qKG|r$hEH4s#lSlmSkEa%Xp3VqR{9!@XY>j?Yq=09N z2Yy698Z0cA#DNSnhdC5}*06ddc<&J>g&KQN{0*BVIzmND$ivrFFG@wb&HO&n@RglE zS&qUOha3Kw(2CYNl)Q;Y+B@)aV3tr$R{;78wmyJxGtz4|ULL;|Gx*T3aN9?vl^-i? z_nuNBSKIVAn{EHBuMZ^oq_^-10GmfbVhGNn#o;e+MTB3XU8&)@=RmRO|0-E6B?AKbJ^xmNIDM09Z9j|ml;GaBt=<`1~!Ft z{Ad$xkW!o(1oDar%+^ilnOCbLaNCrrSJ*>iMn%$2@dq@721NqZ<{c987JR{1@X{` z!LLmnBeRn@`7i5cW(c;Bma``D+ZSwop+o>*cV^=V2V8tnMIW>x zi=3(956uR@LQ8-N6qjrX$a*M$;C2DuMF#L#H~Lpx2F9kqIac8;%v)f z$Xwk-iDfdSsPZld$_aMEDyDbk93Blb(RnLR#@Z6c2MtEh~R6rMPOPpjaojPuwCnVx7Y zzDoy9Ly01a$nt|MQxIE_ATj`La^@EiPD_CvO@d@HUY_^oR5eFSCdMb{(7~Rnm+y_> zQ=j4UI!G=&8hy7%GM_iw&{a{E!nlJOGZn#_3fCqA|pq*(89 zGP?v=mV*EqnIIq&^_bGKuALH|sfVGW)Ja`j11H<+u>2qtsU@DLiyM{Pcn4oV2AhDS zX$S}=0sJJT&P?*ql;!ZDje2+tU&;$_$RdcaB7&c67__X)PhV>ST#W_!rG56YoQ(UQ zei_62BsKl?K0^L29gb6FuL$iP8yn90{7*j^h)XhL9YXTc408AYBpYOTBNs_{v;0yD&N{AWIjA*o|de!nL;6 zg3`KkK_qadkvqqjQVyBZ)T-+yChQEbOFo`QM~S|$;^-OXg1EMlN-Y&5)5iETnit`~ z&EzA~H;nH9V>r(3SN2v48!2K%0g+K4Vb3OFCa_i$Qy>}OYw-^&1)iO8F4hw~h1ph5 zp-kS{k~c@#C`1G+w00%i2jG_tOnvl-t(G2Q05b5*WeFq6Sfi?h;XzW&rilq8On)@7 zJb@9e37v3l=p+meoz$Ap38&C?5aQDYQ zs&k4(4NUGZ$mT*2&uhdcBT1fzMM_HtdwteAoa`teLAZ^U7-RGjBxQr^I0=ee7|xn5 zEpq0t|{K%1Mz*8@WTsGd+2HL-$EX}&S!bSx=OpAd}- zLkFrla-Z)|mBg53MO4G_JnG5Hyh0SS6Sf#I3GcxB9sEiwUyLx5?2x3Yfhm1KjGVnh z^_;gvkDsw5e?B9PID@L0Zk>l-HMgn*JeutqCp!m=+LYoG zuxZ>P2@Bu;;X5{k?25JVz!EUlIZXkh-K2(=+ZSRBNo@juh$e=S)~X_;TpXz&DrwK6q)Th6k-@t} zB9zL6>fp0QQH)O(DOab3ZD)VHA}A*WH6qHz!2}tiM~XcLi8#xH zop;PJ<0MqqM?8A8#K~F#$&B1Xw}lNlXw>>6L!~Ngmj^Tc>dIe6mhve*rq!u~9KPCU zQ8gefsd+`p?AK>4zY^kVUdA4m@-oyfELWA#OmstBVMbw$N#X~=o?qVYsv2qFN^FHz zvD2Wm(}yT%3=v;9z%2U%d@(h(9&EG>0a53)cPvNwMpG5_ynAw9UC}ctxkR6ZfhQ1i z08J;`HYqbz3gS~kLDI@ILz(7!CG`s8OL=*SXnpxyQ{(Ku9M|`TDsW`Kt)9Jr<%y@D zs-Q_L<@c;|WlE_eY=pzAK62gWu(V`ydZd;RMsF;dQ7je~DY3rglQLM}Yxr^;=BV6$ z2y<8J4P9rxH4*V@```tXkhc&v44r<}1Rl2LbCR!NIv7QB6!sjVA)1tR4NqneM{9oU zTo*tbp(Fcj`kik)nRC}|UPME+;+v+(+gE82GP`TW_j#Baf8S)~TOBcIQnwow*J&Iw zyv%{)V$H!C9eidn~31HfPFHjwc<$+flUoYs3MBHTpZ)2jLtc{k1DU4Sthww78v>Q7;@`^x6`0B_%^?_gi|WqElz9WYF}I*_g-o9 z^lbUvDe%+pwxFqBrb-&yNn*})KuZY=@^kgPX;`O=c{qp!nizNRFb z8vj!R2|kR@Q)2qPC~uA2wDgDZw8E!c5gNA$xY58jgv&yq405AtI9;wqt;&l|@}fkk zh-tiSNQt37B+}0pNDP4AtKi(-r&EXl59O6`p)=&4i1gdM6l4>OR!EB*c7;+pTG%JM zLZLwnsukVBSA?{o%yHjT@IM<3ZQCiUo*zbpEwp10eBMeHDBpM9qA_K*wrarkDO^m5H z441x5p6QG-Hq{C-8mLfBDh=fgW>Rs%WGu%~_}EPN9=Qghy$QCaCX`l&zCK5jkCMq} z%+TjYVq(Mu9EQ`Nf@ZBMNMf2kaH8cQ#5oaS& zDjLbA8ca+|cxF+8GlOy%&wPi-i#hP(W3AyeA2VOTp_({Z2nTG20i4$Gh!6Pmsgfv4 z-7x?)i5M9T~d-T#ZO+ffFF9*XH=+TqtiK!?H+uPBJm1VcoU0!DOPkQzJ$ea zYC=syg|@<+(oXnsUAe>WEBQe%06h3=p^zRN#Kwp&^_%#<4M{9ds#ebz0OAl@p))mD zgebYz?CW=K@vT#?tw+D6vcyI(T52#UdN|;#_xnkd5uV&O$E6m%As36CZia|Sc>7>U zQ%g2T6srK-_28?NdLaOBs;EbMXZ`*mj5l7~^}vTPM52#%2>B9x7@#vbSc84vE>@K^ z-w&$A_-Nt8^xToDc{yLB+w}z|n~epgtG@-vM8;CTzwFEJAzIa>`gvUqg{PGGDk0W< zaqhoPR;TVYqL`EW)Tt8-gW@_GO_HH%IAB$yomJs{Ji5SA2ve}uW)gp+t{4J}IM~X-@aKuLzEW7_WaiKG6^HjpbZK zAR{CGle34c8QgsfQr=WO^brHjxI?U(cvYU?CBTygLJxj?Cm{3V@rTT>pG2rYC9ppS zI5U7f5(qw9m<0-d7AX8#pyZeDFytx#m4FG9LMBjd%Gp5aw}H}c0~P)}&;Z3iJ&*zw zzy!+VJ=MaQAro`!C%^TR{~Vqa2>hg5zhqaTuVwrazVVa)Y#&cG28H}$WClk;!;Z~WxyFNEu|t25BTS$Jpv|^ z0~QNH0AfiIfJG}*nh2C?81YbZ0#l~Oo2sUhLx4gJu}lqtOpT-lq>>(HGV4o1g64#H zDPMGheULJUmokV*h4LMREFdx#phzs@K_mkxk^vG*D8)e}7IOj;isx8bj+w!qe3nO| z2~S8k{0vFf!l_63$czNyGcf~eIfJH*)3iwyTudlYP01YfX_Y`zxH7P6mnmTxXRTef zOqATEUF0q8k|ZzFi(thrf|c|V@l>{>1p&{~%cF%|f=0UroBLwMw=k}UFXp}alM$pw zJ6G^*G`=6BA$ku^m95@4x@Tmcpja1=s^xc7OkYsT-$AM8(kkaYYQ1pbx^HMOqCeA# zm#1>Q@LS#bGL=t$ufji76)hH?%s4*gRMiq%2CF8sHPe`RQdfcNym$xK8>F5XA@K%7 z#1o9*y#m?RVSl8xHR?z1#oyr}E(eugi(WXhcG#};FYvdIu`IA1K^_{|zruG&t z_EV*wdGRH>G_p5f7~LC4k^_6gm<(;=HsUJ2_l9$Rt9ZSmi#yAbcKQ_zV;N$?r`E)j zFiN+Wh{1d^8LDYN^C>hpap>E8;>Ke>0|MaVihH=2`+d z!OIc(Vg?|UYv9VVq+bpTbdaYF7JEmz2bQc@;&ysva!#A;DK+zXNo%W<($$$e(T*0Y zBI{CxGYKkl-SEJSF_>zYF!Ax3f+lldG0Cr6rML!BwXH&~UE-ijEkW!XtdD|f<1W*4 zEJDf3gC&T~RetK{hdyKyovYHItqyO@de5(#=262TX*^|7OJYk`q!aBa;Nj)Bp2Dk` zMyp;W%55rGBvrUZ$7B*&O#O?31|(|2Z&|3fKwL-yF_j#6xON{Gx`IC}as_|v8v?*| z=&o~lR_w6aMIq^EX>kEC)e?ewT-v%G7CmXsc2B_%`B^3 zUCQvVb`n4q-R+`G`miWVvG>)o5@iyrQP$v!C=;xSvS_G8nP?@-0_q`}EPVtwQD&vV z!YT_Y5`aD_Qv6bi!FUdZ-*hmLn%7v?7S+o#|ArE>xHBYOZLYxP4KNcPRcEG|){wNM z#t_O745BB#kkPtk7@vgM3^B)G~RomkjEHiru{-aB;< ze88et7ckRj{}_4lCmaV>_(i!|0zY)+JLpMGHoKlxEzLlJMH z@*Ch@29)q~kClMO@HdRao`#V*-NC{_P;j~vWOV&^0k=uwxJaS9ae#26XsmGrA7QN`jfErQ zqaHqk2SA{#5EoQ5L;`J-n$z}Qjp?oWI?L+hhgppbl(z(e&Kg2OJ2C?Ci*xp?(Q zQbY)Ac6*;rygj;#^DS!wj+Er6;wf3!Ua_ zB++9?S=+1)Zlbcu!FyNyDq1oS5^0-L;*=M7EFs`qj|Gc@NsDLVMO*x=WyVNTh)F24 zUfrNWy<`EdMt-HCSe)?B_wH?u%IC?SDAka5T0mU~G(OEY(*vcfEvd=ig;c%?*HeEru8 zViAzpMqberisM7JumU0E6oepBm2qXrm?wA~#!GYrLf1JWapzR3?5h)7IN2N;kq`{p zcz!}UH=DsHh-sWhgh*yIfiPE$Da{164H=o@8dKyV(%8bWe82J<3FunJs_eXaTt)p1 zCCZA@tZ!oAEGRhkA@6PKv?L0k%*ZRoS_*BtQ;;Pp&Tpa&)zzYS962jQK5W3KEfort zhiP!0=nSArk({GYUMVA7Q%1<0%{yYzBc)m$qb{u|$*M@mTeAq4Em%RQwpNjW3d5vQ zQaDmnXFaXbtVO9xOJ*o+(rV(A7pugt=UKDyN{2HOP{)9gQ4H`?dek*0z^)1d_{E_PMt$y1#Ng5?lj*$KvU5vKp-e) z8Dndui+T3S>GrY?)Fd-`f>ri!_-u&o!wj5`rwtcI^P>pJ3I^53_z{}s=0LtTU4qd7 zaIN!w>{`}Dsqk+Nny0ptGIT48h{&AO*u!#VyiyvCzq^hXn^S_pUR{#2GPq9J?{?66 z89BYRR054=AJ3xbWATkuJU_kJ$5y#MRc&~&g@MOMJD7VJP}-8-*>%YlOOP^FN02kT z?)cNFUaomvdzJo46ma6z9hddliwHR z_o)HLC-=dci81*nKoet09=|n6(+q~zZw*aluN8dQ3bbA(!CGf6UfaWGMg1owJ)zxM z+By|LX&36aKaeS99o6IdK~Rw*Y=$d+Q4A7Kk##UjdX7D9tXkn? zs39IkX#wU|%NiISzh>xY7D^3LzH_D3czPXMgNitww%fwNSZTp=jAOma^J200PDtqK zeMo3$%(6p=l}Kr><0(sSA2Qh|c>*>YM>x|1Gv6eHsD%D_a+;T>AZ&pSwipjh&n@t1Qz!jmyA?bA zW%mA2N=kW9fsTaFq6?i^7aGhF{kL%`MY#qJ7;J^fVdD&ravN3~)+O>j5 zA4(n&PIe-MUOIWW6BQ|b(JcD?W>(=3J6;hEWv93F{;=$VFf|Z{&tn~A=9V0I@N%Yj z0gu5Oe-Ds-;3B-LKbHm=D702Mml9I&iwC0eyfJdeS! zZ5&}Hjc|&f%E*X<^f0QQn3`Y2R=V)$ z?@VzGIjZ#Rxw*45Q}a{rRDJq8(^o@|`aFBC56Y%z4$Z1U@5waQGDMw0qN4P~6u!$X zu?7o0rP3;cRVost(uKK$_bg5=1hw8x(3e6D@X%+!lclY^|z&s!pz=cIr4xi-7p9Pa( z4JG+gAO_3BSeTwUd<;c;VNQjUKMNzl6}FgIiKmia3v-j>i{l{?)R*a}0W~a9cc2%V z4~{QPPbA}`H`5(a4L^EQ>Le&noQe5kp=8LJgMhXHQj%;Z!ic ztA&mTon)|1!(zmY$qJ^F8Eg>2!PS^nK-i0^9vqv#3M z7$!oBU}{Zj;#eixXx36=OlzrmWGgHh-vpOYPLyiKCR#P(87;*ZHHl#DYW(X zS1|^O&407i>TJl-WNC&6hJrbTyxqUG*;~db_%Jr!!p{8QOpB|F5ksRQr+}rG3QbA8 zN|XUel@VDiUBc%rg@XPB%a!L+R}khCz9kbqwiOUyWpfkr2g@S;5>hKiC4p8jSH_VP zAKZEyTvg-OqeUS)L{iH%zyw=C{RX8#(=<`GDeY z?3kc`L<%d3<1A#B%$Ud;J4@|DIIU7f38n%fqcCsdYb}v6wEl7&OJzCWk#VlULYc!F zF=K2hT|r@Psv6HK*=u5}ex6y8$Ods-onp6+1zr#PQ9zhzGPb6G+dk94jCP6yQi??h zZGaqI6~&BP!et9Asip<8x+JWsmsqB9t-0C4+%`%1?b~R#@6{O_pBo{Pp7YEeTy)29 z06RHnx~&ek5dws(CHyv`@w0k^+Ctu~@TjT(jn`r^o)MDhYT`vw)XFFbekA(b)N$r` zo10#Zllw+)=RhE#8FCh#cc;pz@Od~JGgI#pwK;c$a~m*#Eo=x#VM7j!4FQT8dHDCX zq%L`rt`bZBsAXnqabaS74oC4(!x{^m)6PsxCAHhoQ#j{k+J+%of&-~@di?Py_Ge=T zR^b%xFj^JQLWy6v%L2*JJd7F=gUDbTLSyd4K^}Ou`Yo1euM(i!f>AS$+7>C46b++Q zajUKp4A?D}>8}zBZqdAbfO2MLkP-&m2Fik~;5l!M2EGYVQ*2o8^RGpuKx^<6@=)SX zf)6S;LKQ+LhmF-XIR(ZkWK(XeMO8fK_2NZXNyFrkYGPI)#$)oxxf)iB#TXb{1vCB> zas~82oUyTrgb5peOIyb!pxAs%zU6QM#oz?T!;uY4#a5S^=uW5-bJ><21*fl#H_znc zC_Uo~GouoaO7jsZ~`r8|_EJZvIO*9OHM5_?xS4=vru2WO+M~}k=9z7?E z?^ffZ$;u`Vc}He+o-J%bh)hlqD8@*RdvLjyjsE^rG=}1MP|O;oatRVO;*GI2EQ%$b z5H)3yPpQgBUt%h1k)dfd#3F?AbC~FHp+3u|G6CdMvUQ2V&#IOM6~HkhJm;o!+`B1agArU<}D< zAEr5LhD1C=7BFy}=3xT{OOHPe6TFAy<|cj7RyGUC`shn3Q9#j~X=sd}IGJmSNUo`X zsZF3IRGycOOku|C@ylclmfw2|K2|aF3&cOE?+f z34(3hCd+^x+FGvxJ%laRTGj#&hYSXsOW2T_TX?J$7NDC~!+c-~56u$p6?zurdZ-f# zs}LlhXVWgkKKo1>1-%<0##F zdsS{f;zoUIC~a$VdH-;MiUr7|e1L3%W3+~2EM6tA=isy{7Guzes%A+kUKNb~b>89$UY(d* z1Pcc^jcizSQ7THHByQk(qA1uO51diEoD0JxjwQ7xoz;jzYet8#E1Btah5}K`w{f~P zh@~ylkTp3OMXmvQBMd>#8B}4!U_S)syWq#~F_yXLNA0dKNC`|0w(pU2_=K8!`imk$@NM^T&Ka{ly$SWv9n_gHrftPpjTsYQi z=BLN8rX*oj@I2%Sd8k;jq9T)blDFYqth=%II)?=#F(G*KkONvWrEmgAseXP6voD*j z3CM#;xDO-&v9G@kYk)yr84wn|8WXcKi&Ha;(aMPAL2b`!ImpscCS8W*A!a0R zUWS<{=6DeB3YjVfdT$G2_^Ao0T&^QnEDlI9 z^Q492(>Pd~RxxgKipZ>6G<#!kE+m#_nj>R$waatR<9|w0C^00I-&ay&?fCk(I5N$~ z8YtKP{AGA616hK$Bl`4}uH^5mfqJfI?*uf~AGIsarT_tH==@FsmkwC)Fb zSlS4Ft*g3UzgzjTVH;nj40xT7&SfAFvr%gl!~kWc6hT!N*EO!y*ufHWx%wjsYKyJ0^hX@mklrq0SYfU4rAs}Y>p5GZ1 zja1Rg3Nh11#6X`x7QZKPH#d*R!Q;Ty0c-|K+T7l~Q*b1skQwsA{kA;O}8bW@< zP?UuVk}L=Yqa*C|%cNC`9;y)W)1A%+UQ1bTqf=>jxXX*zfqBwir1XzR$kP+!DSU9cYl<1~E}tq}@V(gdT`7o(wRopCgl@L@Nb!tAz+iC|Cq~o;Bn&i>7cf-7J@YXp(%zlp0GV{{14a8BvyBG+us~769Wqe%6}< z4OKSiY~k8~LHr4a6hmpDlQ-NRNXP}0xn}F$tu8JDhBQdROe;y#vQ&@&mz5bYS#IMl zckyJdc(t2Le*V&P7xTDA89F8Y_I-upZ+r7u_{_y-`kAy??@`|Djx(wGt!F-`%zL2- z3;cWOj65Dc-rxoR5_}qc_9PyN(<`6xy}0US)WqpKssyBqsR`5GEBal3&}?iB)yD<|lYSR3V zlC$GeceT=nf?p*vDr z7{E*YF_?{+p&=qkn|Q1?iKa;s9L??H1$#Lm?XAT?!!Q)Wc-TERMMAIwb@Y&PunaAz z~afWq;YRT+iM%6)_1S*b??Oy!XzJC9>LgO;P$wDZkIgf;Zl0p&?X|2 z1e1yZ+RLOc^lspmQ8)+pGBKq*%So*L;)&%$e4*xvM
    @}elh_jd>)L?e<(BA8p5 zbj9b7qA)lymkdu^N0>TMbG45MW>aeg44kN?k_0h)a%P}#vOkxOCsSHMBX6cb3?OfY zk{35OQ5!W^qXiX^oJ-iysAI0f$uGl+m@c#+N63SDDeo0$TqQ<6nVn`_IYJ&kN6olO zjC^R2xC55)l^FSK{VM5vB&zCbo5TcmOWUXR>vjYP50u@FA_ofrFziPUlCpQ(il@yd6CYQI&5eTylsw(=2>! zmL&~?Va9_=T?2ddeiB7Se!RnW1J#&tjjEAH!&*{9PN^Wov7zzwkwUyGtoa}JPVl9!ash-6_VQ;j^xBFKuN=dETZ7N>C3ba5V6jFG7~=BEu5Q`<9Rdooist!oI3!^zwC)a6Ws`J*8h_pxEl^b)|o@aRWO0@(;{5l%B#yCa5P&1%!eIPd1OmVgC!_D^*riZ1${6=0QqSjkdcRi`A>KTMt-N^zIb({FF&Wba0XTUV2rjoQ9GeJ z{djF!ryfv19#P?c`-uj9;4(h&Wkygin!)$0Re}70q>^A4-?Oe5;c*5bt$y%Br}&`@ z&sayps3RE3-!WV=MGq;-V3LxLw9I_Il8sP+yM^w?5xzAM7YhR*97mknl$Jp_J)h3o}tvAe3aGv`>SA*6>25=Zsa9TulVXKdX>9lm0MZG*-K!mf+xz+yGmkNt1oWY8C3 zkMW@AU~LaL_xOT=AJx(Wa7&+3BO^x3{*5O3mSrt_;dq*R^LL06e}^b7%;QukyU{Hd zfAUHMHVCA#2;_r_jP@j;Rki_w(B1lI?m-z3%?O)^Figb|Ng-_xPp|W#s#7z5 zCQj|P$2+CGczCFfPr~ppP^Y5`aY1cL#=8``TYLpkD^jFVEpDPvmC*ncms}0(4=G4~ zbP?)7Z>_8yXu}UU9!nVDlp7S|zL2~%WpS<&BQY&hJRSyNzv#NbdqZ%`q~L(g%3d-uii~N#D8Gw+k_Y?VyHWWlWb^ z@zm>@Y$kC`QnKjs?Y1mjgOmL<^g*$Om}M?5EY8m3!D&DJH>z1Iv2K7{MFzAho<>~X zhDqwq$aK#zlzvQACGgy*usI5ZPZH20hDk^P6jhRCATll7}kf}3k)YS2VQ0Pq& zU65_QND{_ADeKX;)(bg|FEh0j2CEp&8#Z0>;Xmo`2Bob3UW}*O=u7V*s{`5=jYh63w9F~q5GH7yg0#cQR zR&bWPIy`jdbu{Y2T00-z1u8EoQpzjK{JXf(u97$9z z6lmsbYH^`)eBp3o`Z%^*aG=mbyn*b0;`t#x)fh>5Cy0AGg`|fl>3>GaNP=W8CHV>n zQsHNi3VvP&55JA2nrVeLjyHAb#NPGk>1fz^MM8rbDREzoONbU!^cuX|JZ=w+WG0{m|$C3Pqlv}PbBEfDo*V6;6$ zZAihKyT?lF8-T2RcaOy|l2A1oV6*zOfK4DJUWtzhuHa2!mIMZ@r||H^hp92FJvdi= zNIEdReN#aOITKei0uLM3O|1Lk&MS{FM4UZiwHBbyu*bf-30PNvc)Vr+|BMJ!A#R-^Q>39qvP^V@D{2X&$+>ba3EdEUAFx)N@~kD+9h&nPGnr{f|NU1T% zsCk2skr6sW_=pS2yCL_LKv zMa!2-4Wm&m^}v}(4NPviB!f6-ycLj~wkT)ZmJrA2Y6%OLRG)}TuHc4EiIab=ySmz~ zve&@M-Rk%1xC0!GB)9E+BZ0=$5-1T{@{GNTk{7)=3r@yahoQEL#gUOMX=v#qNV79~G@5$%bbg zp|)8@#p9cy%KJNPrXMnhY@I=)fuwS@XH-ju%NO+KHE2?&dr3DI8? z2G^FcuM3?9lw2>t@YSpj9mx0GjkFjFue!}4B9)db`KMN_oGU=qVy$~38% zPq1P>!K(R0E9Midm``w91IaKveu>KEWE7Vya-^Eb(W|9SH)VWoYlYDkN1>5MZ)+2W zE=*B|EDoQ_T)jlmF!D1is+rj>yo!1+x33dV_?UtZ-_!hEpCB)Xc{80s$r>69Uck%6 z@w#e2S!lgdG(liX0DZD&j=!`1sGnyDOAM(jGrg+liN)z-lDRlOL3P$|5OB&9!+uYIx;yC}-h1wyb%O>F03 zc}Y&yGenD`2jmc{2IfS&fP>!;n5Z^DX!G^fxd07bmY+U&ViD&cc+AFsLq(!nkfe_& z2)_N!ZHpnW*A6zDfRd20JQE6dtq?!P;-i}h1>6e7lr*3;CiU?YlAKQ{;wglf0GciO z$(AgRmD~4HIW(bJZ1q`O(aom7v&%|b1P5F485>=HOQ`I#&upzNp#uvj#;O&VuObUw zjyyzP)v}UAE96aOk+xPOlyQi15&#bxYIr6xCf1pr#2jTCe6CkQEaelWq9c*GH7sL8 zeIAv zlv>-0J_zAl;+Y{TDJbN))GH=yC+lOzhm=_TUak9o6EE;aG+-OhG07_$PL+4yptgc!-KP6wVsY~gS zWDTyNMZ;@oc?1duH7$T;gaV#LEPx@6Vgv)B8c~=xHLoB&ot}xZAjg}2 zCJ}p~hS$Z!+m5DFdC{gx5tB;2WlB}sEaus2uXh?7ccRAUfijxm3Ojpd4lEjx*LgGc zh{|y_tB5g3y{=aht@M5wo=_@N8qtcn${?l+LLbK@8!L zi0S|%Yu&wGegAC;rN8P4rKx7m0DIwlL|_`xvzuh4!kr{W$Wp|)*?rPp#_{mD+tNNf*=xpc2%*f22UaQ zZKWc?{TN9%tPPEF+En}ox=RD^* z&*{JOn=>Lft&|fvz9T;!ZNq1CsiynQf2mQ;(#GSz$@#1lNEyo zh$MFf^!4XctVk*u)0QfTJmbc_cT0m$3F>J}0|#YO1Xb52L~0DZz?z3rwXb;;%U0<~ zUHWZcm74O7Dk$nWh-YVwv0%#FgJpLsQ!S{E+o`M+Cn%4qvO;W{GMi0AJa!+Pv?&W# zv(;pP&7!JTn0<(;WCFcJ&%6?j9mcI`RTky7eXLOld6rJ!k%drQ&5}?ZRzzD))N>ET zQl*0X5`cpzFO<0+-FxzMF)__W1iP3d?A%`0m0X1?F*r;l&}o5<6IvP0d^|Gh;VF%fqjI3^|{_X3L!68AZUEFS8kTJ=c1x2Sb1^>Byk0HR_(eIJnOA1tQ^Z_^D) z%KB`kzm=+gghCmxbpc&hmX6eS%vG>XDuvxizmH7({x(RxK@!efxB$tk-WRJ}SXtSS zcvY{v3=V45hg6kbrr=VT^%X9h)Y*JTJ+B#(VM4eTjSxZ{^A!lSwi=qOZq`r+&XN7<*x^P|f3!( z@K@btmX%)cT8bHDU{r*_FjvmO5vyK3o8jgqEhdZ^Kd5c3E9Ed_L1nk<^{rtUny)U) znHG5wKcx93DlgmdTmxhva^`rY`)@l*FkcADILWIG`$7^{BP()9ex7-WV>}C_-nX?~ z-v)`TksBl>31fRKm3C;DolpdY$&fa8{i+&MYRon;gJMb;fD|!Ydi+0y2ccGwb%|{Q zt}0Nroio@0#Er!pZfZL8Aj#96@Q1EEqTF@4{8SWw+IE6{!M;8LQ$! zW`m}wpb&`@seXnPs;}KttvzY6NX;!_|J2;Zi_ujLt41wSd(u`76w85!5zI#f^^r-K zaUl>?Ivv%*luxA*JbMZ+ljdbM30&Zs!YbE^Mu01K1lt)K52&atTLGgW_EiF8vk6Ph zemyABq<~dYmy(4|LUiGry3{{bBMYJy`Nan5O1hwuZ z+wb0C?|w=uRjMBP3|f+@8f0DGSV793URotHFV7?yn^;|=g~<5QNB6!}F4L5iKv3ZN z$QBUhVoZfvsZ=e7ZZQziS`VrkF*qnRVsI4%r5GHfN0geiU;WuiAweO<6Or1G$#%`G z?=fNz36~CC% zRIn)tU?(OCP(wqmQjD)X*ltql3^-5_!yjzQt|X&UR~J{{l1RSDo~u5hZVW^!#ZpzZ z5u`5TBoJ=;0_H>#Fd3X36^~o&`g)Y{Uam?Nw8S$3rs?CBc*pl~y~Rf%T0?8BF>KgrWowj z86VWON40ASh{;}m`tqJ=nYIF{nwbku)}BMlqD^R;w8sw83rX6H8uV3VGuu^!l1qeU zB1XjoOAH-b{h4_QHfKxOv}aSai^QV!Jz_I&K>}UFmZXt0`{$9(S`I`slM9wqu@z9W zB_Kl8ZFHP4H-%Foa|p{EZZ1!W)IM2?pP4&R-5pkJGmwfY53C-FwlD+pX-B!E%Feu2 z5i`?!c(Xi#8}_1a$bxezM%3-t0NF8eViQ}HVy&v{DOuj23bLf3N>*iA8XK>ZkOs916%YqHjZLQNG~f@^sZAEt1x2psUuoF;PDqedAxbeM zqgMY>ffj{SzC!hOejsP6gUEY6R-x>--VF4zXCzFpl^GN4tfe$VU}eGZOQL!?0|Fhe z6)dUB)I*dsz!+4B%`2G>%)%o0+|XDtEw`lJ^8EvZwXkH zCexb&4`tW%1$Ayys2AMy1v-T#QLSmW9Ef3W2=oI1RuhPoKz9&dP!CHZlX@(11?4X! z$g-#ugYu*su;oP;STO?WTRl<0BIxcBm1zmAvdZVet+8r)%zNn81+Qucq38O0qN>Kl zoF!71@|IDxvx^v0il#5P=dPAydM+r>*11b zJrjC(zz@cA|6XoE1YJ}r@#sOfu}4dgT-Q_!vAR7&$0kvAWVdLnktlhP$uaUxHa1ep z9mvUfKw}*{rc?}9m9p9Jz&y4~;JsdbLElu@ zrMv`cw_#*L9|EQ(OH%?Mc0IN{9tJ{iBY`)1!iUiP3dW8eI7l!w$}km`-94)lduqu; zATrhJ-6T{<$8>u#xt2sNM^~}=jcyAQlC8+xJ)yeYGkWxm3Kf_Q9xAV@C`}%!73jbr zxl?T(Dhu(eHkUpb$hL}R^9Gz%m2-3YcI)Bp6Q~43V3x>=8&Oe86so0{s7g5%Fv{JO z0{PZbMt;?rp#6An`R_D>ZS>?4sY)`zM#8EDTj{~N`9GOaI#tT4+sPlv4F|RWbDJ5j zS|NI#{)M8l$jk5Yx#KZegWYD7F%fM3y=snrrI%+~36n#$^#qmvw<;=E+~i~KiEQF; z!c}};oFB|QK}E@egsnhE7DB^Ad%98C`Po5ss*H1^s{ctXY>`5fRJKCP6{-|kI37gj zySO3fqb%7<7*;97QdWlN9}R`oQFiq0Zutf*6>hxS8a7j5^ng%?M4(S7OofHYqlgM? zOeBs3Kk+(1<_>zFn8x<)i|p2eL!!bcn`s4WhEJ05YDL!$nUxHe$*1*{Ugo zW=L3AnjryIXok|(pJ@xw3=xLV3=xH=89^acXa=EbJn;36j5OI_laDF6*?lo5s*1#{ zuPOmyRHfdk=;?LG$Q&SBqcF#h(>HtUm|=axN&36m0Maf?mY1yAh$asTN9<8!thK#f z$?|+^F1O=G4OYC$F0k%z8$zzL?KSOgc$ph>NKYYs zB{6m$HAMPb(1HGhma#W!h>V8>?BxT7t^0XK$?U;WAF5R5>lezdJg7lQM_8}e8!;v8 zp|Q=fhRV&NDtUI6FC(q5jg{Vfc!m3Np3Ztvn znIL;0XFB<`G8PpGu~?)oy0NF*Cq*$dOs|=>zgLnB1#1NI(v!`LyJhvrNK20jI8Czw zi9Jxv1wsO*bTi%4J4IP8(~u>w1&J9;9_Ua;?c{dL@}wJc&bZ{8b%S{VUjSW++5lMNKjk zq7%rF+@+Iir$9PURYhh>RYSrlOL|o`tJJ!T^!!5gU>c1yEWc3DkE?68u43Ix9;%kM z8_fC58r!3{Es;QTUEXwXVvJ)dYS49wFHhiqgOc2?zd&~^jWhzEi4=-a%dY|PobuED{ zNU~QrC(6QWA>_NR*j>=y0KkMpj&3RTN@u~ z9Ai%K0TDf96l5%~buJrevY3&UCi{qc(sR=I40sP&{7}^wMsC1T)er?8VZ>EM7L)`o z0Mw+WYuYXgY*Mq2oJkaExv=_r;f5vU$+rYT3NE8}jCvglN8mhk7&l{b^G4mFMiURJ zu^1gd1GXE}-y-g%lOv{hJ7EzfVxtBOTOlWQ4dDc;B@Ch>Dk4*B`gTS8yAC8KI=mAx zDnDTED`tPn>DjSI_jLXHaG^5VJyfK+h?<0K99A`M6(O;! z$ihe0mxrq;>(BhBb(7|iF(3>IHYeXD93!&Afx{G3ajn{?uQB7w)wJa?JCI!#tRUUR z9;){eMQ@ZHVLzgajuSM&WOw1~L*Ro}Me6{MfG@RK150Q}bb@s_v!Q zjJqtS}VihnnAdIRiP^g|>5XpmerNKkrqlfXBfRW)$ zcXqb00F~JgS)f>^mP$ks&s;;K;5|@C<1UDPN!Lpss9-IWOn(Z{5C!gCBM3YiYuixH zt|(9F$e87UobK6KIqB-E!*=(_Cbn)y2NZcybBsdtDkf|%aGEBV1cH-d{00l`;1HA{ z^IcHWl$vM4Cd@m@VdeI>9*obF@ivlGJ$gQbJh50+%?tB!Agnoc?m;P zCay@ryfFiVwZ@Jp;O=FRwSbP)4VH8rDQfX321*ZKPHv}kcaNTYO;U1Y_nY8XG=ili zo(g00de!=jYq`$W^Dgy{K=P>*vQRX4an7!ls}~BJzDQLnu|FGOyC8Dz&Nd8rT?aoC_J$r&n{&LiL_aph~1Q z*^-j03uR9C+TO*H1q-EOlj%b;@G_C^ucE+9JF*r#Ouh%M8#l(X{sxYOaRK4+uwQqM z(zJZJ-O|j$DdI4g-IUFRoxt}+jY=_h!n5{g%}Y)im{*vaZG8aM_VqARX>@)OoznCT zBMKMrYz$zD6!fwclksJ;k%LAG={F;cAI2x-iC_uX-InJjMzVs+cLv8q5GMuXlHllk z?w!ikitL&j8Zu@Oc%_HvU(exPMfP~j8_f4jV6jC}b}6N$nh{dd>T3%K@&*hW!QC}W zBzQ4k%=o-QOQJsvC?iB|xo*ZCJxHa5zNMKrXpFJLt*KP3Z`fmc`D{0RXcQOK1%XT` zq55Vs4~rNXLnhw~52I>*qdZ7iKGz*$!v5WL)2#i2?UrnC;QQ>Rj8C*%Uw}4cY@I_} znBRrASF5QZH5+yH)d^>Gq$DL7`u*!rf1`$7HFCgJ#qHYUwn=GKaJ3fxXdsV&Fxn>s$K?aRG@jJY(2;oq*?lO_rL?Pv ziKYhtg8WZXuOZ&yN=|I8i$@Pk(M^oZR}#HULk5ntWfbzMVuTUpLh*}+iYZemx6qVe z`YNp2VhtZOaA4kWSDVB{n^09&P$lZUDY#-)$7HES|8%4zSTt1javqb*erw{;i(|B{ z&Ac>;R21QQ!@1hFY2CVYQkyoegalV&VxsN0O-c&BHYv#D=wD}2y025U=;$c(h>p5G zD&RAvQBgyy2i&R3nHp6us%}*J^rb~-`~3Aqv{QZ@%_hsqE{f`$mUc}-^UmFRwn%Wf zTD5MKn2?m1l#a;N90acCkC2%#Eftv@W`EIrRr`$8pVURFsbHLE8kNxB z@Ym)n>6q;hZ^$n*hMNPnz&Y)5GM8xj^SeykzvYl|z+(D({Y1`qi6b5#4*1`YZ5 zbJT39VB<(tXMK+HPTdoGy0r-W9%p>^4sm&>E{b1h%vJw!_!&-Yk>)g+&&)Zkv1HEE zAg)t``1A$|84aWzC9H$UIU(O1;aN51kt#&FxQ`351-* zhW&^%xBuJtk>++Y{(m~RFR^FR<_^t&q`BRUUu=sjPP6_@aiqEZm@zkc4MnN{Gnv~{ zjf_q<&SyHe&zFI~F-JdHzoF%iG`FW3^J!@R3yrVlc6Q!0C-;B6{%o7%Y9p7QXK?)) zm1qU8|pLR@Jz!ia4Tjibpy<=J#ZtZ|q`_rxMpStaf%$W zz$vFhP}J~K^zh8**D?J?LfyUHz1%%nr_Ir3RwDH{%Ay@*H%7b5x5Srki*vhH;j6Bn zs+Dhx#pThW9A&r1Ag@vWn<%-~;;yBBYog*>s}&M@M=a9X<-aS9b-3%g3C;H*~BlRL=Tnp+JAcd#cMpSr5?X`z1y{Nuwztt zy6exuZpSqje-rI-eTQq*(!uz?iyrJ4QSNA%TIug|(pM^%&rumu7sN>U9cACSwGEE4 zePrPQm6)T0aB&_#N+zfqorS^vNze@JqwU=ufJju<; zJ6WfIC3@AlUCSM1E48J5y`ZQf@n{>|Qx20jRkzop4UKp0*9x0z-UQcbw`-YOTcLTK z9@j4(t$%Yz**dLHOYM9A#K-7NKe+vk9-i{MYBkrsDcdAvy5&#hyCgG>9@5?9;CmEj z5{{;8-ISx8tGQ0OwbNR0BK^eUI;|C^xLv2T;&vXbutU1*H@CJi-E|00sz=*K!t{Z) zZtVxGuIc3O_iU6T?4I(Aq@3|ty*CpN7-TR2$|^T@sIc@3aeyn zqH~tppYpy`x5~q&DZfeS-LAtP?YHv1QvQ_pOkZ58qwEOkb5TNFiBF|#NA+4~Q0?=$ zc2V*D-LBKrLUw+->!emVg49X1h~)h~=PZv_T&Nw^Dr^Epu^ zr?k0C#I-`3xrnnicbWL+-yFb^nFcBdtRC?9i7_yNvcCr)cy+v^HtLlaK%&=3?fu%? z*rkN`d0HfmpIB+ zXaX(w>$ok^4@k;-8eqs;V;s!Y-Jz)gEN;~Us-?RQG8#Oju*jorVuZR~n>}X5(qg6^1jl{^8bkrwb7EbH41+ z{_s#?vpud~wVlAwVQsfjG<)08u6nC6aA~XxZMRB|{wl3{Ftk(&QXq|9k?uN`?%GXO zo=MjZr-S4qx!vs|$s*?#kG9jJQp2b{F}(~yg`-j;rl@_VpgNU4f%P@%R3F9O;dbqo zd5hcym&evjt_^e|qeOalN||dGiB_N`&H!3}@pCze14uQi8My?Ew zrcaXd_jRv66!D3Wj*k8@eHzsOmc&h)JPB$98V{XOWv;EJ#v za3y9YlqXKbT%<>tAMHVBN4jeXoX4az9sM0CJxiQ-9S}k+B%u~m-qhe8I zWS)D9@a8sHP7wWai8;sP`bN>NMG!3`BU?QFeCKT9=~Z)r(@x~Q}S!^KX>m8<~ifSL>4M{5G`u@d`HO+cwxrC zC#1?VwPU6A9#a8J?;cos`)Tjg1<`J8Y5Csj-tuiRrFTbXXy1EFJ63wNQ{M95V=`JC z&uD-AuG(_JG~<2j__X7`=wq&>gJ&Le6jb9cZfbcnM&i6vcf>gwcCVD)(tiKwt!}?c z(ET})q6}u~)p@2t=8bv8n0KZgk9IuR0cDe~ru&CNPYWAmOr0O+p1LU7?JtaV`@Qu% z+AapiUkr0PsiUmJJV)7P7~)KSkH@0i$&EhqX!`)e@_lg(Bv9(Ks38BeBaS&ZJ|Xrg zs(OJ(JHSwBIZv4(K0FjrT5^Xs5$`SE71s$so&)0)>+a+Z4{Ka(oz@O&rpZsVb=m#_Abw@L!#Rkvx zC;8h=-O1&O-d5U#N`G-9tuW3%`j9r^kiR%yD{SN+eN3Bh%wOD8D~$J#KB-NBJ2v%b zD_X2*zhdH-JDZb))!#C-WA5HwZJp7K?p{{2s;dkA0-3rNmYW^T&(IjIk0EdUW4R73 z|25tVdL2VvSkJXebgH|{x5smJto!7`S$EY)uI1Ji%Qf?lqE<^ksjFrssGVF8Lnw2u z1lKjra?NZw>wA)iNSY8Q6dd}gfkAL2nYDUfO&(uQt6Y72>MrTf(Ts;0-qL#Kc_Ap3 zyT{B-^EZ7lExGAjk88I(x#^q!5zaksf6P7Z_Pq~v@&IM-IlTn->;M~ahJI!kM@gq z>Ng2=5$5!VrSsIAOF0hHx016e<$@@=-Xn4`C60%*U81P1V8#?G!6ZY6+eU`x%8V^> zau3l4YFb^TA~z-S8j0NWAv6iwu9D)SD7n#G?d$R#@$|&x-p8b{(jC*1V`e9JK1t{Y z!U1;Te^WX+Cii>%S0jIqS^p16qcEuCnAhFfGU0bc&NbRvZ4+awQo6R!xrhAWI|WO^ zF3~4C*F)7MQ|0^O(TA)FQAEDQt$jmAkjsULtPrp;u^AiNnK&rMa-2KF$z-@nzfkpF zJJDI`nBIvli>XSD>**a_bUF7(%4v+J4}8?K^uI=rxXRP~F>h$!QNeRAm1_^zLIf}9 zd{7oJPS;+7^^LCeLaQ9ido{T~R7tp8r!hxPP3|1y5|#DZLPFM{RziJE39=xGe&&+! z9S*p`tue`209wpFdWz-9w@4h7o-(r??_|8EqiU~rEsls-+bfziJW3z+-n$^9q1WaxRG7xDWH44|KCAWM-ACxi}Wl%~m&5-gz zT5`&Z9{&(9~PC1}BZbS=s`+@p6VMV`vX!NJcG-3y&}& z?$`FyE0cROT$ke2)WQjl5^blfwrG@%JT>)egnZdW<}R_QKiBcq{wi%irpH9hdr@-3`@%op(*>G{=|^J7}6PzIyFc(zcIEDJzFiCDxbK?XXzRar`Clm&)H{{^a&e8~(x`-D}_WV`7_E z+I^M!(sNS|t~)XDm-hEOef8=4QXWk6EUMV~U5`5-O?q{~CD-lsJyy5l@rB)DTfH#2 z`3C3v<8FR2W2ArerK67>$-j5#taI1A+;7<}gUTKrQRvP7>yJ-@v`44rDZtqiL-UsP5SGBxw#(s+GU{MfK>j?;n26Lk-*?Mv71MA-hck>7qnQc6?{CP!5i^kHaXer`mSGpe@DVoKhHl^ zy!@s^%{I+RE~)j6>%Ft$`d&VHPj3GkC%xYIqb~KY`gOwdk1Ty=-|Q{dX1;U9;kiq8 zf7W4Y&XalPT^V!tr{mXNwslyefjuv(ch`;CuN}HOXOR2+g)g6X&EvOTe(iU|-)y!& z{n@wP>~p;9Bh`ON=y^Qx?IR<{l{_?V+2Kol)v`{m`*rcU@2r6)QK|N74#s{fulUx%;isC;p7Q6TSH>3h8S0(U_^go$Vy7#F&7ys}|Y}>>G_cg!d{a3!K z_UUca|LAwmx%Xe$bmeOge|X2i$^*5!y|8WApyh{ts`=xWHC8tpkh19hQ?I5xo73vW z**y=|NZNY;%VT#RsoQ?f)YLcj^}n^|^S6I-W8A3g|GfXA$FHloY12D3uFvfB#cvON zRNCYA8n-NpDOgjp|LJqG8#_7~Jht@0Y0^P!PrY|?lJ}1*FMO-8;fQXdZ~E)R=?0Eo?WSLM;g9dMxxD>V zb@DejhFD4t2XuC8&c;H$M3yA{QmL1O`dz`>B(7(=jXkcu<@p0UB@>) z_x!WA)%o<1`M+K^;5l{&#(~#_s)W z(~~d#)qm2_=P!%y_xa(`p2gP=zB%RY6aH~6(!SgH^(AFPPyR7);QsCFzTN2R7&m?3 z*{K&lF)g9t*VFHEcKQC;b)UV{FzL^4M!wMEg05FTxA9=&`}Oy9zjyqqU&^l>aqb7N zKlw>v!{gpZJ71i?bIzg%PR>66hRR;+Ti$i?zM0AQebX&tL;31<51e}O+gWYuu6cFk zl*6wyubA-DWea2-E#Z0*JRg!xcIiGm*w^t(CO|Y3(hW`xnth?R<|B)f6w7} z7e4>xsS4_@`JN3U2^S{Z^gZKSNx7q1E2Z%&d;u0Uc30RQHSFD?uq{R zsi||G%KB~4sK?&8`?u2<#jgB(-)}q4`Ey^}mRpXnz!|jUz<+o@LuO< z`fmQd=M7^H#NV-^(U`B=ev`9n`O(~)-}q~Dqk`*-@BP{H?UaM>escYyq3v3xI2Yum zzI5*Bg%^BY@6v6}{TUrjyC19H{`TlOu@xWGTmQ`V5A$c1_qsE0+IK$|mL++M`i)rC zvG=?~0Dv0+I1d208~}I|0C*MvI1T{(0stfe0OJ6FWdJ}m0N_^u;0gesH2^RG0C*1o z_!I!x1pu4^0ImiAd;mZv0N@7zU;?cn0ss~R0Br$)<^aG~06=vB;9LM;B>->-08k467zP0R1OU_k08#*e zR{?-l0Kh>2;C=w$2mmk@0O$_@+ztSY0st-o05$;t*8>2*0RTM!fJFd6O#mPp0GI^; zd;tKY0stETfE@sU1^_e$0G0p%69IsZ0KhZ=K*s-M0N_dhpdkQo69CWv0GJK{yaNDS z1pqhzfPMhL%>Y0f0H6*4&>H~Q3jjO~0L%vfHUa?S0f4grfJXp;*#N-B06-G}pf&*D z2LQ?dfC~YD{Q$sN0N_agU=jcj4FHS=00sj9Cjfvn0N@e;;12*`I{@GU00sg8PXGX4 z0{~qBfX@JcKLLOi0Kjtq!21Bey#PQt0Pq0-PzV4#3IOZ`08Rn`l>oq906;PTkO2U+ z0|34S0M-BihXH^I0Kmrpz}o=8H2^>{0FVm++zkMf0s!j)fc5~uLIB_v0ALjW@FM_l zDFE;m01yuVJOcn+3jkaO0Q3a_o&o@}0D#8;fYSiL=K#Pt0Ko46Kmh>oJOD5k0C*Vy zxB&oo1ps&v0O$q)+yem21OQ$G0Ac`uJpjOR0N^12AQJ%C2LQYQ06Y!=tOfvX0{~hA z0D}O4TLFLv0D$`dfVu#{5CGt303Z$kSPKBG0{~tC0FD6wX9EDQ0|0pdKvMvqGXU^C z0B`^RXaoR!0{|Qa0R931t^)u(0KmHdz)%3d2>`qV09*h7Yy$u~008v?fH?p_JpkZC z0H7BD@Erh<1OSWx0OkPzuK@sq0DzYPfLj58;Q&B70MG{js15)e2LMI_0OJ4v9{{ip z0Qe37@BjcW0RT4v08IdZ1^~c(0AMTtPzeA$0Ra370OSGy&j0`u0D!&#z*GR>A^>0* z0I&oA&;Wot0D$WOfZG9pECAqb0N^bE;2Hp+3jp8(0FnWKNdUlj0N@<}U^W17B>*rK z0Qd_47y$qr0|0&i0IC51GXQ`$0f6QJzybi^P5>Yl0JskTcm)8s4FI?Y0B8yTd z006cD0EYm8F9Co70Kh2#AO`^G2>@&b0CocadjNoa0KoGAKpX&YKLAh@0H^@~d;tKI z0syxF0BZn%a{z!70KiTFAPoR`4glx~0Qdobn*o5m06-l8zySbU2mr|VzZU@b0{|!l z07e45GtT>xMT08jw{JO}`M1pqt?06Yu;ECT>K0RU$M0P_HV zqX59W0KjAb;1K}eDgfXt0N_ag;4T1QAOP?g08k77!~*~y0{~9}0HXka-vEG>0Kg6a z;AsG$4FFIZ0GJ2>ybl0e0suS;01O5IJ_i841prn70P6vOSpdLK06;bXa0CEY3joXo z05So97y#fS0H6c_Xa)e>2mtH?09pe8MF4;s0Js1E_#Oc01pssg0P+BUdH_Hp0H6Z^ za5(_56ae@Y0C*1o*bD%S0RUD20Br$)7*06qW!wgUj=0KhZ=pbP-$2LSX20HFUjLjUiE{+|#1zXtk$E%d(`^#3jB ze^=;#0`&iF=zj_H|1k7F3;Mqp`hOYp|0C#s1@!+?=zlu&{}$-~Lg@b#=zl5ne>n8N zI`sb>=>J#H|Hq*JYoPyqp#K@r{|BM}W1;_tp#M)o|1XFBe+m7sg#Isu{@(@t9|-;b z75e`K^nU>K|2^pcXVCvs(EmT7|Ao;18PNYnq5s{X|8GM7M??RAf&LGM{=X0XzZ&{~ zFZBNh=zk*g{}SkbHR%5z(Et0P|F1#+4?_RDLH`Fq|7$}3S4007LH|>r|1U!SYe4^B zhW^)u{-;9!Z-xGU0sX%o`u{lee-rdS6Z-!U^#69~e+=}$KlHyb^nWe%UxWS+f&R~h z{?~&3{|^1X1N#30^nW7s|Co$_=zneKe-iZnLg@bp=>K2Pe+TscI_Q5J=zksP|4``v z)6jn>^uHeT{}Jf_htU5f(ErKM|2*jbP0;_Q(En}F|M}4W4$%Lzp#Ke^{|BJ|S3&<9 zLH~P0|KElF?}h%q1pPk>{qG0;_dx$|hW`7Z|KCCX%b@@Bp#STj{~e+KXG8y|LI0;i z|G$U+zXSdM2Ks*i^nWAtzdrPTJoNuc=>O}`|Ax^2&d~ok(Er)c|6b7li=qGbLH{>E z{~v(<&w~EH3jKct`u`L3{|4xPOXz<#^#3;Ke-G&Y5$OL+=zlBd|2@$E=b`_@p#KHX z|CP}HCD8vk=>HDr|Ig6><sg-{_lhSe+vEY0{!0w{ci#N zcR~NJfc}3C{cjEZFM|G`g#K@V{wG8K_e1~P(Emx$|MQ^#^#3^Y{{-~^1L*(5(Epv#|B=xDr=b6Bq5plM|GT08E1>@$L;trz z|0h8IpMn1Og#O1v|HnZ8bD;mZ(ErWQ|6=I>x6uDjp#SZl{|li1=R*HKhyFK*{-1{a zw}<}6LjTu8|MQ{$cS8Svg#LS>|Es=!W#GVL(e10FULP`~*Iid$`FrD2r#>36Ze8YYZ@#(bsd3|Gq<{NuvuE$Q zM@wD0^!R;u-L>zWKNzxRP3~VWzL>u2-FGkf>X~P9 zj=ucz_Qyw$e){J5^T#gu_~Wfj|N85?cOH4fciUx`jku{zo4egN+;F(s(W6tdmMt6F zFD2#1L$AEDI_1}2|BT(gf7>Is-~Q&9_3H=ZxLjA;BC*od#WU$+NdE zT$tEAKECY>k3U|=QKQDyA3gO{gW9!fIoq6dR+FbEPu_gpwr$HV+r7Knu*)x>wEX?| zcRfFL>{(4}*S_GnsZ;wDwQQNv>iqNDT-Bt>#`i~!`f%?}H{E<<_UxCBbniYc^V(}a z&Re_ot`#4A(EZL9EjC^M%P+Uye)ZL7KQV3EtA}%PJ{h`twT#{JmVf+_+CL%Tmu4qV z-m&Dp_sagb`Q|lW-gaAQr|-TSvf;}wM|W-C{?UpqU1qKE`R4BE(`R~@l`B6RzG~It zEB5Wn`t^-B{y6uKYjYI1_uv*HS+uKr}&mHk8f13-es-NK6~NS zd-i;}H8;2Qi%&dJvdrUY)&9Km9_hVkQO^Ufy>{}RyYHUR`MT?typ^B->F>APl5}O` z#=ku_X3YHA{rfkbHD$_ktFy9RnzV7FXYj=r_qh9tE3SQW=FGZNOG+O2wo|8XTI}6B z{D*n-ns;c_=(Rg4Dn8$K>#gTrP`B>e<9`16=WDlY$?uhvRMhR7YZ_fxr_RGaXJpi? zQ?sUbgwr{1d%u3q-?CuA7o&doA#LAVZ!LOtz<~C19(u_2@?($v(02Rw1O7Yi_%Z4C z-~DMzmW=A#w(Un%=g{8Wo&u<_4OZ)81dHeUcC<1I&^5|rMq^0 z`|hAYhaQ|Tq4Umn-ieEkjV<``(@!f)ii^7xTzYB0(XCpwb2e?-d;hDij``-p51+X4 z>#x7NWXFydCT`lao027?D0)qyXI~D;*0wC`u&dS_us!|W?|vPj@Ms*`=XCN zTK2}^!86x;y)|o8uYNT8$dRUJHE6KlrM$e`a$C24=g;1~hpqbLlk*gLCZD_Z3>+Z9U9lP>_S+g!qZrJeq&xQ?qy>P>ZTH1pTCcpORqgRzZ{d9+m zFTC)ahwr;@X~NE(_hqbD@y6+%J+q6OH-BZq=FQb-Jn%r@V=uf=d$OjTe_s9igMRwz zt97p5ew+4n$BwJ!4IO&VLbtoc+$W#BY5Y}JUD(j!xbwTYbLX7w(PQM=&pvB;&AI0e z1OO%i0OJ9GI{|0FDCyeF1>Z06--G@HPOj1^{>w0C*Pwcm@D?82}g!0L%vfJ_Z2(0stNX04@Un z+5iAI002h;fMozc3IOm50PrgSupa=p9ROGl0Js2va{z!C0N@({;1U2}Apj5$06Y!= z)BpgU0sv|O0A~RJlL3Hj0Kjel;Bo-qeE?uA08kqMm*qX2-L0D##5 zKz9J(S^!`z0Pq0-&;kJX1pv4j0GI{<^YR1^{pZ07wG>G68^O0AM-*kPZO+2>?_B044zd z*#JNX0N{B5U=9FqBLMIc0FVj*%m4r$1^}J~0NMcnhXH`k0e~_9;3oj!A^;!`05}Z* z90UNq2LP4>0QCTXvjKoT06;DP@B{$h0RYYe02ToNuK@se0|3_n0QmsGEdW4c0ALIN z&>sMp0sv$I02={-ivfTu0DzeQKnVcQ2>{p&0L%jb8UX+m0KlyPKwSXfX8>Re0FVR# zTmt~q0RS=pfSLe+69DK304x9iegFX80ssa801p8Gj{yMN0f0LIfZqXtB>+HM0AM5l zPznJ22mo{g0A2?GMgRc40DwaPz%Bq_5CAX%0C)!ghy?&X1ptZxfJ*^@RscX#0N_;s z;6ni5YXD#e0I&%FC;|YQ0RUYAfG+?5KLBt)08j`3Tn_+z1ON;M0K5P|bpYT90MGyc z$O8ac0|31NfKLE`djWuQ0N?@u;5h(bD*$i|0GI^;Gz0*K0RS5SfCmA9M*)DR0e}ku zfcpS|odCcJ0H7xT&>R5R3;;X;0K5PIXaGQc0N^VC;5PuEBLFZI0B{2UPXYi}0RRpF zU@idA0|59805}%_7zhAN1OUbZ0Cxfa2LOQK06+l%uowVH1OTD|fFS_Dl>opg0AL*e z@FoB-4gmNT0JsMLSPB5#1ppie0Qv#|odJMK0N`x^U=0B9A^`9%0PqX|@G<}}8UUCN z0DKGp`~?6!0sveF0JH%BZU6v|0szYZfD{1W6#(E@0AN1=a61679sqCw0OtSzF#y0f z0Kg>xz(N2Z9sqb80H^@~JOu#M0szhe044(f+W>&w0Knw{!21BeSOB0l05BB*XbAwE z4*)a)07d}-Hvs^%0f6oRz_kFtS^(e!0H6f`@CyKNH2^RT0LTFVRs#TP`~v_90KiEA z;5`7~W&q$e0N^_S;7b6YJpj-J0Pq0-eE@)!0Kh5$U>^YR1^{pZ07wG>G68^O0AM-* zkPZO+2>?_B044zd*#JNX0N{B5U=9FqBLMIc0FVj*%m4r$1^}J~0NMcnhXH`k0e~_9 z;3oj!A^;!`05}Z*90UNq2LP4>0QCTXvjKoT06;DP@B{$h0RYYe02ToNuK@se0|3_n z0QmsGEdW4c0ALIN&>sMp0sv$I02={-ivfTu0DzeQKnVcQ2>{p&0L%jb8UX+m0KlyP zKwSXfX8>Re0FVR#Tmt~q0RS=pfSLe+69DK304x9iegFX80ssa801p8Gj{yMN0f0LI zfZqXtB>+HM0AM5lPznJ22mo{g0A2?GMgRc40DwaPz%Bq_5CAX%0C)!ghy?&X1ptZx zfJ*^@RscX#0N_;s;6ni5YXD#e0I&%FC;|YQ0RUYAfG+?5KLBt)08j`3Tn_+z1ON;M z0K5P|bpYT90MGyc$O8ac0|31NfKLE`djWuQ0N?@u;5h(bD*$i|0GI^;Gz0*K0RS5S zfCmA9M*)DR0e}kufcpS|odCcJ0H7xT&>R5R3;;X;0K5PIXaGQc0N^VC;5PuEBLFZI z0B{2UPXYi}0RRpFU@idA0|59805}%_fc}3C{XYi%-wXXe0{uS?{a*|HuYmqP1pV(1 z{jUc7UjhB^1^xdW`u`F1KNI@D2l_t)`ri!tuR;HhL;v?d|KErHKM4Il0sVJF|385K z=R*I}q5qda|8t=K+oAtYL;uG@|F=T_uY>;kp#LMF|93II}|6J(* zbm;$Q(Er8I|19YLAJG4Mq5n@o{|7_=8$$o@hyL$`{>MQ7PeK1@L;s7R|Cd7lyF&k8 zg#OKKV|Ao;1FQNafq5mb&|5nidN1*>bq5mhL{}Z79OQ8RsLjRMX|Gz>1=R^M+L;s(H z{=WqM_dx%9K>x3W{?~>6KLGvz2Kql7`rjP-{~GlFbLjuM(Eqog|35?j^P&Gm(Emoz z|A(Rf^`QS==>I(E|MSrQFQETv(Emly|Mt*-7xe!J=>Gxe|BujrKlFbT^#3R5e>C*} zJ?Q^4(EkkR|9a^EThRZ5(EpXt|8JrHhoJwRq5pBv{{rZLCG@`w^uHhUza8|yH}roD z^#2Ly|98;;7oh(;p#RrH{~w3`=RyDLL;oGn|1Hq}iO~Psq5sRE|1+WgHKG4Uq5n;x z{|li1w?Y5kf&LGJ{+|c^e-iqC4fOwV=>G=j|8D62mC*l-q5t1Q|6hmx*Mj~hL;tUW z{&#@>p9B403jMzi`u_&>KO6f03iQ7^^uI6kzc%#$eCYom=>IzC|1{|TD(L?`(Ek?D z|C^xy7efE-mF>?7_QQ$qi5DuaMyoxJ*2&DS7qMzxL&;vcNuu|Yy< zOveVzAE@DOka%xRcY}6QYgHd#twCa1gXV;x)3HHZ#|E)o7Jj{K`HGeOCH&r+57a1) zd9eD7YSqt)sna0Q9jw~1ZuJ*xRFS%M174D!BN^csB2R{3enz$QNLleTNUi>7be#t6 z$X!S>p1P?-Kg6FLW!3pf7h68Dl^w2F_f@ZAL_LVoPM%WXcp!|8jF7776~=}hyXvo) z{qNjkK$t#@ECGYQ*wzYhand=C09?;1>_f* za`jkjKrT<}DSe|pO*<`2Iq&hQ!>})}RVsb62!`Bc%5`l~vX1Ju@>)V1k@p*lwX0d~ zaQha?16uZdh}2j?mSM=ZNQHB#e#`k5{^WtC&|?e&v6C$?^mC}b$$1igB9A*;q(*-e zhxHQiz^Ks!*{rn;S*Qjq9o>ByJPlDS*}GZ%MCmA zL*+)g7lz6WJC}yajdU-O7tq7lPYRVA_ESUUhJ9bC+^~PZ=pWLJrHRdYn`Dd=tGtH) z-cY%buKqHst$vJpd^A+w7*9`!%8l`Kv(f*obdCDV50x9~4iA+ZYL;8%=gR~U7&A{^}lOhtY^;E%V++EVpXKQGiG(rW6YL{;gGEZq^e9LjTa%u zW&DZU7;Yj`$HtI!O}SCsrZ=i3F0uKa#&;1{Y#Q0br5{_2^iwY~CHgrb*c;Uzzr;@r zktej%1y_g2&HS6^j)a?TyK0sZ-!2n(sBUjV7MlNTBfg2NrX92XO@DVBf;Fk8z&N+N zL3i{w{E_y~ko<(EEm4+8#c-q=fwJ$73{f+Ev;AfGhPEA|s92-__{C#8Ld!2O5-$EM zBma4}xZ(_rFViL)i<(<+B>dyv8!7GDvGE4Szu#ADm92tORetn+wWj_VT~v3c2zY(S zW9eHAs6+w+VB5{wK-noA*GzJ1hpO0xn$C-{iU{P zs>4L*)ed^6A8|}OMVT_R<=*K_9n%ir&g7NmX*+SanN=M3IZ(~e)*M;ja7^DVs^xoP ze7up=Tm?^COUmB%M;+77AJ}t&6Z>}c#v?Cc)zmD_r0#iGmwrhtJ z(dUnGX86ZdW|sP#SnYKzBRMfc8&{c;oE@8~ZOPDj9rImVOoOnULs6zG`t8;qN7EM)6wvDUael_wY|b;?nNo3Dw9ODt(m3$<5UGL zl}c2lN~BP+8QNwF<;dV=ZnC|*mh78^CnLEHCCSj*W+eBbOs6uYeiN6W^*&}6Bf~$Q zEK}yvyD3HQV;P$GDSxJRNc6ndc5sgU*e6BEpa>Zh!56)-TWNlcDDr)Yl#MbZuz5-W zB~Ya(3@wFs>O^PrC{c-(pVYXbK^f)SV+K14R;dQah(4)v1xJe>&N$5Wq@cUVEIId1 zU5vSf>`JijTStpVB;j)=ss^ecN%Xp7k>hpSC&^BdE{k1Z+ zq{x|#(v2u%;>!+_D$yJ#uOhf8usy(j&K$d+=1W@h%;LAzF|5&yvXVGl@>Ys z6V{wCqTkh)gszv6M07AM2I5OR&KtbEubt|}myLD;+BcZ{5O}AKaK^?-w~3V;`~1zl z{-KN-Ho(~DcI|bPE%KC1boS5CzVVRRp>EeY`l**Ut&@5x&uwYDg@0DX^upa9$`rmkVx7iMZ!iFi7xho*y}CdE9sB&@_MFL z;aY;bU6mLz^xS>Sc6P;`Vuq3tQ&RT@U zN?2?OXW1#CYi;q?rroYD=~^3q9r4$3l#OXn(zT9iIKpWCu5~4#Zb{d=_~|WO>xsW! zNmuqXk{;5vzWD2x$hpYb03jWrt0T2!OalpUlyr6Y*pDP$I!&SUm16I;9;eqaeFKBl z%e&>-(u?|dtJ9SzcILTs!*g)lMbq5Xke+uI!m~Ztjg{c@9A!NlQNZi*jBUctEwU3{ z&kOiTZzfs^xH99#)m&VS#nnMv=Zot)aa}lgrq6$+&p*)Ukhb1P5A~MsNTkYnhZ!u9 zt}<8&_r(#=j(`N$QJ=OK`4C5$Oh>$B>{{Vtb02!`0M+mw*A{R2&IB2Tbkzz}hx)WF zuGMs6y}Qw!b~UF3RktGu%W=~0=<|cnzD-2ZS&>r`27|{{N#^qj8?LJ-FdFcU(0$E4 zu2uL(>b^u?>cuxo_qF2&m1xWl;$u&&CP>S>}=B zj&a)srM#scXQ5B+DOKA$^_NQNvI#!zTTn`BK+rf|_CG)|rJ1}nPygASq5b7!E@+;i z9ok)w$wFu2@Gy5$CNN*&)i#&Z1&lMJle$Egbd^0lGOHzZsaDdpnmDT`b*Wy`wYoTC zlDfo{bd3>bjifGWP~)tb)TO2jW}LN>y3{J^T1%X))>Y_#}&IUPYJ1@M#AasS24KWpyR%rDNhs>N2#V z69u4pR!htQg?d&`%%Q9Fj7b!H>RBT(rv|5*i8(bn)k@3(XnMvb=I~N?&)SJO;7ZRr zi8-K3&$@{@Vys?bPCZWb6LacwYLJ-IfD?)Tm6+oYB9YGSkkAzECr1m~BD4Lkj_L17 z%h9gPAX4MF5~LA$wZCVAw=|t?GzTS0c$_bK_wG6-&(nk%cCD0VO*~s~1|dBC*~>&P zP_|y6Y`s9)dV#X_0%hw3%GL{%trsX;FHp8#plrQB*?NJp^#Wz<1xj^zwOxs6W^JDB zPHN;VIh&gHIHMEOqz8cLiD}aQ9%uE$G--X0GbS-j+TP==k(gFPIcg@RNxOTTwGz{$ z)fs7tX|c*tJ26dK+~cg1m{tdx)Wg|ddFv*oNt=6|^%B#h#XZjYiD~tfL+-aKheJqN zA*_@vX0+ern7)!4-np6Og-^c_HWP+3$!>e$x@a1RCP&^F zK7Up;tYB2a;JjfY2IXIqFlk?Q@ zX^}8-VuF%;(u3sT(reDgyM`1EO}I2c40ZHnrFG5C$+#)Kg&5-!_{=`0VqUI=uB}a^ ztW8ykqoO8ov8CUGj(9uV(_nIR_2%JkLVN30`!MX?X?NY~ap9x5>-tFY86*8xa^bA* zfk#ZgbA$QO)jz8dAsNF?xRYEX|M#y68aHb~G7x#K5KdCPFARv3>wH5Vx`ra+aQBUyA-Atlsy>2D)`0Z1aoCP@+~MRmMv&hUK|Tz* zq&r#qB!}u7;s}h>R=%{vD1Kb>lPo_;YMqm%4{PP}%+@*0kE7)e8>B1^;G<+VW0L%O z`Qeaz4N^{Xt@C+f5k};)eq+k}vJfFhsC=tUZntxdQCcg(6uhGCAHc>PPog#h6HI z?g=s&In1?F=>w9EiM-~TZ=^N%y&>s}Ejf(gu6y`x$)DIXy1ym=xA9%X5SvL>Oxy7xKax-01 zKGKM9@8c3?#@}Ho8fP>Arg$h08Oy1rz&Ot|o~JO&CG9Wc(Ts1lzvL%0Z80%l_FCuI zVq{plgNQ=oi_OrsM-(+%z@0;Qmi-7VzjV`Z@#h=)A8(J0J2bvbizA1Pu|EFy&-Z`Z z@CCp#yZ>8ktDsbsALH8#r3%~^l85GewY6wi-iQ`w%1^~yB#tU_lcSpTu9A=NBX#rt zkLyLc|64WZI<)+I&M1Av&c!T?R^ty87L=&COF^Mry^N76GW(S@pTsfet_0k2h}_n+ z|H1uP`=r4f@;`LDHi3LgTSuBRtolJm4r3_l9)2Uu8Rl3wu|ei(NyoHj$|KDgUMq!Q zN9dT1G-v$V_>txeGkz%an(3S8RI(>-6C2Ik{@eS!8Ag0Fo_U^TIzrB7x~BM693l(q zd-zKXh0uJ(8gla__d&y9{xKsVvz?^QryXYwt*)`@3~`CDv_ld7^|eM>J+|CZhkk#Z9= ze&HD|NhoWPFkkTA#C)aWX%OGZ{1Bds8U9D==)WKPLlH;MOStQ23HdkA{+RV3n`?#Q zl-Nj#AWw}TSJ%nXIrL|LaQ#Q$nhS{+z*_11_UjiJBXY=i6!(Aq9P>XksYoF>68Mw8 z6x!0M$mB5FOZQc6vq*DGJ7YYV*e3NT>4aiaq`9SsnPA9SY}k)TbIZStZ_X`dK26(Z z{C~P0i1ZB5RMSw%IW+&~^@t6ARE!cMUb~R^X8oDsE;z!?4MPosb__q0XMpA#2_zU9 zHs=L1eY;(gcbR#T^A;msFS`(TX!#?}4U>)h|C?uk#*fY`G#?24$LoQ%NoV{#=zLoN zQ&oAaxq;gsihZPO^LI#yY+TQ0R&{0|pDzd(ex~z>IR-=5v_)>t9jZO}j%p5HP!)NK z?d%R!?b@B?r?SnN06&I zNp(tnQWEFCd@slNRH@8i5=&j-j2&eeu)nrrQ`I%1%qy}h$d`T2a^ROEbk4e57prfK zOD{I(G86MeU)BIjc>-=ZWN6y)s-2PsQYnCYA6NORw7W`vNl8P61F;SiaqJ9Q>iI=OMAs&gv5w@%d5Ac9qUP1Mx8tYM+0|JV(~*=}UQ5p!X7<;z;m0x-If&?eO`t)=O}~7Be`vl3*vn%luh9&UT)J zj*m4%hs4VxAcU^*XSMVBbDK->q(n2gAeG>j1aFj2sII32I^w#`;;Tjb);Qui%@M~& zf2U$OZrSN?D~0kv%!IHRM?#X zZou;^Jn|R!iS!C@i%o+a?KZAy@eskb5n=>Uf>YHdU0N;1kIFSi%7+AERptY7vE}JgEvao z7+fO$4fs#}Kz&Z4K1E;^Jbvo2x+1XUSG;1b`RHNdwB=H~Qp$D_Vt9+%Mu^cTLX4ri zYpCaF!$p(+krGeWr7JnwZCWM%4vnQ}@C~hYo7PKji8){VJQUn+(-!g9Ya(^9Nc=m9 zN#Db}j87uh(Y!G-pY8R)L6d|}4-PH^zQaD0#d z`|&;LZ^k#>r1RemaKf{KM)(?IgwsjpFs`Lx;^ap)&KhxDEET&^Tvv)~yZr32jc13g zuH^Z1_54}L_^k*XzZJIe+eF51g>>Tz`}nPpeq15rx57StE2KZ0EqX)O9?T@Z@3ux_zf3B#&5V7w(%PrZJ!LXV=6&?1bZC&=Fa%OGsGSf+-CPZZ-ZXKY`Kh4MINsy}NMGk1w77tAy@b7z|~x39%= zc>vj~=KtQz|ETHnKL&>gKBy_&*WyR@OuOO%x$pqgbRK|Of#8Ii%6%<1iCQ1O@PW&f zmd*#z8ZU5>$b`S$*Wy>v>aTb~0lWZXIxj$NlAuNkYI}Sw{t&gH{;dA+ifpCUM=!yI zg3d!xYlqq)UyH+{R_LEmLIpxGibeC?$#_iV88h*q-vRxTz7~IpezDMwq1+K$d<@>f zkAkH|?r0urE`7@>(Z$nPelC`uD;Jdy+xNY=8aWr0=k5DhoVP?RD(|~*yErdfRDR>W zKg4zQqVkM=2NbJVRPNq)Vv)Q3zD0}p+UoM%b!`~7Xxp%jtA#@>+LotihPTe@q|e|qr~zmVIJ~$s8`GjfMh81Tg3bh%s0mTGBICinm^`i@tv5TFXsCy^IkE( zL~3UVuOc-T^S8vA8COrAW}CV1qUWB3ybiMn=aa^o&?5X`6=8r%Biky%`pnWE=Sv!c zs1v;iE!C6oW)ZsTMUcX%G^89&NQ2r5F2~PSIfkn=`dH=Iky+ZWiKHH3sxdo4vlB>L@C2qOA9Bl@n1urf0$I!``Bs&ct?~GqFwc zGMr`PoVI1%U3)NI#VS6d1hf|)2hXHOqvKT7{)fOr)ZnD zEHaF3+JUi6m3U7b#n{~?*xDo|-87$gype>lO=`@}SyW!!FuO9N#d_WY0~YZ0t@K^# zb9xtV-N!h_KLCFZXZGR^`xtZhhvVnflf|p|F+T9~#Y5kf`SfgoG!fi|A5b=ct+-() z{6+LW9pj1{X5pVmZxOhYx%1o;@~Aq@m>KO~GhxMlgRftw?2&~E@09IPOmbdhw&d*t zvHM>$Q!YL}=~3r=`rp5tGSPp=xk~AC?flPkC;Bftw4w2;mOppny+`)30#CR5-ZI4SzSh``ME;o z=L-A$Tw%`76~_Er!Tda-ATU2y1kcZpIwd)=9yCWQlCS3I3PG_7`y5?i&e0Xd99=PA zk_gPv6~S}#GfrVVW&x~uT9rc0(-m9Id0G|4oTr0|BJ;Ffl)yZ#7sZ;VUv|#66~&sX zRZ-MjU9rWSt5tc-xjLvkGFR*63Cz`cd91nmE$3WYd93+bzqnKLwJMOBuT_D}`8udT zGGFTjvd!0eiLCirwTU%ftAeQcS`|di*A+W#^L0=`WWLr55}2>`f>`sl>QL5vt@5wt zYn6R{zE=4+=j)*S|3B{D1u&}W+8>@t1_%&1gQB8R9W=JkBFz|TqqW{SI3p7c8byoN z2Z0De1tx|dXln@s)M=VZAGfvby@3nD7z; z629MWKW5HMCV+_T|NkAxIs5GA+H0-7*4k_D*@yaC!XMMu68xyX7T`zqwE$n}YXQE{ z*MbgOU&nz@eJ#O{>1zr8h4ppwW+=VpUC>i%d_YAtAAw?O?vg-HbxTO8ubbGvr@4dbfsdOsjmTloW5@E()t=i(EWJ>)wCq& z>lUSM_dedzDiy7&wk0g}?B1M~PN`w7I=tmnRc!6;+|g%Xv|4-cnO_N5q#e zCMndxQl*~`NJ&!VjzE$jTI+U;d<-Z_fK;vNEiyBp#xGK}-nYonfEsm3)mDH-xMH3G z;cAaF3LsOTf}FK;$`iE=5IGGZ*Ul+W)I31sY)D^wWP_5vG!@EDU!Td?j_r@9cYXTIv(2>9({Nd`xrhGR=#z%f1v9AQ<*bzFQ&TF2LQ z9b5Y)sY4Y{`bee0kmO3mPNHO2s#w8{Pmwj)Z58aJ<+?_M?Y366uURMEia-k5)%gW( z5SOFkb$-!bRjBvhHTB%nIt^v4Yt(`V5ce|voT@(S<8{0+f2-=Upf@v2p7O$i$pupj z_!FPWb7usKiVNly$6|4OQ7jf4$_795S1(Tu+oIFy{$1{YD?7=LN|sk}CeqY(EC8%hE z9m$`0`6jefW;e?ocbH{4X=d3&>A_~RY^F1~$-QGlH@xhDCp=iE2z-I{+{D{A#Hvt{ zIP>SFOt|}PZM=2xb}XlKl?R2oxxQ*U!_Xn#uuQrT%dDnx8VL)rqRSxGSK$nCF?hmf zI2SH64d?jf9fK?$*y;HAXA08BX84RrCrx7#*7}?eu0Z8j+w>ZRm51H+T!8ujx9&)A zP3q_jgl1K_*M%zj*iWG9xs8qyE$(%Qja1sJLN)yudf&Y%csLb@k#Hfg(!DcO)d$gl zE7N|OKvb}S%_FK&KCsih(|#bdp&yaZ>TaHH%srFNg`0}tj#M1)fh0T4uh@(RA+ji%JT+0IRD0U)+u&j0;U^CZ;LVfIK zM${9cD)#~Vx=<}aE!=R}eV9#$k*RxUuqBm;9-)gH-J3(J``Ed*GPlVwVv~C_E8Ae- z8Cr*5-8;v(iY_oN;@%OgPMwu8lvQsKm;vI4XV}kyGWQ8Az9@YjU zz|k;76m7pzAjy7|J-{N6>_MP$#2WWbrf<7J<8A!+n6*IR@M}I7Z-&HPlNKVF_}l zI}&ULUP$`LR)H6U7Cr;t$*B<=+4KSTW{sE!ol)p_gLlx`v!b(Gz&tpvfrPtJa}P@H z7tBKp+@QIqW2@qx(d_wg(Z%gR19Cs-1Sd%ratY|cLO{Sa%|hsG%VF>kvhKyL`+(q~ zOay1`)GQ=fmOO;sv}hiR>`^>4mK4a8eL&TX0yXUJEVzEiKj5VX%|B?T4eX;?wn4B@ zwjkJzntue#l6?fr3ig4Yx9Ia^B9G_69J;g8cxIR5W3 zh727YF9b%cLEq6ya$$FaokJu|9s4D2O{1{ku>BbM&b|(8mQHr#*gNH}#~`({=}0@6$4Nxh36x+M8M7LLYtUh= zm>#yDaBo7l0tYcT0a5opJ0wJ;1EXsw06k3cV+5M)r@Gq4&@d3?L<*qW zA*dr{3}KXm+r5Tj$>`{?Z^n=rj-rM84g_{dQ}?Gl1=*8X4%Ku6;z z?Vau&NDMsTl9HzTknG8E^dy5l>6AU$6s%@1fXDakXVEXgYEE>-UIq9$U_MN7HwPoA z3u1u$f7IPVISULP7rhuw$POI_1J?@)fXe0Ac2}bV_RR$G40@0WR)u6c9NdHsF!GfB zm^;Fj+bBql?q=DYv*^xPa2bif)Cegd$jh$SccKH??0{2oXVJ+Nu+|y^xcvs97u=gj z2mp9ibmFe*Mq%?|MF~_*ai^6DMZSw)?kF31Q^$n25h>Cgn*z4V`LzHJ$P!Uq5}cnWA8FAd9VX7 z;Dyl{f`;hwFe3O!iW~G}2)saH-2xneuyD1s^j>!C08pqxt# zcihErf8-VnDyz~TLA?jsK}NI(*MJ?-tF3~jr~q<+z3$!xd4u@vg18x!;1Ugi13^$( za7s*2R}jIQg$61*nnFoU=(pbhRE-=_E#!K~cJwj01MCVGfH>H7*nY$f2`$FmXzF|P zksK!ne{dr@O>OS3r^sN>sJ1gl;FSb6jaj>cEn+-I8i|5VKpS{2Q^<(!y;74m2o|8U zSEHROUUF@qAy|#PK>jlsF3Atgg!xzsrKw;iFh%x=W?}YpG@$dr2$)*%M&aJWRxR#^ z0vChyE~;{NvmRoFdfE*+DaU4O>hKIoP1#AMmO+3v*oaUrkhelPlieUvz-=AEq>1bk z6c-9x@^xSziB7;_X(`$R+~X;N0R+#011N>n*d?{mvyOe}IH`@!qW;1T3RF;4&^KMt zm!zfi5eA$Zogkl73GJY!lhi~H(f+K1q$VXZyDH4KHb@$yyAiqpg6EK+>`)73qr)(8 zh~yOpl%g?u02xg}OTNK*TckAMK14nTr75V4!p6fG;-I3S?C?t;c#0Fq1d95C?n2OG zCm`ugem7<{k?fT9LMn@al^GpaFtMxyi!68$;tXPJKbYQ#920Djq1XcYshO-HxlUSg zBtC^d*@VUeWWY$NT|16RUQvcL`2@&9*~0zMq;9QAM^mT9iGq5mgU)~rGGhZuXq{Q_ zOLZ#r0`;j7Z&IHg2HPY4Be4BgtxzEjKF}H!Vg(ox9m)o%&<9khg5d-M#73FasUY1) zf(7nMRHvzq49aXl(C!wYLxo*|UI?<{Fsua48I{%mE{%#(5JRX)0Z@9cdU3)XM~x+i zFj-|+FJczPxff{Q6cU&-GBGZt0ESfDFNWh#Do(I3jEtxWgZfYJ7vN(PmL7XlnL@A% zWhsW*@I)1fQRR}>38sEgOlsB0v4(c#V9FpS(Jss+Ic{j4u;D`jtdR<U{N1HHG2G~%4Tyh|fg~Xv zKo;Pi*vH;NY%9a5uDNA*=a#*I-=xjK4!P;W{AF`o{<5b>`pc(h#%%^xd-#+2U#dQu zALoMMN-&OO?8OCh8ZPhixL_(nF9zm%D$N%IS8|;_g}3{hyg%&X{p;AN@}jMpgTHd` z^R|sx?y}Wm`OemilHGeNL(g{~z*>Cw(W)*CdfYGqamT>GY7d+)yw6|WagEjM5?f+l zX1vpoLik5#RGLE~kxKL0$o|T4*EYT{O0RI&SGGNGw5AEyOVz0Eb?$Y>n-zVk-o;Ga zequxmmeX3Pov=K%%6O-upLV=(CqS!vr}5^YK3GJ{rQ?OQejuQ!7*SpIF1;$y-o`tJ z`nj8{eh;5S)voS+(&^%^GTz+M2X%C`R)+2<+I)lk2z9l6b7ja46I4`gytAbrgn;n7 z!~m{i+8*}-h6tP_84a`f)S{ zYA02%9ki2OLfrxv%DckG+7%wa8xx&!W^3Op`dwYwHpMs!@d9b$ih}xO^lO9cJNnh+ z;G`BSnn#HQ^s7=JLitj-Eu&N6fCLi06!fMZjsyEnjRDC8PIo;z)}3Be+x?+*qev{E zj*d>%G4KM>pnHSLE$lFwtsRlrurh*+CY$Dg%C^UiGilOef{tvIokvHS9VCBMC~}4@ zfQ|s!QQD7_?2;&?yF}ovz%;7Us=7!dj3VhN z!D~p3p;6tN>_<6HF}meIwJ#WwF*0c&_#tu9Zd`&EskKu3X=|0tsyeW zCeKG|pyY*nL|Pwf>0pXkHo-hb+6%Yp-6bXqXxrZ zI1Lav>~WMg7{tD=vfz26A`Lt5>ZOAu*dm5}dt@uk5I|E~$)V*^-N1&XI`kkT)&rRH z!D=b*ind5JI%)68PE@sHLWxd{q@}`6a8@oshd}PA1L&h^rU=lxqM(1-U9BK5m}!L4 zus@*%;KMl*+(hv4-pFY+z+0=jf&EoGwNFF}Em-4%sIC|ls`g-l2=KFG;5#(|h-BfL%C41niLNireTD zk>FSD!VHiu5t@L4bAWt}a!7cuE6P=E#*`2pAEt>$f@xww*rT_@*+Wi;)mXtymm}pN zqcV*m8J&iH=5WS?dKbg_nOiWl_F(^CZ9Ur25nBK~vC|w_wQIV_sAG)6co-b4Qa$<`Ph;eB@CPk~B z+&V0xmGfLl?9F_Y~ zu`T63eu{GeElIimB;;Wi;5=5d$}>5o6*R5DLGCq=VLgkS@aW zAx9i5ki$wVKjHl7gB=Z(5Dxcyc<*)ov+6}#DCYdAT=l%IR_aQW>RuI-y#U;SFHt}N zzz3q_uCh_ki(v#p8??$Yi77_(LbyLfFQUjrFEHdPSIx9-min;Ld>$=Y><}nKat`d$ z7Z+mb7AO|8Y$YI-3It5T0is5Z(tdzxbPT2>iVrZs3sSjiifxzFd6ni&v>vrGM3XMS zD7+yO)0f9kReBD+5&jUx;!4G#H^L(#F-%qmdkg(_NluZMEKZRg4P9keTWNAk4y2N{Pe}eU$_4KvSZgA>tEwvuYcY8S09?X*7}#4Vz>3{ z+s83*K>svj@St@5G0Zro;WU^Ba&En6+&y2I=r`T2xy3V!3ud^c2Z~$^vTvV!``FPg zc}C25bHYT|)E8ZMO(`ra3U~sA)8@>bJ8Mj!=-In%$z3Dz8%x6f!(X%7;X$91gEhy% zSNSVXZ`n^fvCGCks@rQg?|>)MX*f-Im~slaf>FU=v=`Q1-+?dcIKQm-wiwQw6=J!M z+ib3*M}7}pZQ|FoQ=NR@iApNOf)x`!ptpXV*puU$Q2sDC-b5NviCl&fZ!E-DTf}GF zxjuyEvTJaBgV`!7F|upL&$)}l3RDgAokaOgCf2dQDp6nqmIIoQcfaAZi*lmYScUZ{ z;}m6#?6q8QcpsS$qZL;)cTKFeb;zBmb7SjJqyxE+nWbk27JU|FJfaNp+i%Y=p0i*1i z4ai-mb7RMn?z2KxtTB#hGaiP)gVv|Ls76V8ABF0 zHV{K%aTPx5yT#fn+KQsc+UXdIBxLxuPIe7D9Yv9)(-suT)WQLE4oRX&tdgOv6}l~Jr(-CRkl_nh*){BRoz89P zv;{@7HIaK;lrc4`VoWJAY(Rz+(Qya4a4^P)B13HO^(d*?D~hX2!jJ#lTGZUVn&`;H zc{KPg(Rlo15OGm4M&~(X;6lp4Z|69Vt?qsAKb+msz5ic9n3o@anIdGf&EbJR_YQXA z=KzC;;RgYOUHD1B;F0)Iz~D^$EMRc<>-~I#m)ldnIwakZeUD``zBj!e_ocF~Z>hS* zTx4BmoyqGWtTn2xtNW&p=28L1TlWL&GXZtHN98L~ zPaR*O=&(L9UgLYr+!tpTPnn9n_Qgf=IYWoU?)hS(WXv;Dil^AdOr1N|Hs&9@$G(1~ z>WF%H;$M3`AN#d0$c%dYatsomeDczJyg!RD<29X_#_Q@)@|k$I(u8Tf?Xkbu@@~|T zSSRbf*z&#Yu^*=3-^t1>m+rrgG7(6&$NtX>fB7mS%YB?Z_MNJIm+Bn%(tn&i_D%^1;)%sd_TPS_2NLmZx#$)P_ra0WzBaJ-%p==Z&}Bzyf;t&y6e583!bk|d{3OC zCccw7&v#)u8F!s8FVo`Yytm;z!%Lg>j?w4vi8*fKVGku}NSs#~+S?bi+?-LT{r1!R zT(+Oz$L;hx>SB(gL|J!e9O_%jTBf>Oil&W%Kb>zfHNpdM8%7gel%A|B(*?6a~?7^YFvPr{yWs`?j+FuM5pRn;U>x7e!XHK|qz{I4I zj=pkEUey)&>TCEsVC64g3OGK?d+ukQd_3}57avc4R_vKr<1fE;3J!?kwuw#LHnF3s zt9u%Llt0DRQgx(zwyUbWd!DCiPxs6DV()~B66GLikJy9K5C`s{7q5#3BZGYB>K>>XH| zd*9vcweQ9<&(;Abkz(49q2@|6xZP)OX4Xgwq4EWfRfQtmz90@;*e;=2kBGAb#^-J} zM{MIM3^hos3e9av^TO@u@ZwiO0*3X3)m<$?*lUhB$$C!>LOCB+Xlsk=2AJ+OUi)U< z+{P52{WP01gByJIdfEO_(Ohtw>E0mQuS84d(j)-&=7{x`EqdW9OY;SH zNFXW^HP7bLnAihM_}ukAd%KqiScgpL`w=tP26|crhA)gXrnozG1|}y zqXPYd{=vc zZ;;&U-e}slO3VW;`%%=q-WO~#?e&@lWJIDIG^q4xBs6N0o4}j}5p~ER=njkz4FUti zMI*uWO0s+HdlcEbzjeHP~GL@G!=T=RA#P$}?Cf+Mfj9yWn`NpP?I6vn+N2wseB4H(yZ zV}ty8n zi6i}VY@~0wydxci-2ef+gCl*UWu#LkU#5}Xv|A&8Ql=X2qc35&b1NN&cw20|&osI& zINtYkw{X0hBO0PCFv%kaJrs&X&i6LxiTWOc9z>9XeouGfB@KEDPVy`xe{5{z1MnUr zpE^g4{H>Q~t5g}#3U6&vOGWp4P ztW=I@XwEJB7LN5372980==dBr13OFpw-j~{<`#`7VRXdo11X(4rA+|x(HfA_sk#>< zfbx%-w8E33kMck$e6j#^y%Yhg9U4APyR-Iq&7Pptt;1ZZa;e2xGxT?y?l!G@Th`n| zWhbcX%QSwaNpQ)UT4JVCDrVvxBTd3z-HRqB-jOLz|H?rqwJyQdsRS8h+D4T<&3#O)e% zsyMQ|MY~;2mZ$DY&|8;@!BOs<>F3Sk$p+Dkv z$7L7>mqBd^g^^o^(|xHhX86m*IgQXCoG3=M$7rEF%+!8nDrUv0m=&jDR-B4iaVloT zshAa~P9C27m1i>Y%wRt=h&(~$2_jDrd4k9jM4sT};l|>8SNw)JBMPX3|uIm6|gJ8|-l-HzK*SxCu4>@z(+nB_1jr44}j z)cbN?fUR#`g=bD<_Rs8M=3iS>KTw(kEHRinccXRzH>?h1PC&Ds$$dDLj5iT5tJ^U^ z+X>7&P*mYw50D80CW$+S`0Vrnpdh+X2@ilY8@N4{C6w*JoCwyl7$nhACQB=Vnfe3r z5107dl}v`2QeRa&w>d4*2_P&AG*XSJ0ZRcRKwIG{NRt*81V;8qh_x?3z$YC7ERZ5v z)m{M!l7xr80g>o#Vn#X$2vV5U0v@^v08%$LZ7QdP)dCS95gzFTh6ys8A6;hw}&(Or|xbSe*?qPLW1dj8l>dm9EPpRP@-PB_=Vi%rSwI^GX(YH$E-N z5;ff5d8m(mSq(h_mtc!~Nc1lLFlkd8|DD$XNc zFzxQuNfBe6ixV=ZFO!h5AcxkYmNYOSqukTGq=9GTa!Z<|#wHvV&GF*q%->Jk^kSS6 zCV?U;bLc=JGeG=Zgv_~U|Helj#`!k{yGhFjK2A1In}@N=+(~BYFq^V+m{S=z+PJaU zH5QX5YR;%Oq$Lw?#l#sfFm{wSirOtv$-+8fz7E1bQ^jJYSS*yJ#)(CISZtDnr3ukW zbZtVlq82BZM&pCA%I?ted(sNa@&xlKbAwrds`FbK%oLjdvNSy(j72NGxjvXp`97Ev z9J5z+r5ei)()qz0QSS%y#M~cDLL1UtNMb5jtOU!rjT#5h;VPPl`ao10M=Z90#SBPh z0a%8kMe)b48;CZvs#i^@l>;VG!!s7F+soPkbAfZA)0yvrLyMV|3h!lfByowTHs}Eq zjYv)X2}Xxi9c#ykYUJ_{k*Jpal!k~!Jy><8=#MnZ71BQGIO)w*qFSP(P_%Rz28*Rn zRC&^2qS}et)SrCBB-Lb}!m#N@KZy=q{Mh-s`%iuakHuy3pLnp7kRQvy1_b}2$_i{S z^2hI_INv6Uvy}ylZtAv2w^H2lZc`6e%7pS4PI7m|*yCcW#BsS*;}>o<4=?ku;bQf)Y#zvmO&E>4>4ceW+cBYhc16`$ zu?J%s_F$ag9*jfWgR!4`FwWxq3ZMH!Jn^eo;lT1^Sp^@=EY3KEEg5IA?v8oXS$>!W zP8M#$P~RcsTFV4mMXo9KKEf?`S2_()u6HZf!@>~ zWh?<$+<<}N2d=GZ!r2>b-|Rd(5DjFFFCTgnS~xMVa@>rgdrbEUW;)szncim-fWp!( zD%vrC(6#}np`XV-1J;4}V}p3_07&UWs;c0*f!l^K)%e_SA+15zur=T?%G?Q)r)opw zq&M}u8LtUw*0Z7ZYgsCV!7hL^^tSQk=_8o0a$Mn2EZ2iWzu9>ND1tACNdO1ZzG?$p zIc#_@z)2qky9f7yao-qa---xXjr zvc-;T1q^NIAfQTjk1uz)B%o9CkM31SI@Xt&m?V${o`H9VKV#F-HVg z?EuSRBdElZhH3?%!UhmTbMFao<-p=(qu|5Jw%OSK0s1W$pj8qyvenDj2*U6w0O!aA zJKQAMYU+Zcdlb&VRwueQF-f3Iu@yjRy&939hf0xbg&43E?%@ihDdz8VDmttR})x|83xh5t6H>x{kIHVaNo8fvcDVn1a9#nW}(P zMBFHNbVMD902OgR0EmVTh;o$%sZQW)4Y~)#co-$`faOL?VEDZyAlk;pz~_Rq5IhZ# z(%oPQj6QJI)RB_2kODp@XE6yNK|x8*LgRY?6Gz_;w6l@WfP}cW1E%zAQK&19vswWY z$&C&XOB{UL1mIw+cLYr92@|-T0IWuB0BLv@*g>(?xXdV)!0pJyBw~p}8eD~@+W?Vc zBt(;7DnwxH;obp=z*KUx@ARZnMu)3+D0! z=GMSA!3MU!gE-sY-At?}h_f?-(Gtz}f3QpgsKT5`*jOV3+kX0-5(HbN+4XJMR9#n} zvy1IBv9-@H!X(76X8)rEvbf~sRBWF4qH->2gU$=rz9(k6#mT*Rb1f$Bh{vdv#uuxB z*3&oxxXLc$)Yu!f$Kq|Vcrz?!f>AnX>x*HlQnD(v z6;i;6z6sd^6y|e(4H|<|l_63hZLrlvGv{rJ-wVJ^Xj&7y135te@WN0>z$WeRrOAv&msnd@>7 zvt)W1Ek?&0I7Lk=F4tJI^e|8Ka1Gjv4Y-k)d%z`8r0k%W7hu$lzPzI@(F+zo^r#R& zf$~gn4tU*8 z4>jwD=kwDTTB<=gQ~y*)mhPGpD1-y??=!qyf(zpm?WZxkELtcNEn>bbx+nGQxNSiwaAvx3 zr?EB-AD5`>NYlR$=J8io@b-0{0uz|(!nsu0wyg|*1BdhkJS9Asf0c-Bz&)^*w~*!N zs}Bw5OmV~x4rp43uSpbE3!?g`!;uGLnje`=Gs>XtvOD02% zP2#xKa(Y*>IK3-I94oI24)Q2)B#OaPEmmHa4Op356v|hHs*tx+j6aLS&}CvGVl66= z(%}5?>HK@#c4=Wf8=&54Y{jRPhGat6FQmj@_>ef5 z3;fXAce#0`x|bR0jVG+UOWA*=(f0+>C4Wy~&^&SF2P^Oz$OC&WaHVnxCAmKCcf3_i;U}G~SDu3Z zF)MQ+gYLi1Ya-ylpGQZi=Q6(xXue}PiYQ%P<1bm;Ecq4z!)5($_dvWSmgiYxiMV6A z*73aCZ2v4D(R)I7di`#9nmWgea>{xomKS2V-&igQ3de~)5s-r=$`CN_R9DoStJQ@g1FbX0S_^UOB zT#d&T@text%Qq*KZ|SAHJ=E&J$(~NMYE0t6z}O#>Yj^oi?(~;dI0YcQ?J}I{cEkuH zM8Jo<@FUM_ie({`OlsOm*h<(<965TS`kMh*cC)qqW>(T{sb6J5YzvcG&Qt%S*512- zqK$ic_Jh$V#m;PHnD8|25}9#RJz}U8-Ae3F()METHe1_M{X$jEmiDZfk)(RaP%rIG z3R}Af$9g=WP_l6kZ|%Kwm1(Gg{jFsKqWII z!AIi}CUl(-q0AuaN8Lp2AJ1PEQhOkoajc^0RPylyz;*wct^I4Z_OJOu{Y!@5X7;by z+P@wIVg>@&Z0X;5szS~lL}MJQXz8VYkU!`m$R~+qr66b$IR(cGB_QdE5Tv7`;n3KJ z=9t<${piAJ42gT~#nDpatq^y#N4oy&#W#VR=b_}O=Bz$<9^HtT!X*KPTZb#;TFimZN3M$g?Y!|EgYZE`-6r4 z^1rc^f6)OxIw0JZ;E8I6T%8--h3waOgLTG`r&-Ztr!izYD|^;u44K0U1DVE<7g*_h zk1^!ic?c}b^BP0$6_t&mqOIwoc2>+fMRnGS z{EJqxK4ZyOVXHyy`%6!|iV6)Upj+}|CODsUAUg&W(sO*|0xOxeG&dS z4k=P~x0kY-*jP1g^w`2*fk)iZcKhV`JmE9(>4dHQE28!ibi!s#Iu}0G6<37@zkMjO zg&UG562Eox%PaAN8Iz9@Ks(ES|PzlMf1w2e@BG{mK z3&DNF44#KbTs%J{67W1HcnxQ+M=AuvF;uJAH_CNufDgrW#$w5D^R($fGyG>SQvp1*)=K8rPcr} z^k1R}?Bk3t$v%4UG)C4#nLwq8E`cfIxkpaIV%*cT*$nM<{Fz8$m*GbR!~imPRNejM zxmUV!f~z{xE#z5dg`R-R9+V!i7taGwL>(UYvy;FX!U}I4{S^Npzp`g~MPL+=SYCvb z;X&Zq=fmBk>NCqqsYcm$wBZTmPw@K`u)SbeovT6oKtws`;q&y_O*AdfhiFS@DbJy4 z?DOtJ75Glgjb-0wTgi|LceWL&x(#CzCSZ{Uj5lM_mi9w%6y%l<&v?|o=wJyd!ZE>} zq#|{)-B;#GN8Y-!nRqN5nqeCF?hKaAjKE&}9YEY886I(mh(kC(C%8of3UkUm_MGy( z6r;vi>khk-_0F4irXn^K>G4CoHqSJKD6kp>n4@w*yNNImn2t2;ZF`9{hu|bSX4$6TR znwX^(eaB&>4XG2{;SE-}F%bftjqD>hmDU6<_`1g(77@ew(vH{^neB*(9gPSe2NNJv zl{=(WrqzkGyO0JPWjF3rRpj!e6|sF}Hd*nL;B+Q*@^(r<)ER#LC>D}2BKrv=$;ta9 z7w?lZd4JZ!dms-yoG%)taft6fj~tr8z&c|jsfExsVlp>7rySvy5Jpn1~PTQAglE{gXdEJ<7Myin^;qBu1{(!Sd-)c7ov z?$>MM&bY>ztrh44djziGi@^Q2N>2^!t$EXBEUv|9WV*yYLlW@}CGBx0Q|fpVB3M$H zuSwDCDSnP=7hQYa$ErQQBmOtK?D}Le$m$q;R*bTp3<`rG(#qg`G0wsaF3bZj!q0-+ zsfz~_0{y{!H6?>i&2ECIj?}QeNuA=I+dU$6xCMr1h=_gSeuyzR5|xixkN_&?i6z+DDQA-f67pI0MuV5_jY5NH&ZCj$G0sfNH|VJahluQ<_G z4xAFUvM`gigu*oU2_SR`Az0Q39Yu%}*@Z870AgQb@j!sc2J&DBoMBguC8q!{o5RU2lPX28+xL^R zEw(H4y#SwGJqPtm#|(kztsNSE9z*n7!;C;x*RTb4xJksfvvwD5flRat)AwpTp!+4T z1X}`2u;*lUJZEV+1_PUdD=fZ!HvN9AY0)CvSIwZyDMiBtFuKL!K>`@O?h`ZMNfqux zU_pq%2wAZKfBW#qxDWAn&KTv$5Z0zK3SZ-t#6-x&&=$sJGStA3hoOB8O z_@WHGm>;1h?*5hIW8Qir&8w z!EO9LSA!VNbqGbenHOScBHS$_3lpa87W-G|w&X^Q}?v_6&&e52yIVMFj%jO^l5#2w{vN z1ge9%@Cs3fS1DNN#7UFhr>lkaUC*v~ZALX$Qp8(7?}mJ&f(-4USnKB^^ExOOOgT zP41B6lZlp*$ycd}V9nVpAZkR-b&OA{fjCoJG4H=oXTZjrVgO{{j92i8WEas2*#%?i zQPHxL1hPFq-0d?)!a^6F&Z&?!;fF#0hujIMkjAPbnuGC9npi4S@F78h zg_`gsL0Vh%mD;p&O$0Sv1fQl=4gWT%Nn|9-x@={wj3gM1*BXBlw2M3TPx&!rx-Y;hv5hm z1IIh6&L3=twTsCyI4V*H-Ii}GISe(yS1b*lhNbfh>I1yC8cX)6U>GSLWARlgW2dp? z>j+|$SR82_A{=FMSV2)?L}8%hF`jxILrV^#$hq)vY+$9>Mh5~rD6J`?p%ADms2HAx z#Wv|fp(})%zzsUB{Dr*saRgx*T~?R^Bh!{-^H5mJ)_Ewiu_agpS97-BewN*eNefXQ zl^E*elo_6fNe$sY?~TE@jWL|RLXDvYSNs3O*8q4}UbxK47YfD468PH}&TNa-vt7rk zx~P>(>{>lT+#@Os17RUZJjQT{c0BqU zI60+zjN-?0gKLeI{fw0lbfR+mYxj1(HW-<(fOfz>@BQ3S8^J5kHiq+SP+1p^Xs}|Z zaz#M}eR^t^ydTrBap?0X|H3EKxA=P3$yMCcX8d!7A6_&6s8ttG!6$AKBj^9WD%jh* z3ho*K6|DVRlnf9dz3SiQc>UWPuYa3+*S}nCPNILY&k>0hpS#`G^1zL09szs-sI zx0%wuSr{Z1{Tp2vO{Ra(vp8nezvo$W>s9}v>Nx$2g+QzRxps9BLcZOMT5}BeasUoikVM z|5y4kPG8Sxi0N6OuUWLos*zqXMSoy4TEa=g=62@MZb-}ki#Xvg$a z_2h(}CRNfpIko=>D0)FZf4L)L;-lsx=A-7<{AG`&`O9WFy>c$ieFT^vW3tj;PLBCQ zqdPdVYI*DWGu`T9RR`1S`?Z?-<8hp8gxg1 zP6vq(p~=qTr|}RQ3miprMfJv#*JL(KgJD>Ouj3E~=DL$K((xjAHgGyz4{Jc9p<|k* zE6Y%YaIA!XNU4Tu;C&Kfr{iuxKcpWD&sS+5S(@m$L8OPDP-$l^X~KI45}pE~7W!%u!Oz<_8P%Urn80Rm$bH?f?!kD)`neaIVrOy|uQnOjzfk6g^aM=tX5k&7Al$i-v$ z$b~EJ)2({_4u!go-3!0v%_tw(%i!oQFnE;p?cn=eSq$zb)2-qd7p=GPbv0iF90&PY zDI@?hpWtg1Uj=O4e68l|hYYP@i2DNWaaq|6JldCqH(PlP#z9YCGBVMUkUj}vF}3qm z&PX{LDC;9#EZe)+fbDxUD|cLNp}IAgta-%g$#3GGQ#MJ34~GD5oxH*NxQP9BVhnRY z0XOh3i*d}^GT%5I%5KswWs4IT6lFh?(GR`~BwakwqVy7EVOil2P-w<0&9okrkhn%d zBANwqJM0)gJqz_*DP}H-HHj9awmJog*5~3i1JUf!M|96n@cVM{mCf~n`tHnYF0+m`6R*8iS#8iug z3 zoFmwOEA++t7JWgqw*LT)X?-B|#jh>;f?3#gJXd#o!-7RFnDvdQK=S$lvY7VsJIgx$V!(W^r0BnVkBRT2I)D)1z1rH zA}60w4bt2tr$1VR z{%8^UqlLc9>=xoLyXD+P=no(}IZ;RtL4aO#MUQSvtfJf06__OBMw#D?ohwkp9amY= z7yTwTGbG~AB943171JL*iU|xU{m~-yM?7MZ%5TAEynz*Bs-rnxbu`z>E?i;hg0`;+ ze;mLu{UK{{5+o1<`h!1}Sh~enG9JG;icJE1OKXiKZ$iMJ5$?o={Bssfhh6N1e#I^( z8uDuLgiTUdYsA8v{GAAYpks9(qp;X`sZD+7Tr94va?ZOJeXGDWRq*9i#xqc*!Mj=ep78QSb5D8X)2=yz{vFBV(4JT?M1@9PxP+zB-d zE7E(DOzcejv{ymKOvYFj{Hx6lrdgn>4M$jg3o-!oXv8-iK@fFR$ z`6aSeh&vmpTgKSLF~zteywOgw?77cr71=Mk_Rf!0d;gDDx$|RHp5u}mVJ;puna1Mv z#O=qykLTlcA+LD$$ErU6<5geSF*r^JS^EMe;|>-6L?^0=@Y>2a&Q@ad*ZX5EoPcri zAQ!;0rD~Z(R<9B7a_bAy#}|tCeQKW!N5oUKm$J3aVazl!Qf9kEJU78)w}co!FO&C| zJy0guE#lmiI#f9!4-6~zj6;}woNX{&7?=0vV_+7lo#)1@4`c1nG)8hW#xh8~LgRad z8032VVsJu${0FQ=jSVxYWYacAy$6j->(fn8I@o59YDX<*bf)H^0Nt>f;4xw?mjh+TI zstnXIS~?Tjze97<;;%7=+%3eJHtRv5ix;7^_gP>~cz>DV*A`8Mc-*|O8#3#`Py5$+)`!lGd;Do!9iqLq4`jHElpxJI2L;GKD;2GH_W4KR+ z3y{cjP{!QAnw;}Jh&h43ZvI;1^BQyzoEuF(F2Mn{2e8(Y+$1wwYQLEc-RLF1joh6? zA;xR!7MK^4wxIp3?FT52Ec8M7w(xl96GFx;+hQPMh@im+(y#pw>?`&^A^*Yf2bTQX zWBE~o+I&SGHUisF8l(3GSI7LQzD4;H;onxr+LPcJ#siz-Az0-Y|H}ki4bCZ7IwC7^Ao?C9=i8CL|1!;7Qmd{_?RI zv{A6_d1!`mq(!$Z#Z>_1eK0M|gBsvzSz0mgA%FR|ZiDrdVmJ+BNIzqU_&qbN8yN?& zDE2=z)be-EB7O**&qMC(^xv^#egiV89Q@TYwrxf#{H2v?uq3tp&-VOlDun)Ddd^r< z;D7-^8}I7~n18`<&Cxo3ny}A%v)Fv?FCXVz)NLcXELnlExv0B>lw9&7#4PGAVR-2< z6nzgSA}kbazD5O0USa$Yz;b6xjXnHDq>Erm_%k}_2w$OtY2ki4=nQ|vnJkOB!bfz_ z6BhGZ#+HN|bnNxvIvu<{T!o-9#1<^fb62##&KLE22C&hsJ5jy)7g%kmIdIDX(O7^( zIz{aFu~h+QO_kVbavWbp@i>tQn{MWwb^v`n17zt{DC_A&zB(9=^Zv?O-xRfGTkE>G zdI(b;0Em{nsK%Ya!hH1fH}TRE_TMq%+moE{@zelCjN;jf5Nqw>YGwx-*QSJz>!2h2 z?>d+kZq`Ak^e;27D_o;vJ>i#iuq6Bk1O>`7{ea|pzKQ*ffm;^{x&&@1!BgU0;MyV6 z>xp3eG$7lC5t-eDK`!x5+Z?9A+*8DR&j47sa3_Q=rpdxFZASH8z=uce+s35LaT9inn70I% z8G{F<4;;`xtzX|hj?@&pI3J`hD9S%xV1c;nRrQt_ucHSIHqxzsefsuuSpQhg`gc9v zt$(I(qHB7f$dxmvc-kx%-fn#$XSC~{hab;-<8D_d0FGqRr*ty#Pec4mx|jdVr1M{6*omac~+P{ z1M8otcT*l2G|+q{C3SyVHIDrfXNk?wWhgGZGI>%zku1_*Q|Y@c>2)goE);o7rO$!P zvH1o&OH<6j!(K@pH`w)E$GE{G%lnKQocX=JsW~a>wlwcX?*{LBZ?$(dTbD40Rrw0_ zWZyng;X#%-C+o*GTRv=TJ43}CJ%8I9dTaX`Rergpodqh++V*!=JV$1!Bp&6)OE%gl*oz&Xg&G(}p3qQ^h|`S|UF6b;n>@9Ot_(=hsv$ilc-$M$ z8f#66AEDws3O9u+oo6aB|B8foQ^mVf|MVDnNas(8pQ7SD(EYshxOg66*6)Iy#7oC7 zLYVP3H3szf_`ZsFD#57Zf2ratMk9br({2UAqQ9d=w5uBS=GdopGGa#hbk72irk;nMY-5pOsHP6;SMe-XzsnzU3`5z%hD!wFL#%nq9q>9fUB;&O#nXlsO2FrLMPZ0b8;yGp$ zuQyeGCz&4C6xIGp6<>0rj2ChR!5S5x|2Y{iZrYrJq8AH`Z?mcQXQsu!tMsgd^ys@vADfUKeOKwX zC!|N;ReE+pI^HJ-3a0YFJ%ZJN=T0lu^-q3o+KcJ{ zKGmXnQ-yR|3?hA8U%~9#$3|6s^GpA(T zRxqV-a-OPZLGfIj)e;jAm<3fT4`br<6ih8hsD}v9@DTyLBHVV2i(>0DA|!8z#>!`6 z{46!#660N}EaSnN(Mwe$>Sw%1rTEoT=Pyz3PbS2-s&_4yb$*X(M9yj?{EX7_`i+Eo zTr7y|9r=jD!#O;!3UQCsqviFsgm^8l!wK8L!M0CdtdI1MyGAF44%*2(ivfEl+bIu})F>MYeyh zDzC^bidxHeCM4+o>x?D>$?#XB@b_m`p5AUxUBI z^1{q!hJ zK&s0lo*vr(ULlvA0&bwYhLwp#CN&JLKf$~b zj+t!R0fsZKWNxe!;41=X2Tr&MeRQ^vZi6q4Ii;)FAW}t2Tc*D>OivOwUjlyIItY9` z++oJUn@XQdwrv;R08oUd+1Oh7#x?%^eA}vXqN`|4;UKchSUQ@HBxIesocD1nn9fQ> zvDLCO9=wb0!dnFVCLngVLTpYDhyYqeww%&qnLue+qdKRwEfaMEAAwtM zhS7`gDxzhAeQWzqKtlMs1Z<)+_jM}RvTgK~RWju!1VRkl=Zq%O^Bl{84>;&7Xi8Bm zAq)E_YspKJMbha`;}DN}!SX!lf(F4;AO`{>j?BeU+8vtU2Ic@Tv z+h{DIT_k+B9Ua{JJw7d5jU?3D36S;~R~&zj(l2}jH@I|->a=h@(!(J}u4iZmLa3?u z;qd?R^)0-1)M1E0KC?b&_yt72$5~MLUl3x=;a{sVH-v*Cs;~lB2w=zsxzAw(B3x^$Hbe}uEo!$b(DoJ0U3D)86Cmx?&Cd=>R|!uz?g1h+Na zNWx|cQ3Uk`s*Nj-;J5Q4hM(Z5F|g!yr%_=brV9lKE?z<6z$W-r&pBkgd`Xipk+1$Q zsRt@c_KI;9qQGcER7qA93`K7}KPXCrb70U^ec;d6pQSLG zMQ}=NTwv>ZXHIErCdWsVAA+5saG%nOK0$GS^1JAi%@jY{2p3^50ya{uw)k(+-}wCe zoo4wXDb9DnhBhJairL8Wrw9^&7Eopg<==&l&3_pyI zDfCSDzq;06+U_hWq?pe1kLnJ8gH4xq*^0+@q)Zp(fzaykf8jtlkggL|IIvw{A=Yf$ zopW0|Zj0{^+e5Zf;WmK7f_UNYuPkM#ZWd+|V;J9%Je)LQYy=)|<^AjY!CYVfZ}`9t z?o+uxB=Axm??w4>y|XmkOK@3esPtYN0cqb7?c)YaU_#&ya#`p`?IAJ!{2Otu+NX(zj}4(f4RQV_4EeYZ+CsWCNN~>M^D_c zcRZSo@n9Z%#L*ZCe8a)Wu_Rkmq;^4~9Qd*w$* zzJI*vn)z4Q>R$3J-HraH&AqbokV_p|x7XCL42 zZ*Tl4^xWHz-gbBTxns7vZJ+(|502iu;=})b#*shnCR^z3a~uBc(e&Hye*BH+jy?M$ zo2TpB6A!$4<*j%BXxqE9-(F+;jQ5Ae*LGa-FW;-$`S_yy*M4nUK{1x1@}?Edo>x4j zcxGS@7o^1Ulss(yixVeK^kt29O_=%IG?#zM?5XpLo^_3!SUhD8mav|2JvwLR3)70` z&Mba$)P>ilAm8ZE=VgECVViw{(|&z=zqDnLZnVg`7Qic?(he8nGDXN{v2omV=7L$LPfq=Dvl@2@?zN%25^m$4-xkx74EXc(dOWFlYEGLe^uezEOB)ztoy|_ z_9clsrQ*J6NlRDo>-tnuuMdpJq-m*1XM>!hLB}RstU>tTRlLSEH=ZzFziWKcH6!w? zsx;2;R`JVeh2heDn1C?zdtg2B(s+IrVaAs@M6^xQDw;k#2c5U|3QQqzg)%Z{$e>< z#J8&WC?BYJo5GKd=Wa9BqkVIlA8eDwtXO+fCl>^Yrs+8CPqoI)EtoOwnR&CO#bqok znl@wFlww^jny0vE%AC0vuCsfj6b0tZd8S9~>?w1eofU09T8;aT+a}MQJ#9)+j{>s- z^C!nuRS=jnw|K5i_9@XR9*fmIqo+8o|LRS9n`N5S+w3B7aM2F}lt!e2SBbu0 z%~y%O;N^-B&*zIQp0=RaHs+Zr#Zzo!rp}#f8#5Ng{=oXl))9D&e*&%jL0z861H>mbVOdM%yY9%85wa6g%iw z+vgBU!{4QrADyI5R(`SVo2oqd#(L@Ut^|MytM$4IFJxJdH4@=8Dk5Ck$4~N83hMI1 zn23wjC$`P_)^y&nheEZ_a;!43d~d$Qooa0}GXegD*IvJi<5B**`w4{QN-RI6Xy%kL z_#TeF^mlP?zs==xXJ%$v?zfK}i?`d{*?8c(cwgdUB(l0Z;_0ysvZdS1N&clDnqR}u z_8)oFAKY&IXw^jj(nH3NLTNbFpg1FJEd3JL+8;dS=dRCD2$%hl<1%=(bnn^H)9JN2144UbY&xoTuS4=6W2I*>l0&U&?seYaF86A0aA&A}m>KH8DGZfnS^8_^veJLz ze*@Du!jIY-?#W93nVFTo$Qx|+1>4NfL6I}mG0gu4lJ|`-8~(<`Aim*x0Rq;!~Bjvp8+cifZZ_+@Uv-r#ODZMs*7 z4j^BH*S*Uu8@g;<*3kbnvxffco~)t2bk}*^yWKTra2s-=^?M^Y4%*22yJ&a??wr@Uc22bXc&rk7(-tXhLpU4e1 z!v;21ZbyfXuor7X?M~5!TEPE(!2Ji{=0w)e*S*1Zye;pIME`hsBkrBAttMg{1{{lsj&+Fb}1~&xPx$8o!oMvc$8W3l?E6qjwi7$yhU+{eZ z=?m`fzsnnJV}{USFvNcR?MoAg1Ew^A#a5EWzy#NCU&iWIv0%rPwH+TRL{xXV|dWjZnf){964wU=}sCgS` z`M$Ao8>$WG790((B3cd%i}DBt>&iMX7a7XyMi$iS__-cx!)2RO@LaL8B*&KmtzS^Ddw;+{0)Plx!EwsW@rhXKx^Vf{B6E7zJ?SuBYv(!XN{ zkAr7fNxQM~FbE+k0U=Py(4Vl9y`qx6qLTJt6)V|HbY|V}P_+#Gff?M$Dh^Ppgk=@r zNL1l?l~uH|id#et$P($l%2>JD%$k@62po&e;BI0U^cr85{(UpJ)`S@H_OHn;*Z|rD zH;gZHyhe;;+%r?zUB3u!4IN5@$8XL@CaMN2G7P`woD)9dPZgmL;69y$^^rSW-F9#P zibWr=VKa!6M5+`%b`DcS-sxIH|Nope#vgz;cZw+7%E&ui&GNCq?l1FZgpt^czYX|< zlX5D2ty8f_dsYbhZJ&6`eA0Z%eA=9B@!bcHK;uB01b3KUTNI+|F8}e3xSNj}Ih&z_ zLZ|yogx=}&^RqJsG=|VSeGv#ADc$oo9Lc>+{;Z%leNk5l#I&(=7u0+iiUfZ`#pIXL z+h2Ywg*fECUCHy(>XJ}*Unl^7!G{oK4!^w~8VjmL=!;ZwPtjVVPjD*^livsR;y?+Y zuR&+*Co-ZQrF6{T4&-b_POzrH-c2oboq1rqE*fM8>yddUGD9s1{8#I&hR6y9g?ha~ zc-`k<1?A40R@qSi1jFLmoi}Z@XWangLU6y3ZU*@s-8pN#S>JXTD_eZQR&Ve$L`b7A zcqCV<-rNE*%uOMC)&mf1VF)$quVx5{qxY71mr}#+8=vL)1>BkI;G-tK;F>;iBbr!+ z_+R6t&JJCI0Yni6Q3mH{2q|yhTlUOvY^WY$>QAWd2t?Hnp%EyxAcrg(q3n@=wm}C_ z_8o!rDf0$v@%lD(fqNUoINrgZPM^CKT#8J!Wx3@jkp3rMa19=1_wWG`N?xHF zZ*Uz%xhP}vy4!(vcdgfb8Z1_425a0~7kw+EvjjLH(VomWXe{{|UcgYmVcrl7XV@Zw zW><>)6`CU;19u?DRhAsrh#Xgo9HQQBte2G*=b%DhHt$+X_UlFV>vV;mG2P(Qyy4&& zG7IEX-i@$jZg8)qDYMFiG!J?+>dL-`1DB?YasNI>=E1Ccq2o{c+{eq%p{xgnOUfTG zg=WevfCLcQ$u9{HG4-ACS?Rw6HN)PlbWn5Ky;-?S(fJApKXQ-1U<*_-1lMA4!0$k- zgWfDhDJ&yzmiM1+-r!!zUX>7M(mI0H`2mRiJ6JTo&U$1iP*;W8+i4xufaZW(7)Z4~ zcL-{1F|^n3vK(dOvb?`RZME)IUUvml%1AHiA3|wp6f(hM z-e5IQ=Y&xKd{vYc|IwB;78cUjQlQn$8v8R0SBY8}!uaL^IIBX8Oknn>sJO`|FdW7M zTE5a>07{1`q=7h8c!+}-IibBF0f;}^ml&4+AA4^CA61dHjaMfD0)ccCl(--fqk;>j z!G++~4IQ{G9Yh7iaS0e!WgF-qZV>DQxD$fRs58urGsBFtFr&`sEEuC=!WO`dMG(aW z6*X-@qKtr|-hZ?tAZZPwl6w&Z(+l%U_g0O}Z}c?>?2lL|n^78XAPCs) z%C)x@akyyYfHbhz9t;wcK6fiA0dlC*<}mCaX-F41l6SjF#3C<3J?}%~TT^6zBxNsD z!dpc?$i7_zzD7h1iJ=Z1fUh~|J6eSLl45L^02!dUejk>{rftUWr6S)EnS#x7{OPsH z6MztAW8j&xi5=ngpk0z9$>sOF)3|m%u-6Vxu`T8;h=CSE$w50VcvX76^Ku`|QdY**b75b2w!+{CJNU+D*koL7p+m zl5gtjdlB{VPs;5WlbmP}Wx#%cMYV@HnYInlHg(1Oo%Qd-=XL|j+8TsrKaU{L(we#=0pJWDKI(CD^%-)Fu^?z4DT2n*)U(Kg zwjqb0ZNdKI^7j(F#2&BOS5VDpn8E6kPhzYH zt0SruF$N`*ybrH3YBIxS-7k}4 zhhn74-p+I)l5w)adO~+F>x`77-_xT_l?Cks_3!tPRfYp~jQTqp-2KwQbrP^>j;5((o{{;lc)Z6f!d^%)NWN*i11P74j$OX>?TM!JyFeD*b14~14!YPCf_!+ z1ISBEDNAt2!e`)%Qv@KFbsw~UwU!Vyz&$&)7I3#+jGl4 z#0ce5Vlt^kKJaZ%RMBQx;M{vQ4c*fL%tjzYW@ozxGbX50j8RTA*@6bYa5K`ynH1FE zZsrC&RgV%y)#Ah;j7q>_lmIY@HwGYh_?i(i%Z7QYgJ(vxMPe9eoSNMYcH^Bm^}D;uSG(;`>p$pfFU-KppnR*} z?6enVO7Jj)X+|*rv=?$Y%~xk=PBr`rvgzaa-n<$-wlqQIQr{^Du5%{uLiQ`8uE9sz zxs6DifIOH11*(!C?gpwV@~IecGekyyadjj=hqkket1pq;*t&|ObF(_O$xx|ly5`Tu+F~K_DjB3>tD+BeNtbapOugK5|lHL%x9j)=nsJEb1r2JbP0n{lPR$$`B#0H$Kdm)>KFa;(B8 z@4YvIPr~-$aG%}Sy?3gG4Ldk)!s8f8N8N@z>jPEUfvRgW><#t~R3I~6&)TTR975H# znGm&5Tg`Zf7oW0#J`GgO?u>#z1iF_qeMjrp=lG8LKJ~3CxKKRx)KlWrQ%@Ch=FAZz zMvM@Jg@t0*u3h4tcis^*XU-HIJ9ZSe+;WS!+dix*yaK|K8M!{V&7&JsO(^bkjm91$y5t`s|V>=2lF7i-t971h<%V*dR3V*L2= z;%`!}gT=MiUMsqH?=D_>0TyVh!qDz-9!sGFXs;Vlnc=2Mfdi84Y!3Q7U3!oB_mX;>+ z^YcYnS(&*1{`;{ZVuCp3lvBj}@4qkJefM24a^y&{bLUQxlanJ}dg&!`=bd+o#>PgG znVBihIp-X4?6Jp+pZw$}qF=v$;*m!l5r6;t-^H0{o+&zY>LgA(?KJWB+i#2g`}d1Y zn>LBpUVBZ{)YOPCzW74C@x~j%=ktl%Zo5rv*|J4E_Sj?MgcD8>p-@OX`|Pvgs;jON zKmPHL#m66iEcWc#BUY?fAp(Jbc>VR)1-eA>;)^eeQKLqQ1q&943opD-tXj27j2$~x zTz&P`;_%_a;_0WK7TMX^;@*4j6_#a*$&)9GpZ)A-V)yRdV(8GJ;+MbtrMU6N8%0J& zh8Q+%m^lCZ^Tlz;9VhO%;|_7g8E1$;{NWGct+(D1efsnffBy5I#gBgUBk}61uZoI_ z3K5IN#MZ4_MQv@Zxap>w#DN0`#JY9s#N&@YE}nbtIq}=y{#IOk@x|i%-~YY{27_YA zkRjsiv(FY^e)*+nYHAYGr%xB#w{I5*4;~cVx^)vrj~*3w-+i~3F=K}K-uJ#I?z!h4 z@zqyfiSy1oPvqw2ifA+{jz9i*@w?ysPW z`2FvHFP?ek8L@ZoUNH*`s7seF6?ffrmw5T*m&NthUoY;v?>_PCU;kQs{`u$P+;h(r zpMLtOc;bmCWLtdTfd|Az7hNQN^{Zcr&6_uizJ2?OhaP%JOq(`M^zPkTTz>iGqP)CZ zG&eVkOE0}tY}>X?oPPT0;s-zYf%wNi{vkg6@Ix_Z&>-=*zx_=#G&G2hKKe);I&?^c z!(nmEF~^Ah{rijb^mOr?-~2{A`skx#%$PA(qk=o4LEnnTvK@t3fDYk8Fu?CnI0MjV zo}CnB(VYSm&Xj(T%k%L}zk7 z7-0!IhQVmWK~&yaH2k-~2r*Rp^JwfN(IDQ8`&?l!K7LFTn6?&=`lK5;D4p7wVS}8u6jzqhmY{4PgkF z_BwQCe?UX1M#uLHbaEA7{-t1$o#+rAL1QNmEJla&3>at|Dz_6F{UKD~9yHj|=#1Kd zNo&yH|Aq=K0`s*;r?eT2at=CYMU4&h2L_e6AhZ=gf@2n_TSbVi?oNnZv7zl08} z8O-;0bV?tf!XgKep)B7CEei0bE5gpyh zXe4Fm9N$JqHVuqD6rIN>7&J~qhyHyu@E#Z}`k<3ohYrBTfG{16`$=@_w_w1@MhEmK zbmqBe#H-LjorD4FOLPL)VsN+&1JN*aJnJ!NY(-~s2RfcS3^YGOC$$TMR~-h5qv#ms zU{HGzo!$4)G5iw)K~FUPH__>@K!?~L4P+5I`wnR24QN0BixGyUV;vP3>wi@=v?PvAo(LYjuX)7{sWEi3UnM@Fi@O}M*coJ|2xsq{|XKJ zehdm5(OEo%hP@vh`Em@FyU~eWj1I0C1KOX_Ii7_<^D_*HkD~+JfWfQ@o!rytfG@#- z8%5`J4FiKNQDzH9{hKlRe1Xw+97gWvFcL8hZvEbW}87TI}4-i1V|W1Fv9&9y|< z=1|x3^B(8-RS+g;E`!Moe2+8YINFJjx%36>zJdmoEU{tsW zBU1!YK|hTAn=oR=FlsyjY3E7w9FIV%>5S3zRY+B9At_ypQD6{8-7_#+b%4~fYz!C` z(!y(yz*a)KdkUk$F_5DC7^U_?8q0$evlvpsvyj}DV zQSVAfgCj6n_QXio6%xlAkYsj30;|L5|4T?}*Fge%4^q+^jCglJsvD0{`(j8$X&CkH zgQR#FB%MZ#Sf^w3{}Cjj_aPx12Z`%VjLu&{y6cXS_m3FypM#Y53Z#plL9(0+Nnjl$ z&_YOJ6EU(Mg`_qc65=l)6%K|}@drqy?_jjt3<>fxNV1bKqJ9cV_9RFk=R*RRfswr( zB+-X4O8x*+!gfd`cR1PT?MIS7$mh*FoORc64#lKCJsW{y8x2O zR*b;YAl2nVYB(Me(7llKN+3DC4yo@0NP1-$QGWxeY(FHpb087?6_UWo7{z}DY33$K zC(|)%mqUW<1nGGuB$yzi&!0nLodW4#DJ0D-NE$a_bnXvHekif=5 zTKF|a@k5Y?9*6Y215&`{kZ$gVL^2f;>^?|5-5`bShBWg#NClTdn(YM%;BS!H4nv~0 zA$7e4$?5x$m`{X+`xi)AwU8G60m*wlMQ4gi6t^j+P#mEMNs)>o7}W!cx)g&ca#6IR z*hbNmA~VHMii8w@C}vRSpnIVfIJoS`^JHKGoTLvfv=8AWA^i4;94 z=1^>*3PCZFVj9I~sumOhDLzxwrFfYECZ(uD(U{^n#XE|*6z3?OQe2}*U5*N%_)T$< z;xxrJis)2jC=OEerbSyb*h{sEqB>O$swouBsRB?{ zq~qbf~x zfNCn$N2=vilc+LMO`|$MRgmf@)d{N3R7bHw?EOl)!0K*Apk4S$zEqee`=T4CdB*_J{g(5?If{CuSF7=-O^tQx6lI>~F1nv>- z1hyxQ2DRBl!r{1$3CC&|^a3h?H{7=32zJo!PxJ{4m zFil{*OJ>)HdxyD~UOUMvc<8Ngy@y}cKd?&`Ue^^jaI!vey&6B2bixTIHcN6<^j>}E!M({{Qn;<5lnf1DIVcb=xpK&mYl=pej0_A47nO)> zRg7dWeo6Z!D+cZ+=OW@b=da48fjw^dCyWF^n_X9Vs!r!UF zi-+SRrzK1ALmXFh8O)3sucE(7#S^Dj_*PXfWGf~SA2>>vhkH8G^QYZ7b)#`z-(1|G z)3~nhf3^2rZf$R~0ef5Ltdn<4vpxBpao`tub3 zOkyC0bLXGqguCuZ-mKC;*6_<)xBsyvw@i-Aip6bVwMu(h_7|4@S>>*|eyi%roP+h5 zk%`fFIs~grJ@_IZGT5qWA9$9-d0^Z7i*TIZ%uK6#4vxEjy^*0?c7x@4JD4}UrRlh( z+K<<&DiZ7QQWD++O9X2(u|LdNvN866T2;4aN*mZKgQv9EuT@~7@(G3+ZSs^gc~=f; z2|UB%^le<>DZ6b&nz!;{Jgvy^RzAXOrnmBOUh&nzKX}daR@UNbuaAD<_f~RwJAf?+ zbzgM|MBkqui0<=L)YY&v_gc+Or^~fWrmM)e=LV!rZc)Wo+vOk-$S<7lAU}YpxE#04 zkAG1C^TV@CdP`_#X6zsq+pq_o`HqbS828V`+Eq+@)6;k#c$U5YDzb6YBY|h}v3biX z@>J6=1J5?|feobThk<8z^8vDrXsQT2TgL}>oAI+qoHgE%{T24d$~9gZ-d-{U@mTgY zYd*e#Z<*)4?*n)V*+@LT(-?$z;i@x>EBAOSE+k!5U+>CdVQ+|j-obkxZTf|<9U&*W zA=B=hZ$;O6u<wH?V}DO zaG&nQGK!J;nU?)AI77au>YN|OI)7%!uB#y%ZQC8l3+5gTdtNL;oS~|_^D}Gb%K&lo zN=Cl)6Ryh04>Vwa%wl6LmFCs|ohZ2G(E+U3CQ_9WBOKX?43a{zUDjw-2WUs|u%!hUaMq)R0{a5Lu&~9mDL|n7&eak+=hF*z-7m7XuFGR*z zr59Pzi8;-|!jI>U4_8e@neK_)SX{dA(Dq`_-axN&@`D{e3oJS(-zx1|xpnT4>X|h4 zpJr7J%d|?@gQ5C-iVtLH*T7DvWf-e)b>!6YOFSa7zlM>rH5se2;QPw0Wnikcneuh3 zR~4WaLbo@o>aNV9>U&^3oplDA5-ac@Dt%R!kpfZnsDa2CR%tpmU-Vgx6lP;5Y6!a* zd^}Dl zt7;y5$4HMuI}p4~x&4WEWw-7q+iklmH{--{v=PU?1L=l^tA?T^>mq}yI#kxpy`*{$ z3}G~NQTF14|HO+Tkd?+au-&Q+C5x}L=Q7M9G9hJQgT^K(tbI4v8x?*)2bj8K#f$Y2m z8PEu$?Vu~B&FqxjJD8mZ>%NY*IxH)#!hwPsvM@MX2(KJJx)!pFOZQCZuyNhf@9C61 z08zM<&p}xccz=Nb!3|?rVd}$Dk1e7;Je2zIQ0lQE>an40f7)~e)mD!UW?9(-hO~(x zv}XMaFTV7$mFGz@cW;q2JAKb;xMPj2BhI;vzj%5Ey-I$U8SLmpn zWiB))$cOk}GToIjlBv6DpQi(7nYkUyE*U-yIK$EJB;NrmNkKnB(Qj7eFZl}Cohj%S zrNAFZf&V52&K^al5w~&oJnoo&o-08oc@x+7@JmL2I0epOlHug3g4Dd$9r+|aM&WUO zGkS);;lTwWaLsUE$)M24l50j@9U4Bg1gg78uC7Z;gKBcW(h`?%F?IaZ(iwM%(teZM zymIWkmrNZy1(scfdYUj3bCX3^UtKbz3+Tk2i2mC+Ki4R=7KzA%mWMy{4a@f__;F{1-+z zW_s4Ap#K{a4(Co!y~25+x~MzO;)&Y-JfiB<0}7_idcuQ+bQK~I*sdg`d#O0`a*B?_4SFq|4maic}P36 zK&8WUe)X_M)q{Sg%TGU_gd5h8Ujyno8sk6RZdE?tcCLoz`;s{oT>RBJxMRCj)fC6S zsed1QFwA~&pU#c;Po6ZLj$dE>c**+$lL+@Gs`P)|Tun&%cX=0~ZoH-tmmvRWxx(3jWZlm2~0N=XXYJ41aML(#*T zw~w=`%b=AX3iWy0Dm>s_cqeKH`f*$dN3`CG@c={E#}3Wvi?F@l^1LOJLeD4gBK=fmew=xZP)_i<&jyaNr=?INJFd>jgr$0_;`A0&=%qggY1subFPQI$ zU5HrpTu{wAysKS;zg0==O;1U%>SP_Zu0Ir8JMk2Jm*Z1u3sr?e%e4w$_C_B9Xccbr zF1(*N4H@~uk1J<=hBB*22Xlxyjt{NEddoYc9;eFXa)W=4<|=Om@4~2}oTW)B8RfU+ zQU-;3T@&ilP`1kn6y(-?SU_yK9EZVow7i4stv*Z?ill6jtOr@3ff`Qc)v{=k=RD?- z#pH~>ftop_4y2~uhLR7|+yjExWAc^-PZFbCP4(AIL%lfh@1ex;YnHRo(K*!kFLMZ&h85%ShapZf@De z*`caSoY^bXB+fvV)1CMhQ0exVacX+goQu6K#82Nt_DgK_p9MyS>@P<-6{9B3z{in* z{PN;+-_}*PA{}~4O}5fcEc>Id{ju`09|@4RHzDTu=k}a?tl_AvItqFA7gDlnDzLuDA>3Y31AX%@=ebnblsyxNhN+kZ>6oR7Vs4~hZl~-# z00FtV;0k!U1Y|X&g=0tMq)qNokn<^WZbt44NDE?W2UvV>f{c@L7j;>>Tlj}KtGPd6 zG2>joIFSOzi5J+=FaRXI(V^1m_?B=_M0GmCUYrrk?!7?HEipEDjK?;FIZW;t-2aBT z70Elu>uLD8epO5j>Ng;=RVnw{*m_ z@zc1j2jUdLHU1~u(-CKVYW#D8aKz0yoWHAni?}%#vChEFc$*dOPXA{Hy_x>64BVXa znaTj*-0A1Mw8qW!f244Cy!#D$Gu~X)uH5uJ6wY`}dOg?VrXQYy-kejSI;YFI!Js$u z+ny1^@nX&$WgECTN7UQEbKysaUufXwoLJDnPcZ1mD%_o~IR?F14!<^VGhgcroD!H$ z&lUqW^NVf1(($#K-!2Aj=J!kkH}iXefuCr^>o@RL`BiwE{2KITe)D816LVbZQ7m%d zy8nL0h3o$NOBY_Q%HC<{8HpyTY1g1@*dwW~hY!c>9l9p|p*N}5frH$e0)9Jsq z7yiOf`0f3Td=6n(6KB7k#y$0YOrq@P%t>y`Hj8^%r~?=IHWu43nDBAfZjqj#uJ^4y z*9k~taz!6%X>VgvCvkoaVgzCBS@5H$lQ6I5B9}URPmt6G@wci5e{JUe=%tml2xm?# zP;(ln!}dGQv`XBoOfEJ;a0o`u~wl0{{4$N((N z8^IV@v#*Z(APP_(m|Vo9K-hjaULKN0#%@(#fV4PMDY{hhZs1HsVvfY2z6@lF8b#h& zhJ}f&&d8+l;L_F|ek=X<+IlKoeGXEfb#-}maza-h+Iqje+^cX!_L#JJNpH>F z2eZZlAKYf+!O$$p&&ya+a4YyHb?IT$r4cvvcYoToP~hYHEw0GA#dxBRl#Xrne}j&! z&%5q{{8A=%yZ!)@;eix*I0ZgB1wH{dbwI!B9A!NMyFCRxbwka>iS>I2N}(0DUU)CM zc0@@~hM*V9Q?0=}ikCwwRXYhx?l%re6S9Tk%JC-?KP|Hs;hv7;nyH&{p9LLpQ${p( zEmIeIPEtGcCf=-Ycf6k&^rp_%N0lq%HSt>w+|=2AVBlstf2DADyuUT*&2-Wf4xO8R zM+*8pN!?afe#nJuKKY*_<2I`DP}ywL)>6s1Hntw zQ^~m6|96#fFDGNceODP*pN;K=lK6M$Kh-+1UZ35W@G9@v7nm-UjJsLM$Xa&S@~QTp zs{&zqR94Mkg{731$5n#At&Dq^9RggXbBX`E^UuD)tshBZC1X#D`*d#H{?T2R#TSVo zynfxD{(k58`__B<2N?Q_UnWDzxQ>Z_ZvW1~_V38;STcsqFG{&E^>#4qh*^P_?X_%W zVf$e9oK9A$BcWn7g^NmIE(ucD#U|^P?Q%WK*J9aI)KXS$zT*+XuwGPx=%rV*Xvi5W zE8KS7)QD@?{=|_kr^6S(Kn+J-V{OTGCLF&(K-zQl+8VzxxB+><(i74Ywm)iwcdSX~ zV;k~j?ob}C5-26hae7G{Yi+fIK&S*oBcYJhorQ5#vh z>1mgEiK_lDlr8;;Q_Gfr#XaS_CEUAO&F?`Mb6@QOeh(ULAB3bg6(4e9H3U0u<7*&T zaTx$_W9S#|Vg5-O5fof+DM*9NnOh_mT83r~jo%Ma69}YF;>hFwH^_$6Z=KUWIVZ)S+++S3z=)?SI(>QA6|ctK z@Hu$FFu$vRAN(@Re)ySA$FJuC^gA8DzWVWk_XV0jU7u70-&JP&Ku6#T*A1tV*|e;^ z%;jH~zlKxEY|E9*t@HJ5WwvtFNWQDgR-pKY>&K>Z=bwFmyY5N9S*3rH=^6KK|6@xg z;-lxOdRp@9Wwwhh_||*->XiJ*r1<%V|IQ*yMCWGYMmphZ9-6CtJ9RejlQii`>K4Bme+UqM`ksZQwsI(;142k&1L-G=^5V zYOn@I$<&n5blx~-NZvMRd3#9;JPe%S^se9>&ic zJ7w~ng5PWTKYOnopUGvYiKt9s19)s$H$7&v)U%b|xg^3-__v?;{BQaoMx{3oS0=T+de#@ex+&86P|xl* znM!uvt-8Wy<&W*1L9uS>IIPmK-if>ApGsG}q@{DisbuGG>R-#wy55~wFwdqU`a0Qn zV3IU348501ho`UZ^k0b=#K=#kladaAMia!nEV9Cb}4J2PB&-O<0+oeEqTc0HzElV@V#DBGLP?SE_u7I?nJcP;%dEPzE4 zx^Mnn%Vs^;A|Za67&Tw1_qiX%6eTDBLiRs>2c`Ln-hq}KST)9{BlE1%!?jY{f=P+a z_L^`tr(q!G>Mh=K-tum_1TPn$v1~3qAEZTsa?&D{kpa*8K5Igy2kqA>AbT9og=@;* z3p~XlsrBOzVPax4$ao~%@VqB3E%(ORPv#^_R6uR#JbcfWxQ??(z@Yt6}-Y znM#HlA=zHewmJ#mXFoW~s`6mjNljyPd00d-S&Q-x20Uw7-fQv63_lH8FTJ6>@tp|t z2FG|y?Nph}3-Ir>QzR+}nPFM$dE{NPe5v6&gSW{5#(be5>-MRNyY( zdYv+-gj&~2>v?0<(jO6Vubo4-YVp&G;Kh z3-|BF?}XC!pAG*%uLHH!X_%7KI#6btgm#uls&L$rhchQioj^Ou3wSsMKezlr8p?Lb z@Ifi?a0+~M3VZ@^rl%QKI$58%&crWSy!WKQD^uX9bh4j-p7AbKMIm_)*dJ4b^Q595 zp~h^TPUuYW7MqxACzN_?e(Oyb+zNmDOw6i(?H&v{7=PQ{^g1b0;fe3sX!XS1^aGGT zI%bbtre%IV?&&B8k=HcNdY~h2>OK!i)WJ<1=N$t#b&Yna{27j^<8(1_Q^z^ez|DQo z7Z|vy`}hsK8{*LEAFFV8e&-nUW;$0IxVg`IpMjg@kg52@9X`KDrDJ~0^6{sjFEZ%O z^zZ{)I(NC5`~A&wTWHXm<@TU~o4THsQ5n8jZuN?u7n4tR8sV7f%mW=AUn>&%JVpK| zaNYiET)1wZx}VbF=yv$+bwJ0S<^O5xDB8w{%6^-^?6d@!;KwlC_(7E%g zm)~~pOQRAIHs}D=)t!I#&B=;tl1l%iuknvza$02Y*PtV_T)8w@bcLLpgpGc+0R%6{DXf`y4r_NVjTEeEv?i-n)VV&Pm6c~^F* zs4Kh9Ztgb}$A5=fy!JAnG}qSO?_IS%+-IY|?r4Wl^;IqPjXf>T%g&w=m}%?ogVDE* zo(+LT88~D&6Nd0Svl_!T7cMfPwp7Seh3t)&w3IzzRR@kTa4UK^+q+;4BEa5hoNbQN zCwEChik>f=a1VH=`#m_04d;jtD8S*Avv%TCv*|eMY(POB{`%us?OCq@8qgo7zu}{7 z?{p9i=#O`^UY9TknsA_H6V8Hb+G!PTE_)0#Yl>}cZ^dcg1{}TIxqA>N&{tpK2^VhkF35JkaCe+1Pc%)Uhmk{&hP$UZXu3q- z)o8kdW=Qk}jb=D#JBhB;XgddOFVW>1ZSSBRB>Dr5c5u*4ptI-5_%j`(BasOb>F6Mx zh>Vm-CkM$QGDsp>4$_%OfkZkxNEaffNTiE{WE1J^T{*IQcE`<9$HZb;fxx zE(NQs*K?VVzfJZPFAg3L`ZQhD{2D7q*z538jf5ky>Xmwx_ zxWr*6Fo(lWff`D$wQv5b@ME_lq*}IWY~U||g#%+9F$UCJSG=ZbXhzk|8K<)oo&O&H z3)e)BjUM*ga6(;lcN%OsBAG#@gCS|JSMIvOTeLdP-}E1{Ke0+-(ABYucrKb>q_=lv z_mI6w23vNQ75!qKcfk)4vsHb)2PP{6_Uj>gSJQD5mKNbSSeaCyzKu^a(Z%pTI8^21 zwy%qWG!gQAa8Y{;4KTXf6ZX6X+lq{$hfJ5`RA0Sph>J3gkGI2+=Y*iW`Gz$xd0LJz zXP?QK1JZZ~B9G0*XARQ7Wj~L_#@7&g>{eh)@$67}E5C&y%CS4O(G zlURF+EmT;0iFE)r`*zZFkk6TXp2+7+`3$2lpUl3F&mHA+Cq575b0_(n#pjFooF$(- z^Z86Zcb3mx_}rb(UF35%pF61bd1xmpu_(7LP<|La>8=*m_Y$-SU!7#M*jsE7y1twf zQTY|nHo0B0>UgVim$zacdT8&;PFP~6nOtezwikv(Sn8bH4}D_wZ5Sr50wB%*a!+r# zYCIShCUj52gYRIFhBrQJM4@2T(OYpXKxxJ{gz&Le-r2HWYrG2fQTWjc31|*3Fh881 z!4??uoPuy88DZG6i0`4`;OH!%*R2Z$&yX z;$3-3zmA8k>bc;6|3QLn1_z)Q76Vjzi415TT^G3unBnCbN zwp?NDBnCbNwpd~9B?dk`GW%}&>mZ-Oheu{l;d7>Z1|J@oeIuVc%4hK5k=bEBcaqQG z!y~gV;d7RJ1|J@oeGZ>H%V+T6k=ZBnxr=-TA0FX25$TuRv00Ws$B9i~KGa+6Wn3jo z(EbVJigj*RkCOctT_XfiRiX(S8(JFo6FbNc$2Xl04s&hO5&KYvUXGU-;iL`i*bikIIJd40#$bC4rmdxg z<2-5c=w47ecCI6L!eBWKPIacismx-#Q7#y8CkssaV6TkKEzM261V2&CQ>S?=9zii9 zaV+dvKv(@3e@P1aw1fd^6jz?Rte2Yg|CXwMnhsASCy^E=tW|Qnh+QT}CPA%$L~eAF zh0V{2L^<_^o~&{*i29P#xZyFs`ZY@7{!J-IFwX1F7A$vVI z*jw=x!jV?E$;ULzmCFt1eYgUUQ+}B!>x7{nhP77lZRysqeaJ}|L$y38X~(wr-<$>H)XA?5Ag}S#a~e^+ zUY*i7O9tsjyz4QTd<3KRJQEu>opNJm!}C(=|5!|*q>XamxZf_KwD_Z^e!9@A}RY##f=n}B&*VrSirjyN=gfq6pCzknt>CV z-_5i-ehL))xJ{vH2{heX@vK7A6KICF;tvYVNTBV!6_m#qZo359J~EF;`vj6%HkC*R z2iXC+ht<9wULl^{G0LjJ9bLHv;iK{$+*!7-2I&_~XG;0DhPLNx`C`?3_-oT-@M$Ra z-pA!hbc^ZMAuJXhBLh+I{AhZ#Q(rsyUxd@NQmzqg2TASQq+_H>;%iz0IvC(y$n-H6 zKMK_3AaLF3NWZ(a-&Wt3#zshnp#hg#Qml%TnN0|?B+dWJ{tvs>3UD8nH^?7PWx^{; zvSFy~{;ld@z8C43(;w+tgi4QjU>HxDPsb_ZW&3JL9=6x_+2k}37FQy?LvP7=c=P}~ zS~xeGo~!*WWqTPuQrfi2kpJWSc@5sQ;!l!F7W7tf{IN=px2lGNPrp!nDz)m(e8Umw zLELy(qDi26R~#aWv%4*Oy?156V?ib(%U7@@y(_;D7R5UWf<-quAUKrZdQgHxPeSDI z3I_c^QG!92JCxv0?Y+IXqRIimq8iLByVJY!DsU(PtX6hUa1Lyi)v#&Rz6)QgKEPiR zerUyifttyrf9IRhTlQ)vI=g$*V#$Bw>0k0`iufe|ITq$xu^i)+$!pDWH-UY?EV0wb zMoU?LifwnId*?lBiK!D_CPRV6xhsUwg1p|=X;^V;@ ztAU43v^0IF#uID_pFO?)%Azdy+u2HSew^L@ELw9=EHA@NkZ=vuuqo92E>N~bRgw;kAC6}mVW@ZtKP?7 zoB9qHzTawymZy7YacIp_Bf?4^0w9HQHjP-3EPrVOQ4`r~VzYptwy#QT@l z<6o!$H~#&<@ejNtr{4b^zuwOPc-i= z$;@V#D9xohU83r5RCgGcU$BE;_mDfK{PQpRM`r$iP5;Qu{#W;po&N9ZAJwr;IabxN zQlPp73*J2Tk>qd`$Ly1!0U^!{tB?t1XS4 zKg9U6QjXJKc_MQ#1(x5@k%TsbIxRARNT&pn9vMj_D}iK01`+9;K-xtLh;&IH?IWiU z$xa}dWtip|3At5DU7IbQ_p>%fib87JmNOn;vdYmvkhjd+Pu1xT+wV7C^?^!yY=|60 z%aJdP-!v8N$nWFv+-Cfi`a+J1gL=W&%(ts?&Dl!kcM9$)l(1;r^1hD$vPAqL$Wup) z@uz0i_JTAFQ$KoU?L*A0y^8VlziM9Xurse#Y-1`|&hNgX=6COCJFiw;SRY@X$ru>y zh?Ad&dWs9z#@AoY{tB}!2kYa79VSf3%9AyKtH6C8;38KUhZ zs@7+M1F=3s6h~wsw&gkmtj`ebAkiOa6zelYGl9zWnczUI&k*TIgzGcGfmoj*(uoMy zXMzKZ4ZOgSN9y5Blc6J_g{k<&*w6MaDoQ%w||i@WPcvQ^nY}})V3^p zL&$#K!rEThd(Obt2lkO(iridOvGtDc<9Ms7Pj!TM-!4ny0sB)fEnaEA7Fd)kZ7p9> z9mzffE9O?8FK|*7THZ#E8<@h+@xA5ut~}`ZWKrkt^)ZY(Twj!n8sI+$a#4Viu$+29*szVoMQ6P-?0Mah{|^Mb(+7J((KR`kKK}O?EJKCc${uwVEVro!@t$fB!`d{6 z*NY2Z_g0*Olz|tzfyuUptFOX>)Cl!E(p!OC^E^K?DnyJ7%9P5i|%QSg_nN`vi%gK@h=$ ze-xVw4WvlE5W6y!rUHek8d|&$AHl=d^5S{yb zy57L_p48(op7DI@v}mX7%urT(ZW^vu)&%_1)U@0WW8q5I&bdgxH>!KN^pDT!qG{K| z%kZo)&c9~ZcdPeLQWul&(|!p89&0V8;P;Sv{{rKe`&g6NRG{^&2iw|I2xO%XMmlL~ zA!vMsH#BQfTiT*5F&a^H1{2cp)C40wX}?<9aKMJwD9-dAk%o``+yM{HN)N(@x7)M> zGn0ql^f?{f88#A>-XFv$%xmzE=;e1Ii&gw(AR$fKAiP8g=i_mOdMA}ezKh}A;H-%< z5a(a+1>3CX{3?vQP}bb5slO@K^^*(iOGQg{R}9O}`(ActI6F@W)>|&q30F)SlzlaA zd8>2cP^8W|aX5jk)j4rimO42uZWeq{R@$uAGzhK$zd0)W8r(Z|k4)XxDLW^SojEk? z2IofFRLdDmX3GQFqsq^}D#Oi+#$ARigT3mVSq6IJ4D&3;X6Id(oq2;UgOka3aQ~?? zxLbw)P0L^e((<_S^QdYQ>f2R(c^ZX{^@6k=*pEF#f4myXO1sXnE9ZR7T0|Rld4u(9 z@*R0ABZIjV;zO2?(+=+kUj^gLDc>glBYXV+u@{?TbQ%|5m6Lsxy8kwNw7Cy6(QByy z)Fqki5$=T}FS*^h0FvPs1Lt1mJXLR+_rfXY$%mvbQ1k=vOg9z3WZ~Zfob)pkz3fYY zac{K@hvEU8>_c(=6@JOW;l6=ncwGv7D{zLdKggARCa^sz=>M4l=Tu#?cqtGh!;b^b zc*{E@KsebK;7S|A#Fum9E}U%txDHl$o>#&`_Mf=DLE*bqB!1_$n5F5tsSZxpSB1h0 z6fXNrynj&PGZZfS3gGOolck@wC6eK5Qs6J8z;~v=_W@@))H#eDKLY}dC272!Qs5^7 zm*vb2$#A-y&sX^J;~ZR<^Kgad9q-_}+-^~Lfx=}!3zFFiU#f6jZi^MZTWva(eIw|9 zqwwXqPWZC_!|f9aA91pS%RY>^&ZfpvdBox5TgoOl7W$KaAl=#qzubQx8a}dUXwlU) z)YIx~=lHWGD4p7xfY0$07Zp+BoJ9@DIE*tITg4eaG*QPPEkDv=za$&gDiGrUfY#qG zs3RUti$Seop-1fdyzqP{e>yIH?41NAby*Uewzgs4^{_;F>$Bglb6DD;A5W}G1(#K?Y!FdV8 zc~)j33K@OT@KMG1{C#9m5TDhz%CPaqRTQn?IJq-0R|XSr+E6+vBf z&~HpZ-(AU3OsAQzpn;!+cbX4>V&J_D{80lx&A=NB+zfx4f#)0axk`?5muC-!yUX(| z12@}s(7?^`CmZ$0s{(rJ66pd^B|85tq_3+1Cc)98yUvc4DuWokXTCdJf z^~=}%X}wz4gT}R9UGAdSdiCF3xYnyP$xv`Q9IaRXPx+SjqMlCv^uMZp{U|6~un7Ed z#JL&G#sOEZ||->feWu7-qkCh|Z1n zuZGR|TOGf?`tgSM1#t@Jrb?y%JQuG0>1zn@^}R`2`wjDdv+_^=GhLnXug`?j?{xX= z=j(Bktp0Xh;85hKfLVX^tNp9)U8da~H+?pq#{YzUC#p02x&2dZbk{u~v8*@$g{X4{ z?k+2KJIVYvUL?K8ZM!&6ZOeLW$<$k5r0*NsM7>CV%KI(sLglEjjcM@9ggD>wM%#Pj zh7!Fe5npZi7Y&e*g?DT4JfXfJbAlbm(puRp#e46|iI*AXORlj?)2a3st6C7JRdsPA zqvk=@>CQHmHF*C8E#|kZ;#7%z9e+pv+$AHW!SyggE} zRlaM;jGQhHB*(!pCxq;qgp;y_m8Wv}66GHrk{j0Wu|(PH@h`CDNo#ezW!V6pFu_-pUR->N(DXYQ#ABzPM; zr6vXKX3ao>65Z}3ABFMFOU@#EE+wlnj8A=XxB(1b>8x>*55C&PYK?V8#0kEF7x__D zZhT`h4S&&VPGuc~$weJw2SO;?l81o&-UsnX!0w~?0-A*pdj_xcw`E1%CuKI%kj=CS z0W^IeEvg!1rcoEM>G0v?o8Kel!K$#{u8nG6)Qq=0&E6mAv({P`@~lhLV(bDLmp@+j zH-bA3X5^=PEBip21RvEOP9q=2W~n_ztmTRYsEojKtc<`aD#zS4-`nC>GLOi(oDY0* z&54!1So9 zRXiZ+q#xj|n1fu0OQ+=H18;w3k==XH`i$Nz2Ih_5GO8w8u@eSoT|%XI;=f$Jt=pvKdh=StzFB4Ik-N@TX`i*1r5ww`D5NW?aEs@ z1WClPe1ZA9IXZ{%t$Wc4ErIBVUk2tkFtHADFo3UU1JU&-$Ig~)5kv^{TbxdT->cP+ z%g;zl6!TJi%&Utz_H*fjyn|lg1g8Vrau|i05gTwM!Owx35~R9zIsX1tyNs1Wxng-$ zb(CD3P`w_+_=0A+`QOMH`j$LoQb zQ3ybPfwG`gA_CEuobfL9p_yLA@?r$n?;}k5jN;YXwBvaQAT$>K%*Y92m-@(S{F8D=enta+XO z1fPz0D|X-|yITugt&>OaZaiae#8&dX)6TYlMG_n`99?*vL+(JFOOYvlO4S?nshd(M znvx!dK1F`iFjVm{a9!tMgLsu+Ao)TbH#sujuOyW|_0}>Dz9G+ASzJ7h5+7S;u#3ro z<%FJK2Ky!Of^7VxOtgNqs>gMjOIy%?yn0Y2JGPD`u2_Ite(YG*p)Mz~fGQ`+2Y=?* z?Flx(2K%=lj2S%eTC55rIzZ|Xv3isp`WKzi5E^@Re(yy4_CDF&hk>FYZ54(Xurz9L zLj7v6)>eLz>6f`+MvDr+l-+6Bi}K?;9bW8dR6(F-9HOdShQ9=}C>9D=kHf$q1D9b* zfdl1)J;&8@-fdMLyg7wszbila;VY>MNHkV+m@!aksjW;FgAsUav845rcK+AVjsfk` z`AzIsqwjs?tr&r4)#wxQ3r<6_Jlp%M!M9P~ioT$zI$8CZ_FFP}sN7w#mdor2`YGFaiQ!e!;je!j}7wv0rz zc{kaq>THYLqgYgd&%#-Rftot}hwaZ}C!x*gs&qE#-o!N2+=lnHKf&ME)~BpKr#`C| z=P!pBRj>c5O5aBV2rKDW%FKZpGEb}$+;0fOC_hNQ__%)KtqzAkoXTC(dS9iZN|lP! zr;HO*Cr_INYwMSasbl9jH{bg70Lw8#PJTT zfjCaiXzhl|M@VHZ=gbYalV{zVudb30?Sz`*j=#EA;mo(&CEI&<1Bi4Pn)KgKf!~z^ zUkqIC6;r$cf&U`~{#*+D`4sqTDe#X|;73#7S;$Ya^5KsAWcYc&Sq_hP zMu2d#P4PxgB9)5C(@M%B69$OV8F!S7orT?0xZZ*tPP~>)n>^dOA;t7EYy{$s+?9hV zC}+bJ?5_HF*N=bwQyfq+YUGdsB{Rw*rDFQ5SyM_%We}y4#+Tma?46PQFpi%nnI;dL zP=`>o-nAvez#g2^R;F58Z;6syf7Gt4)|-cntyr}AI%}FdMPh3_2F^ZT z(~p6GN(ULV)mgf?DV*VR3QyDj#K6sXx23?t3;>Q7wrL&C9)-K(jT!Xp`!xLxsta+` zPgOX*u}{=Nb4C13%TkYYm*s<2oGrrDOW})9!qA zqj5bpSS~zIJ>TfU{pwlwZ#tYY3SX?Q8ZTGRD_r<;^?cZktA5Q=R~?QXr~ap`MXpix zrn28=jAma+9`kDgbseDw>TWAk89scz(J*CNx^9yj_moht4)bPnzqrWyv~_&4?M zgAa!3UW?TJ8NTUs{QBz0OWqflM7TdsrT@FGMc(`k^MA97pZsUKG0OiKolx~sm%paH z9yiJAZ?oFNvQrVV{^(cx=U7h1;N5W(uTy*f^x4|%zNkaE{d1Ub*Bu~{$<79DkSqPJ zN2z}#^S?qRaFP>D{NL?=Y{~RnZXI75H!b{ic7+QsxadNdABOwpc7+>HjYqHAiC<*H z>V4c!q&!m_-?T?T2kUNDbY8B&*ZYxDSiq^ey_@`e*5^!~Vx@_895J8V5(!EpZ}@0; zLe(|hT^8cXx88cds;X#x8MZ^h}5lA?$6A|0cL`+6(Sz!Mk!PR7iTMLzQF z!(AS35W#AzI-?vG3es7^1=Sfp;_Wg%44~1G5xncoKNtZ*8MHLr5T9$5hCSZ~2cqP# z=pZx6IcnN#Sj7frf;_08dKQcz?6*ptawh39Kry`uS}fW{ZVq@?-GsG;bsj7wdZI`2 zBH`$fzLBBM;_KV-2<}JTiz-{nerDAy{i$>(gkV~2;cX~j;`de$-aM?j+e&L$xcdAN zJZAIvat;`o=CnBHGq4nMvS%KwNgO@XyKoSAESw(6FMwxnl=ja z-soyiz;1}XGq2k3S#(89sQ%*)Wgn&^Ku(C~2yf+iNE1paPcA-gLJ&x~w_*cUIgk%; z1wSAT)Le&**0NQo<;4qdi&FYz)i_*b_Lxpa-rFif3L>zC>d{lg;UEi8_7Oa(Xf+5CTE&J8lJ8|#ZCzFw2*rsJp{+)PagYZ`7AS1Ew zk&~CQv?{jZS=V#4u6?+)xp?xy`}0FTLJ{TRB&qttJp=Ve(*k|g2MZ(lmbZEb_*J%D zXAw~4udpG~t#%Pp1pe2?nQ#}V9+Fr41BLr>z7@*YauNjliGH;ZmkD#9Ea2)PE#T6y zJtf~Cu0n@k-vWiALm3lECvJQ zEoEC{We8E$f1qYK2~<%rF>Q(}b}OTIrp@mKLCX4#^^~EOgGO8&%+L4U$CD1QngGT@ zY5ouoR_WdOd2;bMRN4@zz8!0^Xnj_7=K-PWZUc*}Ef{#-5-QwSTpbo3@BQ`R!c75O zf|*$N`W*hFM`4SAd)b0^O9(Wd)bG!Lb>`+^^_8fphEV-G8R0%JH?@PEw8k9R=)gzs ztFinH;~E2;i7HsMmD-^9m_f}};o-7ZnY^I=dGwv;YM2nP5BJ#+Ed1PCK`UZRCzee& zgsX1E8foe3>N`D{BJbQOy0LulqR#2nRtuKnmi!fzR_R78uLi3JrD=k|qRtoF_3XPU ze&`Ssm)2F^nI5p~H3`EAL}M_C$F*Fm^yN_L=LiB@3|3w;F#2+NV9_O63?jo@G295E zo#~(NVJWY#nTGb7K&GJ~x*t~ax=4bSQ0azX^%Wi5F?8@&>_wd+7saI;tM9~`ew_{j ziOdQ_8^MH|K!H3UpVe1%gstX`v_N!2dC{Vbi_v%N@93@gqYR=2p&%EX+;MdBR>&s6 zI8YE-Mg%C7I>eC`xmAbXxlQ<;BgKf>3A>9s>@JZ4nfAKq>TEOIXk#{dnPsp%3N#}P z$%U={u9ELr?bX2oPxT0_;)Sv5y$mZzd9rKtt~_>8H&4vV`Te-vJK6kT+pcmBv?0|m zR_x_^6#@dEEWP`zKbSv7!~M8ke8fv@%e0J6_b@|1WcvhwvQw1xtM!W1toB z{#wfe&h{v76QZHO9U!ryb8~413j+$CxTu8&`{}9?e6Y13wJv)2%6S)~OzwLgcr7JS zJ$k4-22cszXq_(?xenOtWIr14tZOQD#yN~_RyAi;MD1$)g-Q=&MKXxO&}aPN4m~cq z)5u+6``sW6+^R(%Y0En<1QZt@jpWq6%mmnP#SPlZtuu|rK!u?TJE8X1QeMA7B~@+P z3Y6%gk>f86g~M>SBVn+h*T|q>s}10~YA*gHD+Qu2I%UyxzteAz3|F6ym!g*Y9iHor zJ09f?=~QMMIf-;@@aN&3lp1-Ox9aal1B2x#Cwxw6JFJS5&_fgMaI!>#_vN_F9{dlW zRtJycn2oBTc`Gu?j$e^k7Fyvcn}Hl>(#nz(k5zTKPT)it;RjB-s_x0Gon!!2MR~9( zQ|CRVNUX?=JZV+klUq9#?@b;Ajnz;jm4t>Oxwx^y6G0EZHj^bh6Vx{;^1zL0VKN?uHB=gxUo9aO=)}=G}fzxatfTdxsJC$jm_b-Q8MH!Q19csve~^S^^~hkGo=emT&QK`7B%>TQd+04%=Lr<9o41$h#xcqieIzq*5S@&t z?3hHFAeEkr;wnb(lUrQXH(YuoggnTSr9q(%fx;W}yWKNFFNfO=wFMxjfoECluxlj4 z(#iDUCEBP9maPae{TL|=M6u%zx=RDL9O$DuvE4(aETe27tG*bVms{-lDgc3|Tflov z28=!{S{aN>ffZ(Lfaa*bymh zG}(cgFkU+?fTf%$Vnz*{KI28gMkuNvHW)F2Co)=uchP;gkIihY?m+&+nVFlN&dojm z7Q;}|p4$m>T!y`|`pgt-6XRtQxo@g{Spi3$T()4<6R-iJUzVHax`Ng7*tZyVSZgCJ z-I^x+uQGaNDe*dW1V6CnNndQg(oS~MOL2aiV0ow2Bb@^#guDZL)k(Y7x!yh*`4ha; zVC@XnT?h7B?IE`_$O+yZI?YJS0N1j%(#lK4@KNEgxFj_ETATwOybS&l&YRt(b5^I0 znH}1<%SeZjhH{ttwu|4A9}&EJ?Rz9Jy>6M0N;d5749d=1oFVP*V2wD6HDZ6-J#7u_ z1ha6GrP~)UBtl133=CI*DE3#{zkNFJ8Rk=#MqnZvU35G>mU-B|wN#p1Nl z*?FU2A_o*hG5K>oU_BT01ZjqmCZNvggoUA8Eb>d*v@}3i}$! z=&92m;QD+pyWEp@SJL!fk>!W?Jt`~?J5D;WK))azhJB(Lw9+)fv_&(ltt}e%Ydo8S zPI6-?+aLLw#eGKkpIqB#T2il>tA!^L87@6O6K8<9O_yKtx5hflN2%hpdck#+wx^Rj z>w?5{T2Tx6-3qOh=(eO^=gFIP@>_L{>1#4OIh0YjCaj%olX#%!?~ao+!&2Z}Ge|~1 zB?Ue!1wKCo&Ur1Slj9woY~#583cqCWK9T}|G6hblE?GFQq`-Hlz}dGa3uk`{{9p<^ zm7SbyjiGKp$Zzla(gPvWqj`sxvXP2w-0gwmj+~F4~ z+#UW@12_3cn$$%&q&Mqve~R$`X@p~z=do&ha;K-K!rke)!@y5P+&W(m8sSjZ()ce7 z`g{ZbtAU?x;0;DNyw%~nVbGiPe#pSh^t4msCDU)ld!m7x<=|I1%YmAmj`tRW-VCSG zz)gO5&Se=^vQ_pOqq} z%Xm$`Ix_|RP$PVEy!dqr`rjM$W_q4XLH|q&`u7anET4l0ZkF>^O5S3=&Na$yih=hr z@D&Pom(ODcy%}#iFFeCB{PXbB?WMob9(x)1aD&hD4g8NO_%IJNbW9I_+Rafn8rOQs z1~;zK@rDc6^0;4(?>ZbUUypO)T8@6mg=;xl+xykwXu0?tm1vD?`S;)6Q>Bh>FP#l&V4}Mt$ zZcW?|j4oU8gY(o@7a;GGSNxhlU1v~Og6pluC$a^x6|2gxHgAO*j!Z$?AVuol+|pt?*JH{(S~E^{e9bmJO;n+FgCb3>(yRoknAg{qh!U{I|0LPBmNXyl<-sUhS+GKP?n8-%J5dK2L`2Kmj{ z*6FWP>9o_@sZ;IrR}D;yiC7-?A*HoyZ7bTU+{Op37V$-X-|yag-MeyfkAO4N|8M>~ zpWJiKcdxzn+RwAk-fOSz4Uf;-npj;*MeEpSzh5%F@I-aA4yXi%jXYuG$EZM(_iEiL z$yEiFRO~QXNDDb32rjsWx&Zt{DjY^edt#>`Vg*kLLbMy@Gu_oBbBnoeX`G9 zSh}#vZMoprdS)xW=5t?B*(n1ZHj}O1p;R#YI%tyzpN*5Y!zRsPgN!ZgT&?X#*vQ?xnW>*6YM4RE9n)$ z@7*l6u_RyEhcX^--^zC%an=3cDG;bLze9gWtDWDw`FO+2ySY#^#l3_-*1Pdi(0XMe ztGoD@^%Maufp=y8@{^A>;gM(TS`-=7Z#uByRncN z=Umua?Yq&OEBrWslp=(&Q-sq*p@*|+9Xz04NNt$d_0dE>bYZdVZOt%PeGVKhbFr}l z6OHf862lFhy(Ni*rNNRHA{$<82aD2R>3fr&$~p)&C7f!%{wF5$Yp!Er8-xUltA?%4XwodE#i%e&|mBXfhw6SMbK71vow`{&Hp4C!<}>d7T66r}eiw8xu1>77l)O*UXcG zU+4>W{5&>%CY0k!e;loO3`${}a!1GCu7qMLifqQS>u`=ebVO&aZ~FAEzjr*TCmNaDu z**S;qeUCG#(|qtbKKMM~9Ah59mClqMuKeC3zSVWsro4c$N6Zv2*6nO3?#7ap^Kni< zWL8CK6*mC;j3kGwl(|(gGge%5Rr$50^A|)a+)xwN{Nat=$%6)sCelE9?duxIN5}W6 z9y@-`pcd!&T*ip&T>41Q_oCn*cke#pdQ7?82M>Xcj^2*MJa00;Y5ahDzR!b8KL1Z2 zYjT^0cHX+;H`Xk0gV!}K@QIE!f9Z)=WN^hRkG}Ij#~a>ntSR9?=vXs5(*O!md*$~V zYv#G|<2(Uar?vANYi@G+A9cjcf4MNDW!K4CR(x&15J^_B7MAfz3} zi8L<+jYsH*9%NXk8k+A_cYJ!sw@}dYX#H(7YP{KvMZ0#~r`36QUg9+v2YfGnOYUdN zaWZD=1@eOc^?igqt# zCP`9*9Uli#6k8-FZeM2DqAYGvYU(L&(ZuXL%8Fx%yJllJf8bCwz6a{zvkQ_VQ}IN4 z7FyZ1M{rFGI4FmbPa|1YE+cdK?y@{k2a-FnvCPTKYWV{9nHf8EkvL9XZeV4EzBei( zHLQ88xVJJ!6Q#B?Qe)p%#*~7%)JD+Q>c9@MD?FBU_cp|iIIxrGGmO*hAbc;YZFBz{ z?i;|i14jKPkY6Dqj}u_AlcH<(oVs zl~0kL3G`s5qJ)cHarEg7Mh!p+Tg#ByHb0pdmCw-dxA?&n-&DL|vj1oNFy5~Z4p%PW z&PO?$s^)?Xs%*J7PzQJ*GqE?dJn?H9?R~Ez@pxq6yu_o6DiS|~yRRQCb9WE5TM~!)Eubj=8C74Yx|S914Hal z#CKc;HX0UNdC|5CMLyb%HK&e$mN#f?#q$yeqTK0{-r#x(z0k_d-VBT+&OWk;R0>;Gr5=Ig2XQK%v|9h($a?W;sLNR}s_f-OP&nv+(A>W|{LOi;F%*BLZLwI$NSF4(>_Sk+CI zxIHi?nGBGg+`zV;!Dj!=NUY|>&r{~?8J&0CsREeHb$lro51zdUu&bx-;8D*$=V98x z8#>!z)NII)-@$bMnuDJ-KbXVo&c!BzJ7}lR+0`o}zlq%2FqGdMeseCt{}1s`_wW2M z{9yOb+37R#rT0qk0Aw61n}OS`QFZynvxm&ZkYy%^p6hQg*Wm{69s&H<&GI~y_Io|O zYBkt9lbyOCNc1|JDRW?_q;hie$!^cZ}-9P^1;99 zgFobh|JVnA!UyLxYbH7W>Vs#YVwpK2wlz4@MsOVqJQJUDeDLW$ICbAM@!^@Wnee~! z!B_j>-9Gp~0cW}@T@^KL73sRqhaPiZt}8Pd>t^9v(r^Gd2_FI=2HRCD3= zm8Dh*+k`fcspCnVDz(uYry{lJVGlOCN4Ax7ORu-O?tCg~Twd22D{pRuHv5`D8d=l= z1ABEIO?M@giO4apX{xJUWhEoU0wilrV{>)WAnSid=Ehjv3X>18D`;bLiCj@@;&x9h zH`T38Q5bod5zrnltfH5l+%vqO<*$Th%)-Y^DKaPO8=GqxXJc*EG8j&5THYF1Jgsm> zRivWq>iIm5v{3OgMUu`1GGyN1OO}-vj@5WH{$&nu13@_AC*xmmwp%*ldT#J*2DLc* zCZYef!dY(x=T`|GhI(e6Mew%`YWZ-!L+}x(e{_tOYA=Fw4+32wAt9U>ALnphbp8}6T+1ms_+CDZKJ=e+xR?GZMbG(PDX$k4&T*UIuPFR1gs*x_IRM?N9^i~Qpiezw9FDO{Ih zgTl{I^q*6>rvC?pYx?^g?#+k2ie9(V-}>Mm;lwW-)1~XlEFXM18}~;%iJ!=@{#8MU$}`?{B2u6oUMGWw>hUQWFS- z-CZ^pDU@Ry(avwJ=_z)uaQ8aKTqk5aF58c(b3DrvFL}|Chjtg>fjnLJo$@-~@En(r z=af`Pdn4glH?))ZdtK_rEg&*f( zF8MEUU5^`9<*)$m+RjD<7qu5(y(Y5v#?2sGS>SMMT*2_$oRGxNu?8K*^p+iQIiuRx zup{7{Cpo@4!+V_k4HD2NJU%O8tLoOI7OPTr9jAmsMTLdX4^I6~pE?y!#YKg%hJQd4$^aZixcbj@&zSJhGy|Di^M;RHm)IAr`87_B%X)iW;^#Dx2s4q3BJn?t;5ykFF_ReL^4P?B zERUVXBRKLR@pmyNycyL5ce!mN<1a$H>EH3fHYTe$*A1I`1;LJ4s0fM2rBw}{b5*m)2-t#u7|0W@s=a^dk632oU$?QcNXdaJh1e|K`g9h%`+wo zxnLKqm;tME!H##4A($mQ6SKFSBSF-Ic{;@27u?v3r|1S80|J&CbHIrYpbl>2NU(m? zlJVzlsu({j@f0R{JN5=QQSUEW)923M2tG7(*4fV{j@(-v>^K!Z_vQsVCnLQ)_N;h2 zSc^Ru(Np5Ic_$6IaF%?Qp%~;v>oh%V7m=*pSZL_L9cCPDBDn3f=ovl~)CWr>H#+}< zxynfJA(QCr`o2CKErXfnRN6apk<^|r*t8=T1310UWkkoD2pH{d8b2$Vcx(r|+w_$B zx;sqDVW2DV`^2-%`a)>f)o*wym>Yi)#_O7LXXD(ndMx-&pO<*GH1R@d;@x`8-%l-1 zJPQMUZjA>;F=A86_(%uNFxvzE!3Xy_^ESbUFl!xra8LcYGp|j&9X`Ap`S(pEJN`Th z>phABAtz!9B9^l&kcBe>W3WdR8y~S*>dXQnFJmQ~8;?9}iqjZgJfc?pB>zx3a@&3r z=`vZA8{C_)`ICGW3oHz8>N^jSiDW%mG2^{p=WOsRO}tc^czIspujPr~CqK*i;FMlp zJ=P4SA~k!09W)_Yfkg@EiS1xlbP&{@d=O^L4Ag&!X=+b$GKf<32Tdx(l@r);dM$MjS#Z;jL2XYn zLuG-9#t=@HOa24{CRPe2h~K3yK~gnXu}|O54%sZlTIIX=k&}X*H#2T}pynp85pAG`X!-rmT|p=(V`|H+LgJow<;2=8|A1 zPxN7xm>vjrT!VWQU$BG5Dz~#CyBeP^LL99)7gWgwpm6DOl|9(;3NTdoI$)sNA1#&>uh29%bvx@uDIiCAlwr9A!-H;BtBYP zGRSais{cSt1Mwqg-8>y_nq8A{-I ztgP2zEw$~`WC=L2U6sdoS^KFM13;%coX2SnBzDCQ1jD_r(l%!@am>r z_2`;HrUJQ$5#JFMa{q(2K9;zZTN)>IOO{xXN<6~c#L6xg7EQnz2ZNox2U}3P|l~gp5JDw4qYV$MrV9xuM$YEO|rw%HS*hjXH z*P__P?j-w{EmU%j&Ny>?+c#;savTwU7VQ_>jh=%^TW| z4-XCS08^#d z`2{VQ$*r_FfLR1Zl5Ud*2a z3;SYTi#y80@nXrKB)jaBP^e9LE@Gdo33jqSuw%z_3|owoe8!DG0_Bi#rF@{hnco}5NMH=dk? zdo!M7#;}Ol-ZOO=c!f^@ZE^hXPdMQ1l8|4?~1fRC-bRK+{qQROuVrS?c4*ZA^VDD(f4@#RPD_;QvW zU$S$N@#RHsddxx zQ@S)Lnza)dcphID_1Zg(WPoP-~?o8uXWJ_SLKF%EqlO^ct*L&l-O4)!O$W6{+2 zq#2J&p1yC%sWB-_E_Rk@tZ7~_$?=fc^b0aB{pvBtrGG|?mT_r6?$hJaCy`l0#-)#t z{J6%YUnQkG$Hkg9-th7sW*BCtU}c?F^QkUB5~ED)7VX?$5-fjy-L;$^y#`|@`=!{Q zZ|ggf6PfYbb#^MoD!!TobK>a_>Gr(gQAXhXbj16U{cynqH2pvnqnR8`4?L2Kr;Q8I ze28QL2?60fc62`AzAkq|Rg>K(zcHd|tO216RtbWcxCj3w+@EkO6ZRD1X~&DvsG>f9 zH2z2qX3tz;eC|z@d7NPBBjg)40haQF6l+VK-#}A1Mo2u3S-%Z`;A%GF;jjVNW1zbr zlGp`(_Y0zZe;O0Tj9`eG$BBI;4P=*0Iy|ABBEe&6bmShY!iJ2rg~1Nm*EIEmqL#Q* zeehKU@$=&E48*3%7K0g21v}0A9Tu(6fG@OLu@e-1Y2r5~<7ey)c5X!dD9Nd%YOnn! zV(%lGkhqs!4EPx2XP5~G)A}fi(a7edf!I1+!pQkALaI_~#Z%P?%9o>gu6YERyy4dI zSWygtWG4%XB>#>ZY-w<3qqv9@JCSLfZ<@-_wBum=TanQaISi3Y5^vkMXY3Ak?gvp0 zb_7JSev2qcf^r*+S-01s!4eE{5AJ={eEn|vHV82b8HvA|75v;k(G;F=F?^;8fpL2ss7mT;?K+^ zzuLEOJlC=frGod^+vZROj*l0cBs1~$4yv>)ntwrv3W7y@6Th*?5}=h^64s~d5Et~x z7teS)xcLU=9%|-Nlw|dM3G%;WNoYU5UibBu{AC616>8dgeUI=!^i&;!gJO$;x=8J&19k3;h*lZajZrKl$%jLox4oZUw2yCn2<6% z6gXvw!!EGfNH#X0zG8LCmcOGzUpC`Rx$tFkfNgQ`%Z4je?qyTRw@d=Z zDq!W&y=x}4Lkj!0;R^<616#txqpyeHbpYX^Vy7yGVR47&IQc5wo;ACX)&^2O2VcOFxcLnVh7Pm=S;!q&rIQY!KQBr2ma>A; z`XEOmr5oQ(?CdY#c#RXGGkzQF_zt`fiGKq|`STUUqbE?WDAVO|?y^zTP7yN33<6dikM*1O4fnA-IFqdajan)r1^;*sR%UVz7z z^z;7L_)H~*LLMcBt_wXT4$_G=MQi5d#*cjTX3Q6wzACr_XKmrk%efU@SLL<;w4e(+ zR^Lfr9v3^eB0Yf+l8qD??URbc&v9!Mnux*6?PtR()M)m}7>?)Qf<>%H3vYm(7c-mO z|7Xtz8>2o_gN-LkCKOIt99V*z>n0QyH{o{Cgu_B!d{{Ity zYY<^pV4{n*AW)E7kQ?YY9eY0t!UZ8bXL8W!8HsNW{^Q%@131Kqcb#<~Ah;<{hDH}$ zHhcD^p^32AIVn_BGW1!@ue4#(@895Sc(gk`d)gFRu{+0_}D%^8(*e{RO@ zU8Ts-C|JMY;+dAp1K7OToa4#Q5|)pNXK%)MW{+aE3v;jqM}2cTVw@wO6D)*#GXsF@ zM*Ihi;U1m`bTbaYiR9;r@oD;b97X-_w5P*5mW>uK&eU~0P|uclq4O~H+}&rg&Bz{u z^ev9Y)P3AvhW{*RnuZ-NQI+DE^jld5aHekK`f2==K7=bB^~LFyX*|oKJpPe z!=_#Xi#yyX3*z3?Ph9CT?Rm3!p7HnoWIFeTDiz#Q=Tr_;LAIK^VJTf#@%R^qpDlp9 z{;R{$6%BItJA4p`hyUYn>gj8@%{&Y2j$VE3lOuNVvm-g9_~2j^p^ zy_7j<5^T#}ce)SGh1*Q@Jg+7bKGg@0_~86d%Eae-AH3cNU*Ut_;)5rA@Gk)8UcQi1 zmNtDhGV5L+dVXtXl7GJs{-O__g}yZtpO5(9)HKaR&r`rN;g|d1Q6GFUaOT54c9?MH zoq}t#5B*vn{Bw>^!P$mQ>fP}rhlf1){SGg5xOuN2D5pI$rHgwh-Ke#-4x9UyHLk3x zX{cV+8ZeLbE$*pyW!18_dhA4KZjH69TG@ha2_&=D#^7n}f??a^Ac|P^@+r;B)?)8t zL*1I%#^sX>14H;2C`0H>ClO8KaYV-BV%`<==Mw(FGCPhfGPg6#t?{S9cEBc7ks&U! zT+IPTMN^FLRG(d=X%lDl_LQGR3+EJ9;iRIP0KHn9jm-4{17ka-_aq~;N0S+V>kp^r1y&PvupSd8Mgrwc9KW1oQK&u%mNj8_dwB33(il@ljam zRSV~1dn(NQrs*uE4iC!Yh3%@&I#>MlXIwA45f)-ppKbuu@%dZ$1qlhjA>bm`p&%sbR2$u9RK*bG_IT= z9C40K1iu~q3LTn>*$ZeEV{m`J!u6iEhaB$Z&wh)}i!UK#hx45-@$PWAH(si((|P%P z)#0Q+1^>e5JBt1j3V%f5Iv-w9d~~}0>O+sOJ>$IcT%qvuRlF-5PC50S*P9i+mh%pU zYdL@KgOA|1037-ARU`QjbU1@){^J#{`PV2u9J2|ZW<}3^MS?$|==I*d9!0PDk9I>- z%Bkt~UPeuSg`(HxTjp?Yx|S$h^XXE2bh^H%=ykfLjDUb}l#}1Ml3u+BQS-k|(Q|v3 zd=o#Wa85)CpZyM}{F=|}ik^Igey$sGd+BQxexagYsqo1P?@+jo_il$Xy?jMWyjy+f z&vYG%SDvWCFH(GJ98Uf^|8G+Cg^E6*aLq@~b0Qy|KfhD-I$f{&#CurLb8Ii^J?$hs zz*5QnIBK}3r_k8e<(d2IX$w{~h z{fiFw##?x@As^EJ|J>oE*X`~pMgIxK{|$v}IVZS}d-Bog`h>&1>6+_<->mTSRlN5r z{<>d%NYQIKf1z+K=eev*a9(+?b~xqN{pxj!Ui1Hq!ZrWzD?YmZ?@;u*p5(c~DdW}s zvTP*_~>-Ktmt*R{(cN|d1$}-Er)y4^*cq+ ztdf3p3M&&F^GElqmpI(Z=Xym?KGH58@}d8g!Y@?x&nkSf!rxZ7&Yv@xxp0(I_p4_+ z+$-nTeDHk=zX-fU{(i+@=l|=9zEIJRVIzTKyqeD>hf_|SKc7+bI$d!^ujB1f^tzwC z--mv?5B-1-{b}wyn)2&XXi4kv$||HTSF8-5~BO!3k2KA`Azx%c?cA5r)W z#Xp;!2pr|q?RtX3b-Y;WG0t1x?(m`ihQcpJNJ-cI3fJ+zuK1s$=tsEu6UKY4!lyc% z@^cPQ_+O!L%|EXA==}eZ!pAEQx&e; z?+psq`STftYx>(1uG{-2g-6?0 zdW{h+15?>+gjOJfz9-%pj&J&DZIr!-|N9;9qSDbF6&YyS=K}N z%evGS4=(fRM?AR9FLU20o$!(QV$MTrT;_|LJh;pk|EF!$SkpEC&)BSa$khXz3q$9? z*?qE(goVIew{WlsSLnvM{QP9r=MjW+uT`T1K-^8689)BK>4{f7NUI&kbmaL#!*k3@ zo>TCzoy1?MLEKCHat%AoRfiPy(sS%>SO}d@C`Dm!qPUPm+J$&;Wuu03*=Qf|E9~TY zjlxnyxOv=#*BI|5oZ$5i^UA-^h2P}ykn)r8)ws!2{=E@Pk>?_0`Ev?I!b|zn+Y^Ne zxcEGC2`qK$QzzKy=BjkJ**gTwBD_q6DI}nb1_r+J+mx{^h*-J8{RDcz`&&# zy-C@;DN@#M3eCN-c{6=_F`np--{#HTZcI-Z!bT8h^QLP=wCmKa!1>v*E>Z$T$`R)e z->G!K4wr?p+D=N_z}fyA1a`XTN%B#&W-mhGa-v|?!7Fq}&7^GVdC_)0rsQ1%Wo)o26C2u<`x_kG)lLL0YG-=H)#7|R1$UlTWwrD6c zpBn`1rh|hN@?kDZKG=4#c{XG)v;**-ah1f#hoZ zFx?LaLNJBVK>xG?9dsiXQAaL;1GKtKzC;r*P&Ik97)$8vU3(#f*)|bURCEtp2i?W( z><+bbRCi-;v;#+e8a_@N*LtZKx4?){;%BrY^egPr`72CByix9N{mdk*Sh@Wk+&_#cp;`&M_DHj&H`rl}07#j@)9q-f z=*k^WE%l!vklD`m4ctV!M!X&guDm)glEC)7G0{92sSg2JS2hkOOJvnYgO{Gun+2cn zxOts_T$4L5u@uUXudK-}Pc#(Z+>#iOhH<8va!WC6ivJ|5Jh3>G&cw)#Fcj|U@8yjc zCs{!gCQqr4-x);Ba>+6&=?~j_h+TXApGQ5b53cSlO%#^zMkY{X2$Pp=HkGp-&!{)3 z(c77t3b%E_oIeoh*#T&K1V1}A;Kx`aFp(GaCYLZy?D2r2=GGL|=Lb>sZ&Q`e?nSco z9F-jE>eGHi)!W@B83<=j1`~A8p;?z4U>U)byO@GEfm zvFP~jpcA^Vc^b;k4S|kHCu0EN*Y5aI zgl<-@#T|KSoF)Epo$W*C1g%0cO*$eVR3!uU}J3nvEs2beN$DE_&NgzkI1ruB)<858L`f+J+fNxUof=D9<#0DeZ$bQ; zI)~Jsl|t-|?VpDYIk&sncn>prBsxf|!#VHib(wTV*MLa!Uej;(!M_aLoQL3uB|jf> z_)-u4D~Go@+_Xd7{}un4;(gBtr^Td9^xQ>Dd6wczXY(--@H<~(iVvSFeDF%gf1l%T z+B@P|?nCdVle*dQ+2T4<)4svy8$Nvg-3Ncf2mgf+{w#1)Uao#iU+|U>z16w2gUr^O zs$$j4n(C@*RK39crb1p zO>tFuiAOK6*(e5@Gz``i)XB0ERM*yua^`2No0?YE=qOv-S{w8;PYo%ZKcAYRRduUY ztz0!o9Ltc0dNjAS=wK}?TWpb{eiq}Oj@6c9e3`3WKoE{NdtJe62*P>swH7uw+p*Ah zI-J#$ANYcQ-QncJZvnx-<8ab*{2=&$D14m4f9Y`Y;kSa&KjUyOpBEMVDT@A8ANqF{ zJ>R*)KMU=P&ddKyg|n|0`kNe1IT=Q9_9t}2xa=YLmlZwVt%Bd9=tBzszM|Ls&7M@y z5j$Ja4=6rd{t^D4pn!0sKNtUk&viI2x;}8LF`XB0bvXHq$G`A-K+)5WlSyv%;6mchXM$PLx?cL4oEnh5t%{4;!^2VXqW0vCC3Z~WK5 zUocI&(S_F-@4dA34)e+{=O}FP1n}m6HNs~q|Kblbwm{&Jy#!eP6iLEM`IEgjZU!00 z0B|8!j(jI^X~i3!JiTQPC{WDK67FOVb5C;2SRhmQiEbT7`VGr%X#Q1K#Tr-C$%+!z zjxL!#ZQ8Uc)2A0@UQ;S6nm%KCi0=5;lnN(F?9$G{7<-JtT(g<=Nz&KO37bq;&!)Fl z&(lbndKNoloc%WkA#}~jrKO^A@gt`NJB}jf;z!28E+g_R+BK(uMgxW;Jg%ch;5vbo ziRN5_e_t|w?CE>seObnSS1(N7OpG5m8t)C3b5^^wYwGy=;A_2H7FmjLf#4(@^Gm}x zA>M`gQ&|Fo7~RwVvfVFXqxI=TP`cifWY zsAB7aJ7#Ci?jHMaY4>f}-D4}eXYDJUaWu9(0x@!7cchymq(J(G9oL~k&iquc<8fSJ z4P_#&q3{f1_!sqJrD09l43VrQC18SvxcO{|9j$pYl6WiH`0I~#_Fog} zd+TG-zPBfoOnR*3rpIa%Z}X<{@kvYWd?d1=ud?T(!yd;ej4`QP^)g{%idS^E%V(xL9DKW2GO+BNAfh(DVAipj2U;HKW%3z=|aLrIeM z*4$bdo(q$-^Y5PHe=0(_aI)5gL&b>A&0?VWKpO3%uF>`H%fa=0-(5)Q;4 znHoPbC0Ox@5#%UPyOzWvifm(DEb0EDDWS%7QAa`_mVRP*djY=zZJD^G?G6NA_OAc*X7V!SqPSCE{N9rsXLmL*ol@r zwmX`QOF<;K>IzRNcc52nHG*;8XPk+nz*JgIOdvy;F#+}#-iDl z(!?)PjmDH{B>sy)vWRuftkun&9PIoWK2Q+LL|P2H5BE5FKBsiXtHF+Y@DSYmkN7RG z`CTd2)nSh>)c;}jD-j(1L7VF6>w+COlP=Y9w*A3?%K(<*WRQ;Qal=%E%4>GRtbP`H zvd+Jvj7|Kd-DO!xE`XMxbSskg0dMRp$TtmXV)8qX^QOHsvmjjZ9@9Q#-T1u)@wZ`o z>1U`PiC@OwJ}vgq_}k-P_z)|yCl$RylTEBTH$c}QvIKo%pli<9_`xahBQ-bw)|gNF zE_{m)8*OnRMhQJ0K~ccW;B9${Pv@dH8y`Wt$&H}T#T%t!{OFSIa27lEvGI4%EpG)6 z*e#Ek)8zBeUD&?uosUK4UprsydG#GZH}@2}he>@q_;Fp-Ya~Oj9ZHnq&2x}_cUlJn zauz*fB@KRQXME>r#|twJOLv|y|HULUunA#tKMy}i}m7mFo7Lc zu`v56lC-!YaRAAQd^&QY=nf?Qgv07n$J)2;h9S59C(>#Zk)A8jaJK&&MBVW;e)M4? zCRzRWs#WOvEjaCazZ*=ngFMhx29reNVtE)o#6}hM?sR@K;0UDZ3p2vyQ|vi5yD}kMhJHX-o|vUP{2=8hWY%4oq;(KL)M+fB?LewJCPf)?9y85-T5e3)<`K`K4cjZwYUIY`HHAl8{ zPS=Dn8VS^tLGf>n*1)&BHQV?|YLnLZxvg(Fy9Bx^$ZRO348%@{h_LK*RAsB^kaX9Y z>@%FqNX=A}=0U@H-o&C* z#(=%L%eFJe#Di(bfuSj|iQYi9n=ri$Nl{AYh(781Nm44Z$heB**K&KFmsMav-FOm2 z?d6FVVD8q)3UwzakG$M&Iv=(LqX1&_rvl{>Mx%k%O-CF16>K5H%$%(sHn9lonh}By zs{b;6X03Ep5=no_@d|c)gUPKK744dx*R>$G{nosJPn9Qr8e4!lm2IwC^^vI$G6xc{V z)k1T@cg;x3`J5KXHioX?He~ON+e~ZB>O4~~n-3|GXhuOlUea-7`%c80BK>w+R zu6uS?d}okWzhN~mv2)$Y7=(P%l}_99rJX57AD7p`l1Gx~o5-bpG~~k|U;npUKJehU z=!Tc?MGO^aG9lABtM**Q6KgZh8iM2w?0jZx}JA96OiqSuNY>!Lp(8@3iu~0U1BI;~X^SSh&8q z2LE5e{}1s0EBwEX|1l`fLi}IFa`iZd<-nL%&f)5-z861`401Ji;y>pWNYB>=W#K}%L4PNv5?ZT3fHxPE8Cj!kF}z<<$(otSVpOd1+H4TI#5zq z6M$8{TG-kf^8YFL3`L23%A@aP<|=9ep|W`kp$$-78zK<0D@zkvLldUdh8XP9)K6$a z?Sxjl%CoS1Ua3t|M#>43KLG}$PC0%z8Q1HsJ{Oq_N_qbm*{>@AL)H&EmM0xC^H#%E zV`yH+X>73vtH5)U!#>H6!L&X_+CCes&fPxT*r6-Qhh4kUtc)5JQBH563<5uN{5bL= zzdN!^^2gmyy^nZq-AVc5W*hB}l2O^q@+Z!tLAzoof7IlM%HRj}6KH;1IVyW${=}&G zflV>~$GQsnb@B(_&D1C9&Vk;?9l5ZIcl)q8`R!S^LWu-1!SWj@j1q~-AAU&DjkFho z)jEt{t#r)8H4dY$gp$21KQs^0!B`+z&KZUDl$qN=7-aXkFcWz->4nD1?Kub&&xN76 ztn8+f@(^fKSF&<$#&^|&Bh4CJ8JQ{I7h(}>L;d7nu~#^QOr407k;$?$RYdoUkq zje~-Kzw}sM+{^|J0xiE0X0N*TFtfq|j4nOSlr`|F9{dXPJR)$F2e*Cbh`@~=yxh^- zYueL>9}&1Z4Vk+I=67iR5Y90x35Fo`!+x4NDdHqY>H!o8sIIr-eoU%&OY0;geCRnQ zA%Ec|{Qt#={`-zTge#rU_u*c67!UXJIIiSx%O_3$dms8&9DNv9I`b~V^*#J&;y(&m zlL`MQaK_utcNv^{2jR-`Rwnw04}OggexncG44m=qb5+i~qYy9k3p2&r<%9pDOAj$Zb03O!F1As=ayGW6^7;q!!} zZ+Gtl^Ug!uFZj?O^1R+=$;wtd(#88 zQyQy`rj;2oSCv&9SM?U#CDlvdd)?P*NUnN%>jRj?%&TM>YsT4Q5XV=GJ*LIP1jTfV}ORM-9;2#{>^ zRKIHF3I;J8o%OmQ=Im&CZ;-J-O+8pVavvOFCap4)5^^<+%u`K6UCmAQxvcc6()p2! z@=ukPc)b=aob82#7wtd7aGqr$bX23$xR^19}_Rn<+6pRKE9Nhspl#`=0sCRQ0N9o`xzWSN+|dQ&{szGIpQ z`iZuXbv`$*Tm?&wh*d>cvvNgC^{P5H9W*E7XhY}>{9_r!xKk`_bci*6t`B~(5B^7o z=i$9=)b6N&A(6a*E*MC2ao(OP<+O^_apK16h1@YIv*MwPWiPi<_blB zq2jYc;jDWif3_PqFkbG%68t=cQx8Y*5`|x)@TCs-%2TK4`E4$IIux$?Z&Ntij?h2p z!~YdUukCM)aPN1fi|<0=bB)4hDm0=NzT*-=p|zIbTuqTF&Wiyu@^kSA0qw?oHQRg=;wz zijOYGdlY_w;=fJdx*W&2@tC(hh+RSAy8bLu^q*AxU9&dzkbSe{&p6!Ekq^Jo1)oR| zj(71;1Ri7hRu0VjRnb|KoD( zGv%Wbe4)b~`xG8^xT_8+{9X6{lWzmzbHw3n3v_~;WlTIvehM!9nRYq`XHrBrKZJWa zp|?-gR+7d=j;JFL`jC5G;=v`p77reF&%GX8zHi65^a+3Y{#@w6<$JQhgUk0Mzf)}a_{;ZIuZLc~qh`8t7JB(EYVhCz*M7EmaQQC! z0J_U{P1Tdd3XZ)_#z?pbpHB|9k1$BSilj8Q%{zEb#$J=^roWl(9OiQf|11hO9KxM- zVRzl=^2a?6`F7@*mTfOA1nw&KuNvHVCkUMJNPCoa!@i8T%YNKhx7!o1;H1@#eJXi= z(C{4Fkf*CgxU=qni(lsb1rN!MyRt9Kl>QJC26wN$n0-AQx_Z;kKAZ7-b*&3s2M~AR zpY+EJuW=g@U)ZoC44nJdGF1?11`Mu|H30AH}1-QC{z0Pxb#aov-~+EllTRX z0b~4y_}6Y62gh(618OI7%k?&R%Dtv5bKy0{doS(ZJIq`DqN{(eCu2l@;oFUyOzA)1 z(l7lV)6ZAFgqQSF9&g-$0*BlSXUlLt*>924arK60o_a(id7zyQ6K|kDX#x`HS|;38YZQ$V-fi zzmo+WtV9E>rO?!j=+;Ev{N3sMgAeXcREmdEeSr=Xb-CV!y3Hb^U<5NP`(sVsLup#)3{j+2y{ry`raS|RRXbP*EU1aMFsM}^bh-7LFeo7CR$;WO(d6s6j&)s%te416`k&q@dJ2g1VZ~vFIwxJAY2zPU!v) zA_$l>@RTkR4d)zzDq3V=MPe6}e|}lC-%5=X--Hu2sq-|uqU&53s)?NoosS*tV?_53 znt3-EwT`rIlL_oJ`=BOrZvRhI{#d-N2j_N*&RYL}SbseCKY;RJQqPEg5-Q~tU32p0 zL5h>1>jfJ$CWX+|>)jbR!DV%3joJ6lYu0Dy2eQ@_WSud3MBWxO3?_$TZ90CF(6L{W zzHJ!+v(Adu+j!2L{K7Sy+W7dQb=5~Y${T;&Cb>y;9H>U1q zjVi&tT^TPMb&Zf1nI0eyxNGgj*kO3o-LwC)>zq+%TOpp?3Ql&NbFMkd?2w~9*IoTC z>>K_&*DM*Yzuf>g(C`SCY0Z-3aWg0GXr-*!Cle1j+>{sY*_9VKOkZaD;FZA1XNw~? zWr+JKANrL(_|3q{r_gn}QhuF2^k4A7|H<)T9i=m6j_VKbpDA6e8=3I^J~*3`$v5{R zlX~KJRui!%r;5A2?F=lRIK`cLjlj&nWA1iEW2|v?oto9>kva@lWZAeW z`C9I}o^@pvuW9z&fNq`~6`x6!!VR;Q>YAIt@iT38%{6Y;*Q_}ZSIkoL_*c(fh_#F% zYXOE=TeBZG>w_GGK9~8m;|Wf~$hYwQ3g;L?@IHm}6)8CNl<7Dw;V@S4R|&!q*Yu~m zdf~;XV@pR|&voooxaRYm!a01AcxeZLj(jve+SM20dQN7sqGvr6K5G@uaf{%WDn5EH zC;AtH{`^fbzyg%E$ML2-af+bTd=@&&6TeFSZ8>f z=lIB2nEfnq?|3xsiPr@)v~tg@-?!lLhA#pS#$QNg%1QWReT#5D*(Fhh4g|O+oXL4< zuLcn@FL{puo&b`6!uv|xuq}lJaMz`dQ0g=DpG6|!CI2(UO%^?_K*CNAzCRh(8=ic< zWd|s5gde_eqJL+fhUS&uw}{LcT`vLM)sr1~t>ARF*oxG~(_`&By}0niZJFjVk}HCjS$q8Wy8WjhQ+wpY~e`cy8Ro# zj0c9XXZ0}Y+`Ms$(#lr~%^|yKCq0zjqW94l1D)~A8)?kfNi^}}(#}7&ozI;#=V1o| z_5*BZ$7Zdw> z!SSn(k#WOM3U!Jd089iXJq1s!r>1^%D#t-x^@$F|}mU0ge1`FY(`0GV)>sTm`? z08-x9Ib7;Nt@HQ$CRh#sO#C-GK3iS*c6YrS*G%-^^1-+H;6DX!gRHt5Jm2cR?rxkYI=Nmy$nW4UDwkUlWfs`_fpUTQ0 z78!JPhAIXPR_3WxcHVpC_xpz6In{Ipo&b`6)))HDxM5og3m{iVc&~eA{-4M<#Nz+tH^klU8{z_w z{GLZ&+coz(`H$xtqP{rw32{u@HB+Wva>DBw4>04L3!7^gs~IO@ap0}eqTbHK>k5Jo zj)<5sen;;b7){77N%Zcl-x5h+zv7Wd{J?=o`w^I97>&dO18@kyfndjF01~_7FC7WD z4;%`1+~pqM#p97+2hIM__b49U4R&&uP5kJv;O2XA6MXP9S&28}FZIH&J=pnq1Fg-D zBp6*UxC3khSQ31&Jf}3VCyiEFG?H7Icq9^k9<*Mfwg5kB&S71OC0} z$16tesTkQC<#yPd;O*Z)*hmk1hUAkN&tt76*zp@AI{08DE72E!uDAUy$nql~eJ>4< zAGl(}OTEZ?aDz>r^{X2r=EK^VNGV}%WCu6X=%2}rLrC~c1Yc(vW~Ui88HS_#UL?=p zLyvEGk)n2&r--iM=UcF(hKSqA)2^AP2?i z3a~uU7fl>;Wk|u{|1JxY`8D#0D^gfDy8Ra>yM|HBTq7pRCDMbtf#jRW#E4mQO1^Av zK{}9p4!7=`JDS+XC9cJthl88*Sl8ljuU~y>bi>;$kl;p6dz&iqGV(dv_a~N~tpf4K zdgFWAH=VYrEQ>8oz6os;+;p17!jJ<2E!U@PK*xLaUR&6FL}stvZZq0Eek`#1J80Fm z%0_};LUZjM)_=Fz+waJ)bA-W-pEDw&c9dHYKV%ujA3L-OtCx>J=+W`#uZTa^zUjIw zJR<=n9edh=ZYs+$9@)uabKX$-y@`PjuW4R*n0VB>p&dpWvqo^P| zEQ4_obHsK0u_GeNhqNeKG*~Y3ik54*=Oq6LWtRTtK00h&4FZ1Dw&D2mS@Fl-74G9a z+*7fUyN(S86TGnvGqL3+FER}d<%SFyNS=+S5Aa2QeCvHP-208=85s+ni#qszj_|DuooIvTr(!H(l?{S7Q>IDUvX=k#D9?h?ke%ibsBKF*QEQ8Q+|#$8D7@`@_EXI z5A#7eH-t+erMP2l4W|%$GZEcAourH5SVj_Fz7;aX&2Zyffga)m9LKs0>kUuboA-bM zc`km=5ozbmE5G^f#V-6p9T@lC@YPkT>sB?^ua(hiYQ7sI(xSq`LiKCT?wVFOeJV9? zPDJ-+ld7~~BTpFf3Znzo&dgzVRuZk;{1Qqw#TBp{R$%mO4w5+1b1r_P)(RhHm1%UN z;}b|nd6zXhlGttNV86#)%W+l`Np^rFeoJmnu;Yga51VAv%YmlHz&`kH=9z32H3urJ zJ;LpmfCT1hM3KZW_z|OpEE73dJP{%JFwU?U*jKc_0!9p-9gqsJ9tWpMwBE^C~;#eTTET8d0nRsYmhx~x?pMibO*d$B^#gAkM zJ9Z;TdI5%(w8m|_A6P}=v6Lkou|*SqbmHK;v&AJqnuTpSAGczTHJ;^I?kKn{J60<3 z_G|(7?Ub|vW(QHCdr?1j{20%sQb0ykc`8tXdC7Vdu+^EGmpD+g7mGM(YfdPngIRM5 zGXRYU3RtKiZ2IrvlQ!9J zN*YFkI7^A*Ux8m!*G2eb#0u9ze-O0d*HLe0-lphI2i=xP&l+I;zfX_d*-~x&OJ#vX zW?CEa$FMMB+U&T_$kdL25>uq-t7OCGm5T4%pxPp=dcHt^b`8j1uuSK-m-*ZHh)LIn zRQP{p_=x6TPX3V|ewf)l$18sZ$^Qw=BR$I*#B?yJAg=FKC7;}EXqS<8Hh$6)XP{jM z+QG-8xmQk2-~$b%eRb!ekmOAK(;0jASjW=#M9jH7#_or)BU6^&l6^FzjStvEA+H9* z39TA^1=qwf+YoU!X_jXHAtSF@oGH)jP@g}**qy=*bvb4flL;R-6a;c2_A^Es4t{*x zKu5*GF^L}Q%h>{F0artTREUdx@L4|iRX#Z9rPo$g z%`2&zy>M|Ab=s&9w{qFvO~E-e<{sB6t<3>anbThym)Et%maT2(;(^=6jSbQ~Erlc{ z#=E?^5vQW85r3Y8vdZf04L&kOMQt|Gr#UQY!Ty*!!}3})*qzhZj4d)IHAWlHC5h7V zsFT8 z&QmyhR65e@^*4U&&=Jqazwnt)5RP~d|AOC65YEg0ixxKYtPeuZ4xf&E*oFmvfgl`l zy)HKl^@fhP*6ll4;rzZAK4J&OD-X>I(|P%<_rbS1+{@=XKJ>d4uGa$(C|sxO&pvoA zBXn|}imRln*x_DzW-EG~KU)>9>%$KeuFHLw!a0JKcu#e&0($HE6LGk=yvh}>%cWZ3 zx?VLZT-U303O`-Rv)SQZd48zqbw2!F;U7_a-cmT{Mukj}$BaaZl>W!(8*fgJ9-C->y9vwFPYWxaVyile=e@YHe8PU4qq7@oW@ z)I_+S<>Z(5oOnw(xt7C2?uCZe&m3p^Z*<|M+6j*}F8l)mxU1y9z#KQSO@;+<*F)^| z;3QovKZcd?Qht=(8#kbU%pr>IEvtj@pudD4iF{RqFpTiid6ou6)Y-ECu8;NbZmU_fOJ-CH}~ zh6kF_o-uP^&=9r=QnME`p_nWhJQLc^4CB7M z=efSf2}fJXyzA`kp>IX7da&~z5TeqNx7%Ae zS;`~Q^DTI8|2}?p{1876vyXCrG|JRa%!-y|O4OFSqN8?O8E8JKUenUF9q zE^F8xXOWZRuy?%9{y?*h4y>32auebAE zLk6ouCBZQ(3-Pl&jGvqNSXGIi>z3l@>K6QLY)6>jn1>l>aLhwn&E43T1dB|KgGLC51?bMWtCN}aSw!x8)H#o(8bSH<)^0M1Tp|&viPTeI7APfLZlWyn4s5Eb#m!^GRTOVxRU1590hsS|3vZy}T zvgbf~;t4a&XJq*q_BV4qBmQzheelS>kKrCZ%iiu1&Bj%u~eC$5Vo@?a(YY@tsU&n;}Xy=pCAE=K8 zn|I;o(sLfk3XUlY@wu5mSD$YPzt^;=B%XyWS1G>`BgioyI_2J<)d z%NxbUEl4Oj@OE4v|3mlMNBjQ3^8&ok?~_UF=?em1p#&;)R5yio&I|Bt&9+}zFK0NwlT-H;h!e!~_TYUum$T9)6N zoxKp2ol8e8f_>})K$Xs4!jONh!_MQiGQXhQ(Q-bM?qYi}_Jy~&`)Xd(`#^A_eLQy^ z_FdQ=AmyXxq^x?Q&ViH_hweH4c;>#-^XRkli{m58@+-4DGtPa(8haSQsgp)Go>wD7 zl>5-HWNMeBcAU>0mAxqSFlW>)sqN<`9~L_v3k)aw4MrV0I{7?feziO7H^#@>MB;iI zT{VAT#{7`-zkgeEAq!x?1EwQpCUKyx4=(bxF0bbHqn^|(bJW3 zB(~V`;rtaHu_lLcm6y(>-(gGx9kIJIU{u(o(|IR0)1?kG?7j?P|Cj+gk^vi?W1>iX zFOgp;12#1SCN{7n9h7N_ht6`({L7*{alI%Pfrn+LwH40KWwYmVPTD8iBypyd&a`V> zt)2_NGOd$zMevxVW*)XW|M|F*&ldMA{P}p|`dIEm((#f@j`bH7`{krc zGL2W`R??bA1A&`;@QptBT|W4~0Oy*>R$S>!pNA{kWTtq33Y_%&aHW$rBx@^t8PQR0 zy1(E*6CW;FXTmwwBL8;B=Q+a#ZPtf=t`A=4gMY>czs(0v0H-{(RZVC5SX{s2Lw}zS z&hy1HrI-8kGvQAIH|64*jP%Q#J11@?R3L}cB+i`^FK|sj`sdRee#qg~OavUyFV7V3 zbVt9`F*bcO=(#r`6aBS5c&+0T8g8NsnEn~Jw>rGt;ZlFT;P76DOFw+S!w)!I`r_Tf zpC4~<(%ygX@Inv%SBHlkF8TIh^^M0$*icF#ouMESh=lfs7jgFhNnFu ziEE~2k=1O0Dl5Or7=x)wC(9(fu6cQ5GuDCq z2r_V^0duiI?!u*++O=X!&|Fj9T1VS2j;fI>!|pz{9Gy;Mb!}~-PF_n}YlFvFyG}fp z(kn}^TCkv^3Ypfraus-c^Q^F{vAKR_8b>x3nlep8Cf|(t^ueKxfZC$^U~jJE54N%H zo{%{-iZhrRNyE~4W3^g4H}P_ZY)jj+rbfHCpUw;8v8r*ktkHXXs$P^5U0L}FoJZg-^{J{xNC$P%bn~CxDm5iuDYs?U* zwDV!ns*nl(ccSv!_BFLa-SbRJ|pLwb(Ag?=&a=}7+}{0rVn5YEg0vlce=r{G@b zzwU4^{r42T)>Yv6mCh^AVG9q5H;f?|9pxN{e~I@Vh3mETA1Ivj5<<`MA07E{>>>C; zg=<}i_Y|)A2Prrl`J9D+;qys_Q`cQ^p4CD}`j6pX@UJ_Z7y1dlUD0dZl^^@i|4h-J zt@z|&yh2BBtqXCo!x`r}_?LLaHl~;UQXhKR!%9BqDn3;zUY)L6eDHR~f4t&ziW@k3 zaq z4ITOGcDF*+Pp!LBq2$#0W0>HF!7i5vTxC2jIA_-BWK7G)Pa4Gjunp1?zrx(vpOCv3 zT=+08bb=SMK;a7QC56j8NwEiC%7nv(&9CJn_k^MfkGOkYDiuCU;nMF>p4kdt>h6h` zD7-=8r3!CR_#B0=QFxic+Z8S{6WXNka(B=rQyudv# z^xzVoq*wTCb#(0>`hD*CE)OpA5}d!F6F%+CSU9N{g3I^*66Y`YR@X1IcyQAYz^B85 z%lG)*9$dc1_jz#n?jFks;Ur%9j^=l`#^pPDi3gYOXi10gk?-gZ4}HjeKi=)Z3mtx+ z2M;^E*MnC&{8t{l#o-4%c)P>j_263^UZDDCl5BPOcn|)7!;3w5ufr=m_&$d(_235_ z{(k!zGur|5=vED~8~?Yn5*R`ru}Zma8+X=)-SwcP&pk`KbC2d+BzA3K0o?W8arUOz z^?Rf7$awOczw|#iGE4Z}Ak2$S;HqxXG0MUJgFtL|2RH&!nrBDQ<>qX8^d6tG`?y zVBMAYCI2Xw^T}{jw^9tecwAQ*1QnYfF1)#h?7;IbPyq8ti zx}c$ky6W1xRRJRS@^5M4+{3aJEtt?C|HjtP&8t@821m~=$5-#N<`A^w0?Sse#O8zM zq26uv^>wR4v6U-Bt=zs4s9D*}J>?--OA2u!s1frat#!2l9@CKu9jL9VSy?Nh*VeVf z8bWnzYU=80K?!rgX+M*=5I*o@6wVx2XQ8H*)h0hMyAf-|L5dc|Jb@vs!DlnXLIzc@ zXbse@X(1IDFa?lrInqA}bh!!)b2N=Hm-x_%MkFd$(?DYD5vyKql7?g=!`f zX+TO4*{aqQc1N|R;Z~$6gpip2Nr!H3L)oTi z@ZbsNGEgX1wy;o;!s_O=sbDR(3a6eK2cps>EMO1k&(^J488WpBv!br>Oc9vVCPR`9 zHg)Mdr$?yCWOg%VS{rMb*&&zP%y*P=JsCRBR0DAJUOensmh!ZM^3nKqD&UHhFfZ4L z`XnSM`DNTtM+IxJ-n56M<1uT8m^Wr=k4oLJW^IZhTthALy3BxFWl6@S#*6efZo|h zbhSjrdsLK0#wxyQkD?aV*a{P!5)tmPjZtj;^CO8Kc(pXtZ&-C*lTaP?4LFxr`KWJ6 zNSKy7-#LZXxBRIOu1z)7Uw6I^$7z3L_{cVhQyNu-Y2h?AkG@x^UR0t!}_&P9YY~CuD%sRF&VjOJ$>I1KE~v%FG$Me z>X|cibD|ERxuDcB%Bn+9rz%6g`bDw$ypSFw)}t9;-NJ*mt^5n24e2f<*Z6ao=|+4e z>1RlurHmzRM5mNUX@Ro!7R_u(%c&~kJlkRra@TuMm zm1`H&EWMzf$}`C8YnCL@ zu{TyAs_R;>#i&4`iAD1kt9I5w9&TZ;*Kchh3($=&5AemR@7$#1MGfCLF)T1|sB0Qw za95A2G5p3*5$_0%{v%zDAN;4UddCj=?-csQV?zXkM|PaKH(bMK#?5AMs{0c2wi`+{ zV}QU>sf;ahs&K5wk&8bPiKLnVt!q@0{lTuta|ecI7_zQu!-iGYG(}9h{IQ7WXAeX0 zVuYbEo{ks=T`j{IVHzpS9Qt1! z`fi8DdiK2V_%@zLf5)M}>(JkG=-)Z?_Z|8chrY+5|IMLqb?C1<^luz`qeJ&O^pg(# z1BdQ(=qDU{lSAL;&<{FvzeE4fp$|Ls?;Ser&{)%%S3cbieY-4sR8;AapL-#oJoesUvq3?I-UWeZ0&|4h(=MKHqp&xeWM;!VW4!zBxf9%kAIrOI- z8s8xE%Ih-@J>bxP>(IY+=m#A7?;Lu&L;r(A?{?_lI`n59`iMh+&Y|}>^cNiZF^Asa z(EsGnUv%g%IrIUCzR#h*?9fj;^j95vuR}lO&<7oQr$dKahpG2GXr)89Ido`zK7Z-h ze7eo`cj!(>-VTQzaOgu0eYZn*I`WS={@W(z>vz=guWCN-XSM^o5O#|;SZJMr?vsS32|#hriU3SMBgeTz`kIb?6F*-sb4P((!L| z=p7FKHpjoz@sBuk$f2v9^wv7*JLLFBobsr4=!g@()@g48j=mLc{dDM~j{F^t|J@FK z#F0PX))$99;^fB>$G^hyKkCRY9hYCqZ-Qe!mg#xSkrtM|E?`Fy=MtSGTt`U<-kokRy%hrw#ZHt~PJ*d%T{i(=#9&f~+Ji zS)%0Bs}J^^)8kiBnln@qBrrC?;QKmsGdVRH_hI~-wZ|XCJzX*Wxvu0i$?C}j;mFT? zF#P8cgfsjGpP}Iq{3U|39@?c?=HL^BHt`z%GX$@4_)UDCgI^-_3J0$hy4k_661u~| zF;Ah~W(UXnx^mkc9Pc&C?X>U`x#y+N!kG_W75boq_=!SSIrteudk)T{f9O^?c&*UQ4&Eqqhl6vkD&1xW z=dn0++Z}wT(B?{#`FyY7eGb3bmw(W~pAq`7gTEs5po5pNA;1kgIQOK|8Gm|HA9FTE znfM#LO6bWB?g?%D4L^@NqBH&mzfSNKj-0g6%?|#zLU%a$SA^bd;jCAliWT{9;Y^p= zJF(Nj9}v3F!G9z4K?gr7^kD}-VU&(|(7{g^eAvOw*&t>whRL7h!e1s=gSQGj*}-oS z+N`-X{96S#Yv&EVLvXW4!{Glac(Ys$t}SliygmniO6biF{wJZgTR6+5P0D4bg|l2H zvIB?fbMOxce$c_s6a27)UnKaTgL988-LQkN6ud;PCcW)KmpS+*p(i`|-wAEj*} z?{M%M!8bejWrA;aaAW6jr-N@2{yqz5d)cPd3>~y^wwF%||6vE;Dfpm+e@F0P2mhhq zC2}?Sxld?wwu`}kE%;=I|3#rqK9QgL9~AvPhyM+sS6Ddt2Zg`c!kOOj{DJFm@G}J8 z?BEv)zTLr>3cl0A8E+{ShU>F%vepa#K?h$i_+ba%BKV+#e?jnJ2mg-X<_sK@&j$rJ zb~O$Du;5j4HTds@_8k0ALYp&k4F4!58m`&lH!o=&4t|>OZ+7q*f^T>5*@EwM@TA~< z4t|;72OYds@WT#%li-66-YfX9ga5tYC2}?S@D-uU9Q->%o4pE#|A&HCIsEqv?K$`_ zgfx8=E#xl4qhkxI~{zj;C&8$qu>V} ze7oR>9sE0j4?6fB!G|6EA;C-JYV!X#LYs6O`~|^{U2TKEDtMJ6XA~#6;9!PMIm3U7 z;42(_ir~!-ev#lE4*n6rH#_)J!M8j3)q?MI@K(Y59DJkT2Oaz_!4Et5mjxem@b3yf z?BKfvFOjRspMye|IrzguPj>KM3ti>l&j{@~_$xxMaBwqQ+w9=)ky-Z+2cInXW(S`s z_;v@63%=9AmkQqJ;8zQN(7~@2{IG*xFZiH?rv)E&@J|VDX1PuN|C8Wlay9sOg*NFn z`2B)cIsA_a?K$`hLa%V}H-&C?@QE_P*Wuu&3%=RGrwG2?!Dk4*)4}6{_c?g2;0GQ2 z3c(LM_-eri9sCo54?FlBf|tnE)7cLQmWgg0K-j`G@cXNG2-*9f)cJBkhSK(?K#J$5(RZT?;U4Q1HwTo9D`pABD$u#`C+|F$#nKPvUX_?h_4wHh9U!mr?@KU{@j)TEz& z1J?oPy{rEY$!OD_BzP!dZsfWc*FyPkZ1;OKNCU_G=c|O9|JMLx{1y1O-OP8y;TIFdq_Z5ce)`w_wE%Uqr%JIk?f^z@4}$l>Vvx=*ErvDxADHOg|^xx`-)HiN;wWuCD zOh)Vt4mb<8a%R=^8R{U2|M=eEsyR6&s?}{ZzTv&YKdUp5d3hJxAQ zGnu;b3CZ4A`AQn9gjMVbDD%Jvy2@8bnGBMv8>h7H zKq1F^)|NMC_C$N*N7KVa;X6{uxP{$Mhr1p@sibc%pHLaz%K1P_t!BVvPpZ64iAZD) zVDECcYd1I-b{|W%!veZFIMy6K%U5Wc8?SsZJy1jg?<+DvXYITB-*_xWHF%=wH{TKNItdJeR5P=$ z`^E6)DTaii9!$1}yG{iX6Fcll#GJ@PVZ$A%mv^>2TPplR)Hy;qN>#6Cc6qX4Sng4Z zDx5lTH{A6!iyrJ1UT?Dew1o`^Je;{&#xp1;s{on((agS0&vrtKaQAbnp75mJb08)< z?$7AtzoYrq+}ajg!-#Abb2iP`uIlWTi)7MV=b=Jdl| z)zlVsqAJ8_aSFKQsm*t)+!tpHtTa*kssoG)|Kg3kEf=_P!}8HI8x%By;0Wpz6kSe z{^)Yl4G5{|nSthXb9t36iw4w657m7#57`h**S6Oxk0&#Y<<*KWk=ad#NPiZ>kVwB^ z`=2+!b2^VvCvZ{)TXQmVFztcU4{6+ z7J}v8aCZz6AZuK>>r0HF?^i66UiQhM{=N9wg{9>B#9Kd6tk^jC*y~j_zjA;cKSnU! z?6mJgD!K8>`?DvhV>V)FwYqquNWxpo(aN)p_>po(jf4y|O;p(IdYs&0?Ed$RE{C84 zq5I&Q-GuhEll;AiCR9!DKw`6q`ry}et!hsRR5IL&-GLphdD`wBS^gSnl46D4;lN)A1yX}u^E>B-tZAMN`D zg7tq7VshnYAFaYd%2uhoH|K0*LyD|MY|lhc_Pg$9p^wfO9CBU*p-Rg-py@Y9hr2&dbx|hY@Yoq#f?o9f#vyi#1if6 zV&Zq_v5hE`PQ}Rs5&E%f#u7M!bGhQ|ASc)ByiHGWE;)AIYU%nVS?RS9A1Z zYt-8%?R;=rr^3MYPIOr!^I)_tk@-bGXKCdSG9I_XQJC(Ljb``gssfEHj`- z1ADf44G+d~pij}Syjc%i_qBXa*5BF7+GkS$ofa_kBUP`v2Rb$|@}V92`467z9M9jI z=TEfn4k%*^2|J%cyV#ScQ|&j$%E#=Fm5IUMb4hP-}k znX&}gWyd5S$Q4K<&Sr{UCFege4Fd?I(~v!ejzP}*!U1DnphvC@yoNu>fou^Lf*gE= zLMY?GTkl5!q{_UaA#c{NQ>Dne^xlXZ{T4$?kuT?{&OWo>^z<;e~c z88TtT`aJ3h&hOIs-1lejoBUK2(+`%h4_q4hWG;QrF@2XN@Y1q8x=bZh z)iaodO20L#{oKwE$J)>D+*p)opW3;xcuD)&-llP5rXUvBhf;c5L&x-6$J@uMs*mI8 zdfyMhA+<~cXU};VMJ9W{LF0TwWjg-!o>Jp6YbX`zsVTw9b6KzFVs-f3TS^oL$dC2h zG@<)=`#TsXN>3GC^kdQbJ%2vH35Rw)qDAheev>#6Rla~~Dn9p|Gkwk;4%=FaHieh0 zlgn|UTDYqnl_-&UE1G$w`&f7jjp%y~k0OJ-qSuB_V*O6cdQ7*YX!xG7$;_LH^ns$; z7qt&2GsDR#N262rWd>tYj>a-;%O@b)OYl;Z9zNba-n=P-wsU7;!!wczp5)GZ&3H4H zKOXXDCGsbV3>s7!^gA;eLJl|ce6j>69(^&$xKJ-LMH7i z#L{~w`;A;>W3D}pWBa)eOuN`+j;L=a7S;ApvGtH!l~A;gz3|Xiw=u;f@yg?PJy)~p z*;9a{es03kv?!E*ZEW}sY^O67)N45TF0bf;kVE zfR6T^Le+i*uEMHG*fSJw9K0&MC!_HCF~UNec`wI&iql#q^GCP(1Jx4{D3pB?jh|?` z>Ug+&F<6wGt05L6(FtDWKCjoq3*hm=dOV3ZQegKZ9mf|{*xBV?!`}@~?=XJ#F^U|nji^3SMmHfg&NJj^6NjPs*);Y)ln^(Y-d{j^>MC1u``3TK zS-GLRGkA!ix@M00751YXQ{WY%P<^?Ruw7qJilOYc)L8I0O!&7z?|Qq0-==sY0vwF7kOjr{Erg z`$uC%c+adWD$Q<#6m?W)f%dmvNwnIZO6|uG!t@91l`9`slT9cgwOeDbc?dPMuKcv_ zhucfolhHlJvj#w5_rq0m5>_e92mpfMCPcT0PQ{L>%+&7@46Y7;tAy)um|G}uzk^jeG7Uo z!JJSHjOWb>!A!>-Y+a~HBtpyT=2eAYF(sK;S{ItTcyUtw#G{KsixNUI4sMvF+(d`xID%sSyeUMCiu5Gn2$w*bo) zC6>owgCuFup+xio{u>C|F4fy4<}R!a;a@zKCzdAWCgb^3sCEf-kLGZn4%N-981Gw^G{dW!t9Qd5Z8{9vd|#nI`E8o~)WJA@m$7NaMIPf$#Enf; zzH05lz_2z=-gk>1FAQ(fr~f19R!m*#g?w&|@8Xv_-RgN-Ub`C5;Dya=DnL9sD=#`AZ@mQ;*iOQaWd7&Yd{<&Jz+7 zD{dbX)n{n#IAPS!Mio3oGsfUo;(smv>29LZkk?y`vn1~vm6#a0eRR#l$>|g3<0#52 z#!Z|Yn;5|fm*AK?v1IP}B@PlFU;KRy#SGK@@znRH6b|<|e-`kZ%mmNrgtYW%h{l1H z6su1Roi~1!O)ePUJh5cY{-1gitJ9-zA9ZK(%@A>#WbU6t-d5_nWz^h>k>1fN{Ww4K z_A%-V(b&Xl$g7$+u_8KgG8pC>&7$Lr8{tt?z~k~l{PUp1gFkyn?REK_#Ls!pg83iy z^FKCmW$_CIb3ZX&m801^w3KOq-YeDq&5x_4!4-f?q*I(tf8@M>#^}m=>x@xkxXwP+ zCTB~S2*dmZ$E5sE?geG^h4yyx%ZS}xRb2+}1pE^}B5N8{9#aV1sJtFuW9);J9QBb! z>KHKgg~U5q$>CJp#`S#sEBV5&>JYGt@n3`%Y@D&bKUd+oomFk-NVY{Y2GjouCS7`6VLc3<~l8 zO8~wv0OuEkLUMiqoO|OtW$>q-Td3pD2!2Fx^}GW9YJi+^7@$#3M7?i^LJ{yP=Pwq* zv66h50%8- z4BlP9AFOOl)?CP+nf#f>pUR4Wt@SmF7tO2J(bM|3eQY93E!Ha&?kixharybm8mqCK zZ=J5Fjd)vtI-Aj=Ve~s^f784O)<+jzW|={ySx03eK))~6`$k#qQx+A2vYM(6Gqj>; zYi+}#%%&z~X%ec6ni})%fikF$#WMS=glfZ$^&8gQ*kn#_JJV=L9n8Yo3D;V_*>m=)n$ z;LRD}mF!`5VMd`o)sdPG#Z0o9EL9x!JbEE7Lw)PG%0g{}I*!rL7`%|H@_=rs)^-Vq z_w9O#j;2Ye75r%l8kZIx-KmtcEiC5)up8X6+Neem8cm z8;(%Uz`w!2YT*$J-(%q)u<$=v_?Z^|ZuFmYl>b5e8~IZ#yxhY1Jfb82B>WqGK9A^# zpM`&e^J^C!@w4%7a6Vt?nBI5c-{5?{(2;*K{tfw-*0-mK<{q6y;Y~_#Nn1 z>0JD?7S6Gk(Z}pTC;xN{H+#T|+xcwvfV+4x0XSal@;zU0CWB)^6K}VL+v)whCFgvL z{~H!RA2CLb+1pL;85VxPl4F%M0S%Y68xEt?Ei{DP~28-X8|JeZi$CjK6t$58IV(L?6;l-TrfOGX3D>(UWeNMIb zZG9pZ|15+t>AlXv?SAPWEjf0%f63yvy~@F$RR)9B~3njK0y8#Eq+@cvlrHtzt`fo^Z6wU=a|dHJAo5=aMWiG z{tZ4ua5ufPEPh*`k6QR8mYmH2a(XTP$rk^o1$X;rvnQ2$+WqraEjf1oygwk`CoO(k z|Ca;!CyYacaBlfl3hw65%m99~m(=B78NlBiApdUy_`hZ0cKPlNkn@DaZ|B1VnFn$8 ze23s}KFkc@zc_$@WdMIu0RIjP|1iqI)Xz0CMdIptyWp;#pS1Wne{SUbqs4DO7tEeJ zSN?+*znyQBWS)re+Ip_E@MPe|Dq+|)~7^XPAUIg z_&4b~NpQ-x^Z9g(pWlHD{|7C8yPjNb@w1DiAKjNM+>UprCC85UXBI!l6eiwBEq*&) z_41K}>Eibh!@tSG-(%rFvT&P!J_$HCf0BZ``E$F)Z_C+f;rxDN^m)s|`JKn$W0)y$ zly9f2T5wmNxW#Yh+u8vBPXzG45WxS(0RHJGD>YUA*y∋irMcq-(k0Zn_36enw^Z z_gVbsTlg^xk6U;V2RCq(UxR-mrz`-UZQ=I#iZbY!&-|~o#s@ZDC%9aE{yY@=|@OlR~TmJHytn9ksTly+FH&>UVVc+A181@|2Mi-IQ|yj9v;t%Ltu z@Hz*7#1xd^e0^n7IfkP%-Uer#ql>6t{mqj63xuw4aHB`HgBv}Jzmb2X@U3+CR|(zb z;A@5Mba2DB&B66|g-~dRgKrf2ZU;{bJ>cM<68eyXe^%%t4*mt9k2?4_gvJ!7awZ?X zBe=1FWbk_hk2w5472NF6HT*vpyxQUarQo#=UMcuW2mh_$Z4Umt;GGWs2f?>F_^{wR z9DIz>cRTn*p$8oNbfFJ9_++7vIQY3jA9e7VLaPP}-AJ-NoB63yHe5J^FA@HTgI^|i zg@dmWyxPHA1+R7R4#8JC_|1a1Ie4ewoeth5_%;Xc6?}(--zE6n4*m~<4>p}5!}-;m;_aHoBGY+=KHN_k3PSQk0T<_;70`C z;o>rWeZj%acZ><5gfB-PXw?pGzE}MBoRh8%Ed*Ow5JL?CgfPA+5mDbIa}WtTNfPOGah-&`}1yR2`<$~2f}Zs6R+`* zVl`xl&wt7c3UA^w0bH8>C1p-G401K`bA__)3~8=$c=BGVkI(Ayad zw+ZH!->`(Qbv%sTCVUTW3gzG7i#5l9Ff#wxWts3MU#O20g$m)RJt(1&v8h-Jlxtnw z@SOH?%bo&`evrSI-*!CR^m7>Mu&8j`W#Ib{ipu@C;m@0SzOvw8ekw1VdBFu2OrJS3 z$mYZJ^Q-<^n-53W$i-EwYc=LRPQsou?1#as=%unn1v_>+Q5IMvT{1KQYpuQXo{}Us zqnw@W`5^X}C$LYkVvymn4dwS(AdS5yM`Zt)?D5%)HTF+m0a&(N<@PtJHPoAqZ$;?q z!(J~Raa^@N%r)KEt3&et-2dgk|K-5{<-q@ca^SydEwYCcohGST#j9F7j3u^rj*4>a zaExn*mrSf!?JN|YHy%D%{p&9iMo>P-nkfU0W5>61eAfI=u36=nrAWQ4Xf62gFs{&A zR{9061(gp_Mu1#LsT~LT;0Hk3=Z>g61vVZ3%pcb={|n)Zfm2SK1Tgt|RRI5n0Q|N9 ze0u=?wE+D40r2H>9#z`quN z?+(Bp3Bb9=yih*88i1dOfoCE9_XXfw15=29RsjCd0DM&d9<(;{Zvyx~6M%m!0N)*e zKNf&L8h}3)fDZ@Y<1xT4ly4shz-I*D)dBd@0Q~9zJdS>@kUs4J{M`Zg-v!`b4ZwdC zfd4E2e=-37V*pNrI)&0jn?Hr{a{}-=0eCaI_(F1)2Jl}Kfb+bILUKM8fPXmv|8@Yr zCjfsq0DmR`|5E^7jJKac`oA*(KQjR5IT(fH!~^iU0K6#xzaap>GXVd`0Q}nl_^tr_ zCjt0l0r;~4_-g_9iI@l~ly9d6;O7P4(Exlw0RFK6oNL$$>5~q?KOKO7Edb|v8inLP z8h}3^fWH=ihw;s@ko>a(@bd!jc>(wp0r;8#{H6f>t^oYY0r))u_#*-M?*s6c1Mtx$ zh4YQJA`9gwtx6WcFABip0r;W-{K^3Q+5r590K6vv|6Bn6wE(<70N)>g|0)0<3c%kA zz{dwXr`{WYpA&#z7=X_Yz?TN#^#S-b0r<@U_)P(LTL6Az0De~hzAXUn4#2kt;Ce&L znpD%edhQ{C6$Q1!#Rv38fka(=AtHC!M7HXL)_d^dr(Yx$C`y7N=#)~G)!95 z!BE9~AIdXkq0wBGSXSpPUXrN0tUj@5-r{Jsx3HL&JUyO>rg;+kXO()ya#mK17UqGfff;sms$siA32TWU$u zC)%4fq!hX&Ss#PlkowxiMtaP{rmI!!RJDvHmc(o77B9IhmppLSCZm_Z)8RXRHbvIrJY zYNECA`Wh5Ry*3Lzd=EO1fShOyh$6`f5e^g49=Srm| z@#Tvb#AA8UER8Q&j-(|QtAs1IrKq{kdr2lxXEkIcJ z3u5yuuLU(rE2r19`7Djj)2XP{*xcxRl_((>q6|#31Y!t>OCS}i7Q^^)cVT_Bu5L*^ z6Jb0Bg4LVEJk@(^zF1EjHOpEku~d!nQlu;8oC--@R8?ht@0E(&>7Z- zYS*v1ZdIyjL6d6S1lq4&yQU#W*DsF7YwK0@QBi`Wz7~(}9D+wUi^l?1prPstzm&Js zYZ;1Qk!r1^xc9U^nw-B__i{Nh=ZVUan7gb_m8bGo{X=xw3ZJD03Ct1bj7|1wb^sXH9j}D`8eCa&p}yyn$E?l0Ie=ea zwWdIp9VrOIa^*1Xs?OUM(tr0MZodcFYXSH@-nfX|kl$WkG1-dpSn4g_~~{gxW0Jd~YJuVd1hY zLLr?N&b1N7ZI&Cx%Qe%+ZIc_~5d-47UG9m0z`}P}_?Z^I)51S!;dfhjxrO&x_#_J- zu<)}i{Gf%OZQ+M3e6ocfw(uzye#F8*WZ{DrevXA7wQy_6MQGTvu{myh3s4pE3(K>sRR$v2cDHGtR6Lr8n2y8&_fR&oCgaw5dVIi)rJet1aBN zN8(wyEQ2C@sMf-(6rz7tSUC6W8Mo5HFESvm%@!`pgp_Zah0F3Ag_|{{^q!*-{nKgj zoAuuG*=*q-w)nSMc(sLZxA3Ti@38Q>7QWNMYb^Y33y)cNpM}RQe89rzS@=NVh4&Qs|=)FkY=^taui8#N}8fVt> z5wA5Mu4R^-k6L)d!k1Y1WD8$v;T0Bc*5}ikHeBf#?=p3#f2u8fxrKWceyN3*Ec}Rt|BZzYS~%D58h6yf?=&E;!xr9a;p#;JH0#e63ojY1 z3F2EVywt+CS$LU+-(}$u3;(2rPqy$+S$Ktof7-&UEc`PTUTxujYvG=S|DA=`TKIMg zUt!^YZ{aH~{2wg5*}^|-;cXWFIScQw@XuR#MDE!=Nf)IM({~x%?`!`0^D>*(u9`-R zMLg;fCu08ZZq8u(Sck@_RONoE<<_pdgh~ZBm-pd@SyycUxpv6Qk{Lsd2hMm(#J^0g zX9+IVU(itKC;naj4Q1HwTo9D`pAFA3Ic2)xj{u|VlzO45P$*(<~uTqrY)mCA^`{)r2$jD%=pW>o)ziNqGAi zMBM1ldpeGx3Z=iA1p{Z&#q^(ue-qx6f1$V;u0$&2p^2pQe9Aan-SCv@mL2&IpUmG- z=pV>nIXC_9fM22TZKD6RR#@J;;ni2SwQH^(aUNx5BvM&XQDObgoPkXVGpjDdt_8aP z_<5AuPt7S&t!}HaGhsqVz4O3S`>pTh$trIZr6zhkr}D^~F`ZZ*m@2`(fljh}>HCT` zZ|2lJt8@De{;T2j2`M-&r02YaJP+YX#+7+Je9tYg0sqHD=HW!e99s4jln%}y*_+Iq6Fc#!IT!`m(1kEK z`|Ezh(f1S}`AnEVglbBHG&Hr(&c`q{1bb`7+@D;tHT+i)gg zQTllt+IBwm?!>Sw^+Ni!l8t|lG{kW}2z*Y|DOy<)T5-7RWkdm%h0s($ zoUQg-0Y~}Z=y2Bq0*>~<6T)5J7w`lDGe1vf$Ar87QN!(HG<-DuD&pr*hf$678XhK| zDEcL|2ygxqj$YV?{6{HdJ8-Y|wj>TfTRaN7Z~(@`08u!V12~-uSgw$^Tmc`IZ_&Oh z;M30{SD9&_P!P*Jmwu?TI(*N8?0Mjqa|Ih7M*KsY{qh{h-he{MotKjN_sRj(#tY-! zsCutPGmnHnGl2772B<*q$BK3zIU#o9K>F3wH%>}Fb;gOiH&66>Hxxygr`;UO>>t&6 zMIuw_*O&CcGcpfVKD>F1)R)X5)Qa85$F?7fW)6A{!@FM{8$}(8ZH`@1)Z2k0K~i(P z1{{m?mYnB<6o7@*sCx6Q#p%JK)cZ3JrJvh4>%R7gp_7pLNg zFa6fWTTjaTJK~qfhk5GQ#wq_k>%Ln*RCIJtu76SfV^jO}wf*SOy;}eDz^I|0sIzVC z*l_-YoVfJzGOyuzo+^c7yf%N8g}3QVRDzA+JN}JC!>DA>wMfz6b(bVFFD>kTF*P%D zPV`5tW;l;C^)4^-JkF~a1c}{KH6{B;PY&UPt3lH!bNVICAviC2z3oLmI0q7NqK^)k zslkyQJVUqrOVPe*%IA;$QHb2tj~`Wk6=O1UE%tN0sLq{YPqM%>N9W>HBT@VI1TqLr z(Y`YwsGltrC)(+g(Q=aVbX4sLL9%lZ)RZUXU!ganW&Xq+Xg%{r_q@yNxvnHLU!TZ_ zD)=D}$FOetT_+;(GRsPl1EuBY<__T)SQNB>NEIqMo(uZ?DAP}kI1dWPe7!6ul`PBr zvVT6bSBHJ|Y?LD-GYut~bJ)*9L^X~DlOqTFmyr{Nka_*be9%KzIT#EIz9X|@G-58h z0-{It_G8XO!+ybn{uF#M z>jM)+V$88PQj9aiUNTyDGIzX&b~!fAc~v>V>npm)Sme0b81*< z%*0&#Va;RIDq%>)Vc{_K)s^2f)<#xu%UqaG|^qe3`nRW118V2Aa8s*MDRI8HyL__=1nY37vBmi z{>kyhTX6Zv_?v0WpZeWPCb(1dMPY~J9=V|$^?O?G%P7y$4?CxBKLO_iK);20Ta~Zh zg7L*$9ccde84xjpa^O@P(C_wQ?7T{knm;j;!WjYpq7zGE*ppROqi(%D`?bwabU;#sDwUU@_fQaA1^(4p+_@^OeIIewvzi#qbCS-Ow%=OcDL=5$;zewoS{sGDFu zQpfK}xKRuTN6gIS+Sn7qH(GINJ~Q`fUJXx%-)ISBFkvrvVYdEH?v-Pt!F%Gy7SyTG zUbzX1vv7(Eo%_IdKzpy8Y2Q->uU7JMeZhReI|Wy5ANQBypXK2?&Sw|G`5M7^OQj4{ zn+Mh-c(oLsY2(`kUnzJ4Xu7ZApK=ZfuG%`VAK<@GyaNIFLjm}sz$yQzWT}bwIl)(s z!3~^h+qe$nzfioRQGqCDoA9qxv|yEReN#)L;H|KA zUmxUaS#7VMpIkf_%VQSLo5%I1>g=+5WqCbkhg}&Ow@kPDbd#~`Zkv5qzOn$5#?r;m zyV##!-=xjKiv@I>d4zFxgsw1FZV3* z%HEbVLUbb*R@)2>YnxWB*Wrx)c|t84n)2CT$(@Nc2Hiyq7<#`Z)ttwvAsE*e`}D%e zB<1m;oGR*--FsUd1%&u>~Q(Hhmp?ZKV2#$@ps|h z$f*(Bm2;`Z&u5U~@3e4RpTDsvW(MF9gr#G?@!vR(tLO|~ttht@Sua6=WvzP?ijauezrNdd48I+z>J>eIeF0GH_yW-9Nat) zPo@AkBgZ@sCp)-#9$x9-=6TrZ;O4ofCWi$YK@?nnSDDyuXz7k<6b2|QQXX3X$XDDwIzqwWe<$Zib`^3aUgP&M+z^xMY2Z+&gfDY4#^k?YybL#m%CAZW^1~7# z%a37AcvF6b;->8F`o$(RAo25?nvp?&6P{{1D$+Z&LI$;ACt+^-`94%Ae1#NTvyztk zal@;D6t>!o_$C%)ud8zU416g2tGu&h+Ow#ZamJv`x<)$Fwo0 z@(^c{~_9lPt$E@v-vK81ByX4s?}o zR?*`7$fn^%6OHg87Z>)SRp<3QG z^Um{nyUIHuf3jI^6vPZjf+@{$}|$FnPVIk>Mjxc*{=s?dl|$c}WtAZv*&NYUcfQ>`eUk zQOxn~r^DTR7RHdvNCFPL{{ylD(wlpuFQ$i!!nfapW}SZZ-Qli(Q8)N%mP9(jTi*@7 z^sD$Z$BLGIb#%D<%Z#??)8#69q`%DTO_g_49#0lM&$8`M>GtrAfFDl(go@L{LfCpS ztB{&DS?b8AZ^IbaG^Gzk6*_$j{Ti!MvRV&<8jP{@GK@p?K@j)cKrMiT=NUbW% zeg%i6V*W2n zG!4Wmd>gqK-cUY5+f!g621`a8LI1wW3{ zvm%;#lFf9e1mAoTvwm^iM^uNPK22nPzA*E<#FU4lnP0^-N0ay{aZU-E{tDKv%)_XO zv7%RN2cLTlA0jV{Ue3DO!@7c8X-f|mw|_f<5Qw5Ik@;m}%8SX2u8`SVbQOz*LcP&r z>EV;FKTCa{^B#F-(=(yct`oxDoDXIr?Rpf zLWzo@v8)dXd}KrzeEfNp1rpB;qOy9KUneuiP!yw* zQ-!c7{N2eZuXko3_u4_^K3TM)-%c7fZE+5S?MYyXD)j!%Zx}43F?bY>^D(=)VIsO^lUQuauX8qw)rwnwRXQaotn1Z@q3%Itny`uD1dc9o|w5zn*0%C_K+i zM{=?5V={-ri@Q{BW4fbo{E*+&?nkoCvpri4ZA}{}!+qf_4sYFtPAU6y{75>2_&PDt z&F;pJsrP;snfSMU`_EwcDdJ-JqeAraby7DTr&Z?ie<1r!6+rk<8c}6+-Ed@kMIJk( zQ;|UPsLj?OHau^LSK0VE8XxgE4R0AjS75TFPjTV-QGoAp@)LXC4KO`YBtXL(%QxderMn^0>u}Xh>GC4 z$Q6-EjghM&j5H-gXjNO=T5~^}bNAr61h4ga;yRr#Nuuw?+y|De#8*UO%NEvNbx~+i#qm64BorV6Oo-PYglhC_D}qMl|Gt?9%397B2~L|2B*rBtuK$__5;B zDXgr#B($u~m=*~Mc>X2kZiat%!6hMMbOJYZAs7e2KK&Ze$Ty!Nv~LC_v^)`uFNP%# z@$ikkAle#QLNOLL5|_tgnqCsE^?bp3MotW`$Z~9_h|bezT@v!m*r4hBpUcmINmDDU zu#f7mUZunDLv;UReJ3F ziHC|uJu_zR|(k1z+#rHwtd%mW{U# ze}Y=8VlZC26>&mn$OduWBY3HkE>0>jy}H~Kp?>~W{hkmynuFBc=LCP#!M`Z@mmGYj z;JY3CTY|sn;NKJc*A7l{l-j|P@6iuZtsxQk0=XW*wN&oy%Wnd3>QRWF?XM8dx6wj4 z>rEm2y#aVd0M50(h2(H5r4YU<0N)URZw|n>2jD^Wt9d4SA$|C=RS5qLaF*AhlXR)5 zei^rBjg49e0ovetRR}+3G=x&Cu9=SYA=4^+a6{Ad(CT%mX_X7S3mz!M|=yI3k*N) zx6@IdY4|tz*%m*a<_15{;6gkG+A&r-bDfU^_HCXLYC3TtZ|}z zuH!KHmn?q1HyHdImVCRO{LsQV);0XUwdB0t!tJ$NGcBCy{ilpGV0W3OC;OS$LHtCvM@hEc`0L-E=is{C2tbSp0Un`YnDt zU4s_C-4DDHz`sOZU8s*;|1THZP4A~H+^)}GvT(ay|7!p~AUNYa-O8VX7QdYjg8}?U z1Ng^}hfp}mKLh`!eBUKF(`DD&Sr&i9;*VPVwmw}JZueK8vv9k=`i3R{1D5>nTKu*? z_gT0t{}D^hnULFbHM}zhGYJG5dS8B<_PY#mpY5T+~U8|;LRg0pSX8997k zqGR7hXK?OGpsQBDIeewyo`bIuyw<^61YhCcHweDc!P9~_JNOpC+Z>$lU34A#;_LrK z!8;xNn}Tn4a4w{w+omtR9KNT~ZPyncKOp!H2j^Z0x}Eys^FJl{-41?K@ID8BP4EE+ z=T|(sgZkpjf2ZJw96TcUVF#Zk_z?%6E%=~=Cj~$1;L8P%2u@NUg|N?|GkCS4LZL6q z)!^p6cCUk*_uBvR8d?~s$un0oZEb7Asz???KX2T2S+>obnK28PYDUQGJOeLW4qdkSJ;&dbI&XLY|4~jKOyD* zqv83Cpk8`jQ-|fR3BS^=Jiw(H_}92#Zv00iqlPKWauMsEx7GMBlz(OA^u>IN#LxU= z8M*nl0vL62)C?Vd2S7NtT#f$PHxycl8)6j(kn58Y{x7W&UL)b1;GvWFl3T#J@!txb zLi(3V_#=)ClYRr=fSW@37dl&WtQ1D(ABP?$ys3YM;%1Pe68{c)k79M4Tp&EFw_Emr zLfa&QVJE>38DcgU3cphH-%MeabHiheaQ(V9>zYQa5ynx!h3w``pHVseuU#YDad}RG zYIR$UIhBc)or2FJ3Eb=sQw3@{T+fFG$>;Ulf(2R6_WvWiHK4ZVKa15H{a*kEg9lmi znY9)@W4)d#to-$QD!2_lOhXOhgd>LW@c>YmBB70*^r7Q>V0YuM;-_7VWbahQ7==lO zH=yw=OQCNmBbz5a{ZpVA7Vs&3&ElO=$oBBADp+Jmo$h6f{R2tTo}$e)$HTiWhHv`| z9?WQ5%=DdSiP7s*Q#Xo;_bCz8CQI_duTF$p_V)8sIq0B_KCJe_7oEAUC_H6!x#+YX zi(OL{tHZ5WBGo(R7#FL&Lkmk}<{>cyu-%c~Tbj(|O!vUP4CG-^N&h7ft>kc#BJ}*Q zMRPGrwV@G&QgFiZQDgE0(9lJOYQ=79YUTZv5AR~TH0xc=)hzHyiop@&c_`Yq6`cJo_}TSy{AlAA+Wv=p#Ozidv(7jLCQt=0<2{BJ)cwR;STE#g*BkE?jAhW$1BO z#=tTh4ypEIc_NJVU?DD6m3jxTHVv_aa6OqFdOK9p;Sp9*Jc-PaZA0-;FEbo4=H+I7Dp>XGGC$*ocEYYN2 zDoT}M%~t1Ytco7A0UH^t6#R$H*6J6z|1b=DT!rXL$X!YW&dog zrD{0j_1;{5Cf8(UPS&*<5p=&(g*zFQId)2MXVuj9vpPG9rnX14_EcPng0iSssi<0# zGj!?dZK@EWSSXYIBqCY84U1$>rov4|54BoIB~4b~C^<^?Y&Dqteg`@$uQ)2{roAlw zSmuzmj9F5JHOwLbcSFB)`jcPi{v`9d?oy7W;?kwCnSDgJXcgQnSAPQeDP6*Q6Pf+n zlxHHnzbLwS-tlO7*Cp&xo~JDyEJ=Q@|D%=&-7%$>p>t^2*S}o*{Fq}7bRZX+4*kO#!Umq@+0)Ky0f6x^`oAxrJ%l&#XqntINw4V)I zsezzdxINuVqY7z5a;f)*cimhb*;RtVP(0Z2@ScJ6k+)#3DSQunP^#gs4hHHut-SI@ zENHIoJbn^(WdOn*mT-RtcUTslsts>xR=2QA)_@7iMCOS^@0I06;JO%lConXDO|d#f zpBe6&0~$V)!HZEJI*aSaCBk3&WjI|28JWk1c4r>b0pGx2F?`Qb7-ri;Q3&t=(!&71 zVSx3Iq3(T{b#Ges~ zb!owTnKblasb_g|rrPn%zJM>0j2oThVm?1kS#BDZgl@x6#q*_@DJa{&p0Y_R;kAlz4MQIv-Y8$ z5(XcW9TGZDe zRj{WGl}f&tqGor1qW%-+6mvyAM~XVU>lRuZY@d={NMU>qH=U)BBNgW>e=&`>fD3_W3mdx#L$);^IL=1N?2 zv$M-*pP72U%Gn{ty8fAD=J(mJg3s?C=^4J`a$l`l+%ZvP`~?{En$(A~T*5LkpPhQw z2PT!#rrv#(4LPr0O|f5n3vKF7CD5sNAByfDg8+X(xBAxlbx`LLU2ciqdF)VAm(yS8 zo85Utuyh)!W-DVaAyuajDe^ME$^Hn9Y4tWMzrFyEJ~Zi2_EYFcq~4)F8u|vt?J&O= z1-cD%cCu=QUEov&4*8WYs_yl}C>JuE4N1w&o7scNFuk=*zp?dmxIk-fJr}EP-Rrrj zL=6+nNE3iROt|`wW|+X?Xg@~?IW~+ZF_LIS0<|DK>D9}6_Gt_Y81-+V3ZGBWOB0#n z{t!ah!t*$A<=8-l;K+KccK}Zuj#iEj_CTf?+&zRAk?iFLQSN1A{4X)wWX+3rBaAf& zsEHS?NaiJZWMMF-iuTYS`S7ueoOS+iqVrw4d3oeYE)8`NHRzgl>V=y`FcHV zd;`Jz2nfXI_10mBUGJQi(5nsJh`9ArJSySh-N(4At1R5bFB9hdh|k^b69DYOzmMWw z1n-f9ryxbqJ}zwPKg5jIFN7vZA7&mx+mWU47m8r7NwY}kwG%gdMc1!`cwxkbN)^gL*`{2( ziuUbbIGxUZzANtf1%A})aOH~<89#>lIh8$|?N3*L>t4oI56y)aYUUc>rA1m!kP?%9 zi4EP9f3$Bi*&hOXj!yz=_5rd_GyFQfF?M|aKmm^g$G0&*zF(64!NB+uJUHqG-}fZt{UlIcHiYP-eS5%Va`&fs%mwrIC+IGseS9nJ|79Mx zoizz;l_~MnR7x9NQ9%Mq?GvgaLMf_oE@Wd01dAI0QA>cr01BJHEQUu?(CN#X9hAW6?y z{2@1!@tEw1qODy#u-XUN?R^29X~bPLg!+q}%g?FAs5dYxYEBJo{B5DxB+Ru*shI{_ zIe-@Tg#qqYMvAO{4%)?HnSZyUQPUcyU1dQ1n1L z;}Wx;Xn&>;HGoeB7%q)o8Kni-7-;6zTS=J_8hSk1w*Xvf!fhAZ_=x$r%7LLDT1kjr zifwSq7iRXWi9|`RnuU84MsI(DRAJKXWIUwq!#vXjrI#otH5rM!i9-TD2lTumrnM$` zJtvnZGKaAvSWR(iUO&}%1V#NxN&O@=l?q0Sb(aO*(WU6P(t9y&W>wpzBmWBW!Y!?EFG`|xCu zAp~ag03As`Rh>GKmN2>#D3@q@_|$OMarA?@gH466U_1g_8t>#=NY@b%$;|I0bCEog zF0mkB>X@k=*fNb<*bvUIed?7GVFgu5BNMpI^Uz2J%m`H<%v4H*c_qi)+MIQHfDcqv zfZChWl`$I1_;(u4IE>J!g=WgpFGAE)Q-r1tb0EXW;_Na$1F415tSj-Rz06#z+2`s% zCK*=liolnxk5fZRCg*tOLL_F;_!Ws)@Z}-^t-dL!%&mNUb@=h!fZi{xr|`PJtGts} z;79R)1U$*|w$;P0bVwyBHYDuJ(BIfy#&3^(V`#cOl0@#}6U%wx%F1J^WUcY= zUg54WAi`UR!3AiCg1!Mp5dTD?n=3z^bf}r%TzkS>T(-iR-$+U`(N){2gqA%Ew`xj7 z9tju7SZ39T?9ToX4{DAt*dOTr&+i57K>+q()1reJA0erasz&-L{DOFlME5mFeJTz9M*3lQ*@z zIesXKrz0#ofR*j)c|6oO&F|qEg`qA(MLhp21=+xxDv#(#i9~dKX&LQtple9ZdNDQG zZ@=a{3rFJ~-wYUI5-NJ&Ykvx9*>a$db z)E~kyWy{=ldO~)1rXS=hp#<^!LGx~qyBf1BDuGW)8r=>{W9L`Wqu&Py+${^ z%E5NHs|KM>@1u)Qx9e^^eb8s1NWvHAvzI4Xx&5NO(?lD@WRM@#g$3S=T@os`$B;52Jo}U&dJszW@{)J7Z*= zHU^Qc8p)vZ@CH$j{>3gT`(xEX zbwV1(C-Q~Yj7qo~aPXg>MUs%Vu4OEKq^5+t7=U@1-}?g<4%GSOg#HL5uOI-O8IJqm z<-cCvOG0Os$|)Qgkp#W(8BP-DG563!jC-wde?L_MZAw|c2ZTS((LKGc!09;V;}-ho zbI{84`y}7gMr0S?Co2ck%bBeQ)6#pvB~U}DC88?_%oxJ|-qd#%<^K$#cNLVc1--zxZsQ2uGaz<+4So7CQLK^TbIdsyv5Vy%=+tE~I>~>xI+SD3s&`F)QVa+uy zO^u3u*SDgx;YU)Ux*S2=mnwFEsLFuVEv{ zS|!tV;kr;m)B4ngsjV$*ZwToun7Y2Hp=nK93K_MoZGF>*4NZ+x)gn9-=0?M)(59B_ zn%1_q8K#BU20wLq)A|j_w~Hc`(<&xy2u0e~x29SfTG!4wbJ7Ms56`?f6j_H1T6@i$ zGqG@OL-VT2(7MJ8cr$hS1vAz4{Hhu1dO_v%&^4{tC3pUe%F3y;W?01ZipuGVKj*I? z1`&Gb9_=A~;rRTAD zBD$O->rl3*2A#$>ZbKm<6@ZNqR7>&HZ;wg0d46FUu?~Ww$=@6*g!6d ztV*R;H8ih7ySi90S$uWD@T!mbTt&n?z)q!3s*gQV!AWzQoNbo$5+<6(XiPgoA zj+=n7Yc!k{F;`qd}J4b=>_R+;x;V21Ub9r4BU4w&|LWbp4A?f}O7U zqeN2tmjVKv)8uNRkZYsa4An$u3@B6sd<&6p<<&E^DDX$p0%KC#7 zMRe)U8?Vx3&gpno!fxdmD`LYU>6U$Mad*LFEf}xr5kI@qea+AFT3?n*m&bHTJvvl0 z>Z-!&`Uvy93;%bDyl>>!BiPrF^KR66GV>?i9V!0S$hI(dd@+tUsi?_sHs1K_M}qUm zH;-UsLf*zvrT?#NX3#cDfSowRq2+kP1FfxmeLFjTJ!= ztQWQa?{{XcbJm&ck+z^e|K9caoHMh(vu4d>&)$1x&CDA2F2V)hO~jidK;JVH1@8`U zwj1)_CAfPB!Cx;p0v)+`2z-kK9~3+z?&X5JjWY1NXC5x^ALVn23&}mRaNmg^@hyV8 z=aUSexD5}i>q(#_8wq3^HO!JmD)m7Z-wlmQBz;tHS&Cl>`=sDbMO8pkQeR`-zH0-g z+_Q&D*l0ocx4P>wsrLu?px}iMqlDipc%59U!|@Au9W7TtTy}tobB(yA@4AaIlCNUO zj|8Xg#nLW!F(&2S117*<54REWE8*X3cF_ z%AZ|zNGfeX_}?J>`h03|M)ITA>iXw$OiItsP`uIcBcIMyG?iK?_`LzXRB+ltwRDN# zdJcz%(Z(X{`PqQ~GQlf@`sr}^*i>2thw!CU zhe`Nrjt@430{(9ZeqMm@6x{VGjGXTa?rh>3{87Qnf_m`r$D|$zB%q@IOWHBhdFtl5-+(cRm$28-ZMZ z9PX3||Evg3n;c2PX_hHiF*zcDd{E?fALHfw z{zoeH-3UJyizcP}jL6B*pa@96|A%9o!~E+x46aX)@Z*6e$(b0zr$q2KMev3QehF}Q z-)R^CGoIvZ zClw7Z)wqzN87F6$$ysA6G2>(`F4efmHQun3=X8;#Ig?G(ohWF@kmz)m;B*&vy0_xw z|GniVFTur~;^Izqd70`gJx%qYKCYMVLZ>;I(|jqMv}sP-G{-;9bGlqj_a*bvynQJb zYpRn_;|)xCzYCq>_`RK}sXjkmvX|f_Pjx9yuZ}8R%8_ZXR&_-)?K~}Cz19V_ zcCBmoJZn3g>oQWmaA9-t#5!aI8o^X)YRzlbxBHl|j@4-cJJusLCfnJJ1Kga?o5_Nl zH7uVI)Ume1H+omfR%)C5IeV!^)b9D_O%qx+5{~CvVXv=T*1mqF1=g&;!d|)}F+*1t z3WsN*c_oe3`UBy7Vy)}iS2eqH^Q0!%uY&5(6@ZVK^N3}y)l*h@(^;s;W|V8?GG9>C zc=Lj~`Z?ZimaA>DvbLM*=X-Nuyz-GHqEFq`k;799vkU5)mtWnrveTzYt6;F%)r^Ay zr>t3xvcnH|O6QtX{drBzG*7l-^`$F2yOv)~jjYri)vA2ekaPrz&sK@;6&)wyHI+IC zKg@tRnhZZF#J}KSjD<_(aGfD3#2@pplXEWoDxZe=NtC}3KgCZrxaH3p-14t8ILG=b z$M>(jeCqZTcN1*54$I~Hr^E3d8Tqz;4r4(@&JwsP|7e4sXK=Oo#dOa%`00j!sll5J zeu2T48k}2qHQg42Uuf`6g45wAUHSVB|3wDp`V3OY?-tqvXZ|h!V@A%!2vhn0WAIB1 zJ_+A#66G}Gr~GpaZsmNz;4Oy#I|g57@E;o7*8g6E+xkp1BOp4<@zeZd4Bl$+%MIRQ z@J|cQVjper&l!Fz|Jw$)_v_gReuzB4lyC3jga|%OaEi0f(YXe<&(T!|xBMS8xP899 zZ15IS-X{!hpO@c9@HdP_WKdYHg@QBxRt~qnkwScf!B-$$@8dRu+xNgegWGm^lBh~3 zf2EQ0Tm+v;oiT{~w%yJ#xRvuEgSQ}#=JVw*!v!czH*0V!{}O{+`Oii0(~RvZD`$?u zt(@;i@Rw1^E%~%^PBFNZbCbba5Kqhd3xiw!R~$y^!|QW~!7cv+w`^~Cz1?VVo6q+f z+{#%kx~=^l~m4khQG<+n+(6TIkh>$|6apC-pKiIgnz5SZFzrh>d-xB7+xzluBgfvCM+|P|?=^C$!`J&V@(5gjSl%Z5 z6hBgM=I2!ge?^428SdUl-xO&F~+G zwDrEo8vF`_Z#THDpC1_9*3aVxxAk)t*a@fWmr93(k7B^)}t`rxB*|&ouZ620zE(w%xWH z{6xe5X@j3+@BzV@ADjPs4F3eff1klmHu%nnoLz?h6vO{Sg#S6i|60TUe1yM@oih;Y zxe7n6w<84)%XOmRpJ@0eM))Ti+_ujd20zcpnQ!p(4Su=7ZTq~z;I@6f&EU3u-ez#y zK0hQl>w(_}t%pw;etUm^X7DQw|1(C;sRkc)EG|HlZ`;o}gHJ-3rhB}>Pc!%_2A^#3 zw+J5IuMLL(^@jhZ2>&|_f3@NNrwISQ8vYu?|8Iu>Dudr^aNFPBZE)NFeA?g}jGX^9 z_|*m<`AS@XSPyT-PwR7~;H>{C2EW4a+kC#u@J}`T|6*|aTz|~q_Wpj($hYn1%ZA^+ z2fh~J|E}S;?|~mj_O&oKOX!*A>JJ%;~u!@niMf0yB}HT++Q@L$YMCy4c6`wzDp{LKi{ za(&R?7aIJ2!C7xJ4gR3vx8-`w@V~+E|184)Tf={b;s1Sve=IvyAm-;x{51dL1P|}~ zk%r&4+v6hqlMMeGjr^$*{#t|E??uMo_Iq)@!Ou7HI}L8X7rh3*!0_Kavkd=ZhTpdTL)iHPQGNzLy)PAl^S)UAD#M>O{MCkkxxr@} z{#gb;+u#!nzQV|{@9oPC|7^qGW$-$K_Zht2;O{i}9D{#c@UXmF4ZnT=+++C9F>-!j zaQpoJ%*dH*_@6fXww_0^^9tg9$>FE>Wt`w)K3`|}8w~%H2>(38f41RY6yd+z@Xs^+ zoe}=`7=BxC?>GDx89CpK@b8T9ACpF85bNg{{Iq^fOXC8>`muVj)6+yfZom8IrycC% zG{UQLE)tw_nhd_y;42J%gTZb4zs=xwynMgl%)hOl2MoWhpPv|hzG5|>KR5jC27kuj zHlI}-oPfe~PZONwwdtN|a4V-HB4@qfw{rLlk|^IkFT6)2;&wQzXTiHi>yADc<#ciNjx{g2Nd|n_-nt8vY4)} z|Nd6Muj{{$6L~6USGkwd7T~&$O6O0NU)MkVF5uVoOqo%o`PB7Hn*)58JfAP#X1%jb zKN%|$Y9?c8i#Jt2xwW&4i*~Sij=P~!lh>^6S~+>{f+eSQVu#e_V56n`m2FtU!DR<8 z0i_{>RW8k`ATcApK55??P^lhq*{x$+&d9YomF!f3Hpu(_F!-5H89|T?=b|?2zZsM4mI;u=r!Yb1V9O{u3P zekB`+AuYc`SHhFjel{)j9Bq;y+s~o+X?$%z3=Y$FF{x|-ZIOA;!{J|mUl{*oz{0iz zD7A%yDbVU5|6%!$08di?vbD zXi^e3;H`(&$WXyHXT!{2RrG!V3BtVQKF5>md2+;VmKfXLf9h;% zdh-TbIn-&K_&?5+6RmgjU+4MUX8ijRn4=91T3v_TN+;pI(N)-(KZv};h7zoZX<@c5 zBX_|pff#z)_~WiOq7Je!|t9x>&H=_ zeLH@nS9<3!{xffX&AoqoCvuORQqjkEl50yEfO~?Ak2qR5CG^~%7XKn*gENR7R+g0 zEit&_)vx+pFq=59^~pA?i-UE*J_fqD>ss5^`E}KH#jz~AmbKMby4>1vwOeZ2isijH z<=3v%E?pq)&iLh$;$opvE?<&e1fh;j#*f5LcsYJLhO8zCB3^-?;&lW;#Ccy8Zzc#L z&hNeAT?9eI*?&{~-w1+;+p+FF4jqm^5y77moVTBSAC+Gr4?5-Zouv3ggIgVeUCaA& z!#`j6L;2?$IeeB?{-p-D_4BTXoG%!D_SaO-!x8>{5q^D7h50;Do(tB4m9KjO8O-jV zrprBCB=YlFQalYmiNV6+uBW;GBF-|C?(j~5zgi$gF^SR+ z$9+{hpfp2Pz|{6w&6AWdo_kiDy)t@+-VTY9o*Nl?nT*R%j0}!6DZ;A~;f?QhIlCN& z(cS3V#^65lVetA(olP{}UmZhXz@;NIj!Jo+j618#)ea6zas`L6Ln${hv$26?fx&y6 zSJdA%p<1fkjlp12zPmQn^@;32E7I8dBm8Z941aDQCikl`{~I5rZ&6ue-|WhQal?D~ zjMP@!Mp74S<5(M^~YIxQ9NAFrEuj(m*!;1S7xwsSOwn zZp{DER)O3-wVCVdqQ;wn8+savIXlP&la?^13FG$e*ebN{Nv=|06!om25?$MdP3tN@ z&UWqpmP0r^MfJJCc1az==r?Dn{7^W4Crj?r&?00mJMe18bHn7qow7F<_DIhLAI8YX zqF;f+p6HyvFh+K7Anrz8le%Kr2K+iNPpxWSc4=p7&02S{X6>4lsYz+qi+*Ej)#{b) zE8duL7Qj-BTj+ovsO>5gWWUDNW5@_vfuDZscH-6I$JPzB*#jF?)~=C^t-D8f+fT!7 z5#`2>I*r5bIm3q6urkG0ruMCLtOF>K_{{$`$JYFA*|D|O1v8U0woVJbzV=-`kr{L# zV{7(JxO-6b8}1T+Gn{8kL2s`38G@%35I5u8F@-UZ2GzZ3epdwl zY6SmI1b;k&KN-RIMewm`&`ITDUnmKuU795P^$|Q1!52sHeVu=9Te;gA?ly_LUEpqWI5y5V&uu(s zR<^PEoH=tA)h}*doSoHJ-|Tk_FIv2?VZmI1TH9AHTZ7%-PL1$Vs6Du6xO0u$KD=~# z_0038(&PX(`?s&|?85uoZ9M1baP9i`RH=4@SHXU1kpMFTtNiwDqjV{3>2_KXh@9fS z9!$U8r|$wvN=pSvL5YI7#pTcw`5Ta+N8$ZEhJPS-4LB~)vGef+LB#D?yV{|CoWXH} z^85Fd$B#Amg@)gb&EIP9R~i0y8JzD*mH#n=^NX#x)v++oid!8E^{I;g*~qc{hoe1{ zSYCc3l>ZpP+2^zTRffMr2NmHz%kW#>)Z7Ta)ydd;yV~&Edh0W|&F6;={u)!RZwt=y z@;TP>dV4|sKBf)+gyFZkvS$o#b!B@^x+fSpstbA@uoDe_2r~j=J+u3)`I%tww88ak zd-B_Iz18qfF#NQ8Ln8ml_^Esyn={zf!_N(W+VDRoI2~JF+OZ+gvAV(0^4?^+wjRa_ z9@Ya-q#%*s*27GLQ_rILuZzfOH2hZ1g$B3nipPJEn15RjTMU01VVds81P}B7ABO)V z!>|3OQ2zG}zm@+R!O3rRq0+2e{a795b4E^;NtZH7l*6A=Ob7TrVNm{EBKJkF3;8?I z0sgO+N6N{2ZHey`w!Mr6;or-T185fmLA>O>DB}f4bx1KC;2R{K=Pv&1{Zu5T1Ki*E zF&&`Bf3qeeuBNYU1~~oI60XkelK+F%0dC*V@?Rq9+qTL)+%NI()C`HM^{;SD2lxm- zI-s0)3TrMjzTQ8UJxrTXI%J^qh_oN}2{`8v#*gU$RR{SAt!N4b1(#7BU|Je#n~zrb z593n@*nuTg`@8O9%Jc(YckzhmGnt8u%Zb+k@~oogM9qg2it-QR_@S=L8v9P<@zl#3 zc>bN7cDPh{vFu?-X5?PX^IwmOS5ahUrnxTBk4)9A$dD-Fe_I!FX4zGd^ zb8cC#^%c4NZ+IpS4mB*EDFh{D*I`iiR29z-I1_UG+4ei&vqf?%BYZ}oG%It_!qp3| zU9=wfiUoduNa1>g7GOG_=lG2JlUr$PyPtNUt&QT5%VB-l8tR@yGsGqKyl0JT_Xy&9 z3(d|BavEa0@gueH4>pfi99mwM8@JZkx+WAOX6dh~OJTZ6Iunl{LT4Bytvg`9S+08y)I#J9hdv!9)3CH{f- zDR&0xYJG?BBm}U%23_CO{>G2>DK$RFA(k|Kbu$R0zuGdvuVd=h2e`&lw*lemx2&{{ zn?xaRtWP;!;%^Cru&yk{`ji>z2Wh!@{}@-}zfhl2*Ye*l8D^hSWiWk>AL~u>Aa9g!i7z9g_dHLQL-oH@*LBc?%s0WFh0Sk-@v@ zh!jsR{qBuamo#>O;4_*UxT3RLyfPr0BbNfcIBUXiZ&= z<5m4(t^O@tGiX;&PWY z9aHhPA0x3FpZq8M_xx#e#oPV}59Si_pUSn4{zPuX&V9RFy+hK}zEM2HyY~)cka2sd z-0ayqwxV|}kZt_b=p1;V&+X=uOBWq?gD>?=#o7yNeMu{hxHz@vhcb_kLkgER`@i7Y3*ybI(s=Vzdp;=fp2=3MUE*U^9I>c&PhRl(oO-?rg+(_XV;Hn2 ztYF4*w>qlGHf!Vb^-DRDdc_g5tA^f$sIL5dvon2{H@R*+&L_RK9C+XC#d}^Y=^(7J zZ}fzT_ilVLe|gjOHKS%P&d*+q>S%1;+lX;e#!=8a++D|k$M@y#82TY6 zaNV!~wR|kubN%zs))t|y;n=cHv^5IfF^VsQ9kbmWm@m&ZzLSQkTqe8WMQfd1%QksJ zR0=Dk2?-*{8=t)XXhg{D7{xE0U%dTV$npv8c^}UwK5y%#2&=Ebz)=Q=IOsP2YqYd` zS`e_L$Vj`~U;jOF@I?5GDP+PgC}pUc<# z^(5{}8F27~9P0n6pF z{Xotv#-O<8SGBo(mmI6gL9c81E=U`9W_~Q+)pTF@r9GQwzot*8PfwQvZamPTh z=MQ7AdcL7`^yeE#?Bc`IjclL-xiX-(F2A?f@-S}nPYn`5xXbDuoFMDoi+$%E#{)8P zbS8%7Gap8gDi%B}ji%z(A3$UlEV3o+yIdctydo1FzQPG(ng!OmF+(}anAUPUhbVklEaAlGCtckXYrmipA&{>C*E717dGy-$c~zWxBQ&Nxz?vyoujVI zu{Q~TOuO$iY!#|E*#s?zhG%Y z|9N;qpK9p85>E`iIn3rSIqr-6fN$d;(x5Z+zgP@{ z_w$Z9Zg~F1(G2Gw!s!hCNW#ammos#(=3|Gu{vttl{O-_a$v3&Ut_Ic30v|D~z!1z> z#i&Tzy()&*LWIdyapw9sXFJA*AWpB3vfpuP!9O5zK1X+6;p{n_JchI9 zZbJ5OZks!M4hNCd`Bd-w)&r?j3)p|hIG~I9n4w(u9J=6KH0<*k*`IhST5jCP>kyydJ)C!TvpXxTb(ps9Ev4!^e0vf7BO>cGzK>jflg@;5 zYp3RvcZ|FsFY(kbM39cz%E$*|JDJ4#0#)%3 zTEQ-0zS@1D_dnA7Ee#EEfBw}&?nz~2ond~|)*RFw` zBzOicNpZd*$lpy6q&WRaI?S_xlYfv5AlIJZ&d1Nmk^AM^Dj7gYy2=ZIlYbZ62*|ZN zxNZ13`J;)ZQmzfbW&e)&)1p3g?E%Ki9IuK*{_jWdpG5FqMew~5d<^b) zQa+E2;3r1#QzQ8F2tGT4pBurOBY0;7?~UNMNAULor%pR9FCcvneN^yj0jf}sB%TvM z{uaUAy9hYfpAg>?@INm2&Vc_p;7RpA67Q%aJQZ{h+*uK=IPGIOH0jOmunzVc9PG~B zC|tP{DhgLlGhVnVjYpk&A;_Q1QMkmRADyWyR(7?mUD4@}m3g6kc|0m(4Nsb&r!=QT zTqfx$oS?zIdT!5=odF<6rv~VSTWH4%E{0pz>=z@uYdy5Y=UxQ8)gOu?SF(+-bn?JO zUfXfC%Q3Rlg|o5UbOBD*z{cR_&ed;S=>eX8;z2Hs@b!u#K_l)(?mi(!It~8Kd_wc%G7dJ6iy+57sUAo5?{CD@zXhh1q4AMeyfLv;SU*{ z{V0lOpWkSepC$mJGXX!vs|BYVYReQ~ zWcY3Uv>4ph&pQl$vXS#agWLP^sKIT0K4Ea%ehzaQ7k}SbpZYFp6r9o0Cf&6LxApeb z2!4j>s42&$d$z%?oJ$OD(_LloQ%ruoWAN7+T(^xgUB1h;{_l}~Nm#B&Blyn^Zqpqh z?{~^!A4lb%BslLo>r(M^4F3rRzbb;?6TzQ|;LIC|`LXL)+Z^igSHiFPxzpgUGWd38 z97H)bpAN(ygZa~QDal7t{1%BX*(~50!L{e6{MvWdcBgoY@bg_nQoLL4H`@|P@!v`N zW1A-_zEk+q4lUwe68;GR-X?fefG-w&Qh+ZNT+2HG;q<>k__SQa?L3+0pE&b6C>5E8 zpG3Uc`TU>eNBO%YOnDU7es`^eE1r>SbrtWX2bA-UOPBf4{(e({56bn@0GG>DT0C0+ ziZ2fEj9hOD@NT*OQh*Q2_1*y2{9h#H&~!EbcLuoDGtcoPDZkcRXwOUgiMp3s`L&;z zBVgocKT)3#<=1|q?m<;t`-v}lF5PY9_SU+@92fgmG|UAXUWFaqu;YcT2!ErsoUE5L zeynPF4B_*X5%;i{iANlLUKHiKiH}A`0dY4SG0Vj>GQ?+B60bwGssb6 zkgnq7wZ!M0G7mOB$L*9k1wTugzP_(COw(7l9s%@AGgG!yo8(`ge+`i8&`VcuN%g08 zz|)ct>yP&+tiOf8$P$)+i=^LzFiUBB0YCK(N$FSdBLylm=`-yx{bpcfITF7T;zT=0 z`TbS#TJd%SFn(B1WfI@MlPN>8Q*hTCjNwYBOMJanSL5sT+uZ&nzew>iA`fKnTd;6Ks~@*kF; zY)SFk_+W!>_fFwIjL%{4niVTo?eE%!Y15`1@Y;p(T*M`mac%~6c^H-|e7$QPW;6Rv zs2NKurxd^t3s}V2{=r@CJ{ddIJ%~)>MnJZwcc$Jfh%N?%toYdPM&dpPPXZAeI z;4f+Hn}`WU%wc?U{>CS}&TZ(su1dCXH{^ep%YP3$#ES{#`p(!&{Sv^29rZ4?h8?3P zFjYy^o_OWF?sV? zu5Vr%{@IuvoR!Yy8z-b!RowTLk-7fH36&KS>n2q0YZ}jKG~Q6gLndpUlNn)`ovn`` zgfp+LdwupWKjx-=bHbj>&#vMUTBKGl^Rj)5(z(7PxePgz%P&dgPF++raVM7*bFS1B z%$FxSz!i0c^}3sIQJnK-47E%qYfBRDhqu!vv%TNL{dfj*dYB?Y8)(43@3MxzGySaN z#=#BON$F6at+)BIl@{!*22KIGcv7xWh4>A9G?dWimcvZTojQsWRG65uWx{&q&9*!@ zgykt%T8os2Yd>63-2H6qTZj9G>cz}-MehbYXbnBrk55(fa_giRd%zMGwCsEMvfMhy zrTu4DB$!-~qU{j(UOWyJy}tzyCL1eyha58(;|Tw~4*nj)`;Yk?Mjd!u-p6GOMFR)7 z{>q0w>qFQ0sYMr`4e8qmt$C<1|I=;nA)myf*juU0c9Yqz^-10S$Qgh@Na`NGTX~h{ zRd(Nbu3>J2|Cx&G+2~OBXvT}tggL*seMGk6h|v=`>o~Zo0l>W@8uADPie}Arqfd|6 zvx6lYWM8hw(4U0 zIe)~*`t&_L;XI;yKeit56rI!aAo*c)bnNqJzhn^^Fn@E)$T^(P!8};c=Sk} zVA<{WeG9>7;@3z%&^7!6|E-+U>mOBLSVxXM_dR1rzPWVKcs&F>@NLGuh4Db6_yKV9 zZkRv1WfW$EZXR7%Ue$wnt(K7=#Jm<}2{HAC*(#(zXWX*#s@VpZOL;CYk2-0o)ONZ~ z-Ym*<^LS2PLwROoTOe;%vb<{{Vv>BA9-&*D+rv6}YiA%^UfXj>U3tf-Gm>ri)sMRr zlW0jc{H{pE=km22C1&NXIY-5WljfEV1I{@fCD%r9K|K`l771`|0shH??-JbIWB56T z<>rb+l)G2TqY50kRwrq$h;OQ-IUb@(b6WF&v%eG4G5|^V6%o8Uf>ZaJBaKHNAM>i`128bH11Q9{KF!+o5PTo6CKfp`;Fob@M`a2 zK+14?dw|Ki4r|GyzaJqq}t8Akgn~mV{8@H1nv!KTz%`pQw(yJpn%w zn*pCC)ybVo5X3Gy`}2z5NDvhAYu`EKXWx(%;`O*sq)^V;f|H;3SJQp7!P$>j{5peM z{;wOH<2B{iIsZ`pNz4c+%+FN8$#2tLYH*wGdkk*V{k7n9Y(2a6SHLL$X#6yv<)d%` zB5rl|FE{wh5vKez49>BW;!6$AahT#)8r%>X=%p zVc0v9_mWkgQ3i4E5S_plsSjSVs>&o>$Mi9s)+2I1g}vZNbr-HD!AF_W91HmV#;-vP z%A8V&={*{s&w?dQU)>A>>94j-@INK_e|>;!Jaroou71mUyy)UBMt{hAiD267lwbGr zsLoh%t$)3~0G_1#S4#y9XoGhOdqFh5-aqCiOq)^erveV7`%2jPqiQ0IAJfTnGXSJE zKm673^2c;CcS-)+G@`g+{b4s9KIN*Bfj#&auv0j7=FBMvx}RhzU)Vw!=X#xt-_P)E z3~SwP45&spNO#LV`$oDI*f}h`UftMt3iUP1sIT$1;+^sLC#arrw_!JB!uoo1c3>iW zTR)7yZU2J5;e#=39DZ5j%#$j5)2IlnVbwjtd(OjH&dE`WgcV@$>4^BQ4|1H3C8(PQ zAe#D~Gu>#lF8^By+V>r-(>+DjrDFV#ghpXcGxY#wU$YxLVu`UEi*CrIy4tzdntBph zjg0l@Zm{jls>=WzHr^Y=ixue=y{BU_uP&Fblc98DeqUC`_1T$Uo1gz<#l}jo4RPy7 zVLf+t;7zO^wv6QJ8G00>`r`UyRL;;D5TNUk#XcQdb|n7cOs=qg+27wkbGOa2qL1qN zRi&%WMy#!d0;WEN#q{~d-7X0X=3NlV-!&h~hvJR`tjhORBH0=8JgC7kZXIz~T%JE_ ze*P3xb|orX_71qZ?nVsMcRlVktm!{qgSF3HKwRVUlJfU57-Rn;hHWnEr-}{0qEg_e zur&xRU0vRCMoMnNFg7fq6ded9Net;3-Gl0(a@F@nd)8zXwJ2gt>T$$WSHzZfI4EC*s= z&wu)pKVV5?SoZHYmQ+%^M_g0FzHvy?03_kFBKYD6zC40=L~v@vlG1&51pi0`|8fNX zW(0o}IO}JZRFRHxo{I4QF@jejep3EViQutykX#p)Bxh*^PZb_nx9*NtP3u-)3G?&w zR$d+1NngKUZo`6lwX0u$UQ=_^y!s2=a=NaoJ5~n!=L_L(iD2Q1!(Er!yxEIto0}Fk zoYzbt4GZR+lk!Z!r%-UJX*i1?$`^$BWHlqpm%+^3>J?6Wc74}cQy{L+4W$P|? z`SdIO+Lv_-#w@uZ{-XMGm((wqUEiEta6!sgo1=+;$FTTYl`Cy%!4{oc2DrAP zxofRYYdY>biTyb{Mr0q8M4T^M9eb@N2x9-O3_r!!5CoB*eKy74Mi4}t&#dC_AP6GP zcA@y41VLfC>{=*p$HXTY+>YTU8~i9lRQYPhEzHkc!*9pL3k`0^#G3>U>!IK9+j_V^ z!v8>o|Mv#BW9uWCAc*<5^y$&+$ z7+vReDc_FK-R>)3#QDzGbni3rsYg}(M+Ud){>I?8Tx#DfELWKf_885!+gAuqetW-8 zFu1LsH26rABUy0Q?e4#b>wEV_uWR`mtyM`Q|7>zH1e4OFQW^2RPU=Gg!gqOWOuw0x z4XT#-2Rf#|EJ)W&8$PCsjp_F{ehmb({Nb2hw8sY%WcuiRBTK?C|ye}7w;eAYJ4}C#5MD7p9fqzTFM6t zv{M2pPGu0+_%DM$si;-5{F<3 zn2n6fi;U^d%jVsP4;BirpVN=%IZ6F4F!_;uMK3?3g%Rw`r@M}-gVFr_6T2ygGtj4_ zM0(w`x2vL;J9*#8kyS-6$AB21bzLtruOG(sw)f)iFAVly;pORI-x@1(Y0CI=V;hEA zc95GWcF!Qkau^I^7p#ohvjco&-3kGYUT1Lh|1W_>Gu^|?O~pR4OB(#^cV-9Pi1>bB zo|vW^4!U(74MF_u0DC=@^7cL3+}9M-qQu1ZUe#;`d`Iw#wpIYW?!|)vbSF zD5YZ-3|9)H84gemd?2-OQMRd&+FA@_>Sq_P`P!|s3@AeCH2#73>9AuGKJX;sc1$wg zp~Lxa5}co&GW@hpX~!hC&$mVRDc_D&K4Wm!ugdwM;Gz7-48N8C8-pKV^_MXh#l7Ni}hvqH+~HgU{YaUR^uORU-oD=Ake|~WoJu#FQxb& zR!giet9uPL6r(yHpKVLAzO3$r(LSg4Lp8qQ%uiBQ2L;?E89vay>=rgE(5Jjp_z%m^ zcSBNNc()AB+6pnfCyc-H%8moFcQ$S6f%j!M^TjNbac%~E@JiT2%I3c>vlr;g{)sbF zyBUuDV$C4uq+aVLe`pNF;pqFFidhC{`b8%W23R6a1F1=);`|7rVNvN}E-EH8XkWI# z#XhF4`0P1r^!j;BzwZVtvfbBpR{mia_jS>7eb-?g#G78idR$Bu&4fLhuT?B~B-iRK z2whlLm=VFs+HPh)>kbaz%1`w+em`u_Ir}B_fyF%0*NpKbH^0&It6VORiJM$M7rgp2 z#b`Z=Ggy^5th2imTCU4Nif44h&s^abv3undhR#t4h z4eYs|8_Lk-?}gW{p#F0M7g7H{|4m;7&VF0hYTl1Sa;>;ISW=8?ae=4{F2X*(2+VvG z>pim-3m)aU%u+|$o)~jA03@38#tmTg|4rmGgXvt-MdD)rpeu>whhxiwjIkG1Z zI!}h^j5UmSKmT8hLHK$bVYFeaGo_^YDBc@u-=j&H;U=xwWN?z54Ue0bD*;fo`;X0! z@k>@p9O2seG1q2*or7Oe6JHs@uZiIAh~OWH;CBOOe!Ah3T)Tt26ThVV{33$?A%a76 zq8wT{W4fHjBDppTmwoP}bU9B&{tn@HZ5jNrbC<4-$l-Y|N%CWMIZ}~VT{BLEb_*`$ z)rVQ4w={RjDbdCG9uCd$LR{Ge8x5=1TpF1mbNuJbUX1gWJfD9v26M%J%f z(<=5V3b~2L^5(IFc+O0>D^$aR#Z#xS-d#E+g$5|3eQ18Jd7pJmXveO0jF**oUiVB;rg<<$sbOh`3#g`4xwH+|Cz0EjYh_e51b z5}fJUd6?TG{2wy>d^f5b9eaiO-)Z=5dH=`Ywp_F)L!un&ZB)M6!3gtTBOQRS9?le; za%?^5v&&?tn^vk84{^SYb*&%ck`$ldFH>o8iF0j&Qbs(=UnST4&Xb70#`*kTTKvqe zWZ5C@0p2awcLun={{{nG-*Yc|Z1478n=RLq+t;=(YfsvW{WqG?@&!%9VO`45$%FXM zh;NpyOkjH7B{+Jfc9k@WT@((Y{)FB#UVyYcoB}`ba6ETYkS^npM4Z3C|0Mh<^I+r0 zbOD+^;C_r1Z5ynygUx z)4}ypTqmVpE9tigKhtO0VfvQ=WBQs;cpWv#4S6A5NGG@%KO~(O4Dpb66Bvkv&81t? z-x~BSWO!}zP%dniupz2I8iX;Y@pIM8{$7Am8KGS2n$dRU2D(R&thghichO>^OZ zA=)A5rqrswOGe-LGv45ejlV|BY~NVU<$ajmFH@52OU?DSPdGlCf8>UvhW-<%&Wqtt z?YjK-hQ9NlKA=LSal|hx?jAX~do+{;*^0YIAF`=#!tp@1vi0=rs!;4TyD1yC%Ga-` z>z_R`+h0E-J9F&y7q1@d`;WbEf8!zRn-00^LoSkR@>XRHqtqbE=si7{Hw!rG3W}LJ zYG%OOHO|{=9-w{%nwlzSch(;}gr%mmEr+$7)0r8Uqx|-sy(2ia$3`{ulr#BThh4C; zU%RlM7jvZfZ@5jpJLZgL*|@K_${EAQa%X5ybdPeyt$hfFCgo@*mEVq?tGICQc(|?! z=UTVt`kSyXmm6dI>yE+N)4S8z?mr${(R&MTUH2akuju_GeAuSm{l|+MU}yUFL0F>( zKMXo|Lu@KrvF%OUDAW}K3a#DzP+p}*( z#jWhWpq5}jdJiHT+I?NBx}ukzvby{qPKEmCxvz|<*!bU`Y4msgkj+0h;(liF3}nCJ zwwn+DW6u@6GvUd#qA1z^b6{fo+OiSz`@3*z?}(@NykRqL_t>xO8vU}J*-c|B?!LyK z#GU^twr)>i5HpzT**;QO=Ion4^Y`9neZ}2p`1=9gtG_4C&Ed}5!DqNpXV;={)RRgi&}R3HsOa5Fai~1BdTP%4>&E<9Zrb4$8oKqWtmNeEcxv)p*){yLB{Bz2eC)HsN1URpN6xqpvLoumqSO^ z(E9z7eayJE9d*?9LEktu4@si|=K5XD4SgM#*?~)u$X4bvTD4o-5L!}uLtjQzRzOu> zBTpV{E6bNTmFdt&oJ^-^%LXzJ$F*;u?sTxigRQq@s10#Tl$WU?Mlld~8o1iQQ`$B1 z!tH&FM&I~2UtT@m7@1!*`ois}rK+n_7af|au9-4*+VmNx*Urq&nq5~vCuMbd{*Byv zz?!kRZj5~Zjxk8?EFkQ6zHMZV=b*c_*t5#3ZlPV^o5#xj z%t2O%lZdfDUq{eqi9O?B&+{DJ^ZZ}Qd!BRS_-go)$WjeX8rM4oJAp2Cl=qB;{pYgm zxF*>3{Y!)z$2a{q`;vG@CH6M>nPwq|(F7=bi`9v_wgPM_e!NE^H2_G$7Xhc7Cf*2;Yaeh| z;FrXIMFhV-g0oMPBxg$m|5OD33UKCg(0%Cqcok6UdxGy2+_gUj=%a~c0`4U5;=$hT z5btTJ)l-)FRmjkh)X%M77|}CvyRg_()n&^XfkDs*b*9#KcDBQgE7oN1eu^ zxozc!*0yEqrl8*ztk|~OoyG5$NyAcTJBFLZ?A0$=GQWOdc5!`OYMJK1U@R+Wj(1#p z;}fSkg!c;0>fwD*9G?|OY@ck~ihtX~?n$!z?p=v6@>4^r{Le=CtE4@VpWR#KKTYs3 zKh!;vh+Cb~Zw=08O69zRf<^e?@X=#Gz$x2x%g93<)q^Jei{@8#r1vg-2m73!Hd=f{f#s{Y2=?xeXNv2os4*X zBlV|v_)dKl0?3k4261=!4_9FyDxY1ZqhDnm+nyr0G)sw%k;3p#l?#){vcNY9KFU1U z_%Yp%rtkWhh180A2+c#)7$^1DkKS{$w<$GD2f?w;A*(j4%A)jW zwhVOho0v#cD@U-PQ7Tt(a&v%e&I1(U>I5Xo##h9BFcqy#ce#AfG1-e z>k>e4|2%9s{-0d`MWS739I|vj^VVTj^W;-j-hepGZnq}AdeMyUnfc* zDj5c{18)K7GzHr@CQec^Z0$rq$w(MFrBXeD*9+wLWbYe2IyH0@)J~F5^xb-%Wcewg zpgU;juNzI>0V^H4gLh*Htc-6XBW@4trM}|sYe(-Jx)Q;vi{SmJ*!Vjz6?6xBh++O- z=nUqG&Y*H=Jjd0WSEcD{up7rz^nPms@$} zx81kxbOqeE{jKs^EQZOJZn^fB+a8=<-qdr*&0}vF(?9ywQMchSZ-o47@grsVa!=A5 z%rUx%j!{=7>kV+Q&|e@to9Mgz{p$eyr)>CGpWnWuu|E67#gVGJaDVKp5%=NlqVShA z)=wkUj`dYp!oE&rA!gAtCxSNtcXC+aAa_sUw&0f}XLSURt>wQp!vDSqerE*7*uC(y zVE7)4+@}_Y#(qu4{tw)R|0N!`>xjK@juRdo*T2#+&P})`v476FCB;8Q5JZ0VzZCyG zK~TuQ)5DJ6j={etc*uXU+-Kr!qbmPn2Df9?W0?^U`R!PHP6TfgoQ@siYhROcj>b>Z z?KX1k7}M@swfQ_#I+UUOxq?%^9eegh_-`@%Hb3t(xXsT!5joxludg2~=LZovuVw~8 zVg64PJglF|5&jv5-{v#zq7T#3mV`%$4(6R81 zLAsj0R^-vrss-zwv7jgEFTSVtS9pKiIMGrzQUfI~M-${VacMEWAtN-yf7q zZc71;jfMB}hJmWRQ`mc}@n2{xe5Z`XtK?zfJB$6hFn(+-yz>yB@E0U~b;A44cUXAu z$y+78pf-&tZWtf-E|YC?!SYs3bv10F7yf5V!_M8BnbQy0CRdBOml>B2KNj}pvis&% zq9@w34!hms+!ls?kNdp<8*-_xn%#_wuC-W0dbzXPEp7$$y8!9P3NkL5l5|3e?vKSJ^#u-t}{`kw5s*uJN$D`3atm(*uuy(ZzaBlv|8 zyeopE^XDE8+5gEaV|pgpw5)FWgrytUyKxc{%-#G26F4wv!=vL?u3NWu9r8uecMu;V zjtjJp!@f6(INvRbpGy!#-0HtKIMjc``5sdK9>K|P`;2M9`3ke&{C|{hyS6VW=CHOD z`?j}@@-ehN5A@sqbxkmE!*_G++rGc?W8Zd-&;FeyO<&y%0_oTGr@W7e=U~6>hid{V zP}~rXecLOAu_=hpHf<^PZQmvLPru>3e~hc~6=yOf?OuepNc!F4@Vv`Amg$j-*#wtedCtTm7 zU=89gcRgq-uXJ0Gc1pN{q?&dkob(d=5v44!J>ghNY*3W4)X%1UKX9!rF-*b!28n$M z+gCZmp~L$g8NtbK`!E+7-1cFvH8|^8`!Me__>l%*V{qHIxz*r&&#IhH8{F!p(t`8V z&0m53L2Ntd^Q7ep+i@o1gY65=2n#9|5yG*)P^~bAeF3e1t=Cvzs8WV!+Go*zjK)`-$&|Ev5xhmx z-zDyW_Jz8oK@4a{#T9V{G}afYlKh9|596ie7zy}+t3omHG3P2xYZD$I5M9C2+t?Tfe5kBkMmO@Ff_+fhsvHhxq?j0;l|H0hOPoAd~p#2!AHvUn+Q0fL|tfOMr9T zG1Kh`aP9?9O81Tk{?Q2jUlBYdAHUYvTb`Tt3m*Vy`+FE5<`W8BrJo74t`G}ewtj;% zrWXm1%&I#(0?xhw%-y;1NGyJl69c7UQG!esj5au#yo$*4X26R=op}SA+$-?AuPFy* zrAWzDb4d!WT1)LDES+9GvpL&1_nd`Ms|k)}QNvs^;92yudSzx_5pX=R3chxnC0BiCCDo)$lyLGdfU zwzK;UeuDVvq{Ywn$)D0R@hDy?*IF*c(}G_V@K?*VmP`3Fg7*geO>(W}RsI&iKNaw+ z+!sARvi~+A)~%)Kh}7i2(ar&1;4~cG%d!5l@ShRiwFSg`Due5oE$*@>EJqp zYrf;?TGF%WH9qT)_b9Bti-9GjzeUpDX@$a{4z8EtIw}2bzT`kpd&k{BrX8m5`=_PP zHluX&0RvTer|_RH_`GKw9A>pT!1e5e7t+OCBk_aisUJxCAuiQYfHzD0ko^$>1`3?s zqvcn)51yp@>yR$>pfK|O@%y0h#|zH3?Bn42AL6bfPy|RK>iYZHcKKo^b98r`wBK0QM7EE%^yGsj= ztBgauolO`K=o&Y``2OtoMfaQof3ENN-DJw;N4c;I5$L}LxxPU6(&sdVMcqwbpu6cS z>TU|X!P)f-VL40=ph-DX(5)-iVKe7&(vtDsSqkrW7;bt07XEh!iJ0mx4S9)l5^Vd& ziR3D}=W^fod2Yuy>!Mb|bSy`#F#&4{FwWPZYwbwm%4MR%`}5b-G4R>6XJoswN=}l_ z)Mil9TACw)C)ri3c6d>TQ7S+AE*^-zMV}w}5b#2Xx{9PWyDWlV0X%7pz6tmdrstve z{X-EscZr+~T$0}7Z^ECHpC1Bex=myTDgW=_PvRem20{K7GJ}-=c;HF=+>@MypBceZ z{$<(f-R9Qi#W8EiTV>b?yfl;p@Z?#;b7r00yk_-^DQlNsRyss45fDoi!_wj~dDtku zR78=nWRPCM+s{ZQgI!lg!m#dgF?L3!^3cGpG=p}q{`0;KXJZ;6klp^yWYIb;NuOywk0&5k}+vo z_=$5YnUU*iaf#dhyQWLreruQ(N%=WWCZ*lK$2mq;%7{n#^_{KdC9d~^tZDv%n5Iql zOotY6&399PXXJWCfGgjI0B@1&zu_3|?`mw;uH_fEGPsV7&1$8wJR&Hq-P^w28s5>8l$Xo9&W#`W&j5w0gwNz~wVd*HWb@ zhFSz<{jo~J`iqUtS|o$ou0>2LtsZfg!c9uQBO!gJ9j1R7FeX)vpC#^pCB4wtihWvP zb^QAGlO!;KcavcDT|gPTBtF9}Y5o=KfhVc_x}IL&2dw|Y@YDF(ewj>|HlUR5KiVXL z{Dx3Q7(X_)dYYL6(N40Z;4(V4%1J`+w2|Qt<9AGN?pVIEIJhe8ZI7(ypLP)I`Ny;H zLK)}!vDJ$iD{&q?dwxUyK^}zg91lYH6U@-$zqVvi{$U#Yqgj7T53x|_C zi*QvJ%5e|w6zV$GP8nilzr_C`9+Rzm&Ij0Q*_y@Qwjbb67F@dO$mM_Na)E^RyiNG) zxF;WHW21sxSR*%DqjGNh6ZRnwT>`$YupgfL$3bL^0+r~~B z%{<}^j4V&^UXuUQA~|$H_IqSu$FVX0o4Wij^S?&6oLuZ1Inti6=JSKyAW6rsVL!T< z55`{>i}VtWy_sL_$MKy>B3A8u#W4>tG(Sg{kKZJcVmbKR9g<2t%Sv;5y>YCX*qw7{ zfEVq~%_(mgbzJgZ?>Xa|5Pd*o@!d~Z!_Ih{%`@IE4USKk%hk12b>@V(S)zXval;&D z^{+YhXMzVZ#y=GNNn?C3C%IJ|$XMR@(_`xwn0hI3PKje-CB5I10I+R@Gz&n|SbhQU zB>szlQ@)0&{M8ZutAsxdm!$l?@T&|LAb@MqwXTw8|wHT;tJ zzZb!O7QufR!Jm)dhob6}(tUXZKP7@siQuy%__-1MBH*mgjJyEd^NGB3eMC||ua4mP z2>$*Eo*MS%R_#df96x=fCo4ttjbE6TFIk14p+@yVjfTPrI*dY4lGcLz!(6Woxy15p zzc$aQGQ{{F@st?uyTV)SlhYp@mz);C$R~J7%?kV-7%8;bFMd zzOx604;N+jaP;HUU&4bD!S;%_iG*99of=aED?d{-;J!r)f^8iS_|zw4&r zI;@{T!+(O|f7IY78vNz*USNJK|007=F#Kx_{tAQBehi6nPR38mLYmXwQXtpiRt7<>5Eqr5|=V8 zvHwPyA^ZNukLlzzew9rOeobH9m`*Mu8PexX#iZ3EZU!!&QM#5|+{mx^{IUKHL?_oR z={H%S@TY_8rMON?f3u|DBK%CB^&H;6%Yd;i^tpo9(N0PK^$Liq^`>r2C$}%Wp+S5V zy9pl33Yw`e6!0=lNFr$drY zdQ|9rTTV93=D!Pt-t$!G6;HiTHQouRx82No4hlBv;JD8_*H=&NT`r$1+u<6K)8lbP zwwT1E9`B&GLBt~S;0K|wga=IdM8K%wGuJnm0) zS($tIPV-Uy0+I%QnCY*1qNv9q?l{%>?U|+PQKZz+Z)FEKSKXNZgIBoy7#B{V=VPnV zv8W2;IUrR&iX>R__55VQAfxGDMVE(u>z{ysJKZ79qC zMBqcjo$K!@`_gK=5jA!Kb*j9-?GWYj+J7xu!LM_zJKePhMRUv^Jyoq=uX%_k+Ty5L zmdmlQY;z%`q3)a!JC-FgkMo@*x@hC@U$@FJ*aNv7xdlPh}JTW{z))89oj!NYQW z(o#!x6qtxH~r%+0Duo_1In0?)f0Hdave zCp*xKc(TdNHHMlew|xvyVsmivQA>#ElXA^scS*CTqYjz9z^(20LtEqN8}4OYl&kUg zeAt~;<7Kg~rMaW7ZrfaJPhcOq5^X~770&he0YW#|Je2E49c|$K z*Wd*|^iCkO>9dfWJ~vy}x$K3dEzx;@5sAVk=im@nOU~0Myp^foomV$!N~q(-rZ+ij zv18pTj_!p6_^S15TDdQ7-PIjk+)o!LGzLeN0Smu}meTgZ_+#RU|KllI_Ik3xRsYbxPSo=`~IYv_@xp2$_UPr&64u-&ItaA2u|HzlAQY^_`?zW=fGXP$%o3lS5R-y zMfk^pFDc!lBlyG!&U0y#5&S=avmTsc59QZ);@2YlJ0tk6 z2rhFS7+jWgV|2o!&}&h^&VWdNCOQS;!=rN`65Z+Z-Ta75f=Dz@2o%G3Rm@CrcA&U; zllv=eN6h${1#Y%9knOX%2^SOQw{PmS%H=CoO>r|QE;A*w5zJJ4Ud7J7n3)Ym`b+aF zE*W>4cIheGrBfQIB*@*Zh$D_`xkGuYO{JmC-1z1YaH>8>`oy}#=XZrknc2A_howOn@@ zobN`(zie=7gcSdw;9)*>ohyTFKFe@TB7OvZDo6DK#E&vK^GqUc=cIMqLfp;)=g15S z+l;7srhsobya4Y{%8JbZJ+m_~^-wqOAD_TZg^I0GfXH?1}HF>ANzeTP)3{L(t z-OeJnn+8T>3& z@+Ab?Jl4A$m$7Qg{AFS71>a%B<#QmRsnmiXT@8@iqn9auqbc)XF z5PnTxT|RI0hv^SW{x<~i)4_EH*GcuaMP6tv!q56+RfhFJgXa zOG;mFP+AJg^qF>;{$;?(QjMRbYEC$S4tDOmS>k&s#ed080oVi|F?oCoc#Fhu3nFO# zm9Yn&r1GaZI032NmgQ$ZMdOcWASfwq;yU-eRN4XO&b1C1uJL1Y=V>y7ejOAnC{A?l zyh`S)-|58^{=@i~rRj9jEHZgsm^-gACsV*W08XiJ=Tp>9nSxU)NC#jmfG-K5jB{U_ zxpRNSBW68w*vx=AZ+FsRWq$F5<8m7@eRv(7$;(nT4>jb!Rr4G?U$5CWKY!n4srmT_ z_kDf>8_sTK2J^P*?7&R=WY+6v@N;_d{iu7LGs|x$@>U=&5{|=jQ{FElOJ4@lr^Rg? zoEOKGray8}E@X!MN2q?4$k|l*=X2l8hg5D3Gkj^D)o5o^b*}b(h%K|JJW&s`scAc# zdY#J)wtip+GuPMQ_mpr-_2&pMdp6uGD%b8cV3&<6jjsnO(tSv!@1hCExru9T#KD=1 z_1klRD)V2(RvFCyALk;lLf*py@leK$OZ+;d{ahjNS_bxA$5jIbjL#z{?{he*ucLr2 z1d592I@uw)d_4>1D!3LQdVnDltirW0aWa|EF@WxQ05{v?%xKQf?{Zo?KPuP1$k&DA z<_l48K|}sxy`5h}VAq=xW{4NFK1-GjRP=6lneubid*)-}z86Aq8s?LY{U_6dEl1gb zx5MLRi!r~u?Fn2Ir;BxxR`X$Q4q9Vv=_-O%lU06pAOkVlO55Qt%EkPz?#Zcna?ktS zoH6%wx$kv$-~lkZ%xq&NxttX9D)sr4&RAn6z0zR~JNS9S-0-QG<6X7c^Rb1RIp{b4 zsj#L2Q_v@pQS-ZXHsZQ0`rP?BZ^?hLHin*b)7Tle76r}XxE$6axU_J0Z~GYJOIC-L zLORZ7EmT|UuAy3&ys!W4z%nGL^~1SqOw^aw{LqaqEzgg`LsjzGfZf@t4SsXn13W?X zkFq(g%@>?)jZ5XFap}SqU0%c0^15~)*S9|1*t$En@wu+c+#@Z;={lrwX8VLRZSy~C zvU&~tIM#C8=i%PN54U5-I-0J-<%Qta&}hNYNU##->2OT}QY|CDU!H^Zd?b)cBK~$_ z|y0x16$Tqp5=8aVl@1OBf>_;(6_M)=(`0RJ!WOOnq|S`t16 z4J!#hDuTZzg2!z8%!=?gMDU9uIQQcu<&(=MlkoRO@J~kY|BB$8V@Z~)0q!j?A)520TH}#B_ z1NPEReHRxMgcI}oF)1$FC|~-y@o;+I<)ye$(^s8Nb7MPZ^ZM0mx@Jr(#aW<|#QJ}9E ze7hX2UlXi@C@ve|QUa4iNm+4Jkygq%P4x>FEoyA$5`s0IE4}QJg&ZhdNn~7u@Yp!w zd=2$mI%mUqCQ^u>aTKb`G@y?_&~Qa~9`!j6~e7IhbH@yS9MK;Ys9A&Mxf3=anRq(Jqf7S5YH4xu7xLtGbD}(bLtN9--L!Pj_uM(WmZ2nI( zIOly;&UAy@`}<~t+jQF__;rGZ`MKTj+x&dO;8y;F2Djgfu~Y?tST2jd-r#A3X}K;C zJj_q4;kWs@I>N7WpJ9ELAuSSd_B%CQ)uRwU(%^g-k%%9SpYqod1QEAuU$igF*R-ZZ zKDIFuaaNV4r>^3skO`D_|DJ!k_~~TCul#%mk#gQ~^6i?5HiI)=j+aRt-WkTf+2G`# zE!TG#+{zy?IQez0!Jxq{e_C+fU;dQXwn>U>J!-iWPdlz+I*M!kYPl582>(uT71wdm z|JAhx?~&(5s%6+1jNe+e?Tj+0%ZCGW$06P=hr_n0ZC%?l+c9zZOu*;qhe5iElh+cT zamqZ{__4JGn*J)A82p;Py7hvE>1U+ewL$!JaGk+*QvKb*&M`>aE9;L{64qaAZ9%uB ze?Ns7N*h1DOYuue|9(mTY2j!3Ogl{fGGMF=%_qE$a>979YYVQ@gjAroTJH*Pf`=HN zS4$ftekOsO#Fn&jE>7kG>w68Bs?zWg>R3p0^%Iq_=?diISh zIfo$EHx~2soG|Vh!cu{W#o29h9_&f0HGx|bV3CpGYed-Zc-xUFzda3s5vcE|k2+8%KTFNVz;8Y0aPy0)J zcaezYoX@|{6x05glXOBZ*wmc03mxwg0 zyo~wUDYBM{tp1S*zGW25QQkZn>^)=VmRH|UUNxsYoz-YA|GM6b{Ya84zce=Y+QZTD zi`=OgK0N#<>tAyYjrsw5eueGV9*Awrqaer5t!=?IX)=C1Ycs`dYN<;n z0TT)$K^O=$yW{ih?2K%eG)X%?e(SyUOW$d1UbbRIO*2s##%x~DQ0MZptZO(PPE44o z8?EGUF2l1dUc9hj){@2boQf;F=h%O+a~ZQ;>-PFxE@@ZY%c2P08o{*-L!F+L^C979 zx^`}2z~Fp_G~FK+ME(=;Q#tzmCT?|59Ltf2^P8yr zZ3IEYUyh&R8wi4kvyY;n%CCJLtq0;0golonSNS!pLwJavEPgth#jpIF4*55;ChXw?nvcpzBdJUw_JZWz+Hxch5KjpJCJ5UK`OsnuK%yiM$fh9xK*2TeVyDZqL$`zJ=@27)>HbX>QZy) zqMoSleRBQ7*w~?qu=m{O*N5X;(sapO=+r~1nZi1K?95q|>stduf=_nM#&Y^x{+T_m z0nYs`1&e=Oug>*do_1-24Qv0e!G4inIDuHN{@uP&)HnIFL@yk`+VFk6^yz08)7~XE z|KzaJ{QqO`ZQ!G-&iwI70vLg2(#qCYv7KtrU{Mo91x1|+6SyN2h!7AJ4H$x;2q~FV zv?{TaDAOUpwzhS*?UrtBOS^q>w_Tf3ixE)JT1(Zct+mCMYNlwVFCxD3`+m=P&diyU zdkdET?soU{Kc8goz2Ebk=XuWi`#G71Ipn0=W$v%*@7cHNI6bZhu1Dc6nSw+NMPV3< zqfulP8gp_-Xk3Jik$1TaS+#>0z9rYs3YDy?EID@M5#<{Y#uI^=cElG+pvE%d6;-`u zSU0?u;}5qCovy|*u2Vx0I95!LT<9^Cd2|DF34dU*wiII&x0GRsBR!;a%J7P+m>TAo zIs))i^{U&irmev;Rl9@CTgn3z?Gh&s!9*Qz863rGKE-c2*(%I@u!wQL<$Wqo3%wqG1lubsGwSM|~?CR~1ol5-Hgyz?5Ih|?PCNUdzW zrhSk#SLo5&Wk;Osl#%H{Ri~8$F?|ol9}TMn)*A+|CJ4hS$L{+vAJdSY%`rniogfV9 z8U6-efOi_=b{|jF8bp7KqSpMGrVXF0;4c4rES%$ahW^(9_$Y~g^0E7Jbr#ONVfaLZ z5B-R`&8%LeMz3+$WKB(<(+*5Dc82RQIg(cr>Z6ds{7lMPe zT@&KoaUR-Y1UMEhe7U%{(<+_x3t^w*-h{t_FUAY=M$`cEH0yRe`DQrKt#NPSk78We zbh1joN_jGGznl5lHB<`bC;E~9b^XsW#!WjUeo_+jlDtd(;<`^2PtP8-?Rxs8y7BL} z?OHDV0BR6bYDnAlBHl*#4x6uNB&J`g;z8A3&m-aP{{R(RvzbR5>JB7+{K_A+N!pdoLksGsD+z z5M$Q!OKfLWU5fUmw2Sk12woJshx9nTJs$+{e(F5coP8pm*@mfGT-TTEJq1*HL#R?e z^Bc5ed-_GiWH>&cG>c_+pt*burNuM*i?r(^0}~XQ?n3j4XL^5h^-{$H9|&?UE0eZp zPA4rl}wV&Tv1;7Q{@Wb4iARc*>-<_SfT>%pc`Gy{i+#?+2qHKqe6ghgs*v|Wj!?=AB*4?9( zO(^sxpXg7lFD;y7T-d`H(`OGim3|vr3~{5MbByuS5tmg=#AZiyUeJlj_gI?2@&@7m z2otp8@A0ldXOCo_|1{q%jNXWkRm_`Kv0z@syjTTW&i;lX{x|edblo|0Q2EUECHo@u zhi!EHxjhtpMxtNeg=750t>RT7CkP%<&%#fQ;JVLKz*Xr2J`)O%dK)kF9CNXaK96c> zh;_GX{Q69jL1g!tR2l>}9shoPmxTfNRRMTs0NxdVe-gOeH&SU9*zE!IUk|`pOZn-) zB>-n#?nnR20Q|WC9DOy;w&65d(?Kir*G?xkfj?*Q=S==g?VOBq*WoZYdB6XP;(x2D2tz5xZcIr4x7P?}23p;+- zu2{LK!#NoiWLGR7f5p<}2G<9gs;yKA3#JPiHmS<-Z~81t3Bs_+WcOumQmDr5d8y9| zPCj-YaHEAY?;8G$e;U%W9cOUHKMm#bs3wCyMG(f-bGJe@J=>3lp66WCke+$j;AY&F z{F!GB&O0J$NN?+z6rA+7e^VBIEbI)Qw1u;NFgVArXvpU{{2QF7ThO?;8e;=aeb~k| z^rj6?dOLic6h5S9*<$E-Tl{VM*Dc)EQwfB7^0E8u)dXNDmt~~ke}Uk9FdrJ+>?tB{ zhv$5Y-tNn{3hw%g=ULMbx93^EX5n_9-RuRTwXOdH7JUSEMo+%e&{{~;cbEFLa0#!& zo^Sg*>4QIFdlr6m%TT6ihIthKwrOV}K_eX`#w~-!z@`ru)CV``w33BwOz;|P9A3y% z#27eqsP2RM;Ku#TJV*Uv-{56k(Cnl<%rVoz!Bi;X0 zC#YrqY&vl0j}MU0%a-v1AshjO)6@2$8z`tb6G-|&=%DqS1)mw`nOCIy1@~T7pA2LU zF}sL#Ab3FSax<5AnW-h^AX=WS#7IC7*BD?vNKfimqMoN_`L1YQ)Rd}t7UvN~%W;L- zO*b`WcGNv3y=OD$b)xQrrni;E!gn1VpY&X63U0i|x@szR7dN=_O{6Ers;{Zhle7O zrp_ytEp3fVZ@VrMTXy9NwCa{zb2d7uw41Yh;T6l;BB>RTWh)jginMD|v^;4!WeLwV zT7D&XVTJbcE8*zWla;gCORrqMFx9!Tt(aqIxE?n`A6a_HtZd(14_B`{qUYT{ZW0*V z1~e})gQ-3!=Dr5?LDl^_Gb)sXm=t#U$W|tp7LlJp0Q|`S9DPPr z$@oq0sji{wBo_LNlh|FXQ&WJdH+gz!Mnm)LDY2%87M2|c?>=&FaIs!I+BB!0n>^GS zPj%&my4z#L6<3X4zI2gGqR%2By_#NZ(WOoSRh>b0Ms*L=+!C^EIXn)-{vQq7B24?H z?X1(QZYSD(Ba>c+fY$DFoQH23;>;6*_Z|ixd;I5u#{*XAECr0iA79U&B-&uU@zUfOAZuj{rSwO?|{#oz7= z-fPj@;l}fvXsG}D@Ne{aI)FX`8XD5`KX3kz%%hs})%eRTON07wmC^?1S+z9GTMR-| zuQAQj1oh!gEDB6b%U_9xJP_1}J5={UeK_O(pYoFQi;-`hQNVn!)zb)q`7`2c*WGL76z$00oY!rhzZ8@cCV;+1Z8>5Gp?{5=ivtDnk3|O!L8Sus;*_nbYeV%v#RMO z=_cYl+KD`rw*3CG5*{*LyEwcYN@b=D$!uL5KKpoht0X!0fiX9O3uggwA#q1}oCjWK zrdKTvKR%^0+;cQ~TVCq}UdbQ5bJi+(;dN!eVtu?0MpWMXd2lFr1bS)>;8PrjTb`@s zoaYAUy8(0vmvP~q0d&V08pA;&_dt6*I(OgJlFrLHab2GIdHR`>*qU%7rhzY|Z<*JGdP0HL=Vb^a#}+U2kv?vkUSOyV@h@a3{w; z?2Y}Shajun^GOL`Fj0Yg(C}43tHNzlmkzb9;qJXSggMstQO53K$SMR%aqQ-fga5_f z2PH=kF*P_d?MUyLow2#;-6eYA>tEF30WX<7b4{Fgji=xb3>~a{8!0f6c>=>4$=+qv zxCVP$B7LAF_1;+5d7;h`v96m+km}cfh^Z=~Qd47QKc>4?nj#-PY7xt9joth#LonQv zQ^APjwW%cBGl6ayDGbM&O_9{x^qWJ&-7f=%a%5N&@10VDetPEKfoV)TnXR119uOuq zUS?-ZM$ z%RG59JEWTW@YZg1F?$>zqr=_XmAo6Vh5KRUz{`xRPL}MT8qj~FxGDL$@<#4Trdf4% zxNrP8M~27xMk30wcYX8O;I`!|{1i_0Zot41;xC@rWo2lrInF$s%)F5tyU!c@r(Ay_ zJtTT(ly>3hYWNf3nOc>Ao-s9qvZs&x%VT{fGkL`*Xsr<>$&2Bl$E)b+sy(-=HO7Bb z>{55d`grcs=1h@_cEW_FxeHZj$9XR|PmkLCrN2sjf}-vM4d{;|{e6D)j$XN!;N93o zi^H#&Q8$**OYV1AW(D2zs@_rDeH=2EU$`YpIh55sW+*)U7W8mR$rjXRHk zz^V#lhJT}+?40s!1F8U|>+GCScvNTS@Ir-%*E$DPz=O1zxCu1?ufM`DTX@Y7NQ|Ge zs5%nveg?AgrGAo&zK7h8E|YJuKPV+}-XouqmO+<7N>bIr5-Sy{^9E2QRIALJ$UMn9 zV5D6osGKoUUlGq-ff`|CHIzY(fKpG@2$4*~5M3Wsqds_W)6Gmf$R>@dG8mbe!^)rm zl>vv|yw*oN_nUI zP9kvT4LtK26i;ujjb}$yv#7>8m~i(pBm-oOiHPy%QEDS$jmG0Z?g@2{el!$k(ut|G za~%~x-nbuD`7z1(IY<=Yo>2$|bvy*U$@oZS7wLjAtJ2Z@YKTPvl({#VSyWw<-W_4R z);nu&`i+wCEk9GK@{PB{-8{Ol8)^;J$na~!eT$K_lHsrH3V&iF5@)h^QFRm^4sU@c zf2GP*j1|-S%r_+iFTKv=;zw1(Z#`XbiN##i$L81o(d8J{3L$pAv5)4K!8^R){y!K6 zH~qCJ=v86S4H9IDLr!N*Vk!;kig9GP`zdt%4y7E;y$wRC7ZbfhMthm38#B)_PHPg` zhDZ_-kM>%B>S~-|g6ge5bw%d)SdYaEK#q-PexA(y1}mEm>{4Eb?R(g!s7YjwP)&hu zEUCL2{5{<2;B7t%K`O(<8L2t4L#mNV-28>}MCzVOq;D)oA+ihM5KF%?JbWvYuMEVa zVE0;we8MZ)bznEjTi7EyIr7EmJQFd|nEg=q1L2+@0pdjqW1sd)o=%p)Tl1@HRK}2c zW+USRMNn{-c>7HTkB*N+2~U;vzM&lP43lv8M-lZ3T*5S<H%T9@`UpPBHqVZ>S!L()DRjq)DNw_1(B~#v8j$ zxsAcbOTSr?Ix5yRxjNK2GKTEO*2h*AmZtTAQp}Uq2dfRNyc=E3tfQMD$?RyIwlZ7C zbRnoZC$b<@?ZywPMsE69v>V!?G}^4WRZ978&_Q(OXSlN^Irc?w>^pmY$@K5jOmm8^ zSl@ljd8S_90yc%xSfw(QQ+KFLg3|qE#@{y31Qu!MzEOz3ILe99xvwH}bUb*izhI`u zohPp`Q|opK3n~uYB(m>k-pE+y8 zDm!WagYbjl?#rPg-bQy0kM6s#EZoxq|21Y$MFTqAJsj^1nK?rcEyp5S{!Pifv3zq6 zaLFoKE4I{QnQPFlY{02FRu;?6M%#6m-~b}+-}Ku^2w#UERL3HGS16Vl zrpaDlm~XJc+wkc`0}HYJqI}~rpDLE_JK%o==19E59wF7k=2&9KF#LvcA5(A?>u|T1 zrk5e%hkNb?&YaEyAK5(@g+QdY%}gJvff!Wf9k;)bK4N{pBK;S@D=nDJo97Xpv8pX8w|clZnhQ z6+PQj8KdZsu1dn)n-E{IKJLBT{5TwM@fDrhpkzt<>}w!3+s*;hS19j11}bSOsHSYL z4LU0S;YJsPn15iI%=#J!7$Ng2iPZPS)7wzJ`#D_3`rBzY=G;iXLPaMQP-b7@WE>< zyw(F|4RChIe(M~s{2gJct)0w%G{QEl7th{Zy%DOhWjzm1)Ds6%v-wr7zA|qoGOwZ( zXLtL^M0RQwYvXcs=I?}c@4S-qn;#6X-vxD9s1LjL7)%B;K-3I`RV`A#L6vJ4C7@zg z!w()A&qIUjKVT#hgFjMM!ICZ=wuC6@_Kkf4B!sLkD&-<9V=) z_5BbcH!lLXWfgt~WxU)qurI_ReID*P51G(IRf=t@RsP&lUlV1nhOX8I(ga$WRcKp} zz_Rg4yTWVlfUXSNMwAQaA~PI09`I>It15Wo8QemIR&6q~thy?Zc{!PRwK4NJ2{Fn< zY8BMDU5(vsj2`Ji5smDaYE7Yz#%lPr)qU_9mZ>LjOBoc1s5*F{ePk$fd5a3+UU(>( z!F_Xoilg0y#uymBoXkQd0&3lTuvLmDCSjSw(xIq;x)BQRK=)YRXoerBeEh?2Ppxh@ zDKQwvfD7iw%`XJHprqQmel?n0RH32O=M1kzLrid}`SoH3q_a(68@q^}oEJMVHxio{ zyVyz4x_(NaJ%ZEq9td~;9tlFnD%TP!kKKwFrd)7EQywE3g)k)JfwM5O%Y*B3yL43+ zXYjLkAVdk<^L;(eu#utpKwxO*xTd0zesw-hA!njzb|KO( z8Z*uGD?Ez56i7`AB)48w!oFE-ZnAf+8aW+^{odr#9gxNh`dvJc{Vqg48-h?&VfPoL zj#%F=D#fmqf1=2-#@6jsgxkEtM;b!t9-Uv37`v4vf|ol<)o2J;bV14Lo58Gp%0f1O z=bV+*(6zwXfyi#T&x2d6?{)Clplf#joSp_Jl&CDxP-ehmv*0nE7EqLx+%$?ga$eWO zQ0MTjRcsQ!Px+O}Mi1BcvmHkT^YuUaN=zkaOYv~Wo7Qt93YuW3zjDk(Dr%YN(gWBp zG>|%?Av-LF5jqA-txl7Fv{EB-yc*;1P)tMyzJyYPn_R-(?a&E1j-4o+$B5BV7OJ)3 z?#}>EegtV4{kHcpw&|rR>?l!bGJRhO3zkOQ`BoKP$E(fNh?Yv1C|-c_N1wi!K+2?~ z83vbt*ZnYmt+ z>xJ+}26~0Q!Fjpfk-My9h%+0>wT+o%y z=;BHT$xv5m-KU@>qf#jv{UKEY(KE1~J zV)XTA0)3rpgcl0@k*=Gi3`?AVN;ll|DY#c9!>{lX>-!}*ZC)G9?j6-P(bY|?cPbL* z{Uu)dz8WNo+T^4^h1Z8cfXYeLQ>unSrIl+{u2eW$XElU-UWH#`eN!PhSBivcLK)2# z`igBtX%!ZtRE0BI8{zH_FwLE)A_HWjx|lbS*j`EYPQb=1eQ&6hm=H}{keC^~It3x+ zSLHs0;OAwe^Ag!k#PTz+&HQStIZid){c$zwrJ53fv3e0`c=xA{&`bBxPdsQx5BvI; zI(I>CAy0*SnvsrkKSdbm`cI;sO}NaHQ0pq__9tD74wR#yk6jYGH223>8Du$?D|0U) zo>4m1BFu34<0HAfP|7N8`{?!DJ#gWr`-}cJXa2AG`9$JQ3 zw5=?Ds*vdW)6bS~8W!%p4J=qR{Tfe9Ao7w&%*!RKPvWhOY_j4=k(bJGQ)DHU4`I3K zg^iil(Ow;hKSz&kuVs-}h2larXSgvvnY{*se(2PpbKZG;jzx(YUz9|EGfN^ED_~H_ z&`ACyk=0MBTPKmjt2pVyA+yeFbKg@85F4E8gDPHjdPFs}8NMox-a%WBE&nL|YvwVV zpmEhzp@AR&S*aPxx1o8L2@CvM)$!!@xQ!)`bG}GVK+rp5LBjOD?oQ<$&?eIFpmTT~ z1nS~?g?dxP^&-3`(pwq9Cn+Us!##VUN38D>u+a%JjqgG2Xc=!%{fpu`(=L!BTBoDO zfWi**M_2254&8`X(1Te6Tjjl2Qyeii@T)&*FH-g2z)sa{h>p%>DhclSl5THi?p0lr zSo)b#T)B%(j6m$;%z3UHANlf)qF|HE43-vC{06Sd%S&AWF{yu20vj`q}9rnmFg%j8kB)k+Hit{(8_`BdlEu^RkIGW*_SwnAm_eK->uo!W-X4weBmv3*-B z!`%;(9&<*7CVH767^%V#&|0KjwKU*SWj(t*J4NP&X6t#O*)lIQyJ%jB^GRNIay3eq zHNOOlbI^=JyB2RM@=Doi@?qV-#g`Aumm-G} z4w=`J7=9f40F=(Xu0l`oLwmim1A}L}iP5aPEOE*?cq|~0b7e~BDCqYxaO7rsmMh4i z1r3!Kvlw#w6B-4&+~6{<&0LyXpmM_Fenm@PLLZzS_K-S5EB#VL-OcQUx5TTxrh%PK1Zb*Yb&Qr9H{Ul z>Im9YHeH2gjqanzGX3-F`Y*vu=}p)*QU@5YYs&;cHZ{7&ZrcM#OaxowFJZiA5PB)~KNZ9yW$eD5~i~UHTc3&!{}R zxnk0{ydj0BuLf6FjA!=S6A?4KzDm?L}&MzYj7_9}Pa zJw`z7N15ugA4T|WEGavQ{04ibVMN);65Qf^f!yL;kDHzAD|VK|Dt493zzxr3C-Qn} zKX(wzDC58d4c8~raCEU-u(yW;D4Yl3e_jLboL=QC!W;2%D3-7kYk*?)P;4$0OB%H= z2UQG6z_}6)Bbq@_4>r@)b7M)|SKPD_ZLnuJXnHVw2*8DwdG>zC>$)_A^0!8%;F=Gz`a39fBJ~Bt4pA&2UY2h7J zTPwW!il$_RH>Dz)tf-9rl{*~hj9KJ=Vy_pb5Kw_j2F1H73-M&xNZhQ+R^=41GX%er zV^%P#ywR^12FE;uV>oQU`yCb-TtqRf$v?s_9gHd)@NB`q(kFr!7?pPLOyOVAOQEgu z3JGA!)b1GlZvXn-`@oSazddRHDENu$S@_{fWzuuMj%~OYm-vTlP~QE{klYA6Q>EEX z?h3%S2jDC({P?^Wfd3%?es&1%gyXK0vMJ*uESgP%s_GJrGZ6qHIE??2M zs$JpOZKyUIs`G2qaW>-vP8Mw_x>Gwgdq$l)PX^lwp=zjp&eWF1hQ^jFSFX5LUuGSW z3&^L;y11!%roIEC75Xcea?yo8$VOeIjZ;KJdF%T8iKhh&I}RJBG+QnT*Q^(A#n9IB zT_8{r@|TH=bqc+h!UZ0wg;(MPoRkhd9+cC%WX00fHeAlZs93SGV6m9}o|g91$`FGD zcV)D+tz5ZcrM_-M#owY8fUj^OqM(hAuT@I6qUQ;!zT(=Jx3+XFL_DiNGwu{8b8&db z)h+ES+C$bSPW-Vy+dDg!*xv{S9165-nZ3jfAmrhX=VjD@!gy(@Q>#m5e}&jjFR`?$+zxU@g$%;s~p;4c070rX1(=&uQ& zzdeBdUjyhjOOwdeXRF|@{=W^tKZvy&G^DrFL$Ba2|Ib+TcKF;EK>uI>y?3M%J1E^Y z3hwHEi-p^InmZ(2J^L+sThBAuSA=ot&l8+-KY)Le4m&M+vNZUU7S4Ll;7?n8Y`Nv^ zKf}0kD+PD``>ciA{`J_f_TkecxXb670Q~jF3uhbJ;C+I-dj8m=x8rLdfd1tG`VnDj zqxFg4Y2=#=xzQ_2GBnpK>tbr{Xa-!&-K>_ z1b5S6eE|Km0QzPNKf&_vO#yt?SoF4k|2=^It^oS27H+4X=K}Z)SoF5s_eej1;lpxc zKK^OeJ9v$TLz}q49>xvNZwu~*=UWy&2JTFHTgbzqU`WqCr@;pVclp0;(cAieKn6Hn z`VR^2>NDP=rx%Ufvn=|PEc^tu#8m6aFfjCITDYx$%)-Z7^h*SH^}NQSxBc~Y0DUQm zU|fHBg1h`11L&``@RPyM`0G;vd_HH<^VQJj0_gt`Kz|=A2^i{chv%;?+z!vxEPP?y zbn;0Hx5N3X7H;!@L~u8Jp0Ma`fBnItx6hP#)xw!1O*p(^@v+m-Xf_IAsK2e}ITrpA z*cm?Nu5MS)pIY>`o-bN>wZ-RXHV$B1KBEPvJ~p2#E!<8IpRjOS|Jwrif5oD=`9Eag zcKkkJ;WqylE!+;DBU!1#Q2%lGH{sSIxa;3V7QL;{FD(2Ni%(d_*IYiM1b4&jB?~{* z;`6qJ+x&;JaR5U;r{Uk|pSAE>3*RfatIw+zz3s2J*vNo!=}Tmw&ecC=;dO9l^yv`X z<+IA7x8?q00R2}3=)Y&-<1M)l1n}7#fWK<-vGsX00;Vvo{!c{|tis=>-yeXtuyF&! zaI@RD4-4+{f83(C`G=2JYzFbE7u@A@fkkigsbV7o#-%?_a5sJz1kkqy(C-YO-xWZg z3!pcbIJ)}ORQv0Hir_B&$1U8>M>{P1bg(q(R&&?k!!U|i?Q+@?4J;9}T$m5fRPef@`&?hRmcsEZU7o2q*jnRKV z6ld8;WAHViAj=jSgWoOfya^i4<2$9@HqpVqCG?XWe1Y(fI`~Mz;|{({_(U9BK0{w{ za5E3{l7pLh7<2Bj@t3*~2(&zNg2v!xzGV{u85jzDpe3jQbw; zdB7{%mMuJWjvK%TYCq%e1i113|-G5OEr6SfVAOEln3n+Q7( zK8CcmVY(;JztuhKK=NdrWE&&j;Jvt zeuLx}!^h}vz8B-g&;J`3urN>Rhw?v%u#9_?eyEQtn@+meh=kcM@>zVci{-jM5}2EI z0EJdbfc~e$-1R?;H9z-DrjiSGlIutQ*LAO^i7*8)=xi(81XNdBTWkHEIbj07#!r|S zp*i%kt-R{I_)t{6M%CF?>TI8KuXTBOwgv09&-AkAPkP#Gebfuj_{G>g1Ej>F<@h$N z6f3{eB0I|A5H(cBz)IXF>G=Q zcXLk$-rfm!&%+y+m#5!35D&-q@{EkRSWny2g-A$ZUn2KBM0n^@mD=s|4CLZe2P~As z>g&gp61)dVlt|*Rrp$o@yW&uNWCQfxr9V zyZbv=)ALxUy}u;&{zUd@wWaAq%-#UODHAs#B{QHQK74Blbal7WZixMmi5=IK=DtWB za31o}Ui$hfXm!=7)cYE^MSZSTPWzvfzfnsv^|z7vAHXK#_<%Si)(@cv_GGYE0_m%6 zpGpNPZP~G(dmHO9;n{dL9814`Aaw@=E!_Q_3Q{awRgv=$mBuc)Th*e^AK@#c?_ABj z%=MoexZts>v8O+gJwJ}c)+3YQhJHk`2m_$D@fG&|uN|GgV+b5?&vNE%p^3r8b0dQSedJyJsdM zK379N`Mrh*51;*LR$KJkql;iG_?Ii!Ujj`$^M^RL-e!KLtdN6qk1O=yc;=7s%RX#0Q+odviEwG1#;Iyu?@_W>wkc^LVPl7|CkXg=QecVRpsgO+?n)?S_8W;T8VY_ zO-N-bhIpDlG7~M|LE2Dm0zQSVo^+e=jlxAIZe~=yoau+8no zC&FLKJ9P!HF6?m78OpnfdOLb{Rs_LQ)!m;u*Gr!t!UinHiP@0}Zai1+0&H!^*4@d& z!nZclTCX(59`>8PlAS!-C5kltNay2>*h-W`RoLI8a_&z_&3(;WB|NcE{N%nmMAl~4 z_3ztJj@x#z9TItLG}qRTL(z)!zu->A3<7u!%VDlo$N6}V;}z+siuw4~d?o+G`rDRuEB~SLrymQYmSgP&k-Jii5HVZQ)R$>1)Hdd~_D)$p;nNRFm;5G?zOROx z=&Mwk9nTGQPcew%nI{XOghE<-HQciV#SmA&S2DeI zzXo31KU3tn)ZJKjZ8$T~z5%~_w~`|5t#6X0d*YnTE^sCKzMd#O$U`Md3OdO@6VnQ16D z9HLaY3eV;J#EH!VyAUS17h#RlGVrZ;uW!Jc&pxM6>_?27Tp!38Cs1CO=W*_*j{_Qw zJRO(2{t$cW%%4w!T9r;W(-{s-jAwFCI?m0iuOJEN{aRLH$shi}#8|a@YL4kiM=mTtoH_V$TrnXq1)|3X93uAha(v%uAmaN}b~I`tW{9VJKI1wvJ`CBaL8l z^X@`2+O~K@BJ+YF#$^)u_}Y#I|GSdC=Rz^;Ki(~shp<9<7ne)Qfc^yOFi!9Lz!6a zWrkGeH$Y-*&@%4&8(E#%nciK66jYfy5jm(F2RD=<{$tq&RvqP;on!hTnD)41U8SFR zre9&2Iu0A!He~KcMi~XCI7H-y^S#%GRI{y>ItsfaZ{E$yUivkg~dk@WL zxT?-=1YsgOCqjzU)P~Gn71Asj_2yf3ZzRsZgt~~@dA@f{#_nM_@A<6>UpAmvWgsA5 z;daTYh9mc?SOBvc| zv0jQ7?vbbJb^DCk$gM2p^;SDo2rPtRoAJMT?AA%Y3a_1o*OG0q^mZQ5sa2Y^{f6(N zn5f3Srcs&S7&Vn+p5m8R5Y^OpR1&O=szTxJSCA#?&j|cko%t1fiO7PLV!*agW40~A zqQyf1bEj<26nGC+yVpCvIvPiAYQT2-%+uV`T(##kNiR6J;*}U~B2iolzQTDcIOK_%1?_j-@IV~LV)z9s^LGvhOvYo!qFc5;Sp@u;)Z;S__}Y; zw8b0ZJYPh`6V5`=G0rwl6y8wvD7F+cv^*)aaNNk00VO6gWiKtF0QMWTW0Q8=@Ev?` zAAV)sQ;IH`t*+k8kp#5LUfByTwu14CT2mDb+0dR-3+>@VE8;4VoluRF8E`IF6+_HZ z)CnBxu-7Z2H+1sR@T6@w{6uM}QXf)u4GO=qaQ7C9L~7d1+RHv~fgH;>v!7t2a5xH) z^gJ4+g-C*aYX&^KoTm{a@!sB9kjW zbA`O^yWDZGQTejCzEC3zPJMU=>cdzc%WiB6L~W>IKJVK>RiZibG4q0UBxP=K)wuJo zSB)pDs!@^{&Ov)kvtq)vYR5Fg;ZW+wi{M!X@qf1&w9k)YPOb0$jv(qSL;QpGm{r40 zhSl}BW2~a`meN>7Rk|!*5m~JEkZ@m!2f8>J!TbUBrrs;l!2Mg!elXdKwxD!3_OlG$ z4TgO;x4}8vwKTJec@_3ssl8>2*R+cE(v{#fct_U-Bg(@5d(Pq`NB1av_b%JO|^~w8B?6#Z0sD{iTTi$~`_D6IXj@M7kO4X8I&9L%2GP z2~C+&R1lE`4jfrJHx!eKDlcy z0pN!(48T_g;MWDeD4rrt%|r@HiAd`tt+urU1Mp0B;MxKN^5{0jHiDL@AXwp{L$Uq6_RrZ7W+^ zuW8r&4wjC`zJx(rMeJ=Mpx|XwwE_D*xP1f6mX2>N-m)RvI`X)+S3~U>Xzxt5w5@2> z+XwXSkd}_6*UKIT+RB!Z!u|s2NoCYt2yS^;+17y_7qYvBdoc=IE(Yzd@Y|~4vsFdy zouClej&cod(SwrKwuz4|T-MoU1KdaP(T)`>Q^t+E?}A%a3ZB4q&5M;c7%Ta`aIAL1 z_(uy$8J?s^!_Fady}?Tfz!q9R@?3t#8BUhZfFd zZU#R}icZphz`~;zZu5CdaO%T4!tg06#|I4gaNgSBbrx>>x5dJ3|MIX)8dv{cSh%hK zYZh+nf2EX13-)gDPDA(pc)57iWS;IyHj7$HE z0Q@8dy3liZnvq*?;kMi*7S82ehW-W%x8vo<7H-E&nXHkap0?Z%TDUFuL<_g&uD5Vo z?h6)f%T<@IiGOYWX3dcszaN%0LBwsj;{)*X1b5@N(W1BGcWD6q@&NkpTDToCSK>tGvxAWt# zEZj~Hd?)vK!7QOASofdA#%Uc2Xa0V`n%l`v{Q-3@C z)LXdCe}#qH<%41_{3(O&7#i}WA;$mD@drkV!#uu9aLLwre7@9k;;lT+J)>|?KEc7C6h0Fj z{4JrM?BJDxM;-il(KGJgw+p@J;G+dkI(S6zCI_z;yxGC`i~jQ*yjR)*^Bw$dsizk> z_<*zn7CHE1f-iCKjlyS{gQo;Zy zQ!eqy@_|8T$`6yzPZV5|CBC##!|>+AdP?x;5$0R+{9E0h3Af}a$scdp82Kp!$di7x zO&vb`{J$omsrrO5{m-Q9`u{v&l<%%#9LL5!jBK^hANV!?H_t}FOgcA&Q^fsg29T$5 zXP$G#y+amSDehg|xHI_G;@%CvRpP$Vu`vEO?ib_5FZ`k>Xo?L&$nawm*SI(7hx#}o zlnb+ldVwSiHvibfaow|-?WP?v7?6PHEQoEKPt}L>b8pt*ciN8e?z&fN2+?sp)HQ@> zOqi&b5Wb5wgm+qbII8rC>NSKo_)@KS`!ql=J2iq;FUNBF3MX|(BYZg)QzDmf;X)Uk z5y7gMD5tnOf7f*$?)3X7?XsLRP2G2>j~hXEAazc9|IpN_tCw;4TF(uzP-os^R^e83 zvw1Y^=AESOJp;dbAQNlAb~NxSblEmNH|%A@UiP|juXibrtB(fL)OR7W z^TZvoa(3G%gqCIvsQ>lH=rI*Iw$b z7FxVP4$}5`CCdxy%7FvB()&wOI946YN?uetVp=Fu4Gx_CQJ0q~TBb0p3&ASBZr(4- z1q9aW0W+uRVIfoMIjYsO6oCRI9(UIXs<|2{u!W&kklFd|Al+`Wbi)zC2$DIKUhl{* zuXpr=NCr3I;Ntw60o)H$qb};fRIKuhIoJGH1`-#Fyokfm2OW%_oOEN=YAnsd^jRpS z&b{~Zc+U~gIKhdx4u-vza1uMPIshj3J2j;mg(%m5;hqQ7ENDKM^IpLWSvehBehROz zfv7#7+@RNKaIOlP7s5M7dOdg6iFHZ)QcsX@FbURR*6VdkNeTyz%ZWKFjd)$ zz%LZP1Tx7dMagmv7s?osA1xN?^^V&Geq(;Ru9yMVk3YZ#HGcwq}7nsdQ21&45v z{EmaZ>8<=6d(j#`eVZxL-!Lp$jNSY@j;f`O@G_ID6PXvW{^N>7_O!aEcsh3Zo*J!x z<~Jz5FyE`wB4$h@SPSK>j?pU|Fxks9nKj`K)nplz$FSx%&q9{56=%ai({wD>Tj`_! z3iB?{mZS=!L=X3T$r|9Mf5pYcJQwbk(#69o$`d0>m*O#P#MSt17|~u)&UUmXeCD!P z3Y>qE^BbE=zu-G(ml#pj%sIQkQ*((CjlNS>Q%76~98-4Axso^;Py21R=*4lm5N0js zV7`*=)%}7?Q&jDnH)r2`mv+hzY7Wzxcg*|2|Lj1X&*(E9DdGk_7_|SDb7~amH%G>{ zlRej_;+VuRe&^t6oGqil#&3@7BZ^EqW{wlTIWo3YIagwg(FaAI@0`vh0XW-^j9=GW z3&0Ow2b^*%MYKx4z`hbde|G@>Kmh(k0RCJ6z7II{**F9*Fe)wLc_j2BZq6lA=^1#H z;AUTrNzW$(_w(;L0XSFq_|faRDqU)+d7S(?X6kgXQ!yd4aM{9TOBZ(Nc_|;7fVnFB zj4?GMqYn$yhmI*W==m;Per1b3B~4A_DA+nWtpNH>DJg24>jfRJE=*Jv+}KBc`OH}5 z=iQWx!laS&iHR_U9Bf+3vRCwsU951^57l2`U&f53eo}BI1NKo2{EUMK!JMv0z>? zMMIqJ0mFZ?h1+~4TH(Vw#?aeynYR9)4$ucqm0@`DKWg!%g~8vF^jc03#^7eGjylj7 zoQr2^Oj&2}cHz&oL1XXg<2=`srdB`lxY5(3U&F`jyPoLKoA8|M;6~4=gBv~L4sP@`?LQ;eglE#BH+nWX zxY0A>;PR=~IPu-^H}&=N4!x-#-*RwMKN@$2&qhgqf5TX<+S{EUp8Y%B?>$rUsRTzp z-J9>AvD!P?fQG4(^v`_6q-XM($qzwewd)6<)7OddZ}_jPbVp5yZ_ z^^0-Ovc@(>zIisllJ86pw%H{5H`^fIO>!}CR4_hmvy+8A499|K7=FX>?}lH{SnXRP z|8E_uwb!;$zA?t%=KE^A`1!w<%EByh92otzEjs3SVVFb>AkTg&U{}dE{m**QxHsv? zPd1(0E)7{TR?e|n@^Ia=N8+X(K%piIgSo`f-}ww2tDVS74d#%>YH>X4p^nu~tUD8X zz-bPBzjwq`GSDYVrSKa@YeJ3F@_tCYefupvJUJD^ll`f4FmC%H8L|y`KMOYpc5(Qk zj{(5DL$SXI)*OpUT|^6FGWMiKabE--#(&E*J21c+?p^?Q;q{z}RGW{Nsux^mbDt)| zMK(jK6>q}}{1qRyyP&|QO7VFEt`wgSYd)#F)z}#}63GA%Mpd}4AOWskW-B)Kkk@VZ zM(z!Fe?m!IS((}Cr60zYfR&YdR_d`GB`*w)mfo8{9bW&>M&7@x7mQ1L9L_sRySoSP z2Y4yl$MHrumx#uuyr{%#uwL4ba*X(^SPoL~P1!!pVsj$3< z`3m>s4G>}EHG4avDpTwT(HjMMm*n~1LyO!A&iA@Jf90nw{a^@><-Q3#)^{3Y;p)B3 zF`!$n#gBcBl-gLw{n>2Uhq}%icJ1jH3AgTX?k3J?Q0Z%$_gZKeGHL2^?O#uireSN0 zPOI4Lq~;G&FE9Z{=}x8LCnWu*9xlQ=2hul{mvsIRWHp&1th=kR`8twY4sV)$^fGq; zDlhHfeqXg^t;!4(4wq5KW!2@;efO7iMqj(1MM)>p)SuJO4NJ{4VI1yedi5|pkk3Jd zkzY&xYxgT(&NFis`TSr}(|_C=9MM~jkxLWF>`Lr%#~}mXDpj)tok3%}m?7YRWDg?9 zPmv86+@CafaG&z9I}B+h+|5w|FWVIHvY20ZW#B1rB0QF`DIAKF?P5H}`dAp~q|k%6 zL3>VdXVgC+*y|ps!~6j+xsDxpoP0kHzMRbXN&*{Mu;(9B6;<#f&vo!JZ(vWO-o%J~ z_$sL3wy=Q??$_K7Vd81LA@6YynYzAq^#^mugOg5A=62PDzD@N=icnjP6xT%dq6m+1 zfDmrH!Zg*-)R3b1OiNyj`eBnWb@>8U{sVv zhJaM~I^mMK5@CY*BM=nAWf$BR!le)(TcA&VtCmV7v*AwdTSYkYLduX1?4EOg7c>Tr zc>6Mb_1)rm{UmXzph3J{h9EKi#oUD6%(WMw4tIS~`EGpYhCmU95KB%S?vpVWp*GzH z%tc5@ZC(g13L8`r_Y6v2#+&;AbS}&V82amd=(~B-8h61WdFe5EFv58NYnXbfYE)|8U?@vSDAB+3EZ6a!pdt z(`?p(r7wf!rMoJh{}{o+tc013d|<74m0BppFh8fuw)BlvNOf(MtB+UZE{{kV3aT6r zo523#^mgpr*Yi*}VShb#)XQ`T3ove+W2XA7${U@J}c~*A>2I- zq^=tJo=w%Ru*2rd@Pd=GgTe;oKc?1iw*72!$Y-EnA^)lNBMQ#K{HK|a>*?= z6H}wCDYgxo*kT*Fl|=ss%)6XN8zo+L=g{T>H%)h*))SguQQ2EsUs1KT3^P^>a39mO zipu(m@+q9$s;YkoA3x>9T4{`*VpY1kqN+i?Cm#AKZjoAB#_PpZKYo?S<$?>E4ftQH z-Y}-iPMP04Tw(8AyrO9}CeH?6i#2`3#lQz|scRTfI?dNXy;9kSlQ-f9s1YgAO0jk1 ztCPKNE?Rn-uMBTQ*#yoF`rVFIR_<>TAEEXmY!vz9s0QW$ul!$fmz7F0P?>9sIak-k zh=(!p&3C`KI*u8TKEm*ZQE5THg8tCw@I2*41|r10dHBuYaV$f+{f10ESuFVBOuv3O zYYRX8QvvwK0Q~y__>ThcodG!KT>SLO1>o-l;JmigkI$F@ocq~0=V$iCsQd%o^@5u* z4wbHf>$y5z5Igg50A-6AX0_B^KXN%vev*sMmUgUMh--`f$_6tv3+CR%gNeJAsXYX22j#Uuc7!Y21?KKUKGMxqZ2hv!Tp)8qn`n9+_yoUhf_oH0@|^ z=wT2QCi(akG}mUz6BeMzsiWpkkb3;=soPIL=uM?d9vi1M0MQ`i>w1wMxzHH&gSo}xJ*eCU|%KGj;|*KclG&;MQ_K~ z1gRQb`k3IZ{+C#|oqleza9f`r1n}Q((c9r;?+>*3|2cq9rHpw~PupK-ShyYUi!Ge( zRFmHDstm({{~P%OL%uWyzgut#&OF{PIMX(bq5p~CrVcdtF2R{MX$=07;0!|=gByC& zwl=t#ql_r(0{v~Gc(sF@v!`nu{9>UW=imz@U)4HzO3D#az8ZZt37?4$z0q^BgEtGG zsDocGa^nte^ziZ}gn!;NKB{&3EtzMgIj3ZuDH_;3hnm zIJnW%ltV_(ts=MGp}$iSV9LRtmvU;AgI7uZxxvAIDD+(pe!I|jJNUPRevO0g7ksUQ z8$CBT_}fB%n}eG>$8L9UqvsbK+~~Q{!Hu4GIQV-d+%`G5(eqmleuvQC>EK4s?>o5B zv(LeQEdIUQ!Hu5%4&EnnBMvT~AvYeom|$Ssa5nuRHOT^dldeqr+Uy53xM^SiUtJq; zgOvX&u<%o9UgR0HHejR7jheH#M}nSBT!|*tW+ICd1()V2A!Y7%$>uX~ZNQ|b#1_7qW^Y>uM|&tG>SK3eA?!AHfmsQ7Y7VK7V&QQ1+5LZUDjs& zt!o2zh#fzU?KcCY3fYi_&=?W?)kN7;P`i+uZbByl-aA+M7){Qh%Ekgo$-amKyu! zgv>FGJTN8pk{j2{o*MdQFoRX{rCXf6h4w42yp_7V)hS!~`@aI#XsDnDsis*t? z;q{9_kgL>GIGG+Vdp@Pu=HBKwd10U&a~rXXGP`he{v4cnSO`~49D6sv#OgYky^d$+ zk4$E^He$EghZ?ghFvt6H>isxo4yWsPS3gPLW7kWB2hY{2$zYuLew{iN9Lp1Wk(Rvl zIiYY*ns3=JCiYC*Uo+7fm z_@#aXt#|Wws%S+g&m4xZ)aN*(SC5Dhm*Km1x@XfvbtM=gK8ogE^2i5MdH?JSVOsOi zf^$poI<_Sk0M%YEPGD8jc)z)a88&v{7u0txUe#O;2R|@hJrZ+NjqqA!y1!J<`y!mG zR!`4;1yZRmjs(v9mVs9}0H+9W2~!;6SqZ_Ip~BXx`v(@GV8tqlTAVO><65=LTE8$Edd+~A4NFm&at zeIBzs(va%7!BNTsZRle`oi8I%guC}c??iUmL^Wl%2Ol_XU55;q8nigpkCkJ_a9;@Lz<(FkAOw?L@BmJmF2mQc;ai_o z%5Xd(bV2KoZ+a!W4(wjM0k>A9KEjOuU_mXV6yi>GEe#c&k)=_iTsI1UX%e|ACKOs>< zi3E;l)iSm;A^9c4@!d)a7E(c|UF|41mg%qSZ-DOW??Gtf77bS5>%gJF1+bAhZdI(P zqCSbEtgB2Z;i0mr95@2&4LoGl$|S z)Ndf164|+xb}^ZL_K19nXw~ulD9HShH#qdc%4!hsZV6m3 z-c4O8tT0I+a1*u2eVd}4LmN@qRqeaKGIc~!?_1rsby&Fj45V9JhLLL6G$hR*N%*;^20yHl z(=X}f2nvJLNQkVA&DU!}V|{F>qn)}rhUb=_(h>b>ojZ(#P`>9UlFv7@^C}wT@EWpG zn_hE*m5+tuZiAOOtN1%Rt=tB@%(cbe*=d!Ieerj88n$2;1i*dqcXnFDu`mASQ3*PE zA|0y~%GJHhB(JHSUFQ&H0(BU33t z&zjQ^ni@;aZU{||)z5C2(R|+U(2P0B$_+7Rr(z(2|qis>- zilwQJvBS{~J-cCEbHl6|v1FwA;--ekn2zBg%wo=*b#|nqZCP6@&bW+RI%d&jk)_LV z_~g<>!$Xme4-btwx#Py+p*hRjSFUJn>ma|>b?t4DF|Z!AP=+1C*3j&RX8d0`r(wpF zhL9-M(Ad;`F?m75nNuNJSdZyATZx!FrUPF3`!rn9?wY^lG-`G~Y239m3xJKL1ldhrSmExGlr{$L_E)$LmMd zS06(|+8+g*9|+ELVH-WiGBm{ax6M}dF*Ky@3pP6i?<+v+?P0+maq!0kf5yRoCAcXA zjrDH9?=yfrUl3fibsRgtwPr7YhGmXxN|7J@aGveqhXgoHsFX?b`yGYf$wVBKyn$ zdfrXx$A6aa=@&kxu3IShZoy4`*D3g32hRwu792qjQzvZ{ymF*Yi3b0H;1LJsoCW<= z>)<)TqYhqzK_b#OIXDN8RQNb}o#5>bo)ElCa8)l-<@_W?t6qeM^F5a1@b-@7ypX!1 zeIeSjSQ1z`cthK_rdDYzzkaZQ<4pC1oy$@!?IgllLY!U66YKGFhWebKeoyD`c=f6X z>dsW}3OP%?s$WH{XeSZWM2gQuMWp!FDZ4s_j8`1SYxauscttaQLclpB^@*7+*RI4W zz!2YX)_sS5VK^+-p7c2!#63Htb;*jQt!*u)kDyl)rWRf~9*3Cd4_P&-!>MhR2HO{| z>}YFQ)Ts{b?;*y4VbE2`KMX?TXH6~VK zj>n2j_0E-<%a-Ti)GBd3r+JF)s;Obd?Aghdj;mXI57k!!o2E3+YvIbs;w6>Et2_&o zg@aO*Lluh47GBw*wO1I|Yc6&$(k;Jc5KK}ZnAELpD+jYtOF{iC=wijvMZN<3aMB|d zed!%sttHjbpo@ciIf3l0R$i|aJT6a`J7e*W!7*i)2H>By@RKe2ZwOBQ_W2^;vFL67 z&sez4X9UV^8tP-?_F4(HX^fucj9k)x#KMoDA~1ZgJT~-U!Cn3_i~dN9zRSW{W*a_h z0{EDdc4E;|6=>KftwHE!6n6IOue{DVAD>(gS>v@`m*TK%nooeA+|6%aUEZpYvQNbyf zVQlEHv*_7IH~0pN-q!PWi{9qH#lk08d|t3{JDe+z01*uJvDbbcZQ=G>(GvuB!{=NJ zKLfms{_`#TObc(d@UtxZe7Cyobg*4TgN|I}|Decf4_f#MmfW8O@Hue=h+wEs zHU5pB6D)j;g`Z>Lwp@;}(U8xH_&0nS1$V=_&7!x{!^bUpw%HAz?^rm`3pcn~n?<=c zpIfEfPn=bsq5rAH=X49lt1_hLe-{;ok%z*F&*u+}WTQMjAoZ(=&Eso@f$6Im{=*@U-QtVB-GUFoc4sOOdx*gn%bKLIWW}M?& z4sOOd`W@Vib3EqYW}JfyE@+INW}L&E(`Rrq&QVFgqBr9lJn!7b7f3-e(ZS6)N7BK& zg#Q2P+HG@ZmJX%CV_$4@4Z(lZ5Xf^UEnv)=dIl4tOpIgf@FkjV={BLFc zO}|9(@C(1LYHjaX^&5)@H~bobQKwo>p8vg1S)s+)Gm zV2KF0*s*l|PcaS&ork=!>Tzi2x^=V;Ub{Wsf9>}8zu^v!RZ^!=qo`6V8hTG?WT>#V zgqd}=TI%`cJxzG$N}>T$a(xMwxz3BKWi4uvNfhV(u&0t=WAZdU{MVRR>pHlWL@i-? zH)~DYwIzesl6XaHL$cGnZG+Z9FmPM{mL&p*bY}fRhLW21ZsdK{Gb?Im;ZO}6VvqAS z8qnrte)mWNBS}(Wrai;7PeZzP^;Q`3C)VwQ-R@v)%YMtj?boUUBht-KYU66ej#x3H}PcRb3p+8GNIpq zCyj~g)p#eLjRaw&3lQSiEAcxOTEM?4c)x?+EBG!4*K;j8-K!}PHB>&^463(GOU|s1 zC0k}ror={#EzPm|WJAlrhuW2UHPmiT7!+7@_?qL=G7CXzgv`W^16zafiZMsg7q+*z zELxaa=#b`N6HYAenOaQW(#%~me3@np&bp0;ILm*7+ii54&y6I8A-z2Y9U%xqxprNX zRA>P=>0*I{oA`J83>$@RjYDtZ{|gS@FW<)A=(9`k!)}BAH(mV}fxgV8R<)#j5LLgS z&@bd^9+l=ro5DFo%AYZ&j?IL{z;-(f+8!;&9b5$`R7*dpSE4 z%75R(Fi>B59lw6H*5@9~J>%eT+%v)s$2}wFaNM&3IUM&KoIM=(Y|I^w`}ZHFdls&T zBcFxW;kaieJskI(tU4U`qYu+PyGDm0-^+6JU31X+ldV+y`>*HU|KELZ_~^DOn!K?Y z7fTycR>l{QnNylUAZuu5#2cn+!l_)?-w>OjznY7_%tt&it6@s>%vl#}*P(b~c2hET zaWfYBYiCWf5;Ih5yI8pX%Il=BC(5%!UpFwPn~Fg*C$LMYAFpf<}_jrQFB9F ze1ZOrs@$!fg`-kOjgAbAPz@LE&Ti zV8g}+s-`SVTg#;~?we{{o8s?-xj*{czwW~z_eP4_r!e@TK22ZpQ0ZMdx9{WHAMD$N z{(46j$t)z0(KV?!)g%!EAnJ4X>?>8PKt@QBp|R`qc<#^P4P~?Y7AW zTjaxUl@GtQK5jSqVBh!Qx6_B;uYKI^^})>DlD2=%n3(O~aZ>o%{*C%z&4StdmI!9^ zyTQk;S*L8vxWk98&j&N-1>0_S`_TQx2P+rFY`3F*uv#B1?t{(q!It@8T|U@tKG-H7 z>~0@ymk(yvrrCbm??Y$SblG%fy_JobwNN(ZNyFA)QoIg&u(oyvdaU;OU1J_ok;T&4+6&Ox#cbULYvo&#S!gf5{pd@O zAV?n-dZW+#fYV=5$6vf5j`U3qJ@-u#Um&>AGcI_$;6|Uhf_DjS~N;0fiv7TIP_-;zR{6;f#7!vZscArc)!Ev zqrg@CO5J1PH!bwL9Qw}+zT1)e4Z-(1a(^tinIJRq`xtN)zm8nqGfn@x?Y$Dv5jS&c zCVtr-AYO}br7`~Hx@zK4!HwJ)a23CJ(is0UPo@H;BI?$9dH%Dj@+*aeWl-xvCRhkh$?6)zHxCVUO1?1kb%IA6JT5r%H;tj6CwSDsmjI{SekqrXf3Fq#CWoGPKTw|q4*og8 z+Z}w9;9U-WH*gisj$Ga$LH-*Y`sW1S=-{sjey4+v#CSgW^gHF3vmzk};F zXI#|KswZ{0v4NM1NpB~QOHKEqRbF~U!k;KAwb3NnLqJX?Fil(;YgIebG@+HXM3S?Xq zGj-?B3g1Pn3$XTL;k)1$3oDl4&e;{di)0jFEu-*VkYQoPGTeE>!grC30<2{ez6&xe ztXPKc1f>HONptM9NCzy)buEg8JCmjP&mw_&REx@g7K9X_V)o9|Z2q%|eIC{9^PdIw z1*n+4&tz~BR3xUzMvE$f3gU|4Vv$9Y(dMiOJG=N2Xsvos<9StKxz zYEk*mf{+4K%)YP&f^S7k9jko&sB%94rJO0Ag-W1U1W#bpdg&UgP*xXg_*PI>eHAmw zmkXLx{JR*@|`?jR`BEjS;Uk7&MRtI z=w&&yS4NuQ>Wm0`t+<(2JsDIsK1JGN#H;Xc)(^}Mz|$6foJIfX0DPN;A8*k=8i1Ec zdyo2@WYHfLfKRdTaTfjT0G!te(2zgZI~)IgIso5h;b&U(j|Sjn(*7iWj+GkzM+M+h zEIew_&kn%N-H7DhV9|ftqPOvF7Jh+6|7ZYSCJBiAXIk_}1>jRGyxF3k9e{H@iH7{S z-r9uErvvb>1mNEbz_(fW0*n8n0r+zP_@4uCb3P9BZ?pIxCH){5KOq1=Jpi9#;a6Gw zX9wV|0XWB{XsD0PCvD*?V3!a70Q@Tf`2S-;~~aGifVw|i#(Bx|_Nf0%~r z{PDIgRJZ)sa6SI{8m{v%(Quvr~>--;xqxE_DmZ()}2dm6pY|6>i;`Nwm=V8%aL!}a(N({P)C416}@vR)~CFgAip<90ys zs~y-^X5c?&e2sxizb@-#!sjlgPvd$n_=CdV!2c}#4SXZxvi>4`UKjpcj)HF!{su1d zE?Hj?`Xm@giJV{X;~AIzMuKNBUdEL`@F3%B3>^C$6n_Jkem$*^<1T!zVEQrxUm^Sr zT;_Gj4x4WE)34zLY=)N4W(im7XMu)`8IT`8q)_}^1(bc1`i%Twsv7|%8E9gG(kxGHFJ3mLe?L&kx^-_LZvGU(ITzQ(`f6$`_P~-W4lxup|50oFaT15*D;=I;Ps4;HE@Y{o`E+p{agcYWqhfDw=sUBf$w0v z-oPb2e=_hSw#zsTR{Z%H|2yk~r?FkyPr(C>_u}?Ya7kyfffq3S$p&7=c)-9b8J}k0 zb&Qu9cs=9S82B2->kPb!@p}xsm2nwg!HT~&#-B0hcQ7vN@^>7UXJT=FZ+!1I_-zJV7ozQDlC7_T(&O2*~wdWmNp<1#K1yq@uO2A?&Iw;Fg8 z{cKNSU9=;~0Frxx{~m*k5yM<6+N3AVK&3}(S91J1|wtr3XT2*$mo`T?dteD`A0=0 zh5Q36Gyi50<`#Yv4=78?T~~hHLS~FZ-NLWWbO;L^E%N@i89rpc2tSSKL`y}4NsVx{ z$gkv^=u5~&%n>3oT*&@)3}%zImNCwz2zfsH&o}a4;xB|%WN=Hr50_+YI`k zE{G3Sy&DsH+X^RIMR^0QqCk=rLr)PO6+;h|&#wA5CNwU%4rjZozTI81Zbw#P^Krqd z4`V9+V1>_UN0h7GyuNAc~#f4<0wjr zHPgv0*f0g0op)6mgJgabH)N{bDH;L%Hd1DW0q9c6|4B26b-;R`5nn?uL% z92XxOI@&5a-%n31TP?%@u??tt(Go~P*c+n$&z)+8htlJlp#WvA%AM1828cmAWr@EL zwOt-3jiLPOl6I?Qyu)<7Vmf1ke#fA?lLHTrzCtX5(}UBdtFp1eBP@D#{8}pwd+@*Yi%%6o?`c}j0$ zA5Q+MP&P!%8`*!E6+Q%d5uTOB`{WmggYi{uv7w7q78FskR~{9c-V~miRI|BaRF3_% zWq)o_rK75SmKB~#&(V%_!V8a&w_>uL$}*|uT|87fH9lw$PC*?O=;Gc zr$WbDW6~8#69K;7QFM0Gj}4y5Gd5-{n@RCOae zWGq?q2lWAd)V-HM+XganyoEO* zA*m`hmL5(FZYUu90d{*2`nd^7D`UqcB;ObpOz^Mh6--F2>P>HO#$MS!A(aq{0mXza z+_VPJQ6)m=-o2fp%t;I?P&USr4g4U zg;x~Iou>;67f`%>3yT*Pl`V^UE-zj}uP_(y?P)gs9W=GsOm=Wn2C3rk)jFCQUt|0% zYj~|1j&ZTz7#u;Nm{FF3$8i1WMHtFY@MVmf^m3m7=m%-^|L~yyO5?B758(O+KDaGV z!aYvI^|jSy8m`9^Zx2F&k4|66^%FSmg%SSE8jkt3;0Yik1$KJ=3}PIb9e{FEjn!I*;j0)#;w$>rwQy0=YUvK4tVsFL%iKQVw2bplG}ro+e#oU0R@ zl$v3LD>$KVyvkrM`7eYQkpV#k1Yo_MJN~U~NBP08_?Pl?3maYnT%qbYVqhmc;4c3A zk=ZOexVLdYXBhD}taQH1-TzW&;NvR=GfkQPm(DI+aOvW55iR)BPaA#esi$U)9-Zzk zTR3&}s5HM)`z~A9gh;XqC_O;&-ur#82Yg?o{jJWTPMZ?bEPl3Se?_xi`{k-HcZcR$ zRdi}C$9^_+y3Dw9?c*I`0?nNhtnk(Gx%LP4wsyoHlUc|&Xi^xQg^7K&N|obg(;Si} zR1F{^Da8yTbm;1=@Y#xlID?xmL1Eog_b@frq~^g56ylp`y0#t0umY$H6&HF(admHO!km>Rj4G6>0`G* z#^OXmrRr_V-fr0&XQe+GoT)nd=v*7zrdsx=4!hBk97^nQBru>5mQeI|tEnX=L3vIb znnl@Fv$LYpNtZ6Js3SbF`aa4!l2h1UDXua%Cf;g}zB|<0i5uk?i+>P=fY*|g#Sw@A zJ;)(d(w)#atLoZ#XC@y?Wd|x5M|N=nO?xT6dGX;iYl? z;4eu?J|`h5D*8!%ZPgIu=OiZA=yp@E3!~^FH$PuHGvB+MEhvA2Kt$E49rK>{l|9vt9?x3}pp^xs#Jv&30KEOQkScmpq+_QtR8Rp2M zq&@}+aQmh&Al&V|_goKpG)&+xyoCSt9`rXey`OX_p}&L7!b3Um&jX~ZIX>HkejVA} z=$~f#fI)}->~4H+@xcF!`N-T(edojncl5dO`I85}p83ci zTYdY)XR`4670Af=Zum})#8rys567^&h+AanHCS&qJ)(0P@3b) zM*yQ?t5cxl?l^m$5Y>2*NGQ$VJ$vC?U-kugvnOS#I|qCaCoP&cH)HXf`8s9M!ZPIq zU8P%v2AjsdXfesJz#x(!iD7z|6v&xIKJ7}?EHXbjiOl$xMb-j25R{1@@4(&gkskPX z4adAp_)qn~OEg@M&o3D7MY?`2@(~R`hRnkM1r0}EBKT(-uJh?b-w71>`{_^UuhDR% zUGT7mr)apGX9S;N8vX+wIGXX7{e)(?=WFyQYJ4u!a6MfsG#q6n@s#l(_@iAC9AyCo z{1EyRJQW}*;DhN;aOoF->oPox>`*5Ed z{$#e-YPev4{EVZRxu_K~%D^RGq+EpF&vY{lddV-z2cZuzU9~}<$M#hQUcmMT3|#oi zxi;bNN5V-R#k$}HY&T`1($6k6=p&gie95wfp~5*N8x55^da0Py7PCP{(45OC}wUjHgzP}1tE8mjTf3#u1O*z`9 zMz}+JJ!Po->L25D@XUyCbPVEuw1G?bqGyvk%x3%p3@kPL`we@5>}cDd>&nj` ze*uG7-|0htX8z40%q{#T4!@55i{=*t>u6Wp!ms4;#XrJF*k<_i2}Ag4^rx#lFeNp@ z(IUT+Z=x?D7cobO$grIK>ln-?Z7pMFb*W_ks|^nlf8kq22DkJlaYgsDf21E(TKr4> zg|itpK|XmGJd@*r?Ci<@w1WQNLUA*g8_DsMA*Zq2_9qUT$gk;t>Fhc4E?rcyP=v^P zlOc~9oz~<1X|h)mkqD@mI5K4H@W~DT0GoBD=i2X+(6Ak@tNT`*`B%gfJD&z^q%X{> zdV&P0+lWRHh;FZ68AzyF-#0O5ee<LdB_Nm=%L#7J?- zv6~u@VUtL}oS_M!Sr+P~fkdnJdPui7s;xpIsHS~JBsE8#vF}Y$esOqv{&fG zNPZ}X&VNSidyHR(7C#8S$5AMc;$v{wle}6*nZ@Nw)@;P{(LKlWU^AX|PW(RV?;AfZ zXCgfe!-v2L{HH)9g)&A&CkrOf{ql%+}Ph#6?;j4+M_i9Zi)x#YOJi>rjXRr@mEbcl<9`>>)}8OeY&$}Dvx+h z9FRx8ErObWllnP+lq@$Jd%s9dyP{VX_I^!FNSoVj>(>Pak~IKvAIOzrPrT-lPkqza zgaO@oAu3)9L42PwR`h4FT8}FEj=4GTGLD!kBQj&G2fUtfRR&}}j`1b~hc&LtEXg6j zSOI+69II1aWFEt~U(Z{@0*p5qIKjjpqoS^AGFf$5aDbhsFfMk{;q12m%)wD(yDPUl z*RdYmbygVl=XMu6*1vg}5hWy3$OEtRz<=z4qwja)U+;n6=Yc~8;>PDu54^<#hs?x{ z&zpq1$%x-#JU}{Brla{tw#b8)BHx@vv*%?fO^MIQicMUkEh#RlD0i;fBwJbeyhS0v zMRb#A)D^ZOhu7?~5}(?H=6*rwxXH6=ltkf%miWj#XHmwSd5d6D!IECIpt!I+VnZYd z)FMGPClcdwrpzv@U^erJk79$(ZO+@(+<8TA1atOSA?fHnb=io_&4J@v6q&|YGDDg4 z80$g-M>{L@w*VvsdDb zHh<^9kJ0GoX}BJrRT{3ROTXhqPuD*+dY%6l8m`N}4(1LX@zK*8&~QE6^E6x!*H8YT z5RCpEq$$+Fv8RN+`wBE1^Z~Y)X*lS4su1A`{@~F>e^7`Ul;Gk&)qx{;6Q^H~kHiI} znFf6u+w%;(p6&StF5yZ)Bk}QbxZ*B2d-p9h__VRz&pP6$$5Y}XxbR(I(ATrQ*1((C zevg5-vHfuam-r`fIwV}l&ja31XP#knmmSewQyh5wH*LP7Jn+*Wl5F4YsY%IQOqhEkoOpnwq&^QLGjJAlz)7i}8{rBLT3ww?7Vz9({}^Y2rzty< z@DC<8T}k+&XOkn$X827Uf2sGv!!HKb1Eix(g08DH9I|^`wD%rni zelf6)@7pc>Iu3sa(;<9>ZHB*)Fr+_?{&dyE;qOg$bOm{mywv?~H#3wSP1-Q~H>-=B z3C}k?Nc<(N6=ZNre)fMkb0ci(;u5wPZbUhyv z^{?hZ${IC|KR?%*5h*;ApM{ zpAV3f$>%BuR`e)ap|8?#YB>6F!T(Fc57F>HdEkD=5g+`Cq9#cx!3)@az+=UK z)9}wv@x|AHafPk|Y-!d(GMjbOYwVZAO~6+6kM9=YpiV$Z--$LAxY?4#0CZ6%d@|91 z=l=Tl8v9B3=&yAp;fo$1N0`%eA~GMw1S1Sw{E41J?qb$SW$vtFFq^b!XMpK-5_A?5 zqP@|TgN3Za%h(@7N#Ox^@$WhI;R3w{#F{eG zk8j#6dypq{Lu97k^p9pVGQ#J}Y*z!?B=NLCyUBI~kv%Y}!GZFrrn@dgS* zU+9V~w3S59C19OP=u`KRJ~Aw8gp_8g8fAU;7-|^KA+(cD!#yO>xhx`-h$S()@B(*Q zsCBglKRHImf-A`qy|*Bnmb{+t5;bGdb$MCFhpB%f@3MU13 z22x`yk~k03n^b|7)OE8fdLgG92u`IC=(Ynzj`h7RKuKNj0$#bB?%a0Zr$t!Hri%%z zmaG)@fsw8Tmb5gRSp7F*MmG!`YlWw!B z3vuYx`D0bz$#eB$TGjv@bO*GaQuXTL(E$$|%CR(a&Jh?ANey|VucPR4jO!`@#xWY$TM+N=xoGaL{2{BUT=@p}w zDc^$)&w{RvejfFrdyweNDHhu6BHsz~=k}+c3i^S8^oys{(dyBod>69@>&OgcC5;^& zH+FIeDEvLD*gd*-?~_gPz4>?RzjPjZ^KbTPx?h<0=Kny$H^VdSdkg%c^gFIa%E6#iJ$_?W`K z3HQdVjLS~&--vr-R`d=gq*e8qkdU{ue?l4owDExmh>$itOr&^$M=A4I1${qwkS|vS zcHgHA24%1B6Og)q@&t}NgTgo+>IC`&?uUhx)QL1Q11|tb>NH1Fziu*~Gsp$>^-Omx z>k}DoHSnp7lNY5_T_F?ZI^a`g;OIMmw=pi|4Ven?ByIo%uVOsFxXhJqV!VzUL{+|o zLAlA6ZYSJrf5P322S|qss9)#DO{N8xo}5*~z#}SYQ5N;{NA=rVt!+k8pYP9%LvpIC zb;{D)m!gAYZf4wX;IO*wf7nR4)E(W+-#ze75Bv)cyf>Ar8~;HbxYzwPrx3l{{)9}% z0~9_~rla}BFQdSJiUZ^5`2L0=-E?7^Uo7#R>y z(!TlJ@uToF(&I!JMRGPX#|{tuPM$r%dB$;wQ7vqy9pf^g|i%MQ+E^pU_{V;m2us zg$JLTHF}-TlNzq``BdXGMB^`SrXimCz6`m?2RP(?63>wUNI}E+Lh$<;N4n6q2>z-@ zk3L6m{f(F7G~CbaFudvXCom5FI{iowdP}3%^QS_?bv|EdxE}vY5FjZtK1Gb1@mbl9Ni!7ab^J@MUL8+v zLf;<&k^;SspXh;~?t%NkgcO3&<*yibKmqSZe;6Y|6{z3t^ko_jdhuVc;ou)&`x*@g zy^L$xG+d|Oq2ZuEo9%wipKkHjaL`X+`T`Bt(<|c~ID>u?)7KmH0menbb-~#hDIdWDT;5U+f)}s{=`RJBc;^}XC13Il zyq@g^2A;(BQUjN9UYUXW*}l}kWgIE)NDe1SQI2AI!6jVF!2N8WY2XEHm-q;udd6if zOYm04SFoj7lIO8@=e?YmwYzw9h3B?qChl0QjQA@T=MgP*S`LT?vqO8_SMO) z=yxP`ueGvGSjZ$L`IkUuWNkb^Qu5t-t(BD;;X1w?9%6>>wN|#T{=L@9#D9Sv7@4_x zMD%RNxONmZ)f z=#M{YR3@}HZsBho>=633@Da8d{zAe)lID;{ehZjzZ)=5^&vFnEzcAb^0d+yU(}u|% z{_)-Gs*e4yHkg}iSCA*S^zY(MOHcnmq80yAf8D}HJTh6}pr5fj#>GGSD6{O~zYGOV z>Ov#_hShVQRPy1D|Jxib@@x8EO1F+Kx-_y>xYvDBBTq~3@mgU(gfA3}fQpH%6;4Q{ zJIERkC)_DbSBb$+#%e_+YkhPH_2sFF)pZ2Y3K*97`dMFW398jW%l@PxKo03o(%Mti zmvm?KtGlfiKCr6VV=A_ok;h^4?LV@{aJJtjr^y7Vl{7zug#0G#%!wS%(6Fa$Xa<0uGtQKnpNA^s%nYp z{6p|Bv_!DG^KD-1JdC2}Ea-F~1zncv0%}Fhvj0V~OuT6aIVY~|Q%%c7Cs6vw?oO=1 zl&b0jO2NjMsxRXcZ=OzeB6(~#ky`1yR#zrgV+EcdvVlo84pC$!uALBLHMhm*r0>e@ z*HraoZ0I^*u{stPnhz{a$9jb>0M<*#dWXgV>#bvbLc@Xe(XqavBNEqM&=*j!0aHpV z{Y$G~YhvwvFykm6Ektd$60_HL4vwy;Vy)*fB1mt_855)e{gon)QRRWaeb(h}}apN2G^XPBr$7RKcg9y+9?46*k z+#7AM0ZUe$TfS&jWk9DOJ8q(&D$nvQJsA04GZO1VYx{JZLVC^Sx9$T%$l4(@?(TwkYMqXvqm^^gQAbQQhX6MmV;eX8 zYQo)QuGcUgARQ{x(Qqb=KX_w@WHTB`1r{T zg&Hn(8}>B(kOGd{a|A4;3e<0R`Z5g%y`Sw;cHqNNQ!eJ%P3Xj*&7O%PM8lF4V zF=0>Vu0L=a&=W7z2VJ2bLVY#K_tihzY49}9_=x`#$W2!gzUbNH2(uY}0Ru~Q&t&!+ z_5j)OO+(jJ0Er@1pniM)epwrbA7KBY`NhC`KIv}Z*K_!K`2k`$B6~plj`XL|pRW91 zN@{=Su2a~*!zKDF`7Vgp+*R(UStW$5OZ)})n!Bc9Qb|h65A}B-{fYl%IFdqqj88=2 zvQIX^ju7Qw%whWXn!Bd*_fxI7MSslnqwg^59;jDy{P#Y0ExW9E*}l(RGe(UW-P3)p zm3^Y|4=AH^#s|~DqR8gU=oy^l-Ot`QI}PbQB)Z=u8Iuq`dNZ8Z$ldbl= zoI7BF7(wN#P*=atu{{EH8s@pB%LyTTK2TrQ>UGuGkKx|<7U$+D}B{JdejIz61wgI(3r!qJ8z&} z2lte;$Sem0TW~ZzP{7e&2oCu&6mZlX!BK8dX1FUI zSkdcqgI{R4em3bI4M!g%{9n;<)N#Q-)9}F>ey)b=@$@r}cyf29kZA@k_3wbk%Ksr} zoaFv?PG+}n$!qMp2?b5c&z&{$9!AtHC>c9Ib^zS$zvb>q(CUiWMIf)S@4ou?8vBZW z%vW_K;fo$1N0`%eA~MT9l@SIm{zT6qcQNavwQisbE%yC^RIiiZBmOI4(Uj!BK%Qru zxGRu!q5R-i{7d<{g$>^E93fe^8bFxvfV=qbM`p9^;jTV>(jHfq=#QB#USq#x?y^dw zUX{u8zjXGJdD^nY-q$VCNA`H^7s)h=K|sYq)-BL-I!Bb$TbW^1+d2R`_A?FlQ@h&f z(G_}srLSf8;n!9ss@GOzEJiCFuI{Rfn3^-uc?-lhciyG+S{pbUO7hC=Kh3&kx*KeI zY?V6J&ExkV2S%R;g)~TA*Rd?+>hyg=m+yitU`*;Y_*EJhTf1q<=l{MjV)wBfzDZpU zo2SLtZR`l=p2%Sxdb9>z753ZdV@fFp^byEUQ;j9SO@3+-?nZwB;ovWB!k;D^5sZux zbvcUh2-D880yKC&=!`=S2^k#-?c8 z_;mvM;Jdv;fJR^sV^nyN`|i8HK>*LuX9VVD%yq8Qho{KMv+Mfj%0F9?()+e&s(kUk^I|DVo1gxW_ht(m zAPj1$qeXrtzXk9bd)IPhX<|Zr69`A@medWjtH9;^A)`_aVlZ^j>gr^&fam`D_ZoXk z_~w}m319SV3fnFIZG=N*I$Gq{A2B(G0BQI}q3g=x0+ITP`~zg>ALg`f;rls)c{)=v z`we?O+1EFuf7yn2<`cm5`t}MVA)qS=-Gl zd7WgqnC0y^+{NnU->h#YfAPQ1y1_u|_}=`>H?TLlp1OO6|36^vCF5;mX(cCI$8L4O zRvQ>wyJ@Ho|4DN+%%1c)+EOjXZgaGuOkc@#d0prso$0RJ?tccA+nyLmCfw$37U4z} z2Mcvx6?3L+xA?q6IQR!h zhZ6eF$?P^K#oJh*&r{S<`eeon4E!X<%MAQX!rkI?t_OaJ2fok)$D9$JQc;)IH%DfU zU7KV<@vdE07mrzGS0eYhWmg(whS}B8Wu9pexXm`r*yb2Xr5PnnX1gTFB*FYv4=Kl) z)@o}nGFKg!6Is+DND<^sABS7wgd!(+DzEww5*d$R&Z^Hf^|`E$AJ6r}q}S)NI{kQ! z9({<+L8p4)MIJcDj!+0!=Og_GhES-d!e9C;;QG2vD%qic52in%&jd&cIOYL@qdkE# z`R6;Z!gcSNun#T0Nd3vRgJPk+ME7@MA;h>jvNem^Mqr5}~*dX*s1C-@j2Ro)bA=b3%#7{tJiSh0jNpCk*>4Y zzDdK;*NF170plip>@>>2lh`il5_&)52P#XDa+354{{rU!0PBKFe*JHiJzT^2A)1tr z*u7*ATY2tNi3&vu^&7@`SV&3zA4X>2aR4>7PBZI9W*31@CKGt>uYWJugM=^jPy&?j zMb9P&xA^;+V5xXy-EY_fWJenYU03-m%qw6J`G@JSnSWlghk6dbmHmt67X$10q`QUR zz~S#;I)sm~&G6?FhM>~uPggSM9-)I|=4eH9^dExhq<7*2bWtX4Eztlo$?F+tFnCD( z1+F54Tl!b`cPN^e5b4L*PW(&#bqgC_@})wuj>;0JAIpsd8&)N6mY@)> zs8Sxv?_KtAMd5;|=wYwxo*9{=NA+~i+YU|(;ucU5JaE~A8bMtU%=Il=92!?#vY5mK zWD1sqipy09_>sIa+bpxLnC=k<`)QCe?&keJbne_Oo(v%W{*&gq_*V3}Zk`r#x4ABy z|8G6g=ev>e0dr1iqtT8*?P)#I^_y5a8;u38BhtsG&-)@D{!{E;W9@zQ?={vI|3^tctV{nby4P5{p6TWL5jK7? zupS^CSp{8JayNstk3Ai0w=uIkohh09hCQF`ZsD)OM@Ona{W|4`HbvSMX-B-q+G(6Y z`#aX2Eg8(=i)O;LBVrYZi{CkbH zcklputwfY{GyQ18nY0U~jMeux)-GJKY*7(Ct+#*&+bLukS=Wvw5@2S13v~CY5Yzt;2*vlezy8tIgQv8KWK=4^`rg_atOJ>G zg4f0D-_%T6*xhPP8GBsKI>b!)leR|MO0RDn>nu=c<8@_*@Aa(@V?y*rx-$Jc)v|2y zl6gzj?0RqCdIl}(_jF#Jrd6(hiVUA6yZ*ziRPGi(Ax_u5-`Zqd|2Qzbyj`cifS}$8 zn1;8cT5hQ0afD^l8LxIQr1M?s&h>aY%Vo6$l7P{Pt)wiQ&U;1fRcSbJ-?kruMp7N zrP(N;G%aG5Qw~CVWgcAr*hlzS1Q(bqvsG^J+m&}_(uLLhFysTJg`N-Hp z=eaA#=aNuiIla$Yv8bqvH#N`J51;vbvReSn2F6=5k41h%nfOu%R_%H`nT5WFanPfV z2>u7gF+WFs3BHbT(4(Ceyp3`68#@1gG7fruzU^lm^m<>DY2ZSaYv5^Y*V6?)Qr>$S zji{}t-G(IPi{}=G3WqNVm8TES{I~5wMf&hfXx$0fWc=v!eX4BHAG7Z6>%6o-u|PN| z8z||khmje$*&>aU4;93kGGUBWz;l27r;}gs%%DGAWpY4%9VD~FU*ZuU3}&ehWK=4j z3HCNt${}ju#a@+mgB$2VdkJHD9R>qA`&9>vrX>CXd7b@|d2s;~qWs`j{7d;Enr7JW zlFVQmr=zE5zjkqf{vOOUWo8T70JH2tzNxq4snpRTzovhu-Mez$B3=jC+gR=Y=4Fwr zR0h{ELo`#1{)47v>TYh7zgJt=HD%qu%VUWE{>}OpFg>!}tZV-_FYBIn$SRqasolg{ zUYhym^{wO5L#S*=i~O4YRkd_m@1$EO)6>#uUv=bnG{i4t;|0%sf6Fc@B@(q8U?5xDt~wLK2lzgQBc@Jb45Ae-wan z((Z(`R(3rn8of?rsv@;)nzCh4km37R5qB&6w|dfc-=-|~oAi8dOU(m>pl;hWkSe$5 z&|Q8Mi)Vukza|jR$d!=(Xes?XHj;i6-_GC5JWYR+_#!L3%Hh1xiGI!Nq5k2YA;_A| zp#hji&T!(>QiV{R%y_GP3te$Y)5Vjl@L$&;3KWW(b1EkA(bbkk)1-z$t5TO`mFw`8M$eJcvQBxLNk6 zk0EQ)ohRHVUPH3ech1PNcTl{7v+y2WB)rFvg(^hKzgOjcms~<0Lsw0=yC_F~0BNq)6dqMV?phH^NG)sULzgvX{>_O=|l zYSe0}K@meKlH4($hE8idpR5%AV-4h_V9S1jf~%nS@TMuJj>aJAkD~CR6>Ab6>cj0e zPQ_LpgZ4&5vz`cp>MQ8jP8CMgYl?BO0S}TiqWB*zrXQ{pQI>kn@drThYAhgHj+awr zjdKXWeK=f(9cA<-@O`3mp^Xz;grEYQOo2wj=$NHq}e@UmQ6w*6)ctSQMh2Y z>ha7hdXbVVY;ZPx!<7^PC&P2>jjG;_puu8pc+e!g?)Mc%Ws?0fv>v%m(GwgxH#__z zRKQ@>uDHbNDbz}liEgcZ*)hc?)_h7PD?Bon9t5@5!gssVHvilfsH4v8s3^ z*WR5=QZDBzB|H-dqL~z|6&`~G_??U;`IVoXa%^%w5|v-?H@-ux zbE%o}>yoKlYHs{Fb|nfkC+v7~ik2>VO052dBARQzO`nVkXOd7*<3Gt>jb<;`-l&pM zsgkk&Un&_jV{j2H+TCCSCS^`zJP#3YvMJa87e}1Z)_FSTGy8ack3LrRCTIGv)w78$ zlfu7I0Rw9c(@(DbZBBSy3erQLt_p-c%$$~L1%ZrioZ=E~QR!7!3ni3pHrT1^U;0jN zY>?T{5l*GxMAvTas8ZidCCIs;I(!NW_;OlQKEkPEtHP>b_UY{%U0zIKa5gli!WA7D zMO%d+waib2Xtk(J1qX{NpObUZAQU~tux1f4R3b-WLS>SN^r@<)*AqxcxrT)T!Ds`UYqx+lRaGn%vZ_%aPetxsg{oQ= zjF0J`E_F!IXJIlI^PB^`{C}78eSD3S7^N_;d;GItJfXJQ*H(uAaJ5j$;rvN zWQjJD9Ul-yPM201BR1!fZWWRh7U{V%sU}-@?|4at@lRsw1c2{X1)vvIPWbou0Obqm zlFiPzjYe}E-Wk-6nBA_PPfMv0RC4|c_;pjd{LTJ?MjDY354CZjGN( zpa-CH%q z2p_1)uWR@b-gLcu14`Q$YO7LB9bMW^(cB;Z;W~V3)LU+$+s$odQM@8|>#4O7EJV{j zt{yH5Lmm%hu7_Z7DeEEAK|sqJ%lX1<$OL+M`qHkG_>-rvMQU8Qgieuy@%yS3C zoj`Yhcfo=KEMj3%<%e2_E|>V-jQ2HfiX(n2dreG8y|H&zLfVQxSqYg{eRC7aF7BU@ zNdUdGNdyt@7R4F7Ze?EE!BE95r|VmtXu< z2ws%_Y3c^^EI2#mi}aIHXG6%nnA|50pmHD#<&4f13U(-z^C-pw03tk{cTnLzjonp! zh`3*-c*2XDLNve6^{#%zU%w|^)oH>oQH-IG@ufnE4zt_(*eJq5FDhyReP4mQ=x+O1 z$0`anKI=jYi`%+ckZ_cTsV*eI4WI3Sq&Q`znyT zJ3u(zrgYMT_0U?WnmdFs}3i9NvN!RaoO-RUr}f&ZYwBTym$e0wW#a9 zMVfX~hvqLV^N}X&v+ACIV2(7MR(WR=Ke_31nst75Fbmfs5nWN?0;bXyaJ$~`>8vG} z6;>=Mo;`o@945cAaGv5iyS$h}o?W!KVo_)byUklf8>o5FmqP=@!F6>gT2Nd_Yt3Dv zGPhW9;6-fs43(A_7tZxf$;+NRbt>%!2j+}Te2bSXS>ON;(QK6v3H~Z)jaob|xeS}a zRh-MODCX#PU*Oir%PN+X3Nua%((B}$zOe1&wZluTdh1LUmqp@EQQ*zzSfY1w9ofpf zcu{>}@xr3AWgNk|#S4l<#heN75|XHQU9WdCOmdX-%mGy$s32GTHd~c8BNdBu%z392)ft~H_Cv`!I=0zB0Z*hq!OsIo3OK%N!D%3=6n!qrjjg^4 zHUP(`CG^)Y4nC0Q3;vRZV>~AKdm66OkEZqr3VaTuKcO#V+zfY_Mz8Z8EM9&c9g0hiQB&G+gI%yN2uW|E-4W^dD-tUJnoEp(~vA@Aovu&GNlfqd!E8=Ytx4 zf`-4X@zKlueT_a9gZ@s99$`zk4{P*# zdY{&CJ)hsvaQ*x0%~J~S#-1GEf2fA*{4daOy?rQV+{}k7HF`ZiS84PJThx6Tz5bm( zrr~+%0k!&4{?lF#3G z@QLN|JL0JGIi7Jdy{Q_#9?#P>Tu;|{4?gE>^m@3Z8m{MmjmAgM&!1`Zdbn~X+>HMp zHF~{WdQQXj_-xT|JwM;maGid;hU@%QBgOS+$(o!*xCf^Sljl)al1+xK4kb zhU@gDoIvo=>%&pV08+s9aoS~CeDrd>O~X$jKavlAGDCqKvsCu6>NkoPuszSf%h)cu z@M&ZG0fS!TB<~uy1pc*w`#DnBNdP7Mn~-o)`uG`cGJk*9pqF`iFXktF>N#Ih47`o; zOaqsBdcJ|nJpI7--KPJ??7O{&>!ZqK`oWw_S6=&WTQM0TRm=H@<^x5+-P2z8-L5mj z1urNrPRByOC(|Ez#zhdvApRvhapvkGR$n@qz%wI)I0o^5sDVrPq6f$w<}`!u1&;p+ z0~ddy=dgc+%(oxfZ$a@~e`v9v#7KU~_k0>e(m=mR@gU^#J8r&ti|7i4d2SS?{f_c-+K)0axNeps#5(r^C#e<^29*8+Zq;}-PV{KoF@RV zXv*zgP&m7-ZK3T}YcA|x-NJGJB2S8k z@~Yj}Wv<+0s`ec1{7gk1y)O{`gf5Gfz70(@=w&Q9iv5}Npn*cYwO9EK?;qA zEA$wzLS;HygpbIIOAXv&`%(kHfbF#gF8)^;_!VqlZQv`|-eBNAXZt1tzmM&H){$@c zi>TpCmMshw&Y`hmsNB&@#kBXcS~O<#dRxHjl)2-fxRllq3Kvpqdw|MM{!v!ZFWX@l za5SfFVly=JTk#r8HlQMrl5)h*3gN^9B$e!FzG0*TH^&1%Vs}#mt**SrlKbl4Yb+`L z*Xx0iS;7}Rn=v!~1x(Op`1c$30NIgM&~=s8+p%HI84CG_GBWcopD>W1J=9eo*0IU= zE^ZQU(F@5z%t8ZwG5gmsm`z%IXTVHy8N+76lcps80$ol9xAbRng_L@N^vie_eg$_6 z8}6$)LX{k0^lRWD;fsItL}u9$Ci8p_;Roo)fCU5$;~-)JX7u(`|% zkFaV!s_5StboR5_Z-lc`XqVg&E1aE-F>#U=o|F`xPJ8gTTj2`d?p7;2E4A?i;_kdT z+m3*6O5kyfn+YSr#uEv1HhVkq=zib8g}hHUctMW+?PI9&YFjz&vkguQ+AlR?LP$^G zK07tnR-52Bn5NK~IpM={?bIy0fHwY>(pK~Q;$w2`K9Mncmo4W3 z+8>J{XJljNe6mD0cBVIVJ|p`8=_xfzJZ+z@CK8`7yfmd|cSUb&Oj>BL6%M45V@0QS z?jl@9IT=W@Gb}qsg}ouYNxx$OPqVeCdJMM1!WNyCXaS>|Co4X}<81xIQ{t_vjlJy2 zUt3kNG2s82!-)48tM}Zj@WiAXn^L;N>bEI016+ylhn?rqhW4YZnkPethx3R{b1(b6 zuft3I6y*tg?!<|6C^ah_ND1fpv&q}jv_k%CLCuA#h{in|=X!gUUG_NOzR>rqS9@|2hm<=AQ1H#srYvcCl5_o$Z8p`Y+X zf7Py-P;$#e?6~o9ag9&Hu19jFw~Mb#wZ{A_^h3)oPi?%HNVsxG4)a)5m&M0KPxMfB zTlUD#mpFbUiQAj7yVd??YU06^b>Xw|1x!zWJ$EIluCLSY^qE| zl8~CaA;BNqNP7dHq0NEMCd6Arz5sqm-Hso%XOT7!-V}EZ_AFZ1vzQavvp6v!u$1;J z2D|N9%%=7Wacck%QrV8CuxHqOhK9AV*=8MM+t1jn;xQ>9sVX)%!A~0zvHLSPV3uPT zH(;>?Y#2}bNn=kYKPPj8eJA`+z#SYx>i(E|V&ufj7vRwhjAI(NVs1yp2PzIRaXe(Ii%{` zi<})?hExUjQ@U^J;>|$3d&%(D?M@BDT^H84ZRLtcb+9Rj1UiOyptNg>Tx6!(#REN{ zL$Bw|b#unfBbp@7)l!a)XI;05MaE$0+T!U?=AbfGHSw#Fm!vQx)91dADAXBy>U`d2 z9P}9T3I8CMCvemg!T+iH*zSC`F>Z!?GMBR%&&7Z8$W#|)(t540i2r=UgXF)k zzK9HN<+r1sL(#;9C_nfW|1zfpd(?eX)%A9eBzDA@L3qGL{395%?BHI{UHRcg{0*yG zvv%{p27!?(b+pK@>3>ei?4pu6qesbg2YZ{7W~68I_+2@R^8%3wsF(z(tsX#Ug>&rP znBQ%|nf6Kc<1`%qd@4;6GK1kEG;%M?rQ?lBIA)na(Y97*rKHmQ)H!}iM}TV%0ZMd9 zb~4QhGPRkUGjFpkgn}eomb@#$mhU#7!lMi<%OjDoH&3xb-n5iCc(mJ7Ptg zPA2M9bt7HS-Vn5#gZ6s54KLW-8E-YW#oJr#SAxwSBxNVAeLdLRksP#JgU#*nx&5{h zvblMC5{R0&CFk~QCEx|va_r{Bwd*JKdm-0;%4&W)-s-nLNE~6zv0HQcH3bsaw%{OV z^ZVr1Lbi>T{jJsf9@#eL*rQUcq8G_SHmx~55tBoIxiN27ZHP%+n^7BE^-kaP9ktnX zNO@Q8iS4;DI})q6(aBeuX+PBwLx+It=%Me#>emVCl69S@$(+?H+CaRgYrNZtcSaI1 zuARQSHc4ZAo5T3o|Djom+@)-Fvb3WYWlm4mc2GeE1+|$GY;nLstKeu3E7KNoN@3TnS$ITuv4%6ofDo+T*{y~hz zOa+OH8}5rVPDQ?P6P$KxcJU%LH})7x6PXau2h9PYeMfUBW574L5j1f>)1wHv*>;c~ z%l-dN0)39JpL8V2EV%$-P?G0kaR5{FA`WA%oi(q?PkuA1h#3 zApQkM+|97TJD&#zvaTTG57WQb7^Hy1KMTw>W#*NaT)dtAV~nLM(?5OY#YJ;u1VZ;I zoi_T^Q%}tpJvv>xY00^D$+>T7Oh%>>i}zrUhsAM0JOU~*eBY9Dr$yvEHr-Y7sbz10 zq%zz$d|@wZC7slF88XB}xOp=%Y6mlj8N+lB4UHFqb`uR8)TrSDXVmbC{V|OeFlyLL z!-Zt~3uk=rBmwCDcdAjt_IM)6?YD`5-OV2)14~@{Bzej0N27%{8V>Amv|Wz2$j^1nR6-F9xTv$q zAhd!(KgR<{pNWr&Wl+=~E-nkr!>$E%jYV@J-J`oGO6xz#IJem8Ybh+5W1yWuTBI)> zM`kE|URZY%`~`rdfa`J`KR{C8gFjKGTqBa^9{0Wa{iy#r`!rvZgt8t@)xY$?<~~jF@5q}ua83hk5|03z(*SBJl?nFN zhv$$V;iY-^;heRbGGQ+{g2)f@3?`EQ0(;33)^Pbrx=?=bEB>YY5Fh<}5WcH9qNS|& zRE{9>IJuud_?qeW>ciVO{-xrPb<;nZ9l9@M@d&45j`rcSf*rXnQR~A;r;Y6K+IEsm zz$gv@6^{V5EeFvu@X866Wq*R7adCgDgwLSe z9=yH@UdN3bRhgBzwt3_^1C=BBPX9D$Z?)e{T)TZAJ#QF!aZ<$db3uCtMhO&bhZF3; z+Hr9=ad5lJLHkMYp%lD<0f&=qGT}+eJqoBBi-BPA+{p5yl%r(f z4vIz(z70 z8urs!=_E$mYQHMqg-h*@epISf({~Xd|COkc=^uy7v+SqRpQ8~m3GFu8&xHrq(MOFh zI__5foIj@u%3t*0HF3A9x@@!fWz8jMj9&)-Rdk+xqIglhSLHW>7+QEPGl4Mxg=#zBj~$a4RF2fG+R=JCJyZ#(p*!y~w{b7#ZJvdl9_QS~+eP7Al^@LPd`K8Qs5I z^Xh7j+Q#Edp>BtmbjK0<5#IYrbP@Tnjri+ z`g>9rPiVr4=Ix3~i6pkMaAGG7P#}7sMwcWL)c>!CEh3~~=>*FvHsw%Cc1;@deqv1~ zNhF+$t4U6hM5%7JVnSGJ3DMn_Uu-2Nan{P*K0B;9$}ePqpDvrO`q!?+>i1{_3ZJRu z9#0#!aEofyuD*#kyiX%BxdgDN*9}(8uH9|U-ZJF!o$yAvOiN5Eqro$v=dfkP>;RZt zhntLp;So+A+cQaw6Q11*d7V?$5-$bo6sMNS6p{FmSt&E!R*GJ=iz+1NFl9unmcuz!-%$RpMvZgw_nMS^%7m=2KP$YnS1|FJl3?PZ$AgK_ zlYaVfEzVk*Q^VjP8G-mmQY9WaGiByEE3;Cma(+n#^NcDONCSLU(coLGn5TBXUAuI* zRn;D2zlLARkJ_Z>PP#iZZ+C6}?m+E)TA~`a+wM?6sWOb)O+(n)b9Og>L|OG!ptf{( zmi0b z+aqZStjX&4a*o}eLjWzw(ZD{JZu@Qi2MOJpiIB>PjI?{PA8p8_58JXcN#s_lEjRLa znogw^q-1u)5bLCVbZu;KcjDTd-Q+*H-*f42S}QHG2Pmz}1ds2x$yzyuY|Dx2{iJ@o zBJ`WmTd_`wYPT_lN(F*Q`lM;K(kX!~%KUta&de*%@s9h^pC+EPET-K4MWLt#Bq&!xeA8lH0F6%YKcVUeB^s z4v~?>mfPtQ-4$AVTeQ9- zg+xTo`Yf)sPtLKQ=vboer}f#b_6zpQn6z;L(;UYv+m4~cQ1ZK}<5{xRQQ6RyyMH31 z!^UdQCBxVZkkl;qV1ngIPldC}yO+gwFK z=RmQDq}DGdxU63Wao=QCLVZl!w{fmZn0t`)I`WzSK3Ok%*6u2fUcPiwZn9y>ZgiQh z%1^>@1{ru7%7B#Meli0u;Gk9B5(ZgT68&{kEJRVOowAIniDAiDG=~n7?QsQ^m>$GQ zLUdphne4ZWQ}e9ea2C8A2_pr17zJO<>(M6ubH;^_)WMHwL=R<#>!4AY@7o$3+`tEa zU#l)7DjO3#o`r|(Ekb`3zT2nL-3hQ@29vy30}Z>iUUXR ze{jB}8o1D(Y~U|3eVTy_y(trais>^A`VEYaHSi|J{RYlfUzUMO{Vg?cslWTNr>}TH z;c!PF|8Ki7!Kd0h$S1wl!!P6VlYEf+BX%!Yd>(|Pr0N_^otZ~C(y~as@{+~hZ-mQi zy2-6kPr#E!uR`YASO25Q2jYeLs;dV${D2OU8Q-g}Aj=09&_Ob{ar!I4oD`}TR@Th) zW4#z8Qm@IV)Q24Y-ema`iJF68pN@7U7S&voNjsBhfSKv{v;Q>)4~f6PxC7TM{RP+r zPs(yMm3}m-;$O<&Eo^vc<$hyQra|7=(^Wu_lwZvIzu{7W>yFq;0U z8(QqTC(uKdpOH4I$LsN`;&40yN|!x>lk66C<_pKYUXISTX-^>i5A;%d0%?C>;`3@% zp2qv@F-C5RaTeY&wWR^CGis$t!k233OS1vB^!_akOUbFpvInNv|AG^Z?|0LPSq-dH zBTMi*-Iw5v*)9BA{aV#*brPQYz~zy6%mh0X)zcxl_UCY=v3E;nhBG%UdXZ+9w1Lmr z(wC7n*iU=zg0)#Gw2yBG?Yy(Fm9IUq`fkb;+RFF56{byqcrGAV)e_T=oT5R$+NbC? z@uUIt7ECuOk!p(~2J~Bz8T5zU1c-8Es>xG%+I7Gwq0D$i8Et1LV!v0Sn-OVNWZ56{ ztVq34(UC^8O_~$rVpk=d7YkjhVn)Ic*KH7A+W*q!4D?=xDht^Lp{5m768l#MId)&n z&ARUd?dd*088et;?Oe)u86V`KVKMgjWk>e-@ff)*?uW5%2b@rXdrBMKywG0jV^=@fp-@y^`hgzr zC-~3W%P0A)5=TG#I(8}JPG0&b^fAafv+wd6yVP~bL|8_#860jU8%T^1mm0`BJ$<-`~A_GPd8}y?pf? z|9#lYw}kF6k8A|k+g`rW>3BgAYTxf`YLZ5p@;ab0-r37X!g=bUoM(1ucfE7G*IKze zeyX){mPHbKl31#pV3s{`SHyTjCVfLz)%&|FyWKi*mv!RC-WDMwI<}h|EMotub#HJC zb$;7|iIbbHBBE=xVqQ`AKUpy(1&g=FJfD*|VN;OAgo$fotd-}*WKowo<`n{4F+^B- z4)ynk^jpt#I0mpXNKn6iPg!GHh^i_5FdVJ6#(Y|FztuwH1tcoR{wR0l+?06jjJ|po zhfV=FPp6^7qf-RgyK={LR=ktD@HQq5YJ)~cr;~T(jCrHt9THt8JEF@C zD(keL+WBXvycmCX&F~)&8I-l8Ebh3>e)qJd-+AJyFNeq53nqW~-m$6KR}N~;e7Y}zcg>TJyj*?u;r%8)^6JZn{p856mf61jz z`=|eI&MND|z~J_x`D31%zBcLplSa*a=1N|#k9MA+EISZ!GpIweA2qbMYEpx z?GJaRCx;F@Yvyyu{Pc!jj%?iW(9Gvk7F<6y~yqCZFo^y6=ns>=Bhu$%+bmOtVSkSSv@K*yb-BJ7E{hRC0n_oI&+Sb(j z5`T90$n)-BFkt(lch9(LP~MI+8dsh4)pbV~e|*;!F%OM7>!PPhY7@r)Xvm6fH~#6) z#n~I~t-kirOTuSttytW)#NS+VXVwvc-^_2mV9xJeoZRQivqzV|_3e>o#{P0#$}6p> zS%>s*eer|D*MHgcan6(FQ~O?hWQ4 zDZg!gyx`8j`a5P`Qj{`($U}?2Dt%tzQ}&qI12(_@)r)`mThp@X{WA)V*yy`! z%d+y51K*x-=cUiwJ@l(x9rxa}>$r^9-#V;f?4g$xezWPAyb<@G-}}KYA2~Cl;D+PB zv93;^`lGjeXZ`iUnRnFRxcI5z7u;~f>+=qOYv<~5FK^g=UFyb+OCMM=eaek%elTO+ zru?V=I_vJ;|ENEBN5iT!zf5YVI`*3dk9>X3j2B-xW!bw^e^H#hYwfz6n>N?|{Ht?c z`{a#(jJ)pYdxC?$n$y1V-RE9=%D+7(_sY@V-f>;)pN4+?!%45be%q>B>VALuO%Hxh z|ME{SYklFS*0vK`9vU%Y>`i~Zwc@6)-rjlh+#eqD$srB3wMXqZsILB!2d5mh;pWm? zK7Rg%2b)(voP6Af5mz3b@aVUvRD5vP(AaR|Gxh&$4=sLV%cl<{-~P7!T-%h@fBJLV zpl_}}84Hy1$^xTwV{?c#9(YF*$|J`ri zy2u{iyma~0i(mcqjBEW*{NEPfwOC~>c%EX7y`R(AV&-a~o ztlLDqcT+*pSE9{ASUE z*S>XMPD8=AUzPmvqnj_k@pm8YKKvK+7Mwr#f`8ochxPZyjvjJiZoi7apo{9yIz9Q_ zU#yyTcJY6Wo3Z8Hn=jjP_7}JJ{nh5XK2K}k{$A!OlbUCpuw#Y)joe|KWz`!yepGbH zGsnc9eOYP0C$~4AH8}a_WA7@Pe_8dZ%S%_hU4MS>slWR3X?^p4cT{!Xvu6JO&E+3v zU3*i*Cx=~l+H0q;IcQ+sj$T8L+Ohj#U+fW|5B&WfLywHjzpCnlza87}@BbQf%L_Y4 z{Pvn96Ekj&nfUo}*Z=dMr~m!6^{0)x;*m}Fz47TUCKP7V&Eq<(5|DAP*G@QKbnxChXuUU4%L-s@K zhFN}Gs=3jOAYw@9VzqoVV zjn|&rar%c>efZ_kHLsV9?^m>W!`#OwCLgsu{?$V>PCH}#8;3QnPZ>Yyu0zgyy!fP8 z->rFXynFhfJ9fQw`Si)@Nn5Ub;QC(h2q3w!e|F;ogfEJX&*X zesS!o`%4q=eQw(sw~cuH!E3jlR6SzRjMTNq9$Hq|_r!{cZ+w_^=$(aWtDhP4v%eK~ z9`o&}xaW)Fepfeh$s=QaU6woGjyql+{O0eTUbo_zZTFo#r{MmX_y1~9^{0P)=$P=_ zr*`~p$Y16iU!V8ai;FWZE)6{Vr<2CM+;KCFFN_r_6$AEkb~Wb8HDULAbStatuAw|(%e zq;YM7&hoE)dt3Gg_y6whL#Hfwy>-gdUyl21T+1VWoxlC)Go}>xKK9w*9m|f{+A^tT z#r%oqzMD7a`ZGVdYtHi%hOL}YUse0{-D_K#H>4c8{3oHO=MDIA^~9P#{^SDRV>9~w zmo?=7vG*--QB`Z-Gk}Vh*l1c*R#Ra?7X`BdwPJM8nHr2z)2^Th-i35fD^qGf-62M| zlU+{P<(#bSV^wgdIoJhOeoo3D?3qo#F-PfolQ zb?44c+ZT0z!1ZEruk_khqrW`4?!^mYw(OX)nJ$_@9u z*qCs=qiN!=KV5V~mz%C%^4JwG?cRIzZU2rjcU~Vjn)dKhT`%<>>6JM4siTfA&ZAo+ zrgk5Hc=;IHD_if2kKQ`&u;c1wTbK2JXM`=Y`;pWO2BgP75O+C zfB#QgzCB!!-eY0jzP8I(lsxls<$;GuKM{ElUBj6Zer z(|_8yeDtEB!=LN&a!%qK>#yFi>)G3Hy8N%lx+UM(b>`uFXCx<=!Q2ezm^w`|~E`Tv)TTQ_PD!cSUTvCGVXs4{!Rk?&(X$?|R~f zt4Fqv?{o2oRr_OJdAH=*Gb;Da>oEDdgrl!ql|H@G#*7?R-t$pM7gme(&o}HXhF2*=bSZw+%0Qcb)g_8RIAIh#mUi z>g%o?J+aT$+{>csH||_>M&hrpHrducVWhs_{ug8HA1^(a_rgOvHnjiZ@rAG6+hzOQ z9%p_O|Mp$CuDJiH2OGZXGxfdhsn^|qN5}Qg{BUW}Rmt5Czy5Z=F@3HWw|c#|uv6Dx zyHCHaU#D?D-TK6`y&t{YIy2{wo8w}~pL_h5Pdje=xZCyXYIpr`$65Vcv(N0*ZqmLE z+b{q5tuF_SerHtHqS@cf4Xmg-Rl8@@u%hLEo?U(PVB>?+voo?Ivj_N3Zd!6-%8{tQ zrB7Rb;@YpT9^cP@-&+?PoZ~E7l69}GZ`H7c)8hYD|M9c^1`Hk1efWyU4i6vn%E@mJ zr5x}buKC!UQ+q6Luy6i*Ylj{xT>9bm69YzE+VDW}_ve@1A2Y7_ho`e1pMS@s0R_XB zIvyYTZvWxNR*!t-9=WLFi*NV}KR9RBvbH{~nJ-^|Hmv5W(`7QQ) zJ7ymDw|;%q`ww^IX|ad^3=CAgL|D-Q*-iKtUXuGFX{#^Tvo3C#-IW>O9 z6Em_V@1FhPpED*ey=&#UCn{dtGJWWfU*7-AiRdjeuHUxGcst|X1DO{z?j7;>?VU?r z>3im_6MkCrW&Wx`yKdjG;__>+Tf6$(UOk`ty3->$Ps~3aGrG=}op#-Z)ZSnGetgSy z(`w#2@2XGkd~x)WyZc@D>Md!PJ+h_h`Q^|4d49()yG$`w%sbyk+U- zFJDyk_et+AopkNE9&fpa-9PE6<(sFzx_WJmCwG6NG5DeH$_AX@ZpxRdGd6m6e3Y7) zIiT{5`b(c)9JTx2s)Ju1fBCsvuNwEmyaPEG@1Ol#MU7c~qMb*~qI=7-%k$x`y;(>kNl`_<)a;^-I~z2 zy#eBI;698cDiKk)O02XFXe)P{?0?OAopw3)j< zSTx}J#M-fgzjGJuJ#$oS^xs~Ie|O@yC$B0Qn|D#0w(SNy_ujYF>7%~*Zo=@tt#x$$ z_Gr~zX=TIDn`Pg;{-fPX$Il%1%D3rFcl36(yXJ;3KVQ0h(T1NVe^fl`_}@C^l?}}A zyCP@L^P6A1r^k@ z`H8(-<2^)*E-FKlk9F+LMFdTxT;Djr?Inw~vl&{`i_!V>{h-Q#TAa`pL`hOv}zLbPPK6S;@At z`bU=>d-H*rZyxjBUE@Ay-lKm+>={>UKensktFet+%NKrk_g}B-*7nAi_D0wA95HCw zT|Z3Qu>1SRhV7kP+xtIj&Yjk?<(#|FGlMzzGAJK|J~G@?I-7Kg`CGYT(jwc~W9aTu zXzK!nxT;i{)j0k2zj}_H)jFgT}7Q>L`iAor7W!#f!rPqN@3 z-j@T_z&K4k(t3mBbEY!qui_4-C;s#cntyxF|G$09f(WVu|0!zv>P#9iGBQ1_uhY{m z+`fgiyzV=l9nv}p`6F|dToVX4_g}#Bmj2484u_lj|5x41x&Ibv2hWPwBefh+7##FZ zF{yYbQkkEm)mmOR|7U9l{n)*9C!a^zz5JF>J^r+BfG|D$jqHB7bjVLBe+l1)mr!d5 zX*}O8(}~iL+)DQn59K%U&Sd3da^C^fPm%}OOZVaS9n9tYLuZjyqsO138EW6ba1Q?n z)iK_6_an1Lj2a~`dccZ6aP1(>zJuhXo_vV#Utc?@h;I%=nt0{4gCVT=vyyW0iURy2 z^|ep~P)}6YxbN$bygAQ|rPKCM=jp7V+~hTPRXXvkD#yPS4*V0#{gxA&o^RO5dsQnb zbMo3m0I#;Z=6QWFXTOG4gW&uaEm&X=!J2{D0-%M7#AE)I1uFxQzq#L%dPI$7t@Hei z5x%qWznw1;yAJST_ocbaYLKMi2ta;oX9Y)M#s?(yi7_mI_4+gWonwyaatN)W@Z{4XJvv}Hkf6X z4j5w&9AhjSFd@$zI3X||n*_kuV;=LEoBgNkzN`GFB79KTbS$>8t^ZUzqxfY6l9b_! z{Sk<{|5%i7j0`Vy)!GF%VcI^V23AgHMSIP4LO_iqpvv+1=Y__GH3RRZZ?Td?0-IzB z>_d`)r|kZSJg3=KB#e*>k};a%OL|}{slY-;dFI)9E^}anvoyjS7$wL+QcPS0T?G{y z_#>Jp(61RNN=}~HM$ihk5Jx+s<1NwZi8D$MV_AzsXysU|`k2bPwZX+*mLCPp6I&>T zpcE;a05ID5F?lA^IF8e}FbNhBZu5YM47N{alIksB(go0sQ5-p+RhW#r>_by|?qeAfdV! zx;h@-N2)zaj#vu5ut`4c!Ed`r4wIOv++;VS0Z!` z406HaV4?ivk_U6{Xr`v-ul;H;PwCmd=VDcopTz zstwD;mR{l5W&R|dD@1h7)yy+Jc~788Y|bx&Q=5z({1()7#ssm8V1fMwByN9iNbwW6 z@j!2K^0Gr}p!lA8ouNfX#32-0ipksZVgJI1Z|ht zJHP~AlO1Y(sxmYw29kwPieZBatx5XG(Lf?ePbpx7;jhvJl#^2P!<47RGPPU-7H<8G z_QHhZb?!1q0=be>YCpQdXpx{do6;UDx|W7%#FIXftLanWj(YB&^52Z(RYCsq|84%L zkfFdjiqu=9ibz9+PT!F@k&jP=EBH;dZt%N%>A()q`F)vxR+Qa$QR%Q~6n$T3|M3W+ zuHJCffY_2}1$By*`YFgSR^>R)<6BCe| zJhZ1xNWYRA5Fl7lw^9%T{`XC!hE%v#|jSY}Zf6+Z}4 zXT@d6mz9qY|GD^gS{a1Yg3JHTd!1QI{aQgc>s3A+)~S`Tl*-9!N2>0D3oFzViU+6& ze2@uMg{u(gH3)I>X5S@6$9o$kS+H`KjS03~h;85+U=|;-fAU4}O5TzDOGZhPQA`?B zJpLwoVS8s$-}uXo;&lMLR)z9mCj=H(0YGR_tVmlzt*s8;QoNzBCMw$E3OK;s1-_dy zpu;|02=r-!{D0UB+Z8=z1J4qLXIJnL0BUqdvjE;l;diX9bq?5XE&?eH~0qA!;0O>ZR8o z!*E&*3M{^M-Y!n-RYUwo_&$fBgU!!St)OESG3&;Xb@xwkRy;#-wPac8hYU~)S3QQO z$T3!O`d7L2)(GX+f2>_$wF?68fGx98@q!e`O{3yn5Pb(!RcITHVyctDvY|5Ae*2Hv z3)gzBy*V!P6XCA1uZZFial3;@Hov7$#TUUj>U=saTl@#|wK*nwOCy??D>)$ozXk56h@BC@4>^%99y?h|F$}`f9VXK z*c*o#$axXNV;qB_`V3Q%P7JoGpPPms899|e*bsqOy1(d^urZ9i%}*L(%;5K5=^5dU ziNzVeXuJ~r0>WUTtcRG>Tg>kd&{NErx@pc7_ZZBM!aikxtAV(~;r5sW0Kq9!;&HO!AL)e&JhCZ#n@$n+PbgI&Dd6?skMyL9J=C}oVs>j6 zoip^r6t%@{@7%TnW6IkO!_!H?oj7-hJ1B4$1>E$LGrlgG(@4T^5%Z_H6yiTG!bNvD zAjXq}7dQ-P53Ij6Q%r7l{+n(nzOfX37*QSJNtnEwmcl}YFnKSnih0>Bozo#hblHrl zbiNRN%+;_IxP5`KvBV5_cC@&+qQ4StXD#lqSdECU7x`y8$hWcEQS^ko9*clXS#RxW zd)hN2N-cyu?%$k{6l7DkShHl%XX5uit0i>NKxu3LydmM;TsG4w&lSSp&F0xH+Bw zC5-cw8*{cEq1Fr%V5P1Zh&l||HTY4!)XmKRLgC~t6h0cbI0MU!Wc^ndhW=ruFJgLG z7nL)H&bM%K5~Efn%$T-KWg_I$1Bly=l>D6W#P)O~Yf`>-mSj22cc zQJG3DNJZ|Te`Fh!88YLP+$@SV#fj2&a?Y5^^rS~~l1-9nHX%QMd|^RW?sOZ(--4B8 zW5X~4f)zxN?|76G*#e`Ow9vIcYq4ag-lk*Ea_xE$fiQ#{_(^;WfiOCspHR<{A^I-( zN&2Nk2t#-reiHvw!Ov0fzT7V8{QpqekqZ_2*2EZw9_QmH`Cq2s4h6rNah?BN3O!Bo zOFplLp?@z7{YC|+K7{0ROu;SD{z^ z%~SA;75YL2zeK^GQgBs1H43iAw;>E}=XR6g8?W#`lW{#=E>`H(@ZT5)ze~Z@@I0g7 zmn!}q4TJy2?V}!^F5C`M_*MSh!r;>tyr<&tTm`>c!51mGT3#v?T&4e(aXp+rDD#==A3^PVrLdZ%}a6-$@FthV#uZ{A(2YUhqTaXI0k=kx2Y3?hjCSRQe$buKN3i zf~(;_!nhvaGq@wB$2Ud6)qFCBah*?rLa&CWM8Va1^&JJLzM72h=L$|^B8k^2IE|$w z9>*O$3V#m;AE@A}92O}!^(iHvCdT!6MREU1m(N)WezC%*n}VzLMk?bve~&^Rukg7m z4E;ETUX9nIVer3)!9P`S8aqlkOvF1GimzI(ol3i-)_d10zM#=(v**&Cq?hBydW~L=15aqU90$g-Ka!6e?}=M) z;YQ+eyqBWU%kiF9!xyrA7i+j2kJV|o9Cvl*_(^}|xGO=!Gr1n8DSR@LUXHsmHC&Fn zCqjb4ts=4rSbcP-R#Iqur2;hCJDWE?)?|ze=obI{HGeJ15E5+Q7rWM)4W@#^sBqbawO{|Nu^-LcR7r8FCmhR8*!b05 z?pg4d&=v5tdB|(74v@8TSVbB=u!TwNMEG(rb}vnbYiDXTbPH6IKFlO@1J(+o&DxUc z3UXs97xvVewOAK)h+Pn=wNP|AXiMT2b6eTq*8b{9!(FqoF#;58kM4NZRrX*kG=Fw* z9);e@dCY5ForFCFyl3blLP z%6P9CNKZbJZvNS;?ew2& zQ{lji@j(W*H(Z4`mysUyk#auoBl6cq3Vu%iYCA4AwAiMnVs}zGi0JynhR4`nT73jn zy1CC?dS$%F{5(DNuu(h{WY}!f0Xsip#Y(a(@sKO^XxUA%hIfO%#=x!=WA?`gF+gM9 zQoLZreG4=hiyGG4fZd@+L5*$Y{)jwd$~I_}O6i6jYk#a2NiWti*R(;lvjuJw8v%Ba z-v|P{m-z)kh%n~FkQaTh>&qy6o}ycNcYGX)5z!}kIjg$k-2`ELJABTjFH%b;`u@_KR?17`waM~UduYG@o z!-2gAwGkqT^UT((2Sh-(FmCEPh>!^_urjwcybp3v=B;V%a7ePmgQUyV3&AUSE-;T) zkDH5YIW`h-Vil7JZ006hDnc5t%C7H-eyFfh>7BSPq?u&@ACg4MN3r}hXsP(u(*1@Y ziF8kUh(uLE+Q#EhIiR-b5br{H?2wMd|M_bWM!G>2yDp4k$}7n`(#x_>dCRDn*q}TO z`z34WdN-`xUp|Fihxf+Z4LvCjh!ibz+mR8FnT`1ra?+RPvL8$R!ul+8M+B`} zz>%ThsL*h$&~WR}aGOxDzdG8Py2=Wb%ifr}#(EW5%U@$p{i^U-(XPlmH`FD6Y8Q{y zNLz}MAfcCLL)8Hp`TWm1cSVhYsQK|ci#%|}#NLV(W9mE7oB@Z`Z;ln#&Qm2xna{=qhvTY*z=5=wgPoX(Ztm`c^VpmMc zfYX-0$!RDrgTsNWgO5Xz_Rp!#olrZ=MVQ{JsXss@Z8HjR+_h-V; zzsB?%xuY%1%@W4z7?)*YIpbnrfp;mVFBo@3;RQz0Z^JuEE^V z?>hQ-4gE_Ab8InB_#~J&zqRy6SO%BhXxT~F=ZtI)5&{~;Id}@B+llWnxzp7ZHeTF= zU|>Xt5>FBv$x_aN(cXSCG+rYbiMLm98g@!Nj&b5c!+D86q|h4*Zib9=zEBtGhz-a!SY zc^pZ9rXo+3Ug`iOYn6U*7=3LI1Nn5==7-;d>Wn}2G0zG-yH@Y z9R{a*m5d%98tIYI@kcHAH2mo>_{(AN#bI#SZ_)j&4MQ*Ug-*X$qnG;$8#H_g=MRU5 z^QSFE!zG?1qG*kD-E?5WMnvHJG0S(gSc#G_Gq{$Aix?m+`;)$?l+bE(-?Pf zeI@a1#{akHZYPu4dLQ;WbT6DVVeI%^Y!qQF_T6))_>$4K{I@EFbwDl@)#e_TC8#v( zVawwBhd)niTdAy*XwoDBKNoO^N$x47x{>^mX-jn$nM?5_oU;=_!n~yUD{)R1`Dvqi zka+$_-G`gwmHx*EeX?Gp|ME%o487~}tL5;k{a4~3-O)RlH2gxz&q0kR%vyFp@*_WV z`3(U^B+4`*zHGK?4iL4es*&IFITDuSK1n6Q`$l%(L&IhG<#Rmj<-1DSqzi;Cb=o3! zPvxwI;kAKm&4G-+qOe|E0DXRluW_PO??yQJ^3 zoTs5r7Aq#3`3Ty2ab(syWsH+0hPz~)&+RVlsVuzt#^K)-9F@ty z@hRL~M{AVsvVOSBF48qOsw3uVVq47B;LIBckND1PW;V5g=O)F8vsgK+Q(F$slizDt z9y}N1e)xFPA5F8SeNAUMy=9M5MiDby8JOy#LwnsnyaQ>+Q_Nm-Lp{Zl&i(wwU3wOLxg;-^K3ILd!FR-YC8m&YMpU zS-jnRmeiBlIo_BZ0Sb1lH6K{{6GFSffqx94HO(Ct*A#BX zbp5#%)a8WeUARyz7H5eLnpWV&DLqflYFcGTSnY~RvP44nm|=P05JwS=aS*GVSYVkU zIz9D})5zGIxbX_as*(cgN~})DOrMFxgs)wO`#2_TOK=aNr`qY?YxnPsHHue)Dm`^g zy5ViangdNNLr5j>Bj)Kwl|8)}$EL=kI&sm2YKFO?;VfFyfYkt;TEwaV*<*GYQP|}+ zzrj2y9kYBNeQO+4-HtipBgp^5UFJcVr*VoBaw4fy@Z>Z!OJ7L6_%Wn91OBFHqj(m+ z{Y|*yk!n0-Bhe0djr6sFT-b>8Nk@(>p@xYjdfOm@UASd3+H0+}WSBo?nES*{7|;^! zHotY5wGB53cka@mC=6{-%#1mi$c|7BU=+7O+^Jj-a;I*bdX7hyYdVW#mFsld>Zpzm ze*@+kA41fbqVQeex-FFph3zqf5!?#j<+6*L7=d_7`^J0Ao}==cVP1%mYZNa;@I~qM znw!1ygf`++yo~5g)H>kGQ9_sl_rfDeu5?^ycl0|VycvX4bi1mFVIB9p1k>dri%{ZT z0y=T0Te-~ro}=3+DXu~g#2s{UPMrkvNE>(*h{3eoKU!(*&Hc6C-4sVG%q61LY6i8@2qf; z4{EM$Iwo@Mj=%sqvnTS0vx0gNEvU8&Dx>%!5IOw^?1ei5Lr6A)zAWl@(A)fV4iww2 zP|JYZQ}7lSI1ki_p9fW_s6BV1gf!Ql!E_C*ha8+@JuOfR5?MWNs&s;Fl~z5zESNM< zy5ivdFDPso=8qZX2^UT12a;inyb(ymQ>LdA=Uxx&ptIKEwCm^AS!=f`)>aq63l~D` zpbJ>%?n2hgGkR<@=3Ho1ld)7U9x0Bm!vmG)E|fC=a&e>;UwuG>I*Bp`6~#T#qHK#E zGpT47g+0$mzy+)cxTtYh7tq-b88vjtVM-U=xY|RMZP>0f{Q2N~$cSa62as+k@`v2U zl?R=b)H_K}-Q*FRgL7oL=hN7{%N1B0Uu=L@}5bCO=mK6~RRlm_dT|H-Y!t#JdT+1L6g|Zz4`j z;5|sZfOi&N%;Wx_!JYOgN&n*5L_U1(0E1=S}>AmR)hod!12o z7wXSq9Niy`r>Hb;!V48EqlE5o5Y;&HPYUH1S`>?hf{za9MnFRe8pUjzQJe_5pw4q( z;Ws6Dvnz31;A~RD+heZ{kKciM9JTHYM*sMd8`TSs011AATL(A#R_g6~dCe zU?u7tx(n26{*htg-hv|X8tq-wg;+lKBWBql} z?GbEWuCs#Xd0IGqhMmqKrwDqI@UCn|R5o3Olnsw@2EO59NTeee zd^dSgzc2ijd?V?nxUN9vMBO>7bKo2dHLUuJBw5@JpRy)vW>s$pHibKoPIQ9$;Z=(e zAZ%Swnre;_t{X;`Ces?ik2OkSP^~l!Wcf%dlr^ddimi$OBJB^6BK<@~fM+bVFu@8T z@H1K^5zaiLd#&;41#oMW#97sia6(l^kQ~(27!g%Qk7<=}{*_4JpM4HHjK7qDDWPhXN?`ZX?vJ5Q3i%7q9flEazl&}%i#U`pe z@T)v^V_=;iWxXJ-(&ZwHI{iPz`ffv>pMMI;NPS9buzy5}L!NKw6dZ4eJ`UB#A+pcL zL!!Cd8CW6Owjz=Paa;_JRBq8%7FBqLc{Ib^FIuLp4L4iuq}4%cE&5$Wa4u9>ybcE3 z@2Z*7-0!0G#?$&;RS1*P??U$}6>LDWLsKvUD) zJ@Pq%eSul*>@yQC*r+O+-f z7bTy>;V??5l15;5Hwumx6Kt1jX8#r90>4^Rgf5f1dh4m)L$z0URHV*InG#<@v>E0P z7?ow1zh{`I0@E$#BHssQTl_4azE(dzwLUDeEY)U-YLl+o{7JRB0w1CZ_02?s9n&z8 z^8^!p(vpiY3uwDl^TX98;aKz4)B&vh{yC=IvSw;q=|2wH?`h)gystA zrFb)HPI{S5h^I7?YORui)H0Mt_FEm5U~8Bz`nzy>p8t4jV@{(%vA#xlm=pCUxBXyK z9rozaJQT*5Zg=WIW6loZMR&z#HbG$+(kj-QddPTUr6=_(uQBkD$KS_h8osuk)YZo9 z&7h^JjAT{}DD**<(}R;9ras9cDD*bgn&dPvVjNXwjcePfL|6Y+}eiIgem zTGO1UIc|GnQyqLlJtTxE#94Fo^sjf2jwPDf!!@qg(=>)LCnFkRLKluu zG``ibP`v4m92SepD1sE;xyMB~hlm3GeY*K8E*lk^*pR2{BhkFwc}Gb#<*+!TxF@_9 z37t`vArkr_YD!Utt3;7Z-Xl_B5WJ(bjT5{x%+E0#S(#z(bQU#sGm58@FllH)%HG^) zL>=`X*8`$fgYxhOVrf)iwz=#fF;7@>3&tU$oFnxDv9NYuPqW#^oLA|+w2!x}hQP-2)w72+Wg0(d}sTQxAJuo zGb&>dVA>I0l148i`?1JwA*ACijc|Sl8e7q^d|#)cV};HSWAP=_)zYw1WOh2N040#O zJBN8mnV^-+F~d;*z)uj6f0aWNBx;0ct~>Apf=TU<2tUI@oTB`WBm zV-pHv=+m+#GWwCTBh+|PF8u)#S0r`Nm_3*z@fjsV$f|*MrKpiTy=t%r>I75HL9y5Y z?>`PP&4NpFqrWEF9XTM@JWE8M(piW=h=v7GY6~1d#-XqVR;a8SrHr7V|5R=^G03*WQbC>EhSDG#2+;~%M$6E-5jq;= z)4Igm9yIDJspeYVZKR`GMzus8jyO-w5wU($556`!C4#U!oQW$jkK@6)mAN$QM?;*s zm*S-YmGdlD;@bXYonu_72SsH)%Vpeh$m!pM3A0}i1~D-=85tiP@N^91NJK6S;9NAT zi&eW}R0W$8;uBDf%f%2Jqj8y^dCae9B$U!{KFT3_|Ck7(nKYx=4kvvODx-J{JP3A@ zy)@*cn=|Xz{2)5Xp9OYOSD0!P%F5K$7F{jMFYZ2tHpBl8GJ2iBiP^g0ni`WDfADqJmUpC;G`rU{t( zgtBrCrm7omxoA+HL#modfmNVqJ$*Pw!o&T&A_1*-2uW>5B4a?mC;AYiyzl}~>D8iD z6LbIX!&h{un^^o>fVw+ApoMNKdO}`ZtlFs ziim)LXBIo=|&e*=1nTtN3^1Q)upVnMYS1xR9o;P_hhvDPlxZ!4Rf5 zK80(V3Gqo*nem!CZZ326M%M!q;^^bF5hF1yeWIxtf)Ks`y)}gT>^G{eSJ}O(SjeJ| z5xQO%fU^ge)2FBIowW-3upPF-k3HrNx7mOJ7WIyj0wYDyks=uu9e7*RwhBP~g@2ed z*TaPzmF^0;c+>-7YndFsVnPqKKp^`xo3Dk<*MakpU@hHz44Xh7QG%=rJ7i8W1%VR& zceT7QH4&NjpXc~>)T)|T<=Pz>2#=jdw~Hiv6e7jI0;;jEMblA1nFVPapjifyD<{KV zhKst*GFRqA1RkJ5U^ajwOFtp72a$xcX?;UDag{~{Rv^QYeeY2A#(^II#2CjM&WP*)#}Abke7QZ`MP^=W!>Q{g8q@?~7$Q<*WWxd?N$?;bR> z=GCGip%!h;YRDdS8;v-qMni+ zC1*)7GDqNE^2-{kiPo~=X)e#n>jY5;q;w!v1jx#GR;Mr!fwF_~VZfzW$%JZAdyWxh zihCJ2W~d|@SY@NLvkWyTHUkCn4nRiccH|MH2n`UEL|#E#NyRk*$25ZNQP_kc!_P!A@da&9v_=W>w0-2=fH`_=Y5?^2>z7SsoawG9IF~l_z7soFY-%I0{i0AV7 zYCLH+t4=(j;~k=irv5wC#j$P(!2zU05+kh2_~BI)4D6@!?@REQYdv(<5UXV*ed z1sE|hXH;&U0@(Tv8tV1lAR_xe|Nch;|099_k--0T5;!Q1IOcx-xzh?-e46#V!+NGY zWAK1Tt zZ%4wwK|>QA$;sWX>7L~1nbfma(sjwHj)dECM>*Uhd~9*mHHpn<0__jnX0uO^wV&6a zO?0{4(skaInLdecI#WBJbWN8g4q zgw}5r?APAr1uGx(73Z_WSzRcAR&|Pl?`-gePI0Ibw?{6phtwo3bchqbRm@N5{1W^I zgwTmCbd(Q_sk2AgqeAi{)$g`y{5n&7VXmkB;)0(yMEC~C@I|Z#yVI3v_iLXC{Pa`C z&i0X$BVrcV`^7A@--)M_qS!r>k$y3YV6((N3~0oA?SQ7YpF|Hg$fc#beZ&wQOK%@B z&my;FBG}tF4m&9#h(j6l(93%`Z;II%>x?B4}?oRq<$M( zMYDK3B6!eeC_~ZsuRMEAeug?rO?g2*lP$^sFgo8U^ntT{5GWQ_h1Dvkhe}$x#mnjO8YJ*&+i*$9Pdb}JCq}Zxv-#hh z;x#&WmPFcQF-{$H)r=A!(WmJv8Yl2pHnBvfI4EFxDqE_VDn2kQ(aeL4Q=V5%k@$$V zIaCnuvl&m&@Og|UY4{V2r)c;B#?v(XMaC_8H(S0YURwoqLNwb@{-HVXmgY@->arw? z>M-~hVeoIm;CsU0hr-~;!r<*tK0}4`T;O!Zy?_cPjHn;+yfh4bQW(51^U3Tc*jRNU zUTH@F@vmcC)Q7-_O8QGJ`bVvY4QJ@(SZGxKh=R#k`GvlmF}A#kK4_1o2M(rZjmj^W zOsC?7qHgG_^Y-r*JSpFNgg!Ziz~of=-&2r^^YjAkDO~jw#K{5{2kr%Jvc*LBw3ut?|F5Y1Np3#d2;TE3DB@Cl{8PZzE~x9OBLZzxJT-`^QTOikd;Gfr?Ya# z1@EiiYIrim zR<_ggc@yJ$I-W&`Heqx*dl}c$ac~&=hZK4>9p{Fje~mH?`>V!xrGl&RTBqQu95yMq zO7G*wg5sspzZM2xs^BW0RblW=3Qm1RnO@(8!7t&nsuZ3J75bzwxa?Qz;ZIlS)o>Om zxI^Jz76yM#!7oziUk`&XRq%@y`juhu4GMmVLcb#nei2oIFcjZ-{G>d)hrx$3PWe-< z2R3oPocOd;_&i9JAPmu8g`ecVopDJ|WtdE+*s^mv{a(f;eJ_jLb~9BjFcP0`ecJBV zaCs-!OH}E=5ItpK8J^b}r*I}HcpDCwsk z<9h!J%EXMT;pxLT@losZi3+Zk_tz+M!|368pK(1rdmVyYq>Gx4H&dp8(di#&T<2dG z-%Ou`S1E^mj1#>YucHcmvO<40_w&eKl}{hWbv^?WdX>)>1@EEo-@yGv;(xV*<5d{q zPrubl{K-P%J30SxGZMr{a6aZ{A&B?n{KwT&5Wj)>u(KfUWqMf-q`xJMbG8c7%Wyg< zkT8;7hLgn{#AP@sZCfN*%JL_18O{`oJV;+el_gAH>k-6< zumI9Dd^qDS4Zn=}xHUYR>Af00it$VhAH(<%4WGdHa1AeD{B8~RF`ljA(-|M7;e{Oj zF&bXP^b<5ZkLe3Ed@j@bG<+W8(=|Ma`OMJpm0TYcY4`(Nj~8qBOvdMG_#=$Z)9~4h zmuvW=j6bE}^BG^D;ZHFBf`w5F<`C1L(C{5hk0}OWWIcAA z>7z9K6ytP;jf|v^=xlxKx|&)uuHSR8mHm}-PcZJ)aH+g8Q^TXUpEpFqqZuEr;T;&iTf<`+&(`qHjE~arIL60lcvr?JXt;y% z0u7I6+^69Qj8E6_D;b}m;Yo}aX?QQji#0rj@wpn_m+^TTp2m2&hPxPlO2gfZFVJu= z<1c7OWwC;XRdcmdN_Yj{V- zS84ck#@A~2493@McoE|pHN2Sdtr|X;@ogGDkMW%vUe0)(hCjvl9t~f>c)f$20zdhUYWBP{XG% z{+fnQV|h*J=2BjPKF#WsKKr_(zQI)9@9HAJp(##t&=w z8paznT#h47X!sXQkHuMG$eMnYT)v_-{A;F<)^ItF=%C@>GkvUv?`FKShX2HPoQ5|r z-c`fD;&3`N{5PhL*YKl^CusN|j9;nYO^hdLcqG@uy)?WH<0%^6o^kaaR+6*9xSR)- z@|WWXm&QkqBitG;#}Qr)m*a>`4VUAHAsQ~n5yLgy#^JnM!=o6_*6?V?M`?Hm#>Z%Q zEaMY2yffnk8Xm{EPs6)1K3&5djL*>Uc*ct~Jc03I4Zo7{xf-6t_&g2o#dx`fr!fAM zhWBNBfrh6s{(^?P7+#Tq_@@g*8Qobja^emCP48lKJgat$BF zc(sO)VSJT_%W=e74KHB&^%^e65gRppI@52}@EMG6)9@n3cWQVs<8>N7m+?IsK9BKw z4KHVWpN2oh_(2U{!1!See}VBv4PVIk2@QXZak0?BbwAZXix`iJ!Uv43mliV~t>H@; z@1WsJ8IRTQPvb4Voi%(p)056DGSc5_#=C0xD#jfezLxQL4PVcAf`)Ho{7Mbq%DB{> zFT=Bq@m?DJPR3I-ypHj{8ZO5XX&T-TZ^hrG;c^_|)^ItF@M^dmM`UVvBZp^*hBw7q z{tnl0IgYqn!{s<4Tf^lzVw8rdpg%GqJD3+8kFv`yD=IlrUNd&~WyaoV_E z?hn=HE95@4B+AGzGC#|GXI>4L`_6nCp2_Qo|2ew$CyTpNRVDk_WoCi@%^LR|kO_&B zxB1}BGHLw$M#h`JWBDl`G|Z=@PLlvX7hGe#Y>c*^v@M1F;ZIq-!s^;T_cF_!{-2XQ z2w%xOxtb5+|EhahLnfX*gD$NX>HZcCm;TFVI_&A4vrCYA0*C)8E(g*=`xJ5uCBHE@ zST3gXJPOH=(nyzI1~BrUw`bsu4G9LOzP7#ty;X~__9^x_hH}4<5*DW1 zdIbOL?nh=#$npKP+jk(`v2r2N0OS1*U-x@)ibx9^i(#B)d#h%^zBG~7$n z0ou6s#R>H)LR~T)f9*i$ImM|+BBNuVB))q3a6(Z!PD?_~>-}v600kZXRdKb-1(gA! zQ@+KVymCJ+oz*=lwVVA8-*G%QDxMq(hS1&S>kOXI&K^8LTST@V+@C6VeMl*tyg3;f zKP+`$I7^F@y0^GX`wD%jP@xdv8|$n{0GZp;I$1d$?>JaoH4e`e4*U~-1zm*l52_`S zt5=X;e8|^w(lTT&*uq;cF0zdl_T=h_)Iw{)nBYUiS(3g-uX1f4iXzDBsBv(Ne1 z$t!f<;F?~#dQ+TQj)wP^{-#gx;xSJ^6`ZkeXk`h z>ol>``~;F3N(YXu;0guLuYk3)!b3i>xXSPjZ>mUas<@;x&DSE3;cWE}VdbTU&smWM zYUvZzJRy7%QVzN*0ukg4-<@<7E+?L8$u4hYb#$H?DfGCL{M5WCFR+kx%Ad zIIH}TxS0C|TOx_A+^Zt~RStxol<8S#(FK=SW0ASx#-pr-W!JzxC&2_4OE<;KDC{%%$QV;#$PRz!h~*W_C< za>1%OHzSzpIs4J_?76H}aA4oVF{^BXOHbL1))9QshrHm!Qcwe*eNRC%fC!Ek`q%gd z+sfWnI^;Rc&TXKVP1sj<5J3u7UX^E9-$DHV{#DaCy`1+5?TDQ3R*)D43wYPgxg4qy zni@9cl?%vOaRh#eZPt7dZz)v21)8(4v*IWS09B46!j__FcvPvcsXc(;Kqc}Z6fTPP zphFdPeAs{EscKXKaZouVbOF#U!63pl)>Rh`2}Pu^FDD%h@B;S>q?;$*rM;MfDNT!=+*#bq$;0`)b^ zD;tigsFbn}B9hlGRbC@Ry6mbfZo!y2HY^V6CU92dlK&+w$Xfazco1pTLUVviq{RK=f*G$=&jn1Trvxw9chY@8N&l|$ci+T_^X)g;EFWQR`3dfmM zZiSoAq|#YT0<&@_PtKnl=CJ7KTp!Wo7x-*hL^vrw3x`HW_{Qd2$30A{LZ-nq6NCdmdxl^VD!K}$6rl}YOr67N@6)ti`1OmY2*Onx5CghHo zR7e+KTT~PmxEhznS44A4?&PWRL~ZcEYcPZblkrstMZY1Bz5^5Q|MLs z7!)BGT|SpGuFFTRf#~uXs_;?ebEm>bmCyYOy_zoN3cZ>xa?cd`tIB7&LQm7&Ql395 z_yr1X=XRC&sQK+o#>tr)o(mOvH9WZr?ojwoR&X_42Df}YwO#Y@ZJ{gH;i!Yl^J|$kj_)>mK zT#k1-b9*6iIj%|2@H!%Zacj67zs%5ZIWEx89LRn(jR(j`e`Wvqgoexh^Z)i*`hU}{ z^bW*{qQKb>Z|WZ- z=db@_{O@J=oZY2!TO+%d{UT{0c{%#&?x|0vryU?$iZuacTcRF%xJYR}*z z@jtuI{n~3&QXIl$x0{vj9S~t}=4iLwAo5bPZ`NBK?>nZiGyz#_#Ll5kx{=Cho)~KW zUQZTSzbd>4ODHb$=N2nBzRp;@keZKe)&fhzKHK#S##lEL6acQU{cJ)O(R53HUFfa0t!Q5eOmU`xvq!G)Vz zEDyMVDc(^2;iao!pbF%Yjf zvQ+(wf<{G-?!Gp^6kA2a-5_G;h!Bi<(uxPIw->gd<+~`~Jsh>26a=a<|3TEgg>~g@ zA|y!(A<3ktoGx>@^WLDoa2FP<540%ozAv3eK8Z3)j)McX`pGAl5ic^)?D5wb!41F)jvOgl)e0kI9X+qMpL%a>Sm&& zA};EmmQf4j3NOOU#oF4x;B%~Oh&0!j-!->DzHF4HBC2r3R-F~dHF7n-@J9|msc-y; zYxtM397Z7sRg@6THAurkZ9_x3QbWRPYrhZT5`AJ=A4qHC1E4ZF z!mX}`JKK}o<+zaM!mvIZ>-h&7h$-6tFRbxG95AiKfBj#mwOrJmVogcXioAvo8tajr zZm0tq3MYAn!fy`2`5Dh~_=V#CKp33j5sLnWF!;zY_}{|dtAJBD z7gGL(5#<8UwfKed_jBMxFV6$XbDq?x4n@B^48AE0{+r}aogNrb4)COUKNSD-!r&K& z!D-Hg!e32oDvT&I^dbjUIizkj$=1A16K3sC5@6v5t9hp_|DC>GhjpAuxjD_NMsfv6 zTO4Y+{4-_j1J=@43pg0M(^sBGj-510Sn~oIuN%=4rCcqY0~O)Z`D_eBzhA-CHM!#ou7%Kxq~{KqNusvKx- zKNNp?9-sVG({YPJucl+2g44W^Oy9G3Vutvr>8P$Dy;m2w!T;Hn&EgyFBQA*uWq zDST9Xqk^mP{Z_$Me-DK5_mo1f@;{H;S3SO71y}vOL%~&l$1|?Wldfqdqw{|z4F0l$ ztNh;!!@owMSL5}482l`5?*eXnZSq5H8&l znVxpSo;uMmDVlJ!&#-Gt(|J8-jKwDSUw1z;FKc8W=8N)shy|nO^M^f^lZVzRL~;Hw zHRW2ILL~FAuPsGi9Q59nCSKFf*XoD^P_xq9B~89IqO+b?o?NY-;G((xO3I!%B<38# zlg2}FtZlH{{9{D|ESl%GFc*Js<+Xrdy@JM#Zu65hVgOlB{<+QcXgaDhXbra3z_zll zLMkcZh{C(3zk@_%oi=lu<5Sl3C$DIYCmM5{beIZPds=He*4>_!DX_Mfw4^C_mp&8? zn#vm_K_$&9SgwSFhBuU%I>h&Ok9mqFATj4Xv}{}xBKn({F-JsWy`}jn!cks#d0xp` znjY&ZEsQRyo|)^(8QR%xZYud@W^cFstK`je{>}KHwcB57_t)6x_HXLj&NrGIxc#f` zW+1iR7_>HZ)2yA&(u~fD8=dy8iC@|`+MZU#?9;(1G_;pX3y5Ml;h z*iIupw|^GIQM{jCS*A|&Yk8b9y)-Yjp(o^DdKQu_&6RrGm`C$1p3gJ8 z6)@+T0V1|eb3iNt==&@^6)T~;JULS#{_mZ}pf5a;Q={EEn{Y#G6y4ftalmcFQO?o< zv59M)_RmQq_~>k3OTw-ef&sVGpJryz-NDh$#4p_TEs8wtpEy(3_>$ZUD0u0KKe_F- zF7vqC{7#5Wgl^V1@)#L~s#Q8NLS(wR55j9+n&dNO5P@}i7DTglfV^;f!&b^KkXXY8 zB}Y0TUyr$gj_rO)t8C^;T6o1Z+*v99Q|Hf0fOO}R-W_}xbKb!V-$!pAbmv4p;X-$Jm%kj}``is=?n#ZwNgLt{j@v+wGjBp=l1FwQ>Vg6IOM)B+D$@x$D zjFMAmGD>eox#}N{8_wr{gU>Q&Q|W`9{f#lkY(IQ7*Sd4Q&NB}Dl4sX~tdH{A zYw#r+hq40PuiP)zy>f4q+rGM?74F8Zj{VKZZ|62aXgHXH3~1jkinc z@V1TK9P99}+X;N`6c#9TTMrPlhsb`#*N@Usw|aI&P|793A;?p@1wgebNVOMVV4uI5 ztUzS>(~TH|Xe*d(4Y*TR8zsX~NkbNQk1=!Kk(Gu~{3TML42KqTHam;@ z#8;PogLD)4cSJ7vyCR(JxJJ)ZrhUW>TtI0$aYaU+xBGpXgJ#rshegNg!JVoP`5ieMMH^K? zg15QWb!OF4Z9?tu4>%`Fr_wttt^)h6>^24DPz$(!rv;W~J4PEM>lXG&-IkdeAC z!?@)~cjOebazBXj*68`__deit7G>V>NgE*0nuN8wML`Y_G*!fu zf2IO@PLs4JC4~qr6#0{sG^Ld^iOmTuf^9Gf_IO%|E3W-eH()IzN zLAO|Q`-3iA^Q?W%Q@iTqO_oNFy|ZF@&9|G9?$xY)Y5ub0=p*Yt7bO?0H9Z{p6}Etr zq(|g`A6$`eOW~mW9Pky^!cmmpy|q%nBrXw*g{GXl5yD~IuehV%#&)+bU{T@2Z^sR?DBC5IlIr`2y-@POkcKzIXa4V3x}=oB4itnk3jxNwP?;^uQUY6 z-#jxj=c$^JH-LI#G5++#1+NdsAZ(^(YjbX(vT(L6*ETb<8>$K~{3c3obAF(*CHGX} zB&jkfykjn_l=)IrRx|)<87{v@C(|__+gT{!>z_IgPRGZkrsnoXffh5M`Fx~pguUj( zJWJA3yoB9P)#xPNRCuMZDCaa)WnVMVYP7o~MmH`R|G1z(nn)w7wy(zDeM$TYMd3&BJo+_y10DO?V2vnL^Vp$835bq>xGkw*{;=||hWA-!m#9rnd~I>2RZ`Rg(Ic@ewn zTY0pA@TLv7wEtq_-Jo!hp7Be9Jgo2I`O;=Me&W;c44fvh~ zzUetXyyfn6#Sb!FzsYnx+B((chZCjZ>bj&GC+YCs#z}5msslI_I0mKP!I%ky()|Y> zM!jhnJ+$uX)~@eBBJfqF7{4{odaEeUa|KwA24;FA=eujJfo2h%z1_g

    y>C0%ci&vyKJ|q1+wPmEbs{)FFlc06uE?vUI=QK` zrMiCOQMm8%(>NcuLE{);MDuy}z&!5L zN4^eMPPxo>>bLB8;31bj>2pDP|4T~Wl&_Q(3Ac%}oGZ1?S~;_fXDap%*qMJDr_853 z&@ovEZJbuo#>q^BDovAEW&P96<*QP zd0u=!yID;Sg!Lc9d7RY8QXk5rnc#VR26oon(0mC%IsD-m{P7t4XEFG*G5FD_ALZh$ ziNQ~c!MVS+9G|zx;Hem#`(exRSrUVH02iGdtv}X=dt&I<#^4E?9JaS}M;Eq5U$+#y zm%DHYvc9rAdb`({mD(p}$Cb*<%ze zCxDn1dcsuV=dXqHyO4(XiTD})hX}%iI9@|yh;yFH=zs2Dq4)9M#o%Y59?_7Gzve2Z zNh$8Hxz=ibOZp^!7Vn6M`+Pp_;Xa?AdiW_GpC;|M$=|2H)WiLFZ;8SEGrQS)nVi*R z48!RCa(RQ|eE9i)zK8qyd98>0@_$Zo^7q%C@AYtB*Wp@SYozz7_?es!d$`YklXeWG zuk+|Pdw9~rcYC;BF0*y5i+p^%#luhY__TYt&wq>JVSaA&=>7csnTPxN`PZBZf(iMY zsyOBJ=?6XB&$oYw;WO#c`||wM!+rk8>MM`&o{pcDOS|HsoZTM1&u2{xz99yG&cpq3 zd56CGDNmgz&j&r+uP0kQJn7N@(8GQDGxfa_@_(m?`+UCQ;cxW#|4MP@kFS%V*)08x zudDR;UOo5g8-j}=AO40sI(iuXxZ?J{G`vayO>RVghT`^aHu^E;W8Y(j->JB*{TgoL zO4cPB!|zi1q@YE7i{dOh8l(S|;`I)Wa9ayMBfvMR{0#wa`EyQy*J*o`i6Zz}yyF`0 z1p)n+6i)@X>4-E3_)ewI1o&>n+XDO{#oGgXkK+6$r7<}lQ+$boBYdyoR|mM&ht2@s zr}WDL{0YTZ1o(c%djkAP#rp&NpyJs8KT*p|ANUqxP4!xB$VS%7F+cFnhEfvx~&|Ik9|j3c^R(c z2@7ZCYj{|1jc!BJsmtaiZ-Bsp#$)d0ZIIrrC4$;F)4LDZ|PUJ)pH|`)4{Sk zT};=r1_2n4wI6F2eCH6?>Is`OjjF?CZhMl}H|$r*^N$T5r-Nnj+k3&{wD|4G?*Q7h z+89}4k;=a|LY$>CaHrrV#;0$#YQ%e#G4qdQ6y_fn5g31%{(TyMC;WVq^c}D-#IIcZ zYdL6#snUcpe#RZf-vNvye}$iKQVal-l>g$N)gODVf)~R#6iLL^so~!i;3|%Uq1TQ0 z8RnDTq2Yau_K-HOSXh2z8oo2|u=E?>+h8e|e?v(}aZm}#j!ntJTm7dzK@<|=AO~GA zrUT0SIsv~hJck8g*#k=K(-+flkl?@>tHaiR3b`Z_A9IiBKMap)iXO}tyks4=x1as? z^F)R1W$3WATV_Fult}Utb=a_tGYuN(oUDNc&8ya*I{NIo%VAmb?sA$l zLySgrR=8{kC7QuE-}(Yy?CXw8&$+y+W^^B5tg+O}{IRXv+ggiT+pih92t?TUiWPd2 z8dZV3ZLJQZ-y@^=X`J7y{-9o z&iY=a>sL@W$yEGaNa%Iolf^as)~?H;eejel^Oh{|)_iPIE6 zVG2dp;InULg4r@;2X%U!6L%SG7ES}&ek=a&OXAN7i%gt7Y1zm#u-B&&*+RHJ&-|97 zwk?I3XvH|gwYtJqtgtcvqr8`8eF?^|w!$Uq-`4drUD=)Z1#nqqbJ|;(+zwfZUx|6iVwyyou>d5_2WI$d{aE;%VPg`?uXvrR_LKV9)Zg zOxKRWbcuTe#4M;kpra|LFF?EU+3W>S5FI*C6I{fpImXp0%RsXzcG_{YLQSSkQHqz^tu@0SF}+vs;;^Q5tmuh zHceB}+Kkjq+4VWDSOmUkVlJFeinx!h5i9@BC)a`&G?~R63rE2lcuSSEOjRlMlu2bp z-L(@r(cxVnca@D(?ZwJ=m0LZPdNSS&FPf+GOPV~Tw^Q{padr_|w#&P=Ii z$AiV^>7p395`BIPk4Q%i#>E^pBOjD%@7C!hNmzTAZZFe?Fs;xgtoT`G&bL<2DD;9- z<)8B(H6xsGPS<>)vaWS_XT=4_4gM^B9}qO-Yo{N0m7{B(wIiLob~?MESwF+V`QWRe zGFg>7IBPGo8mR?H z+Wupg?^r;uZ9%s%3qqzV9;sMVH?swOPpj)%)IqREqQ5OR}ErxHI zeW-9Z+9k3sdoeO+{Tq>Nbf@c%1yVEm9(eJ%4dFF&-Mt6SSGk!B*5q9lWGG%{vq+n% z`09cG#e&Gp`SvaUL@|&@&91n+)=fu12KJ{u`Q<2+Spgs(`-C}ZZeFe2B zseB;1E=<$RLIa$x{87;gr@~d#F}MyL&woM3;Ix;cV<5wWu0+qu-tIrKp23WA11FT? zpUl)Nr*$A&4sja1sJhoaYcNo3~7x(hRhzl)+rS2-)#IgddHqk5bls1Yj=bpR8%? zS@_98tZCy=1e`E2ZyMIQomJ*T>|DMshM8Agd)t(S)iZ~uE~rl4B8&3r>MAVCW6uS= zQ|!QC9^{|!2QAOqmoyii^7;xb)0p<% zDu-pqkYb{l>ZjVvt-*8dhxGfjU0S~J?Md7| zRHWVjTcmiWe!xiG0Jco=J&H>`05+ibmP%M)q>S;*<467tI(KLB-lcfE;~h#o$z?s)gZ2F4>(MP_ zdv00S_uR4|?zv@A-*ZzZz;nvtwypDrxKCKJ-d`m2*8Dr>w_P$f-PUo*ym^&QBEjXg%8*B-KxBh9KN8xs_#a321m4_U%Gr>syd(=0HFqfWEdlmoGMxI z_mUOA>c2o67P~Q)xvd#;0}KtjAAimNT^`P9JENx_G7afZ!q0HlPa5L>+Th=K_{s1y z`X@a+>EW-^em0cn6c6{;=+5+TU!LWP^Wm?h-{{ew;>GLh0-WmMpZDlb^Y9b3AE%uD z8tfS!?&s$@9`4I&=Qf0Lj(YT`dGY>j4E`;}Lq1P>^nQAerr*P7r1WB^0F4nLzOMniA@ zIQFI?9gX2ToimziHGGTWGGXV@KdHFAyNrIT;`TjYIL99}GuuH z`ZV0q&ot5){w3#()*%g_RQwEm8g6>I4FSHb!T}uD(HQ*`irf2;PF8`JyB2EWwIssQ zkk2f!xxad~6KC8uel$4^xA9$LK)+7{B@(FsPpUf;;5OcD4{#fwE(vgTCX#Bg{4qSt zH>2AV(3_l31h}PlCKC!{{7s(b05|!E0(^^B@P`82@_%1|TYlR2wZ%K8?eovK7K)p} z|4iqcGk=r#F)Oq?gUy+gK229dorjH8*+(<0Q%0cA&9%;A=K^spi1Aqav3`JkA#r^T z!RCzVNSNE6r1cHkHF^HA;p5gqE&ik*8SECnJzErGeeuonT5qg5mm=K}D$OcqdHypJUs?QY|O4h}q!#+S*}MoT$Ojk2^O3rW0FTK9Keh_KNb&ELUM zT+6|l%r{H6+ocljOa;U>(^7uT@b9N*mtf5o_Zj2Fc;<5k2T5Ra-Hf{ZaLBr828T&h z$>L%rZ*Xw~FhrV(ZQfj1qm|q77|^XDa1*%sVy%zIV|)mnXGn^w-Mg3viJIA>m|u-_dqted}U9zxT(_SfF&`nz#mJB=9S#H$YG4Vn{1Ai zShJ?bF!skw6l>xW^Zmn9vRD+@A>Slf^?M(mHoreS^^)o&RxP5*{X~L2!xqxOtm9vC ztpV2|b1_6$7}C?QgrNajiwh4K1lh-MF#pQGi@5&|Crs;F0#{Vp-5Jz&*YF}aky@|w z#U{Z_b!xcswy7JZ^dtBg+TkBiUYocVQtndL^RnkvxARbIF2zLWTDMZR`X&!)p0*^Q znLBL?u8Kx<-)O3CA3o}~%8gSu;a$tT-J)?;G0r0xlKmyt4meNcuMt=sc(dXuJZTK4 zz1+URbAgjjCkbGr-r$+SkN7q`X{65J$vHZi^Vj^5`T=aQ;`Z$-o%d#c>vSVEp)@5p)*8omI_;djU2 zpO3+}$KYR!!S}}CKZ(JgjlmDa;IBq`mrGaNK0vnFa`e=eDu?r%nsff0Qy~D1mBgYL z`py`fbN=>rz?g7(Fx^kDlGnk{<^oyYX+rvcbFh5J_;aq`SDf_x95p^C zp!{h#nBlyg;Z)0^A@0wi-ss_PfS=Ld>f!#}|6ULG`TW$wlOCVrw0~o~r+9e1hx`2B z?ct|-^q=%_Ki;o;_-P*f^B(T=f4#ON%9Hfy-{s+cyj_Zu9f#nSKl%wM`N_{Q!}*?} zA%BiL4CniShPXdxyxGe)KmV zDCHiB721B(8P#8N$IVgNKAIFW6o&INjE8N3#_BukH1Qys#MTgCAQ&wU=fHp59OX+5 zA2&y7;py)ii{G9t@GK|)K9#@I4-9)UaHrsApTehahL~Y6Hb+P&%P7o0o1;8zzXX|j z^v+cbZ+tr7LHVuUFuII}f13gNv~=5Z1#q+bq-!+1kI^2|en2s;CK35s4R7t!JWOtL zv;C7aWq>|6=p5Z%bu<4sYPRrJ|0quwH-pq`gRpu)cARz$!^h1L?x6?F4MBnfXY3qd zCtp@DoYL`47@otz!JeL%JV$u;c`tvCaGSj>AxKJuN#R{u{ff^Ky4wI>IeqlM^qifS zzGh5yLAUph(z(Y3(}$7Yw zfLODNZWw8nD0VrY#W^47f0oxT&%sFk14}7Bi6@QZF`gIUNBWfJgXA5sEAXrEMkt+d zn<+Qix)FwTEi^X+D2H!~!T&Y}|3nPFH3lD#!C42($@8rk z{D;6fSFt6ihd+yMh}xeC6NFq4hPVRIFNxw#6ly15Fmy157!h{x`@@WHeMy>x9`5t$^l<+hw%@~jdDeQk&*vW%=j(&xDvQ^K36zuLQN!O1 zI}LI6%Z4u?2t(YT1EKye4RJqR))MJGodjyEjuYqih#7{ZAx>FS$~Or+4V|20F;lM= zqwiFALx88$-5B6Wb*BP+Qr$}eT%C!eS|}rbX8u&)$YaXT_)n^PPk>wgRBApM{T6k< z0^huUMs1vg^-Lt*=bGTS1$jyX-4fO5e(%x(zmX) zMvCo3wXm}r^J*4edEF>ROpf(6#`N`Y)gQ7C<7SX8S|Myd4g2Kd@e9MpeXB0f22l~nA2?&bRU5S9x4Ci3L=%R`8bwFf zbu2A2zYdf2zPE50Zdj$%G2ET6ib#Z@zb|C>C2OTP>G zD)DKKDwPTQ40g_9JbKmX{nxxBnV7e_yF2;T zjGzP{(-Ht>jJ_nm6%Wp4m}N#aDAVGgaPNhx@$zZ*Lta1+3z~y${!OaOEm(uY`-6ES48=DZpij4Ma8$JJXWr*2ecAwhp09Xc zfTt7>>odn<-1~W#Jd1w|#2Sup6Nz@gkCOANi_}iPg?!HRLA96D4|xy#I7eVc>Np&$ z@T)b@d-B~@4j+rbKOTesLkzw(24@Gs!G>N5j?;x_pG8%M*=NiDZ252C|J(V86*rzg zjK6dEcOL(QW{%hdJeSt9Ma^Itjvlx^Qo%UFT*N>x6cl>1%M;$NK{uN*kX_cjdUayC zOnwx1@v_TcS=%@AT-a$iZe+h=_>BZ%NY7SfxYb+3ZS1&%#4yC!s*L_?1Ytt{KXS0( z{(Ai{Jp2u?8z1V?(2zgJuZF))@sL0DYiLN%A)C?jxE`92{%nt)YcWPoy&Ia4exXOt zzQO31#L#muFAe2keKq=_82W$p=sDIl`g>#Of928pb0aUt(7%p?!0_SEnVhb8nBI4I z^!{8*OAP&GioY5BPsY#Wzt*EqdiYHqe}67($fNh`=l|o;`*TWLV(9eK=;&eiIf_>igfZOoJXp7B47c+etdBE1seD)#G=@{}i^kfe z;a1O>hct#aD1B1UBED1Ibpc+l^z{MGaWzd+{)>FnnfR~I?evK<1NynyXQDSPIiB** zILpKIF{$AjFa?ap-dE0b_`8YY0=BJ`5$JQDR)|g=BC*e6JXTMvJm08zIFd5GC1n>q zv{)iH#}nlF$A*uaA zc&5)c3P;c-u$9aIlr}tm($X;h`QEemE&s0uMv?~neAB5Bz0C(li%P$Sjwe8!vw=vI_czl+`=1PE^Y~@L*|)UvG@+9{$dzD zZjPuy3ICbQJQJp$@4~R|lDt#pAMwJ{8iwbv4dbF{l4$nZ&pY?rbI&^OyqGznx1W8^ z%bp|JW|@WfQxpRKvgZl&4)-NeM<@3a<94A}jZ;4C1F4cdBAYIxhx7I9MWUr$UETfJ zBoffKIRW`A7)paYcAM6_(NUrF^=8nGA$${?G zH?HjJPF#mC=H-3;-Mz_Geaqln-FE}*{VV&s6Sz^Lx4X;u^TQc?M0%I5>ed*2B)fXB zw`*y(dznPvJutv;^(;4(Fc80!6DxafT-vh|1gozfT-Dv1jQ~1132z*tLRM3*E8^n8d{*NGNx}4E8R)uBRLFB(Gc9 zyG)V;VT))NCLOZfhvPSNclRT`I1r>rt7*{$7x7+Xeb3UHJj&JG$P1Pvu^X4J>=7YW z_9vGwU9}R~Fxb1YcV%`ZB6vUKxA_Puf645@-hsh>rV$z9hbp2@?HWOgQ2*+_Y+qMj zk455UPmpq%S7G)iG5eFa;P1)t~Jc$RY!x`iFZImNf>l8Y~HX)5xFbhueV zg#wli){Bmn{gE5m>9~1inTkOQ=9hT8a&lIwZ=RKMv)fp;^oH(^{-rBdiyw0{5}SJO zObcUJc0DRm$3R!sMNCL)nfc=o7~W3f=$X$&TZ6N@4>+M0tAkNN2f8IqY{^0?-*%*n z*wA9~iX9(^-K%?rS}P&xomCY6BQIpl@;=|S(q&Ci8nGF7=TP=~1CJB~8=fmQvAMcZ z%oNEp&ncpNZWrCMzNP)EJNgE*T`LmIJ;zXN5}jO8|hf3)2t}Jnn2JYJeH*_gW=sy&=Zw}nc1NVl&eS6^kVBqcz z+;;?S%<+`S^S;166u1WhH^xFG;W6h?;?4!`HG%uXfjb|#KN7gt2JVf4`)>mGO@Vtj za6_-DL|%*yOWcXjVCYc-rH(CicUG0U+XMQsz<($Rp9tIyp*sk_C2)@g^!-8nLxFos z;O-3E+d_8`Uw_~}7`VrdDb0^$Am3!bzc%pS6Zr27_-zZ^lYx6r;NB9rhXQ%`1@RpW z++%@zDBw34@(bL10(T+^UmLjl19u__pA7sD2JVKy-5%s`D&W^1xI07ofL}78uMOP& zLHPC{{FcCfTj1^t=t~+O9DkxUA!-c!#V0GnSw1w4?h)b5>dplCW$IoM;2r8-;o&A5A-uQ6SiGy$ zy&=HYt9x^R|95q74RD+57!UCK)V({vA6EC?0RNV{_Xqfo)%|>c|61KP*JbINP7BOT zeHw0e-`d%*0AHi-6#@Q1b*~L@p6NidA;ABex;F>-R(0FcfRmT zd(^!*z<;3b{Q>?Hbw3~A=C0EBj>%K0Zkww#e1_un0sTqpZVd1@syh?l=c#*1fE(S4 z0AH-`wE^C#?hOHcgSs~d_)Y5G8sHyN_jrKcsqWnYewVuU2Kc|Idw+m`N!`x}_(STh z;)?>t^7-3}&kXP%DPAAocFt*IfLnaFm(ci6Q@SMq{S0-l2=J5CZF>TZ&n(3^1oU&% zy*a>})x9;q7pZ$Zz^_yH?f~ys_uc@1zqf0@J%7F;La_mJ}lh-~!$X040t#9JiI$vt|xV26Tf3emFi__w_X9^y)hijdC zG#uuuN{pr7!rNMBnEp;Jkb^<|$r5gf#3gXE38ezOor8RsagC7q&+&)FZ~1>cFv`+^ zpKscAt<=W*=4W!-vmYL2HyS?IYj_`{J)|8~Y)U{lq~RL_+~hZS2$pi`uhIlsI+=cc zt6F%&DNh(Tpv1VwZ{ti>XYvTc^P4FwJ3xtct^Zb!h|z@UKOR`Q@JSW$4hdEK3&V5K zqG#oGhp%;>U0xr4_BnITJ?mxa!`HvP7=KEvDdfd;9J4pk3MaQ9Z+a_noW+Q{m|nbZ zE$mdF-cPVKw-d{txQmQnZsx939n&D=@$`q9>)P*QPA}ZlQ?~-g?cstl350diwHms) zu3y4`o8j|K8FAbSM_cZvhxUMQW@h;2Od|U}F0taILw6S&*ILu#{OaSyZS(Nl-h;pU zlK2zG5-p;$GyYohx778E4-x^^6Ym8jc0)TTU_AmqBpml)C7GDgm?Qn|^mrRR?c%u7 z_zS$J4W!NBGk#?}ofA={6;TS;MB#9(A?|t_`7{DAmh%v?`TJnaSLU}5@2^0_zl!Ko8So#*dq5nU>$_J31Qg?oS zZQvieXO{Tq=Lha%P%Km{aP={hKPI2>lHV=6E)P``IfdTC%e9f)>$i+hu_x- zCynYB+K1OB6E!36gS9Px1#i@=ZOuJ{8dEd!Wfm)2@=jRZi{|&U?d&;GAy|YD^6I$U zcMt8kw!>=A`URK5HC1 zI1Uw(_)CxTLYxUw9f|ZA1W1qbJg^D$GjXKgcgSsRDOO&&qi!*}_RCOJuuBO2j4Q-r zc)|p00qd34ma}2?Y74G5&E&q$Ugknj4qlkK^##PRe$C0qnA|sAmS=Lml>A0!zv01ZbM0;#8{X$nfz4VKRC?&NUkhP3i441weF3X+|&cJ z#+bs_FPSX!+$B|_gyK%TEBnj^!kTvr}PaRAfXJN z_R3(`#hO0kx(1%ZTZNpDF1xk%Y)=Y3dJ!AJ4frdz0q`IE)PXNY?GsUy^cR{s?Js6A z>`UwyA_-l;z}pjDzwmC@*e`H!FqR(Ytf}h{hLEP1{@@hQrpGTMsq_a&Abl34Ure90 z>NN-_=Ov?EySA=x0~RsbH%pt7v@fB3zbKPt%DiqQo7+-s$Q z9Jr3>Y~#J~x9nj4LuBwenAs0%|58|qf@A;u4%hE)!uWzi6pm6Z73REoHuqG!OTdyV zWw`q)|4qJz++(HRe`V4IlQ(J zRbT>EyaG6ETn}rpHawH*`kGXT-7FV&@-^^xojhkKtnDI85AC@UWhLJaHMjHgKL3Fv zhY!pPw&3RC>$#DY;x>?Ym7=xlaj6qhZm1YFBR>WKi*jv-rRd5KW5G+elR5fiEk-ov zCGTm@?QX$a{P;GWiQhKo>+)HYu4(#;_vVethv^t?WPV*K`DNt`5m+Oausri9XVe)T z&oM?shgyl)5Pbbz2R0S^)A0Rplu`40s&IgPuho;9(YG<)<&5`C8^1GyNB^4mT#+X| z&YeILP{~ScUxB~F>JJkY9YBxr9{&RAW&Bu{-i;rhmi~m>#9ci)0_g*kIg$_Kg=f=t zM?y{JpzL>_^X;08zny#Zz-u_3=8ep~KfmAAQLHeuK+;r_(c=@F!)!3R3L9 zWF#NG3_#>2Xdv}C#mv-P;s#0*1ad5vuSDFfjpOrBQokcj@y+pjai(xPMRm>S({!*~ zV6;|H%-jKH?trx1=-u(fY7qH_)U1WHM7{&J(;FFdsHBwK`#~7F*S6!r0s<{d8zVe- zhdZLoeqJaglJ}B8K2g)-WIg*qDXasdq>L_$z7bu z`>EvSH9P#UCEwewy*(`1^bSl0pk$l-|e~d!TFXJ=3qn-QF zO!x2ocwO>5h)q*)m$}~af%71SkGcf6kF3TW9ylE`y62;L+LVg}sCC-H09i1NYd^Q( zNAo!U+IScG)zB`)_3Z1atL8qCA%F;5tCR1ROHD*4Y#V7|IL@J|#c!wBO0m6)RqB&; ze4*3$m@SU@*bJsOpsQERkM{z_xX+n}akMMOj*^DhvNG6O#r$|TD(1(rr3`jY8O(Hw z{IIsi*T)W)30sLb3Qd)Jh|Dt;vvl;p?+nF6ZwTdeJMVqjG<9xua${w4b^UEeHCHzb zA3eW1wZ1yDu)4jiI+MoDGFMb*7F4%iB96Nz;tQxfNh-dOOcD z9!XbAnRFqtl5}0_ac(;-SsC79Q<@~XqoiM2b|Udz#)W%${JV3Ihr`Ij)Re1&H1RGU zFHIlwVs3S$&6b_>rnO4`76EsiPO5mFP9lYW;nztKqP>b9L)G%dlb>qV7)J4^e z>FS2g>c+O})O@jD5#24cV4B=be}Pusc`T>6^0`tZZ*_H{yE@ZW-HybdVq6m>66eNz z6_9^JP}8&obv#Y4#^zkl)OMHc7W;an!?Q=)0ggb+P!O(EMwT=DF-{uM+|Ty<@lvc0>yzNNb15{dWX z>iT)r4VSticLeiz(Nb*_TNZe+|9L|BaUe=V?D+tj32eGH_GS{vT~#+i*?Whq)7!b? z%jt)*mijV0m4aoWdNB_N(8d8XWbQ>^2~H-C|sc}V;U$Kd}HIMX%6J`hI6T6l7vnz-ro zT07aLxZNXS_+yF>={wol>5mk*vm_1wh2mQR`a_Cu3-DUVM|ma{w|HNtxasa%8$Vs~ zgG#SWJ8`b!rr=_Dv*NY-{xvx-RXnM<#oMKLLx5)$PX##Fv?+gkfZwHfXMq1t#ce!b z@p6hx%1h~OO!jTX#}v18{Y3FCiknXNQ;P3X#xjON-cxs6@>!dhjCp_`g?toTJ0TgL zu&fl{;u=~)#tXoyQ%?FVvQmuhRLh}G@q;xWf{}MNo^Mk;rIlCS$-o;GAJfiC-jTq0 z{tx+YQ{47sT&nm!#pN9d`elkYXa%u%-Js&B0RNEU?TR;p2Mz17q)YMT4o+-Vymp2I zS``1R;+=|Hy}D0vyR+Hw#}pq@`bEm;KNR1mxJI8iptyBpR!^vdPC09}gPW~k z-mdsh6n{1Fa{UH%%}Jl)VMj3Xe!}w|iuWsS@1_MYe6CUYp@4o>4E>POk14&q(^$VH z{{#FV72l?~7JuR%#rG(Fj-(=ym;_!fz2Az#e;k9$UMecPc?Yt|t}1T*F27T%^rAR* zal3x^+74>nCKOtfxwIwSjQv+#H^{c}(ktbZh?n3UDWF`E=h2F60?L*yoJAl}(!qlX zA_wo8`~S^i?A>O6qV8M*l_WYK z0b;syA$a}+P9h;?bZ7()F(^9vvF$GMiG(X6I4iURho>y#5hTW?V~vmW4-Tvlul~N` z*%LUUboEW#z9&A+HHWwzegZOY4+C*r$+C_p?Y-S=o$REI98&jCO2TCs%DQXC(v`hd zeF<2N7J>WvZ<4SsvM6e!(Mrk~3}P^fY;Gm-A(HeCuDY&UHZAIz7S7EQ!GSK)LPb<# zL;X}%$6lN(LOV~TFaY%&7btSpOpfD_)+cV}g>y*{qOY|Cx>=bQu|0>UYX8FioHT}C z;o*Gu7~bjOd?gzGMGt2`W%z?0&OXlYM?L(nJly(s%ENbt(a*tqo`$&3pBff4Ax`Bx z!~J-VVFtjE-p6Y_+?VHM#rfda#pL0*fF_i4g}%^2`c;aDa(*<1-u7&S^xI?Tcf{~t zqT`}ao@*2j`S-@q-xfo^HHQ9kG4yNo#T&}=0mVak{xODrYYhEWI<5=(cPbw8&&JSi zjG=GTh7|I@Q1Os|XAFIJ41GR^ek_K5t&U4Wc|M?cD9_dy`p?DCKN>^7H-`Q<9zBc5 z+RN*7@Irac@bCd0_=NJWRXmjc?>+o&9-kdC_)HymhWt-bJmf#(;XeQEF?genZ^`Ek zo;(dYUL{Tv%ZD`{ey)e-J)Bj~=pXiQU!EU(_`5v%89HtZ<2~8KFZAdy_HbYRB_4jV zNB@Y2w|e+@73X)&0uTR@NALHmPkHngdGyc4(Ayr^FkSD6DVGH?_@Kvst{3m9hc|op zmpz!21=qd5wsV;s*nIe&5j?c2|tzGc|tW zvrTc{pG{-_eRGuta08Rn^5@u# zzc4(z=dkPmCAP6*!2Bxk4AalCLqHSRb{&N$SXRN zdo`7eh8V0YeSJJV73}siV8)Gtp+S|&O{w`9cMs;|eL@|n5*>N-rNZmw%k_y z40hLChF!Xy03z|-F5PUy#4Mn0`;;WB6}tiU8%kob*4bd&9dx?Oy{dD zS4fY)1%Q+CZ(tKCT{a;%iW+0kX@iE=`H@ob1V1aNR!mi5sxIc&Ywk)gsuxeN(m|QH zfJb8aSg1n>Wv^h5WU$B5hxjLX9<0<=`<7Z zuLu96uqmP6HNT#c8~>#5>G(JJ5Cm;dCZcyJ=}(@)dGbm3SyYymW^s!liJI$1xbUn4P?(2x8UiBBT& zCO&a~9z!uqkK!v7$BoWa^U;xJ;NGBqf6u4r9$Xyh-OZtfY7&hL-eClm1qz=Y{>Li|R4?y4Lp-2zGURXLLm3hM%+OhhW>B8wJwa}R^oOOvD zPna&8AJ%l?d~B`8;qxoa6a9Ubm4qD(}nY8HeEQME~PI_ zpKg(2KHZ9dj`if0fR1U2GfeU;dA=go;{5xsrS1Yd4ZjM+T!kkM#}{VG>2kaio}{<6 zJ)>_Ey!duEoV=#Wi6OL=nsT}yON7L7JET9l6oBg*{J6GgM%pVJD;2k~p5a;GtWTl& zFo1ISKL9`8%N5I~e*w;T$CS|ueSQVca(wp2;6DK_@@o>Le*pHY82Sp(mE+ItFXiyp z1DCZ|<(~#$npuj6?S*Y#1|HH+V;(gw+DPSDc%|2pH#d*;LpB5 z@>y}?|DfXA0zThYd{S|1qd!-CPe6Z2@qGdP@o+QVg8}_%irYZe_@AqItu_Ix!L5oX z6*u~86mJOVS1Xi2x;(h%hwT2DMFfPi8`VwMT7=2;pPS|))uJ( zjC9MO6tKGQrc%PgK;fv`0p+4E@k0O9ExnX`ANh06HpY50{Mi@ST=Y7nM{|(g+TK6b zpBirc_dhB<>G-ZTKA%(E=#9^I4`)*|`u!fxccS4xSDfM5R~mj4`WqVZ_vz~tCq1VF zjNZmz#5u+^yw9UQ!NYBg6~_D7n0R-@@Od=_gke7WYu^JNUIRaq=X)`HlAxhsFbyj1 z3*^6uH>lga|BHC1;{5^rn7TIxxD5sPzNN8vx0rlhKG4tJe=`HzgbmjSYBdq5fWATT zMFHNfc(_K;sd%_X(69Jdz-LVHaE)M_;_~g}rFT;CaE)M(;`;*r`xO6mfFD#mTqCge zU${nK@4p5O#|MA*{%a0!d;cv7aC`st1bDl?=Y|5@-hcn6%;mmU(}}DT6OQd(50q^@ zCBDVKZMsHo-%A{Cut=@nV;@4pSsda)G>N+vAaCD}hE@mh4(!a_`|p~2A}oUyjnloct6xjoy(nl);W!CGWVs=<;sGCN|2Ig3i?!kh1tutO{dd6(Sbi4#De+27dcJ1 zYkrdOuK5j^Rz0LMZ1<%g`+nk_zC3$Zs*(l2E5+lpaN15&<1VQP(gE*klJ_{LH@T%* z=YrGYod}JC118dVZr_Z*`;zz*rZ}5vkGJ<%_U~T7bJldeH4;`%Nyy}W1wm)#rw#w+ z=$a2r#aBjdcWYPkXrirR|Dk=+e%2495;dd$3q?52?+_d^^)UHnhKY|*y?LBp(!jqU zc>d;w=6si%A z0kG(I4U?M2yc_6E(0P-ZM!d(_E)a$^G!Uu}2Pnv#YQCv*`1zx2M$UoXg{&0WbBCX= z%$}7Ve;AY#e}lj6%kU?KuV?UhIam0KFv5Q02Q&ErY_7h!wr$fz^=YYD6O2zJK#|mA z<8?i1W6j9lLmbq>hHSw2pgWg)mNRCl5@0r^O-!24!-RNrLTS zwE~^wOW_O&I|Kyv=jNHHR~vw&$3FpJ;tu>BDM>g6ptcR0#j%6h9Y3eXIo`+el*kGX zL1L}9Uu54?NT7_JgoSPJlTFE3Z;3rI?lTTRN8 zV*aw}sI_g_$6YK*;f$(>Y~3(`V3IXjBU^P#{QnF7#og&oSt}_Awj0SRs@=lBaPURelyAdl z;`S2nGL?TPXf?N)9iN9&j~sX^J^Zi}cvs6AtmlQz@WdJiDth5TWKqlPXA7eOjldW4 z;^;qHa}TE%x8}YjD^SedF-&r>{F@_!r&7zdw1+NtsPDiIwT9{C_hQdk*c3 z&hr_4cKr-FXsj0NLpZaAof!K`gkJMg4V8N~3Wxq^r&|E>$(yk>kn5|H#(UsjrGH4{ zXxLOqwaBBe22DZMa@OOJ22`Z$;bvqwAV>}~ zjN)SvO%GmF8&Rq*<5%GKJMHMyolW*k!;P_!}lxZ6M zTab^S#;}I9=11zb@|io@CGYKsWUPg+Ea!d`-NXBy^KxKDB!}dwl!TO&v+-(1|aCT04f#3+EtI z_H`57^M+73PejgDlZfT?GpjhCM{k1)#tg4?iTXz%Ql8AZ!4pO%v#(*fu`7%6Wj$!% zJ+^(o$X-Zv*0_qt`27xvzcc1 zHy2NXhCkbygk&p3>$QVPi~Tc>t$I1}{otAZVtmqxh(;Y452^UFH6 zn&|g1d4q$=`#g+gPR6S}ENUsP7nS^EAl;lGaRm|^VJ4fmy zEGnzC@g~>CUkwNPT{-dx{WxDF&*+OJ_naJVDWPm=g4eo}AdjkXJkQsWdU5Wr4=X1g zDCFX9)926p2HH=M}+_3THWDzTj};EWBfF-Sa~Um;MD z;42KQkdDL8(-A*^solQHaQ2Me0exY@?kT-6;jV(!3r;EG|M|vsS*7WGl@w1Y_9u1y ziSGKVhft>D@DU0qXFNbhV3@iBQ`(|49x~HJMgxt(XhY^uZwBpZ*) zR5#pqbaQp%@G3tx$QeO+*|m>nJ^ot%%hG5 z*bi4;lUy%N}rU4<;NOVBzY~N1J8;nr(*DPKIy;|Y zo8t1`KwEhshR+mC%9Kl2bqt<}CjYwBDj^n!h;(!FrL7mwyQE|3 zvSq8g2b_{c&&mPrSEs*hNnhE!yiZ(RJ$(b+Zon+=D0KhozHA?oQ;L!@+PWXnE?>H8 zWsg&>P*$qs5~;4ZE$_lB!Wg{6M(rK$7T+kg4jtDU&U7L{dIfNFmPB~;gUd-%NTHgJ zmo{IyLn5LAOP8v22;ft6*y#;ERRk8#Bw(J(`3M~pu9w^UyOw5G_IbHIu%d6UXIXGK z!SbG^*So?g<|9tr5ILk)MF(F<8JTX7Y6?lLOIHtcOAa!#Bw(bV(^ck31XmHkpvS6$ z);tNy%yQXh&Nu}sv@sg{yg+j+(M{oal%^6tU*{tysKa?*HfA!!{FCD3!?tZWXR&EQ z{wJWHrXhc>FB|=vJe*@~!<#((BoDvR!{6ZHd|%O!|H=3npIbdV>EV2j(UATW{EYrC z4?oqzsryGm`qS_;`WIqwzGrAc`omhqnM;m4rA zq#^!B{EYwWJ)C;GhF_(4D9>__-j`>MNAK$-t@Ch>{fz$xk59da%VHDUVZ2}V=x2HK zKlJd^JpA`D_+K*vVEEt|+~hga!?`cS@VOp-hKDco@V9#SVh=yl!#h2k`UA#)(8C)% ze4~fY_V6t+_?JA~FW)^L?w9Wi9`3iJO6?%%eU=yRYZVX6<#dnUuMg*W^nQJ~(8K-u zFyG_j*9SWblk)idM?F4%dl~ci`1E&q_}N~%KJVe|1Fc++I~oocrkDNOOgdmv0lwM6 zi8~dioaf?ad_HrGBQQP>Dg7JB6o&L~$Is~NJ)BdHhHv)p(>?qF#lv!W)T8&?#eaG@ zzcr2jYmbEkCgk%5#VM!H=baw@4)__Lt3BMOf5gN6{&tRj&yxQvkI(fUe!hnfcsS=m zEZ%?eaG%e2Jp4kB{y#n3=W{+MePF_TXj44QhihW+0K{%^v? zCkbFwoCv=~>Ft}x_#_o)Uq@s3bj7WIGW>Z*7R}Kbp3?Lr)!*=6Yx?T~+|CcE4{+O; ze@1|>RsMXJ(HQ?m<z9N=w=X9B!k@wNb8 zq8}p(Wr}wOxShefEWmq|eno)yE8Y{}S;hMUe68Zy0KY}? zwE;duE9@-+KBDwP0dBg1BLQybNo)x4G3B!{!0kOc7T}we{>}hjp>l2xaLdoT0=!Q7 zYzc77hff9gxYBP8@CL>24)Ajn-xlDFir*99R{zHX-0J_A0^GK{O$NB-^UeUb`oBBC zExiu~_>juEC%`M&`N2Hq9#MO|U-N%&fPX>p#{>MoDZVejZ&m&peZ>D%1vD7uuH856 zn>Bo`K8ep&J0COEPMm#*&6_7Zyh-hR)O$GTZT`I>z->M~72r0%p9yevCfY+>-^WSC zt$#E6wgBIv?y#O)yjA)hARo<23Bjdr8sl&2>I`tppUnYo>k4}V-14E8j6MEaraO0C zfZKfEe_4lqb$8FwGgtS?WYU@9$l@@{GY5NnR^HH!`7DRgn>J7;Fu%8I6%X4yv$rqX zedhd&7rzyAf!G-4NV`{bEMLt-KK~>p2`f*MKP^D5%mU@ z|A`23mde1Lf}0qhzNxQst|dpgC-aYG6z1Qhz$i;tem&IyVf3@XIq+|C8?X?Ta`6w% zauilhjGu9b@h=BPo?-b7Y5bk=^G(usz`hi}a`A80`1dM3<7ZmJ_y>S7{s#Pfvrpsa z+=Xu}{r2Q|!R$U=O^xp=+C$opX!x-FYc+g(;9>F`$BnR*OMkzsXS1qGz`FvfQKGWFpy@)_aq=cAx2b6nR!NvW0eP_7Yr}?{1`q zsAMTG;bRVt?uJh*?oO?3g?4E&GpA59vX4;i7p=1%Zk_Y()|z?W&hSP^sAx<2TBo)_ z#Tpz%sPMqLgq^{Mb@^8r(1FFWo>K453-*T!3*8Usr2|MXu%WgHMhSH zfByCj3GA|X5TtS|qus6N;A;VUHD2yE%;cWq^@c@-K9r|i%J&Uxm|#B>!<6;zb!;ZJNnnf=vHfc10%7^NDt6X6?yT{4z7= zn>W5GQ}J*s_6z}-^K@&?+)3X4cT8sL70CBjvtC{0?!L^-`r3i-q{q3(#-;rIDnIH1|7=i?%;ar-{1QCkAlsb1-N$=3iPUfj~k>-1;2Ipg1SV_$h*+H zrpN!8ao@~bzrI}Du02XKt=D@}qk1S^#epAZqzF&|>ygS#?%_;LX7B#bB6Bly_TrY( z9Z-&5H<`&VZp>87tv&DsBpS28&~&R>wM8T}1K-8EM_h{BU_ z6oqzT4koE$zlUVf4<13xzd`qZBr$77@?_&gEv$z2iIYkm>>gIv4YX;65V5LDJNu_FyalR{!swT08+$aT2=6NQ=d;jV@np`YPk z>4Sa;Wp>G$;rC-x*yxjR<}aXo1j%*aq84wvg;CeVv9Qx)&g~e-fZjz6huc9_f;mu$@;)0%0emuLqu&blY7gqrYb`A!qqJSyV6N!RG|s1)8pJg;I5`F z+scvT*MlyDy$C1E9yoR~$2<>Yb79J19=~`_JSO15bS5YIk)au04X?W?BmHaM>zy9w zX)CCD+$m9?UC6qjWpskHyPJ~}?>`a)1jS3WKKm+$#Pznd()iNjJopJJ*%N6bb9+>h zlE+BTMcAr@LK=bpq`96-eFG1@Y_rS{QxK#B!qZ`sTfraoj&2QBSUyB#@ z;LX@rGk6}g!+*5>!;DM!mSJG!22-uMRgm*E*X?^-oj6XzWz@giz5$_ZFCpG7_fWU} zso6i57(H!r>|w;XMjLw? zh2t(P=NtX7HYRtQAJ}8^UFMjhUw%5%^~m-y1i@fc1WD&6@%}hEvpG}Iw4^yVDR(Dh zw;QuxMHwRvU9C&r*E5Oue`3mg47$$!?rxCYG%3YbbC{k}Yo%g^)vi_G* z87|;c?vjLVK2DFsou7$LKr4vD$Q>}UpJG9@H>0?pLiT2GXFwD7W?+X!us37=v?;l= zn>NzZI>GxPMgY^z*K=$fY3~1+hy5S8DYI-GxT>_V>9Dx5$An`cZt0?##XrQck=H@r zHg$e=vK4o=R@XKoz4h=~qI6#-o!*ys7ReiIYMF9v z*}R!IP57UKHxP|Z*9n#huo>{bTCpUFan9%xJ!dql_!7lepr-KNV~+pF)bC3ANjrjd4p=ZW|c-$M{a+7F(m<44@q zMx@RI9nA-n}?q@Lp0h#zq~pGN8>FbtIh@7I1w>L4(ha(hrX_goRpNG7Ch3$f5! zjWfhOr`iHfDGdI)kmKR+5xa~jJ=9st?H!?RH|u<81_6}AZ;in@>?%k9i5UDdF*w&= z%kjBC27fRH{|<0DH}Y6mU@T{U1iR?GD=zIB*e~%b7w-!(_*682a`e>oka#(94`XfI z&fDA);MAcd{Wisu5-O4CP<)T#($?YkUd0>O5MZR8@@7YeEcp!59h;nOGA2JH}vO% zI-JWW7Vm1*CmPc89c1`E4?n@f?F?qp`+OeI_fyD+cc9XQ_(h6``OxmszYgI{p6fl_ zm**oM{(6u8eh>HMY@r}9VY~|z=fjV;)5HCEZ}<4T3SmsnuXwm$z7KeOeEtjcRX}fF z&ZlGWdsH_pl>dv0laJ5;)!MO!^fMJFy zNB`~^{6-J=`O5@8!iW5S5<@>z-zQ-{pQJeX`1#3m@M%K+Yh(C)z@zv1e8$6*;AiEs zH-^s-JbItcF*Sb^m?*d0oTS>L1a6U2z-v z8K1|Q5Ey%>8@^9*j*n>!e?oEg$ux%VSDbB%#_%Tb1F0e-jApA+DJr+8z4S82a?L4Z$JJQd)ziZ=)N48=16K2!0w06$Uj_5e>Rz9_)u zfF)oyPP2TjSNf|1`ZE;o4DbfUmj(DaimwQ8+auo-;1?);e}JbH&jxt2;%fsuqxdZW z-lq6afVV3?65xvz-w@!Y8?-UNuU7i80Pj@%&H%SPE1Ls+h0@;@;5~|O3GjZ!KNa9v z#kU6dTE*`U@LLq$7T`mQ-xJ^?ijN2Q2F1S=;2Ra64Dd0LZX z0lr)D-v;&W4HsG^Q@fiXBgyJ&;e81u+ z2KbYTCj;D71O7RN8ZpD8a;14M-4ajRpdlctcC^Xhy9#cF# zcYm+qcFvR0Kd!jVXB)mx@fiXCClt4Pu#A4c;^DdePb!`a_-t1^+)J=uzi;aU`hQW} z=6NjMWr{Zh^l8Oy&BW-Z==YWF)i*p}yPcR3Cq{!?K>$rjLC2F_G<&&=I!qcaGST^7T{w#Pw`NI+r0fNuqWp)vi~NDykn7S zw*i|oDSft1SBpMsOPz8qNhPpUfG4#f+4lz5T^NtGM{8$qR9vTTBQCihUh~lEXU^EY zH!n5(Y>oe{h@-Pu_%{T&#c$6R4X@QCqTZ_Vw+9}~E8nExD3^beoScN&$H`_G<{!%_ z%)d*4QI;_O5}YK3>6HKCU$STw8`mew#lPh(j&QHiGk(S$#?SRi#@~RSZ#p&pxA`FK zmT&f4;bA`M9U9)pXt!{Ne?YMyn-gOi{{Lg|ZQ!ITuDs!H7-ST}j1kQwA*PM386qLm zf;uEbyQK$iYY!4dB@x5m@MYvHPF0=yxOJ<}sp|F~ zX!jvY>0pGjO4btmopcO%btk!{*o;2||P;=5m#i~akX`VK5Wvb&UklNEGXel;8 z1F`oiWR2;~+A|rlxgDG4gK#scv6p_TgOfETSPwil)~N_%)9W7XVRenUA03pLm%{Ae ztL0EPZ9g|=53Ml4so6c0p<$I`)Vwc52BeK0GM$rDG92&|h%f3+G4xuWn26o)bx zPEZ|(*$a*e@y-cZi_qA>e*0k7eZ#K@i0HuE;}p{NKn)uK&J!p@S>f~sNZ)YYUT3Nd zv`Ejjh1Po>6wMFH!4#fNn{cq_N30%%(9mVI#y^6sD#|1BZ-g-e#isSf3dCl0oT(@4 zpyS!YW8gl#^S&uLsF=bU{33?`sq?)RT+Oc__y*9hKq7 zbfh|VA~1ED7n4b$UYXc>tC39T*4lGfR!_rSs$&M|HmxlpmQx>07#uBekSKfa!`hC? zw>=l+J7Bw+HKve%+jde19uNsHK!DzhOo<$U5q;uNADc?OeRwuH{gjJuwgn#9BF_x z?*9&Q)3PCzyQnHKQeVgZiQVqX=R}z1}F<2;il*&&n z+r&z&sO4+&pJ}|PDzRfTwLKB-{RsfkQO`Ec zkN5ts{`=gNxQ({A9bo^y`YBWm`=DagQas5*m@ql`XIN`w8@qcO42Lvcg!zl?xfDM| z%x!m<+c1=J??f`x{!L5|=b&QJOmk?Shm_PsvW;_VdXE92Inrb(JnTtVUjt^4h;TC! zdCvArmcOB5$Nw)nC6fq8zs94Qo zJL((fmGzzs59&WSz>ej!;Ew~Zz&n#)jPAr9{*h_Fs4~<3W!Oq&wofi6iB=hiJ~Lr) zB@8gpap`#-YLwCYD}az%rOl9$T8DwIsSMgpm$m7qhzd;$28t%(=FAaetynmzD3b$& zif`S~do_Y0UUNW^A=Vq%tC)LpkkYfwb0PfZ1~)&qBa%X1a*NCHjCtGiOW-DCeQq&~ zNu~CRrOxD7?=YKKNEU>a(q!T#bYW_td?y|u!;X>irn^jZHUr38FHav5$@g}c-jDUv zp8J63X7p#xaHI=tIfqp;A(?y*rm>~_K4e(?zPi=VUNfF{DE*zEtxr8|IMKs&rYnC~ z>Up|gx6?8bOj>?%ZGANd_IrO~!xtI9v z1e->@3s!SGB(cZKwE$sUU*p32y2XunPoNa}k-Ui_8>! zJu?Vr$`;po_&T&5@s;jR@tRzR%hI&%q2 zk1Vt}Ve;^^j{5HV07~H-L-5TZ_>K_#(GdLQ5d26~!BXiN8G^?{aN0nX;!_ubUlM|I zbC6Pet`5PupL;3#^&vR71}H_(IsQ^OzZFX1)L|%v|0V=~Dg=Km1Ro-O9FkS!szUIS zL-4agaD0lCOn=xpCSL>}V}m4BeYT`(aR~nvLa+M;Dt&th{kN4~ny~iiHw&H=-1O^+ z`_>RXw}s$$hTywHaATV!!$n>SM^9L5BLmr!MU2;4(O5#-^%$QqxG_Fswq$&?{xKe7 z^`k~hL@??caHt4Q78w_EvWT%V!T}%lkc~*OT@oKUr+5_3taxYVgcz%(g>z?LDYj6& zFR*qGFp=ySvm+kqF>An?8iinsv5BL#Vsg$lVP>o)77poHa;3?fcb-V;^E(P=S|+J# zV0HOooE)MzjdFxYKT=4GYZF#5%4#Y;w?j<5oP#|W{E$yZanAFYbl%jdb(5wWd$56q zX!_Koqj0zgvt`%1_>ICl)F-p{<=h+Ggu5)4_$iNGSZRWwQ)K|aK`J>j|-u9ZN2zipy~N1hyEiDuDWiFmt!iW*D)(` zj-?b=oipMw2Y=P!e}aSSn3eP&bMWJsAvoeE;$QhsaB!E;WCwTo==jy=v(%xFJN&=y z;4D*(_a+CYeuCov>fj%D@ZUSQo6aX4+~v=6o9K9P%kfxFM8h%tZn>W8zvx;Cwlp zAh<7wY6o}YJ=Njk#=FSD-FR0zd|WxG?H?bza`>J@@5-l#aJnqon;^1z2hES0O zj^$X6fA&puF%P%j8Ii~w!I`fy_%Ea<1pkhM^V>@4|J}h|KEHJEu?~HogP-i+L)2)aU^cw$ls+uRdApG*&+1jJNT*K zrTmvT_&5h&>EPoX{2v7OG_u6zC3^A&~t7~>&ed?de?^eNr&F;$37(U8O-k)4xdj8?#Fw9L+{p~IU)EW z2Y2hw!w&AY-=`gXf|H)(o%R@Y7;fl!UbGyqLLo2%Cl(?FO&C2;Nj(hXFYtl;L|+3Qt;^>K2q=*9$qE*Ob;I= zc!P)Qdv}h9$Ax}@hgS=}(8I?F-sIsmf;W5kc)_*4sQhaM*Z05TW27RtdVJKTZk30t zjl>!cua0xh>Rxz2_LH4F5?5$MIK>6dC#Ag!VX9bBjR?f;>y zT$jX6Dfulw$x^jS0LqVL3Yxi|3FJdmGd65hq=*Kmse ztzdrnEtl|Xya$?Y4bO3DDf#t$!cxQ}Lb79(*6>>Y`PhrX1{8tnd#V!X2TO$KXQE&B zWKbm$JmN9;^M7c(^~32O}Zd|aU3jgu)(or+vS!C+b6}y zL)4dGB2c^O$K+`b3o-nKt>~VqP7`!s&C|WNTOGO7g>BE3o87dpeTMH#>QG^m^O5A< zwtx1rPeG?xwS#dONn;rlgu4!O7j&W8u5SK9#i~`Hw*06NdF>tK1dU@ke!$p(tgNB3 zHmB!|7G$b}wZ$X_DxGWkaAQ>!_jVdxU89wH-ViG2HnBcHVbW1$gf17X6l_M;8hWH- zSj*S8*ENGSviH_P`f}e|55NZPy$s6(A`i$R+m7wxnJ8v9K&E3%QooKS)AdQTn{4Bp zc&v^lCOjV`o5x+I?aj)H>yE+grj@9?BKE-QpqgZ&PS`SxtoT`7WS-HF{ZBL}_>QVry#hYO5wvIHBU2r0<(v5Fx|v<0 zNeI+jX)=+U2c~;(=Hb|4KBmfZsIwp8 z0RY3&@p#KI*YY%j2xPjd+$1?oNk>p<;L!Urlyl9#=;k~V!#JR&idB(?T4#2`rHdGJ3tONM_`vRK*e~8k?n$ilbK(>!rm*LB7l4t6ypUAkOu` zffK9mKwgTQhEY>Cp>r3+@rZRPH>pO(Yr}Z0k~z z>HVs$OKcofo7h43S0yqTMHRuc=OB|K$Q`<&tSyI@p54?ZW_oNosC8h| zu>rAaI;2i>ddnmPX*VYOCRbXw{}!Cw#@Bll0NWp#nq5@kSI;!mOeQwQN4>8BZxzz2 zv+z(Wc*W`j?zED3kPEA6?}veE{Zr-Wp$1DL|3(j8V8ga|FKj}TK6v$a#m)7DotrrP zOuW+8J(!KWC}TfH$lgc5y3n6l`7+_ZC`$LIZMm3+S+RNy?uybKRHXOx9tSjNzq%Y< zDq=*J+GE>Q(DqcH9%hB>0zM2z|GB-sX-n^5RHEKbAQ>o-1dgUbH)E>?E1XJg%@HJ! zTJid8rdB**YQ;X>6c=UU6_ekR<+v5pz3g=;BA$X|A~3y1?@3y}(7i+=1zSa&qm#pF z5EtZLvb3ULE5|(?1O4+fOq`e{)xG6=iDx>11=@4lfho{hW7}~t4R7QH+QDe#1!@{1PnUTb^%^hlOz!0@+D0;! zd%&dBwAd_KDqAD7w4FaVIAlAI?zz2{H<0~G=s4fLhBp;A?7}aEY2|NTTJ7y?fteQz z*;L}jFlXyLAMF~JSyeoU=M|=*9S47iZBvk6O`ZXsR|olTwbDPKtD>Epg3(<;+tblt zNb>9oP?*ktH&w`S%FYYHga=^&fw*cxX@!y40S-(C&l9QP=`X8)#=ExL*Wm&?&7bgY z!tR!l!Dm(zs<>f2e?Qua-$;J-di?TKj8~E9Z*7V002gbTgRCNb!!wN!z=A5nlYvnA zO!o2@Hlcu1xjPxz4-pYRA182MB3? zXs)h#?{d7aChV?gr%|WW+8R4hF=K?Hp+WBK{#UnQ+?xOZTdQX={$WK(=X&h;M~>NA z17JC*S;>r4za4eHlE5ZBx`>T35kbz0KY9GTzm<$f6adW!McTr$CiF&?9$l8&&HNs{*}2)=2b&WsHL$v)_nP*xnG{WP`=a;Asl1-Ullzmo)xHLv6MFh%c@O$G;V{HGhwAEWcn6C&(cB78QHINTTb16}^M zL0^IL{y7mh04XS^Pg^e3L-b%6 zFO#+@JTryove4FLph*ktIl>&1`d@L*2It3Ud!WwLCEV}>g?LgPm^vi>Qnn2r6Z-W+ zW9n3aUKV)do|jMJKkA&0-artJb(ZmVOAu2RfK3rx*D6ez0#loZP7$psAK-L@9sU-v zzlUS1@I@13V5iV%a5kJ`x4_&EG4gYtEE1e@a^02Y<_Kf2xx~2GR4Z$A>!5C^m!dyA1fL3=y7kkf z9+o40be9UQ`^K5R4)_%ze3pjbt-@!$@YjCu{|TZ0Q3%cty;AwQF9d%$1m7EihuK2Z zBhRJc9WUq=Zre1JCcGjHB=SG^W+I=DPyxEH`UuaK4F=4Nqz06hjH<-pSi(}Y`oSh;g;l;BT z%{4J&EkOpv=9bFqMk0D=u0`tlR$z;lES@zFAs33Z!vO7nL}bRh^XANU(pgB;;w3Oi zz;P*8&TahiyepS1GV!=)y%@#%fz|^{=PsVpyd)x8`(f(z!`WEjP>sww8D?9IJIXj{f!R(VF%wXIQeiMOzA(0_C?2eN{-DGKi|PW;^6FO=t%GC z%=183I^wP_sJs6um$8)p^Fq(`9OK}+&nfxD9Q*?$g!9u$TP8YQM&e)jf6Adh!NIR~ za5umI=-?l7=yjh&#_Qt0a_CQV=#S(W5svh6{A+q@9Q-5)|0oIJcyZ-6O>joz%I#tY zcjY$I;S)m`jknFgPj>Jw2Y2H=Murr8?9zYU!Ckqj?ljZs%KvX1dRP8`>)@_Db>DTy z>&o*bp(lUN>ubIaIDB0Gr^?WWeB5+4IJnFI4-W3i;RJdA`FzfDaJPM3AUM;>^<7Qp z6%PH!9ek;S^Rrv&Z*Xuf8!LXSyy%&pF%EvEgS+Yfrh|Xdp+DnD+`y5~So|yh&pG&~ z9DJFB*Eo2)gP-Ey|I5J>4t}45yXEqj;C}si(xG?D_k--b;Fx|lJ)d`Qm;W5Weg2m_ z^e+D!9eTIjeaFGsSF7A~Usk3k=HUP7@ITeTw>h|*{`(#NZav@Q(7WjzF5eY?eK^Iz z$2swS#=+fq=Qw!Wp(JsC`f=&y}9v4|ME%=@c&$yvo7_yj*a$5jv&UeI;TB?Z;JDk20iFdfI%` zRohDeuM&KWhmR7RWkjcZVuDlVbc*wPiLTaO3V5~P6FppYt&<*JBlKwx*ZrOY4>#*A zz_K2$b2igFJSqIAdw5##86F-8KGVZ*7QDg3*9kty!{<;?a0~3EARpraw$Q_yg-?@* z>%P^^9{z~XFZb|n!B=>=jssdfyjv>%Di5D7_!fh<77xEk(z(&Y*9(5DhiiT4@bC>nf18Kj zB6z2VZxs9v55HCLE)VYze5Z%sCipH7?-cw255Gh3Js#dA_#+;^Q}AvN-zE4H9{zyf zJsz(0;TaFt`n=D>wLbsJ!=DiTeIDK;_?sTSLdrcN&w0!LeR5ys;eV3*au4s5`{5q` zrrcM0xVHC^9RUWQ7(4#zjxTHVk;hYDdi+i|H4gp^6;oNhAZj6U>-h{5k!()Pv z_wcyjwH~hRYodpn-9y1Y>ESiPC+*?m1rI#DR`9HcPZWHbhbIM}?%`>{XLxuZ_)HJa z3f|!1(*&R6;nM|Q;NfZ$zR<&G3VoA@HwfPB;rf1A?%@lBeualG6ui~L3;n-`&ynx9 za#Jg;E-4{?tI$>2ON7C64w6ungELBk5RStf8QF&hPm6yur zo!dSvG3P#Dnk+FE<_%ZQT{wHJHF%I4^B6GDzo7L)4Dw-?Wja8lh5kf*-yU9ojHj~r zHuPMG9;vV@Z_W)c9EtiPuQ@HA*NPWSA&-k;r-Q5la>j>*qZ>jjzc4CjvlO2=d$G;dDslrL zPq`rcDh|DJ{Z0KY>3>Lg7o*>&yKYW^$APi=AT8X;Z^=* z@5jxMtw-}0j{oZ`(`Z*AGwIhk0}K zREb#ZV73pZpE}-}KExW1T3MH!JSf`FF&a5@K>0A@Zcg}$OPZ^-eULq6JIG=C6uSxQ z_9?Zb*gmD27k8)Ed2699_8aa+%d;ff_77kAsnxGs^I>?F9T&87?kU1e$jg2bM0eS9 zC8#KQM^*p+uWkD;uUNGmbk}_N+WoD#wp>arKF~ntJaOM8m-YgKRl|aoJ84!C%Zu*# z#WCs;{yUx(>yGE6xhoutx(xAYBb>yB;<8mGhyIRL-h5_79@fIbEdIjB_bXdVK+@?11%gyuR;2CQzg(UQg9 z`#sDSbves>KZA$C_D=jB=zSDwfR1(^bQ_WBabiniB7s54hpa&fvq>(ttR|VlxdaNY ztpo?yj@&1@)$OM8ziYaigis;(BL#)rwSfUE(ahS<`+0DG4`t|N zaBbW6C^U7k*EdylAx~};Y-E#%a^)T6ru1F<)P>O2G^)EG3}8m^=}hiT>}H*N*-Eq# zUfH@om0uCJn)F6JF`IkJY~F7-@5bi+BN;(K<5P5p3;R8{9J~7AmfxqYg|;m_h`k~| zqk;-nCbqq|uT4$Q<)KGBtUqGsyn?5T<9*oH7o1bjcwg!ws6iixBV-u+o5=0UX!0+ysIn7YS~@RS z{cy!9Rys+~A54p4qoxY4UkKPm+|Y3gah#v9E!z6k14p&|=iZN+@^|(JAJ6^4k1UkH zU4v1nTd$5pnqiJ2+qI(ri}ZDqRz4|b}!d1rv7qEkeKHYVL(su9LnlBxt``re^z5qXz z>9F^0-LR_*{>j5GfFG)Lz_Y{7E6`6F78LxGhfOKapN;uzrDbm{;sAs41A>$>?NL;Jr6&NQreMIHC(8}XmOy>-~LA;3Xb!A2$ z5E^YI_B=Mh36G5zZ#{x22NVvpgrvK0l|^soTW z?-1Hw3a#wn4BGZGPls;`^zOa}y*p^)A+^vNENtmqXZKOoITo|jGa}hG^tvOiAJSfS z!{BdtgBHf+I40q})XighTpc{ElN^!}FRGW4u2TCEQ=ftKYei9o+(pcG{iIXf}8RKMmN}u_N`xkC&NQ}-FMBDA+V_i=huOCraZ(y zxG>_>r}p}8=<<41u1?hP4*p?>ezk+Ux=gQ+mVSzSPH^zgI=Gvj&pG(V9Qrv99&_-oI=CC}^$zaF`|l2Z zqQi&Q&vZNX-vkXEAG^9Ae>Uhqe63R-IF{1%Oc4Hj%sCLng^g)1eAXa5iuVa0?ZXsr5}ac$I>npqZDEdG@#TW+*i`Wqg2&{lcv8|C_i$Y! z;aH1K>DSm>Gl%KoZwOu^SEWB7_bLZQr+MTf^%K`L5NBUON1VJ=Cocv+9dY{=VQvSk z9js>{I8Bf8Sugdw);=!q*YQQt!!>;1;c`1*O+m*^F(FVnD80UK6<7WnJbLBR<>B4T z2;3v~QYaT47nIBM0)LT%zlNyq`SBjT%B{)6RsJ`5xXQE3!&RQT_Q+(&^sr6&*riu3 zYMy-=)+m~` zd#+9VT006UKdt|A8@e{JOF9fK2Tt`;KV z@P2t|c)iY+@Y2mN3ga3ie1qKUC8i#^&cwA;{%bj?g4<^=MsM|S)+Rb7{!dAGy=c1i z8n!m^yoA?qdev}xAGS83`xNSThtg~L>3!JRMD_bEMNA@O`LjRK@LK=**spsG856>_ zQZOt>&Y%0?!`3ELH}ZHd!`^M^+C(7h0f)3UfmtzKojBOqMC}<9PBq&y9md*36$fhK zlIEI3x+}2&5#wD4^Mtht`h$b4O}w0Y@UA*ev|o%<0t;t6b}(r3h~mk_OSfT53cHd~ zZfEf^&-f~)m|H%;4U)v39jEs7@9V)G02=S>-(rA!I>BhYhwQNm@GIj_Z1)AXA076qO}UyHER~m zWH;>i3-ist!CZ5UEV;x~gC(X>Tw?k_sU;?)%d9cQ%o*e+|838GscrvRw&V>%x1 zZ9*Z+Tslr_jvLm!mjGOw!q!SS60vz~io4gK!i=KCK492pxL*f_l7gpNJu!N6TtrD> zbB}oPl{?ETR=*4^Ab13hYCWQ2)i_imJSnSKJq$kc1Si4%nptaK7$3E%jP!QXF>MpF zHk5l#4_d`WXBDf)AV`Lri13K*rIf`g_026AGggFy;Xs5P?^4rF=Q1dX++1qaRma_FI)j=Vd zKA|-KOs*%Jd-|7rU&*2MvR4~VEI$pX^7$C}?EPEF%PXwj>5ziix1-}|kZhWZAe#$m zDs23gE-W&_*ZVX+5JQWt&6j})6(%FQ zz40jF`VT&vYWrhlrtQvXJ!(k3k(}=CV>kY(Salo1VZS2T4hUPDKu()E0jujd?1bGz zv8CNf8P$PO0AvdEQ@kB^Rge9Xrq^OiKtU0jXpyoD`G7gUdq zOwMHMVogh6208air1SrKZV-F6_tL$GYjYeQnh}j&&Dz}J!ugi0b#yoJ2kTbX4@$|I zl^0<(DQ&i$I7imomXiiv)5bBg)U&#{49?68nsqg-OkK~lvFpmPXtm_15iukf56lYL zmAJ*3oAx$6Y@z#firIUEoits!y_mJTX@c==Kc?F~>(s21;pEjpjowkG*pFfi$W;fC zodm2QbzN(kCTqQ!jv>DY(w{m~sae2(EKFIu{HWYft`{Z6tC&@WVfYlLO{~ zuGGF34Tj9Tn~DO=6+BjiMk01iZ-|+HbssGedVb@(j_+1}&40`V;lIk<4=I}GBXo`6 zl(*~J%*_z9->!?V5&U=;guh*It~2;hpA^7tl_$wj!n;|&W;!5Q=Y|ZWiA@nDO;HQP)0dVfK(JEE69OrAZBrVF9}yAb@lA-LJ6LIxPT*!4?#>|!K+cD<55 zS+S(ou36G&mN-q=qRlLb^dCxj8uzC#J5@}e?{xm0!5`>+7k00JFYL(5c_uls(uf#m z&xy>lJ53B&tSmmxa-O8wu9n(?Qe>W4K%IyE(jxPk=Pq0r(H$%pL1WWZ5ss^tE?qdw z46p|5_`n#vGbPO?5VM%){)JfHfMMeTyLASS?=%akdYmM;u$b3mFzmY_2V;h86mhnc zJBLT?V|1-Z_d6o)u7Q2mp^rKAKXC999Q-E^&OTE4-y!%QT;K2D>=)=5FW+%W&-P5` zEL4>`~e5& zSWM}kc5t^o|JlJ$b?84R?>)-Xtq-RN?#uJD4!tYStV8eChYK9stq-#t+^rApS&VLd zSQ`@W%?^H&ldqi)?xu6EgS+y4$-!ND4iWV<%7@ZRru9AHeo#JX&Ntx3ro)kW#EL_0Vt}^D~ zyM#XO;i{X%KAcYZPZN69Njk+>39j!A#d+p99c50ZxUN;#TDXA!X|M(Kdrj&02%n@! zulA^E4_CPb9*CjNO~4{xZ0yG z^za6uZ}RXtf;W4(+M_P_aJ5HW;o(ifr`5xo1z+Xi%LQNK;o2^)_i(L;Ydu`+)r}s$ zM)%2s*hbvvu!*yOF@Nl_(*K}g02}7pcO}}4H@aboqFMrL~10ElpZ`tSJnlBBf z@#=S_>O?8NR^E%sPjUSoeCPJJ|2+(DV~`U?EU!6{S|pMb-%0X5(+8F6kt@eMW%y6Z zy-=fm8>*4b^Em)bM<#lPBNRuG8>STo8VZ zU$1q7v3|Jj7D@ljE(kwm<+>zpO37~z2SspuL@<;eMd{1$d|*tAFTVyMY``+xSI{*5wmrtOIFlcgX3EMSbk2LG<>6v9urAp9yfy)JMtm-Km!$OTK#UM-j}|9ukP ztbIB>e74K+tW^HjkFtT>{0|4D;kEuUAAZ~nx#1}OqMw$2gk$}W;NK5_Brw1107Z5& z0Ne%@l)Wv;Pi{kXQr0puxUbtw;n!nlrlA%tnXf7-2ep?SKW^OVhpUsakAf4IG}k2N z5^>lDR=7W0So$<2#Z^k^9jr1`(9m#J_+ZZoqdDlYFbnpi9tzG=W^vDJ=;vtH#M}0l zH4igtAC^Ci@$P{}$NhyQTHnv9Tq|j_tafwT%I=Nw71->N#g*I zpz(?~gWMmoxdSlo8yV!DHngidTOP-W3$louX&?EibK8gCEbFfM6>BPGu^kCO$W0F- z)V|rzL^$G zKc1(dSxHR1=PP2{aXIjdQ|C|3OtmQ_4dWmd!0qWlTM9dS+5x%wP=1 ze_(>xd(r}n;bNT9Wu{I(FD4k%OFCc*nLH3r*PVT#O`VOCbm_Adu^6BtSE`SSGT?jZ z-la9;kw~L-=Vs0{k{MAs6)UsE$4mOn_#8{YEx_ZzvVu?G^>dD`XKcoZs!7I-)0~gc zEOf8%+P|)vrTyVKg)<2X`~J6=-1on3*z6ItlLnY2G93>Hf3qG2{?`whLc2-WH)cju zO&L*{mVCS^bgX{|bG9wKaG(_3-~n$KOEtLUTZ(mlU?t${W2v=Raw@gv%5osRjv@40 ziDgE-i2>nES>SpS{)ulS2xnxEE5{m9Q_G1)3U-bRXXu%6I3r73&&Ge$u}f^gy}D9s zv3yp_j?v=s!dC`zEoDzQ)jVUXEp``}+aZOy9DO=N@DmhpuBGfAFU9jpheo|iL+}+L z_^J^6n<4l=hTz{1!8e59w}#+bL+~BIxfa+h<*RMr{t)`Ypa&-aEu3%H(dgkq5wB)B zjUKy%wFvL8%NNfdTVo!Y^*1#v1QD0f%%1SF9sH~*+4Ig$WoMl?dGZBy(`QXjot>?l zWo-ueg5v@gud*5ZqS*@);Fz3CkyV6<#f#fkBgj_oY1+J zLk%A`*P`LM?&Ug-U$03#q@VS}bqxaOT%A6PsYkB$xH7z-e;vX!2%TPH>X9qkQ7QS? zaKHn%!Cp+C#j(6E|1SVz{Mv4WJkmg>a2&t5PV=qTMm$u%OZN>4?_%`(v}}*WeEF@F z@ReQwO+R_jar{s!|GJ0xT0>>~Y>Gs~YyB$~H-oH~p-`0+4ExMuON3`NA5eC{IwYb; z;dh;vozS_G1u{SJH8(K)et2#-fJ0Iad9I{(e9d9+EjEoW9&t%?P2yd8bR>1*CW_x| z;3T^77h=~U8l?P^{Y3xwIBX$i8wLD8HVX=Jb>{H(nVY@}LIiR?_H%XE2nqp${DqO! z?ac5?6-x$H9L>u)l@&(^l|kN=&h|-mKeOB<*wI{J_LnM5EMR_wY%zDTiB+rz|7Px_ zp8#_=divz1tMSxQ8^XP}8heEl^tWG5O~+}mm|gg@nMDcmQ)+|!jPh5ej2_fHILKG| zCuJ^wUyvV+<5GhOThkR&aP0T9%|md2=E@U;w$DUbj>OT`HMng_bBaQ?ZNf3Qb}lH> z_)L&r3XOOitZwI6g3+gdC>VW3We~lhoM8&bxu=mIOboI9IhpG}?j6r*Z&OIT-QS7n z&*m3M`m_1!qV#8=D4)Wq)dx}&?x>i$b#>=8=}f-9yuB%Ermb36L=PO5+uD3&(AF6Z zChTj$?9m@+a&kZBS3o>8Xxw#I*)c}WZaT5klTKU7p}(tG9A>U=dBT~mE-A5NX#PHUx4BsyWQbSAtNU(YiW z?R>S_ZSj5_M7s`jqcCm$+V(H4SVg77YxlDmx4b`{YpgM8(W$I$ZTqimfwfi~#x*Bc zd z&C;-8Z6=Q*d$wZLnYhd3r(ufi!iYI>SM8-5C&hbDFt!q{h^IfPy~8zp?;!Ko%Ev^8 zo%JeKJ%b8_^tF68KZ$lzrw93Eu z%P*U2vBreGH-XWiz|EE_(16q9wsH*HbG|Xy4&`kaabQ_sQ9B=zvFnGD$G%u4!CMTC814aGcCFm6TOB&L+1nGIW z`Q{)$sXWLZ6Xct4`AT^(VSh6^xk?+6K7+`P3i9V0$@MN~!Kgf}f#Tlp7w$WrK*Ba% zgP+YU_%VI7)OW|2v3C)eq&m7u%lE-s(x#m9Kdkr17ZWfWvpdb{%VSpf%VW+vdwJOY z`0c+xer(?#axS^-D99cD3a`X${_5IS>R4|cgvhXwpmxM5v9dyWqUKC7HKz`ZqUG~v zw~s$1lRvAd=Hw7KlSjvUKWYxs+h21&z|elpv9Fzd+W(|x@jV&j7oq+<+x-6qXkHYY zTY+-@6-XZz)u4H%KwFWHNNO|u2ljsFkm`@2H8rz$zG0Cp%*|_f-#+a^`wGSi&0N~N zHa@rdm8)dq%|gxCuC1zhJgsPh{Lw)^g9Lv8|DT{Vg4~zT)kWduSRzw-ZBWe~etXi4 zfbA<*-V>>gFCtgAPO}lX_1{F3=-hj+w|Ky@7!Pr7Y`Jo73^z-zyef8C%RJ~Ob3(HeVBZWUC=qS3kqnrlpaytHY5w1B3Lg~!;-0B zz?2>~-9skvTVV$N7m^R$FZk1MXJqW43_tEKSnq|NGHebI*di5Tm^|!r#Zd-e*F~Oi z>-b}M_uE(*-n4(Zd;q5@BdRAktgYV7NF&Hdgv03w=HQJznXv&Ibg9|<5q4Tr?%Ek? zz~iLQehl@V@!l{9@wW5K;_E4+>xLjtZAT1RWMeMuNSGQnXeuDYU4SMJTMA^dgQOt1 ziC}xP#6epLKMw44cpcA0MjY7tkR?%In5NuWj!#JVw=754nH81el+xu$S*s2mZJ?Q+ z0p~O$&(|GMSQBY2xh8_t@w=v#a)T?k7lYmCVbyrHL9lO;&e;DM8$aZC&}?g#hmAL< zFvq1GllorTr!m%2YadJz*Cy1NGQbVzTZwne1Jfqp|ES>WC5Wldz$gRKCq)jXZUW<+ z3-M0DO+5rgS89#p)4)l;ugs7{Or3(4-{gkBOkQa^(}Kr1;Q?pL9M@_1r`=iuu5=CN z*Xo-bzCBym+KPO*3vay)E}AvA=q2VdaLuK`;9>j+)|a`UXT9_ty61UKy( zadNJ|6o1;hmcm(oOW|e>s4#$l$E^PFYHXb7F_usC$X=3*?7|QcSr~%PEC*o-Le#Db zISWFi*Mf>q1wQ-2$+PO~>KXm4xyyB3$V91+?2We-BqF52lvx5Q7%>4{wB*a?C|_7M zMU=t(E0-)Y`$#UP4g=FHXYv-UBO$P5H_PV7+%Q?p8^%?7U$oeC8O1dVC-r_Ag##yQ zOXw?#&j~%rJhk(O?pn_o4(_h$P_K=S-H=Pa!l3Mnir2Po5uEfN#=ow)-09#PuPFW- z2Y2aNPwB|VUF&hzhK|QG<&$&h**7bGkAu5>u9AM3{N41ZUa~JY*Z#>(=l2~xE?zzu zjN$m0y_crPwR3XgUCe~Q@e;$o(%E}B1ZhdQZaJPPb!@*tppF8~d4p%umm1xIm!};(=J2nTe%P1WB*Fc1xxk_4 zTJuc&(=~dy%I7+VkDIR>9Q-7NSNd-|c(sG~3GS!!&kns?f0!mZ((_;U5MzGm6u(*8 zm9Qz`J%Z~48g}(xPb2${xu%1`-G?**v+xY9xHU3U*e+$<3;mDoN?>;G6p{#@lP0^{n2zP zeYZT*^eC?5&RTh{_$k2d-rc3Fz6eBAdbpG_;b30%h;IHlKdr`pRYuH(*k zu6yv-b{_V~wXuy$n_-aOxMb0yxr?zi>f$BMbH`4Zdf_LRHqUOnLKGL~F2G21_M*8q z1Ml!RhVT@%h_S#eDZU{`79iuPEWQoZMd+d858OuSS2!MIJR<%=KX9_((#_z`x;igj z#id&4ZKy87p@t9BMbPltpJ;>{zh3L`fPSe?N)~CA^p7tf)+6F5ph@_M@#?yDRH%Zh zm53-mmXR+%j*m&=%db=7@5D3L#oQbCsS8mm{#{j;u-l2Bar^Pl0!9)kZW{={t@0_Y z^!h;W^|}xb7`{dc@{qpOO@M=G(0W{ruzZ#xW z^4rKkB3!v6KQ3BocoDD3yB{~h={bAlQeoKc7{(9JV)n}(P-HC!TX5!#8tXN`e*Q^T zDtreAn{YSUOX1fKPhE(`EejW_GQ`35GClS5!#`(DZM&I>q)AB<-vtY4ZNN!j0 zJ@>afCig6Z+rQ=Gi3&gZdx>#CLFV(~7&d(6+L|&m&pM@?u!#4@8;W^e_C79M@xh;8N zU3)L*Vuyo2=Q7o4I(5#Kd7xAL1o%lGBM7H5I0b$)Cu&gpT}tn1g8Onf3%IMF-hg{` zrRIkDtkfK>#Y?{^OYLoC=?6;wTs+Xcl1ANZcuL_5fOD>{RS1+?(k< z8Y8^eDL3P@6Klq6w6KlO%&{4tnUXU;nQJRO!&Wq{Me?_tvMQXD!e+~UQNJij-m>0&}adi@?GRPEsIJEF$JlX73{;Z1U{&&i*BV)&!{B_JijQ^U>z@v}Jy?)axeNymdxhk&dS>xfYa{um(vHxq%1Yj0o_@|7+#?qQ^ zkQk?O)qD0Qtb0iX>m+rb^$D&J@G+uG2W6|+Y%spHi=4yV3 ziA$QR9g80BzWTCDekIi#Khw7VsFjP`_LokBH^CTPq++tNYD^`6E9EwlQwJcO$5d658Jwc-j$ZhS@4051( zRDNX~mt*rwW7x6(vjYwVzM%L};NtN1Okbwe@Z-6_Ih@QJ=V~Xd{P8ycAo^yxIx1L~F8XoL*oid)uBg!WaYX)LG zIH;DPrVQgZ;~I(M99~PDOS?gym&>&p*W1MZ8D9JKyUae)i=BO>`HtxkS{;*)#QmFs z#d&qkrB!{bZxAoyd+>81#o`zs%@Fp=bYf{rB0YS4UA*8Qhe5j;Qt1k{JVvZ*7v&vkBK}@od@E_z^VbWM-7x~5O`ZJHM>nPUfb zu!tsZG;@s4P7@ffnH(rR4PZ9?UAScFToO_p1}Zd`q1;fp#d${iZ_?lt2b&rbfH9Xk zyw$}1ULN0yl7Nnd)Qd9sIoGap5UWD)zZaafr1n6u;NOT|I`= zq&_k|uHM5HA^5cp?&?pd4k!8W`&Z-rsYB226UBe);G-P;SqFF16P5mk{9S#Bkq++0 zdy0d*@lJGbH{LHgxT`-g&%xdFe8s`t^t3y;o1TAia5p`-I=Gvjq$3B{CSUt27AL>| z)M;BL&Ub)1#zjY*EVVz6!B0m#MvpkY*XfjA-wQPs?#CtFNe@@Lz{BNsz|9X#J`P|~++Rt}-_;2XbE}6> z6S@6QpCj9(`4stT{gm6#_2%_QS&F2{n{}Kb)OxS=`DDSpXdH8zuq^&LrjWU;ewvQ1}}i7UkStJ$U69vgxhB?CjYEb z8eZ#9skj+r289Kuw(Dfa`7A$t*c@3CAHa?F((m1d+OBV)Vm{nK=g1b$zGCjFm+2JQ zLHGHqJ!Aa%!<{4R;fqjQ(p-}mgAB*Mc^$2|Rg=!(+Gmo;UXY(P4VK$54jUR&Oy>3C zO8m@^1-a&UHGIo3lXO#jJwk$XM#boKd<~983vf{0njm*$d?OxIjGm4g90iCcFI9}5 z!<#H0r{gn%+;13u1IRMDyDLVoigy@RH^nmt{~bRuROPX{Ge=pPP{S`eJP6)>#N7% zhKW7d-29-P$aac#O%~<7G1Ia8Yft{$%JWBjE}H;6F`nrt-*MYZ^PfEOOTm`yv8nCx zq4kN!Gh6Pis*m2EO*|TG`8Bw{No@DlY;JnIc53^`+RQJnI^mjQK6p>}C7I~&g8WPr zU*i7k;OX&ow5|WeM;D%X%JmC|d?!fY<}?3#_o~(ZKK~cNmb+rv_A$qke0?_26Kv_K z%C?t%D9GEYnTc-AM0N{gl2N_h0$a;)$8) z%fXgyF*1n$KG@wEB%aPh@68TQ$2ZhRU&!WfHT5(=2C{=^#yd07U76^%`UEJl@eVMo zPwWr2{HikZ%NI`n$gEGleBM82kS?&QkG=|4*~DwX?ybR=9aWj=4ur}edOWF5{DIuM zNDGoI(y)6=VDkX>%y~JJuqP9}FB9z|dE%jL;x0be#RuIKE+vqO9>_%hM7G()>)FI( zWQDXcM)0%2kt-XV!lwXiAO=89Ks8$tuSF^u8ky>0%6jUfuQ9UqNLM!TE8_bgP)aI; zyd|E`Z22`x^ff#)xwqKv?e)<&P{`y^&J>!Ge#+AFL80`Y%Ix0G0znj=Ohhd+)nzjT z0l&-$QCXR~#5R--A0q)fm;e?uL!1AHwQJMLuufHZi@NZJ~tkh4L7KPF_(LmsqfeG7R zjYw{3QJz-BQdM@?Qe_E3=+a(LYuSv-;uIuGh>0kNjE&eJxz|hvSaq4v9X22YQrv2K z-lEm4V-`C~w3>~4u%nRK?lI7 zPvbM>fK1h=>JtJET>k~>J99R%;m*}(_ zw8c^J{zkLGYc%M&id)Ubci3vyON~N_g|?c$60HW!j(x@3Yc*XIFJ1t))s)5i8%-ad zbo5uGcdgNsL#6{8O&aeucD`&mPOCxxe3-3f&0Dk@G{iJsH6yS84bneh$iNJxF|0^Di1!QO zeNqDE&9RMd7}MjJK^Qogfn4HIQwQ+kG{MZ9F7XuT%)kL-R*o6W+r_-tnOigz^ouM( zj0Ye>zRro4o3;~0MCPRfIh$d@p}lN6-lExv5V5K2a$CLbE|V(`G}Nn__ua-ZkikXL7`(BeZ=*&8E1;^f@gC z>0SS}hG-D&aJ<~!>Rp3=YCx+&6?^-w2Gt1S)pretiG>jwTJdxai?#nn3BNldv_8nx zX+wn(8v1&U(9-dB(pp#mXx4}Ivcd2GO)ccRrkmVRVFrBHbnwCY{=A|L-qr7#a%QDm zT1{tvt3mZT^j0&-sB_+i0FFeAe7sCBtFNXpo2hWmBJclCvW<^|?RQw>O^_$tLz?cHhB_*YZP$ zuNZzzAzK^m`(+1Hg#pE!_%w8t@=1fqlcf2m(QnTT=Dsj17Gx85Gc4-H)>wUe*$1+T zEiy}hCt!%3-5$be5|#D%Xin@VYfKiP8$f3t{c|R_Gn;$OnJ-BE7J)0X?JM4g89B@Y zWpejs6Md|KL6F1uAijF>P4aXm_v;{sZ}#1pTodx%GGn;!T zi>%g|*G&8HPxGcWlh~QrvJ>U}Vm8{1NuD6F-F!~slNV2R-vMD&F)`@*Fbk21{x&du zIo>MK*G+{;JcO`hiNG0PyYaCK=wUO-kl2%n?lt*|VmgIW6Nu?yOkFX}S&Qx7#<{p2 zW(-pT_p>z0vlw;Q*$F1TiwWpHr+rLyee^NrGGIiB=g^LV!3&u*Q|M^akO^XEQr860 zec9-X7@a_FnZyGW88e!VK1(JxFe)@ZWrftz?YrSe{M15RB7_*2R_C+|;UU?xI+bn_L~_F2Y>&RP1opjCp0uT~_m_D!>f! zM$Erftp38&2Mz?+-oa_@qV3*R;VI^8w@*o$Ywq=+ePuAOVu?{I3$}lq^SgApT|wJZ zeWUx@*Yw~n(Yd8}@JqpuDvmz8Qi+YuCV-d%@YnSF2e}qdsf$y;Yy}@4RkN&tJCn+; zczW1PHvb>pcwRsH`OJiemY#);Q(LZp+F@|*8w~d4v6*FDTFHc|O+5wIERxdIUcxt`$FT|snD(AGEN%M-EQP=_r(2jj{u zKF{S+#D%enqc4cTb7@V*(U+hGJinRD48y|iozT(6R(_EnhaGCMXgdsCh&puYjBMp5Tqn+7A+`Yq z7gidTo0ggBWBNh(PB3>v2Iz5dZJfI}#LTt-=M>`|QqZC3e^S~mtp)_tWiy9Jz^~=} zS;3pcwz(VkbXojY8ej3xWg+>|%DGFI zI-57)T#r+EJ1%l|Hg#^@sh7>lEWR8{WO8$16AX^#MoMd*>E=vAJNfd(vlnttN^Z)e zN8UFsoI88*Qp)HUkqg(hxg4xIPe}*onzZ7db8yxr#V>VmF6%4)wBTH7=i0R5F_EK> zuXJ!%S4?fgNpJLV+10|ua8Jkd^IzRU@f2`LN2`Zxz1ZpDTF!4<_XWEuBu@X!ZL1JN z`q`>QB|vf$i6q5$0u{m>=huDee^Itchlbt;DvZH(nqO*+a!iIJLuKo2S}` zA3jXSWS6|eZy*!L`Lbf);FmqgTP6MTov`%!;cd6NbfAvOxL7Pv!?O?yzo%2Xl=T)ck%i>w6n*>k_ zNE)3Ie3`9*0>$|Jd1KP}ws<6+KO>d9-)NRlJ%lv;ila`$G@>)o_@^`V>0Mk2bh^x!EN|24;Zh*SZ=VFXxb=G`dV4W}mtPbEEZct+C0 zlvdF*2A)y$)a?Ca{~iU1uLfBd15VXxc;aawF(_Y*!e=MK&5Vzv?nMvz=a*Eb^Yf9G zp(hH479txtn^597!$0sA@en?V!9gAIIe3&ey6U_B?k5f8@T!L5AI0gVwn7|#c{ z;X!SFlx)b~h(-ve8=SEk$ll|$UR#N(+gcMq?N-k(l9 zy5-m9spy*)8cHGbO@@|7D*8JV*CXk~{b_#G=l+1ZJ=eZM&5kX1flt|o0E|z!|2x$? zQqi7t0)N}KbPd1uB`R>FqFc9Yt4t>zZ2u7zH@4hco_IPHeHm0+x`ra^RP^37zTR)H zi@v~QBD!5^d_-?dMYn-XT>?+D@mse1syub=D^xX!{yv3h6HnK*Z>HYHmb-_h6R&OA z0X{oGoC5#4=&N;!Kak0-B*o)&^yMu(hB8Kwf#)Ac#@uu;>dsX3zErdeMCrss>BL=p za2p@o0XZ?Qo>cTeD*7j+H=TGrop=nXHW8XoCI}=4j+V^QP|kl!qulzCLPXA7bTLg` zb_)5HQ=(-&<&CUGxnU5_xnWVWy;>vZTbd z@CXg1fDy+=rlOBoxfSv@lFcGlU8urLU1A%A#;1}73On&26SaYYLvmPH5GU9n&lDtN zNKx-Hve<^?MSq`o8aXtKFrUI$cd;Cz;C-JFGXw|p? z1i7N@A3`}XQ&zAfqexA)p@=D3CiP}!0L3*kejCyOv9Ty2T9zYLm-zG+R6yhhl0+#& zm?%QZ4LNbikr@+J5fO_{4QdU2-#&C0*cIZS?DQH&&Ub_H(Z7e zXbTT8iknNdg^r@OVA`7D_m11bPG)5fE9tEz+QLRY-Bl3oJ8TPRcTiL6Zwn9fw}o5Y zo3>y&>piwDNHai&(W9Cc$M($*=}_9jnuE0k)BSHK(H77HVD0DawFUD=FfS0(0QwsQ zTHZ`{kmkLxK^g*DxV$(I{k_n6h;0FHSj>eNwS|uUws70Q+QRz7ZVRZB)8n_4Y72Pp z^KFfUQwVoR!MqFa1-y#zVk6Ve5^dpDKJ9vU+QLk}gV3Aww*}NleJ|{MZ`uL`iY~4H zy})-a3$^30-wU@KtSy-C|JD+1!Mrdymc&cwaK}iYZ2_GWs)4kHTcjuWVtGpG=P>OHoqW8kBhus$RmB813VWhh2ElVLcKF%7p6N4a> z1Bc0d9Auk;)gBHOI2=5HQIUB$-G?V;G)RQG!;GUNTyreP}~%r zGee|%?GVWXGb5_vA(9XcHAAGA%+M5S4~zhnUWZ7x^*067Av;8R(sbDOx-&^0TpOi%;S=Ssl~S?o{F)e43Ue z?utSb_YBRwnq%+D@hw(s$)OM5W0k1{`aX<~AuY)HMTEl#Tw?o{Ukyjqz#uuXlX6T& zf6M%JAe|f2=s}{dqgEy!LIAKtfE0jV4Xq>cFbB2#w6yZ*tV~C@@B;$|RmcQ^Nu&x*H^$*}*@@ z&im5Q7b%kjO5vX2%uhP{ECQMUNUr(Fh`t!z$L~52QG5)2&rnlSqWi#fJz}^u9sOe} zv7M3KmX7YVpILa;nM&+IZUJ{8Iu=LtHLyxYw;CZKg2ZoZtov-a{E?Ll-_&#P`Dpkc zJik-AAXkK9`tL~GiF$xUVjXo<3S#1?qv@b`rLn#`GSSB*MqjLBrgq{pv06Nx z#*%8xj5AR>FXHPRMkURd{Yc!84|9aA!uLAr|M9smmenP;<`$Qyb5n<>u>>0*hp7u( zF%fZ5C9Y$*Hk+F~67?{5Q58C_iRr`(z-pqfBgsu2MYiQ!ckKyAH)HN*^=r?WMORMp z3|wQxnrjRXur9|n*J@oU12fr(D$JE}mZ4BrB)i0^8!1 z)3KObD_%L}I_Yxo?ZJPGRr&XprS$+j4a5zW9d6oBK&GSf3WcROm))m$y zvA}uV5whml6&?J?qYu93ImP4x1%a!sdEQOz;A@^UORjn1d?e13caaC&5BLLKMQfg) zFRXdK#mPquXyeSC(p1>eq?T_hiQ$x9%hz9v)bjeDvKIMUk)O@|z`7c?7TFvcGn`89Af^%)*_oEe4m$o zmA}I5e@d-I22wx`Ldf!CSPie`$MSI7kB~2|t(j&7Nw4EB!}tA9cn?)8siX z;bW%KxgTua&JF|dmKtMy0?)J`bVDRV@C!ol*&%pS2!1tij*a-7u8@=d#@ra0XLPAr ztoGIA)X0*CK5NmO5N)iwi>A%0PtTe(eFkV|ai8dd7MC60csgBrYxKPsSYkLWajHp| zHhVTR>S5^EW2|{<`&}2mFa%#JIQv=lm&%8IA07F-W28w2wK&U1=_zMA(z|0M=_(;n z+m}xx5nRmt+V?i&*86G?m)pW~((+&3MDZvdllwUyuJP)3kJ4*7zl|{!57lut{2se- zNh37u{*njiAdk#%6#xELL=qUC_DA+^V4DgXV`=}rK?3p}%XqXsXt{=su{tzD?@Au7 z3man{YWUN^j68jvp-zcJ%Uy0GG4;rmV>H&;q}=PJiy&NJFJ_N@wmCol8DNaRM(FfX zDH%Q380~xsui^B1mW0=Pz4|c6AjI4@LE5AcuHlX2H2n%)22ZK{S4s!dAcQP`_756f z%fD3I45DK*y>fiUcak5TJpHl*R5%0gdfqtB&wtn$tx3}VH%?f3{qWkYtH#*>pT=k> zNF9%PGCI`TBnVqw;=hj3P?t;9X4Y{Lwj-~I!5D+RM;48 z>Dw5i=^T_!Wy$Q7-g;xSrKg_8w~{@Rl2?|zI~M!v7>!biMCRCwd3W*sHBIjSIz|&g z$mOqNw9;dgzmCyt1!<6a@;`Nqw!HTAS*MTx?Hz>Q;X7R;=QkeRf-F6@B zPb+xI*?Cn4ZG%;OZg=X{ zP9~vcb=~UD78rYW;Sd#*j^Ndk3n5JOByQ`AHb2ZbU!8}AYe}4q-aa1Ge4Bj?V{Lt0 zNCcQWbB2s3lj}<%b-7oupJn2e)%RVq!b+t18d=kA>n+RDlo++&($;g>k<6abb|j z!MOFoRNHIO=HHtK^O1Lx2&4ca^Q#PSFd;hV}rvSHNo~>z(N(w2rNSNZlsms z1lm`umnafA$6dT>X8ZUKWmR?A+PBRavcYys2;v@6A-POJHJb`f#NS?q3q&22K{!Y3 z*L{n??&G31K_nm#l!eav@$%+)`8%7uNxF0=?FaxL}0KK#VsnxL3IJCKu&?I*6$dVnLOHJkCCe%%b9(5s0lOvtoSm6B!Ys z$Qy7?3X)&nRHmfz%?U~>-`pZTeRGuJ66upSkooi&FM`Z5Q4;~7kC*q89kHa&Od{$_ zf&%sphM4nZg(Bd~E=5umB?K%f0V6~T7&7l0Fp=;jO2POBOsx1aN9_8>FF^?gLhmb8Vj z$k9~Z4xutcm8hx@sWK$Nr}|I`biB-xTB#3xvRbb#w^))xrPdEpgnCj_-h8SsRv&tu zpu9nxczN?JCkR7RVS&1)oFET<>t%&urTX*XnEZzNAVgm!ct|#*lFnSdYl#^GQ~Hd*kl7Nl=hQSk2O2nbzYrK z9**{Ajc8%XBX5}cQi8KsDS+2X9)xy=h$=}$buNYF4OMBIDLrf3+2lcpJ^2QGa4J|* z$gzsJ7L%|;84JWe$`tVr+4j#a^USL@ZB$qsc*<+-sxU+1Q#*1B8~!5> zyGRy^+TM^R$XE&rCChI#70&@v2XSW&R)CaaO;;^DWPOa1bV%GvRZg?CAF_Lf%quGke$xq+ zDpgv(=@dx?VeQ}Dx$1o@I%wJuUC`9fpcakm>*?JZny(f6D}wl93t^G?Cv{x;Fn1QN ze@BIl;Ch-HCq;g$xVtrENM@QkFvnui= zmgCDfF7l->$ICb_@`m|i3M4S$*HM{Q*!cB^9A5Bs} z@u3D6`BA39MSkqk;37Z%Y#)U^ZK_?zwoK?cRvnA9OFlkTeYHnRwUy8s(&h9wqI80Y= zL3Q@9$Y-tP$Ld&}qcOdBvrPsQ3isgr{{F6JUBPu+@vru-@hQJXm9e=~t24TcM)n4J!^}tEI1&!nytant4Pefn&pW~Ow1K=EN+NVm?}nM zj@fZC$c`NO9g6}F=1(^WQZWtK-{ z2|%R&TIXmCd1+&C0DDGG<40MOI30D-$CBl%!mn!1S~?Usnc48%dPb$HR9U02I4AN5i9GjD zKMJSV6q#UryC-AWB_;3iTzk%aW3%zcN_2|uZ+D)XAsb0)`_2|%qVK$c9I$g)alUt5 zvb!kxxi3@j+x|{{QD1?ChSVKY5ivTr2-E+anU*FA!JpuKSM4h^t&L_hiRn}8s!QsR zuOs46@6ZqEyMn>z{5qB<#yKIDCJ~Oh;B#`rCJ}g8+bo{dHaEgyFbxu~LE;(>X%c~( zH$9#}-iH5ZUZJvn3JVYMQHR&BN#t-1EvZrPkXjJ&8$eMIf4^_9ZP69t{`UKjP2fG# z^%akrUw?OND%JcyKSrP?n)=K_G1-EFjzRF|Q&_QYrvP|N0G!%(qQ8y#<}wF;d;s?& z1K=6JiOw0$Dw8c>IRV^H34l8|oh7`p!ej;*b=0X5PEl^y>^(5C0LB0tw&8Y4+SJ_S z>{RZJ4+O{;h6SwC?-?D$4H=S%N1zka^73->bZ|m+$z{sKT>9e9P3E2H;aO2V_%{UK z#`veTKvG#MoGN>P*Qju{`+InL5gp2F;eH#(DH-%Ce7DLy<-c%$Gfyv~qdw2pNrh84 zS-6i6fG4YPl2ze;rV6KSlfYN0aJBn`DqPJ^2rqKPr<$ME0q}=ZxH?=T{F9qt za!5+xLasL|um=}%8ly^Q^0Pz`>zx1iM0@gBjEU@d$~Qyk@@V&XtpQP94%<);M^T-l z{$t}KBY37L)Wg48nYh8m(@)rG>x@AAllJl|t&pb=UHDxctl`$10_XPQZ6*OF91;D!-)F`bSkiHY+pRGdlaL z{YCe8iR%7$$7W|lWD&lJn7}W+ODh%E*ax6neqD0*I!>_UoS_$*P@xGE8cEUMOy3G> zMI{%F>veAWQTn#N%VQ=T4Ffh><+BvT!x*+0iYPU0&XFzLLeSJDtb+3#X=_SeT3Z!#2TqTw@_ zegb~@2xr9v;w|deRcZLLp%3$2rHsWSXaBHK?5rXJ+Uz;5SVEhI_r0(Zr#T?YHf*mxXtw-0%W(i-dLSLIt-^SV1S4VUGbjpif};8 zhgDuD6_*)`zV-sRrji_~MK9rZ)K!_k-uMFqF>4^&EDLI+dZA6}OP;34T-z z&Ik!3q~9tknF7X+uhukDW*20Pw#k*Ak)Mc<6_=KTF+VK4s_lHN1a6R)4D<14F1?%a zdU=Hz-&N`OQKj{(CFat51KWe>3aWgOIE*qvaHk_5ReQ$pEU(1#q7W`2-dc0NNVUvL z@)RGld3d~BK{x8&plsMm;(QI+aN%Ja_9|fXkMd(EItap6N6&Dbp=de^x79H{Tn~K- z>5(3x5)%7X#-T_^N?#0mE135=@E(tHST`Q`RhgvX1NORB+{Y91O?_E{aI`U8wR2Pj6|6OvwgyWp=uFD0 zLj2Sk(37m(L!)|Rt!h|L`?xMf)vy?FsVi=bbXH|*)h4C<6KhrkYQjUtR@{{Y&W2J< zZ-5&^(Q61a9w-X`CZrEcHQT`5Tyhj6q0Bp2L=X%3V8M|u%2I_cT>07+4}zUL4nJJZ zIFC%q4MiQvr;;1Rc{d;!CEQ+-cSG@LfbM$Cdl9(dB@2PF`oMjH{CE?e=2V7?DFVsS z3wcbwAX6wkHTEZ*^svRlk$7puQC(xVVP*zTT{x+!_BAStS>svpf|RP>2J){#H^R_2q{KqRpxji!dS2ogvh<{E;)M;2ikxQ&zBj#EUVg50!u9G`EsS?h~l%hrQ-7$ zo*&qZLQA0X*{B`f=?szu=FFXeq*okG>R<0oejp7gh9oT zgtNIKoONGNr$5~_BzfLf30{D?6x=`Lc~HgLC{=@)8!_G*6CJ1q%7`z#5;doY&;MDzR$?kb}6Udm}bOkbAXm}zp* z`Tk&sC$*(Uc8?x$%7W8M?(Zk)$)78j%|Bs!YfcD4V)I?W2}lp5nrH5+U!#YC^id&k zjnXtopGHVx1dnS5Ko(i8%*iBBT%kn%DyG`M#Mb|YIjhEub&;#S@$k27e-b$H8Oa%B^%(ehp5rC;V1Q!v6uut@pz}old^4w$%g5eA z4r#tqw2*j^D3WF}d)ur7E!Khk64Ue20=+^6XUw+GkVg}S4oVy<4T&>b5^+_+1RtEa zQIpKfo}8A43Dv0-FzvjUn3HW!OwXK}mYQhK$t5%;CoeB8#ZE@(v-9ot%!z5bT2rwT zb5eW2=RJb}FURB{F+roWm0DQX& z@1SyjHUQp~w_{{|kIMZb6|R>5N{(yedsO9K9p9$BJtX>SI-OOxdQE6R0DO`PzgxxU zb`{=9h1cipCxuHhXd>NWIIiXYL6v(o|9#sKPI(@HM%+|suM|3TSKZH{t4&R zDM3tqs|i=&JR5{D;9BE9>!11oM6-*BqM{N0Z`I%;eDO8Gp7fC#cRM)$_i1q9PkgQ1 zzs8v^NFt!TN1jy?B?v3STgukG$oKlg|ZD9YEi$c!Yv-F$8+D`9M zGNy0m?%($~^4gS+VNK@Ld8NJM%@g(CT)2Gw=rcLCA)9`=_q&VFkGL%?_Ic~{-=80U z^wu5i!WLbr8+vQrf|2vyU)SlQuD9J3k}$37(qU~sIM{MU>WQnxAtMf)ZaDAvNyA6i zYdqug7Y)Vl9Qw85g9{(eKhU7-p4Ri9tL%Sw^5XB0>}Yq#j#CrP-gl+mzIpo8y_19U zAKExRbx50g!)|-R*!Y`6w+)|`JUVMigSllZ_VqoiKRjrO{pbf#eGZJeR(U;i!GI^X z8{ccI54t0-=gsdvb!^YvNiThZ>$!J~dV*(SL|?)QiH zd{Wxt=gDnzrIy?3J>7oyvXSpS`^E2zTnm3LpHuVIPbKe^EsQ_kZBuk`(KFrGUio6j z^xSskyMFpCsa@Y+HWjp<{NRfFzpbu$uHHwlJ>2BzftdTukwG6X8~^ahlJB7msQTfRW+yG*XRY{t*EcN=%xc!}*p|BobTtkheD9u5dgqj$54wN;j@6Gk zHV17O@XU!bU4FlHdtR$L=bzm3eYX9^#oc3a@9Vp$@srD!nxaY?wS4W--!{!!RdM{> zUGGhs*?r60Rfbk^U)78lxqiT|`k&ov9{T>4g%fA4mJaQ0wq?u?L*f0E@4k5JsXtyh z5>fAs-OjJp@1J}j;r$2awOM_p>h>+4zIDs)$M!$6=|ty0Ug#1t>-e7Ro*@|_4=qgZ zB_*A@d3C2zjqLUxk3Dy}^~6<8AGN>rOwP?Wj{X`mW%`%zbvZbH@2Yj%^1qH+(PLwm zFI|gw>g;XaT|Mtwzms=QzWD5fx5LvP_#oxgk-uKZh`#F!`@Ls3O}%Sj^Y4xOH1w^U7mWb<$8VJ z;#QYGkZvD+a^@SK?hgHS=5O)&SI$jX+xmw$GrE=ZJzw?I>(7`P^l?fpv-Zq=S=V{@ zshE2=-G0+M*MhVAJwM{teveFXzyDff!r{q}Ja=$on@5fpew{rjX;b0Pi%#x5$cw$_ z^WXCS-}3)|ru=U)g?j{_YyK<$|A*wiUertf&Hw+0{htSRZ2mu;{vW<^R~jv;VE(KhWJM=>Oe=Oo7fZ(L5{7X_FFe2orM_YRtl1`MMk72g~w< z75c%R^MftbVBA>iLu2)S=Uxh$|EISU%18s1#C~-;Bff;2I9|x{ZX7S9$qcA6_N&wN z$Cum}@;MI}m`dch*mzUOal63992cMCkOj`?OvJ zs`B$WKD4$il#r7x07!nc>M#I*_zB=d$H+YhI`u%BaFYf%ay&_cKfv)q4L+3POEh>k z$ICSMT#i?2aAgsjCWBIRL;CjV5*-^iHwfv9IXMnM&940b5{+B5W9Eoq5-={MMvZGiEltLQL$Y*vsHgu4bDqX zVccSMcVZfG8{iNXR$#|wW_KBzO>42WJyMiZHY{EWNs5<$8;YEN8;YTS8;YiX8;Yxc z8;UT`FJAoEyd$mMuH@yE)^$ixaU#4Y#|IDyCGhE-zyt;M;=KGiHTX3?>G^>c=SAi_ zEzTz-tF$<;*hLwkVy<4B5%sYaPvCU4cy0i^BmllF0KP2%ekK5J`L;&6I!SSNP{kAAZ9oFA^<8L(S!kHG-bjQMCRW0Mq6jAl)`{ z4E3fa!Wv`Xb6|W?EmMWYp}U! zUx9ALJp8OS;fJ2Pb)4X5z_6n}TBfzJ{iBv>+4*6Zn11 z><$T=d}xIkwyVbDN7+J8M~;q@4+*D5^i`Wx3qiE+o-U10tPyhk3R6$YEZSJl>9T_} zZvit8v$;AEofTKfMCWsC@+n+00s=Ugp`5*9SB2o*l93$J0h=L`>w`k1KbTZ%S;^5u zXUDNI<-P^Uu{KPKtt!A_nx5e+?t??nl$=jdPl_FuVyszla|I6Fw8V+30|g%wb8tmx zl0HKys#6AZ53;y1#Mv(zC%$mhpuTf>3=X{9#tw-@i^Dc>s_{@n3uCkK0b%ASU$3ZFqeKy zVasP%OvHE9Y#&QUpXeZWOLPU;9VR%YVZ=GUVmQHB2<7;ho6g>8^BSdp_+X25d8AVcb4{x0u-)-{P|#(^F++zdvJ_TzC(>JT z;-YQmmz2j6?%YO7cUnc&kZW)a4urII^{>HEr~QsoLGt#hD!4~t77|aOBoB{XTOv=5 ztT4q80vijG*L&kjDC5acYz1v+zZhgE&YdA;kxf0F{la?mYiZAv*EkLv2$P%!+yu|qKg#6qmbEkHrFyGZPpj0 zvhs$EcC1&

    zx6r7fveQ@PT51qB5m;xkam5a%bq3CrO@S1pdxJ_P4mWHM&`g4Yv ztZKoxPguI)MtQp7$39^^<4vBtMxL)yin1!O!&OgHoRN&95O02+jFRp=eieP#h8NT$ z=F%ewT@f@pbW94x(L#4Q4s0p+jN`@@n>+y}@?Li`#LHYtFIsu(p=X6pmR40ud`{v} zC7c2Wq$ujF()%BJTgV7{Vs2tK^vW5K5lxH*4cX}ndZe0~I}_PK(Vj*f-gg{^gBc`_ zBghQ(5&aCHb07oh9ugejP@Myr)Fi^T7N{sj8ERz6SDaw$BlKMfnxHBZ#n+` z(cc;X-yHyFb1AIeV5bxC6Gh{CdT*2Vktg=E4eD*SB@XJ__u;sqi9^l3ZE=ZWmptEm zU+d%mdCpJ62L3d$7o8CGaRza0Atfs{XHu8)Lj?+TvFj`IU>$Fa<5K@%K`8a0n*cmut*V~JgJ!3!hXGY2{&u!QkHRik;c8KPgpw-J3+sM2Xam0 zUepi&>YNE(wZrbt;aBOT#D|ht+j5wIk*eYOqL^yeeU#_q#3UT>uh`!> zf~Om`$rO%g>B6|Xb{ywo%2A!Jm#8>Ah@#=*;6Ve;q5QM{#T-f(4@E^I{PU?GkF5w_ zd`+++J(YE}8o~J&@fCK$EWYuuApeoV0skg(|MzKd5w7??0(+rXJ6-rsrr!kapJ$VY zL<#pV_O}WP!M8A{L*p<1#hQ^Qf0X}J4+#Gv|A}{P*no7ETp*WlORDqfU+bS}YGntI zu8=IC4l5teuQsh{s>YxHgqsvE1sDoQ=@7~1|qbi&x z#)b)L(MV?=Zk2yv15J6ia?uFg`|>@m8d;0kj0h{{V{lJKlDNx-u07}&k84Efik!<9 z`FA$?aGVHYxPK=`R1vCCByQ(qR?7Vy1-RoAqan|oEObu`8{@J&PR#OoT-0fk*RYF$ zl%PeZ80FjK-!0&UkKQR9F=X=@#DiX({5`)m#fKzK&KM>6h?s6c3~(K4EwV<>tjOP8 z8D@#enP8$#nJh+gpu`fdvobpig5tCK8x=%kvg;O;w+`pm1)$~78;p#r+1r@G#PcxIGh)=5j z1$`s*q=NZBGvFtSYXn}%&2MXPk*|NhFNpKl6LFGT*Eu`Kp4PeFz+s&*9>cNd&g>{u zS_Xz{$;h1lA!P&|N&;<(Gyx;U?%-9l>{lzBf%<&gC_$mh*ss#wQ#g8V7Hxhzm;%M($M{egbm4&oTelUmVqEU8NN z>-`bwClIPPD5*^X;9t>alen3>KvcU5|04Y<7;V_(h3Aqvo`^!e^UPJNj8Oi`m;B}p8iSsv!|@!+2PmT2z&Y`<q`-?Zt8W(x=`Zw>~m~*4Ny0!hjnM)^)Zn^5pmB@KVuYPcK$1mCM zEX%twy7l)xTA>BkJ&!e-uRCcw`T-$9$S>K2!pDb`z^iLT2Yu!(F#LkWB5WJ^FSxZC5@6y^mJKcWY zs9_!Ee(+ZBs4wT74jpju+qLr>joGsOWMh1F6s9o)ze`joF>jN(@=>K!C9}6e^ba_&bQ6cxX z-w+zM_(Yxa-*4XC>4*8ZJw0kuw;`|pIM#fDtrIbGnY3{X`Qy=x$K- z?YXl?F5k4^hZ&o`-}>~E4YxFOU4HNTf%o*(nI=8>b*nq3Ilt@r)=M24#OOYnba`sU z#C4IgpKh2`|Gh35uXPG)J^tjps4q^>+1PE;v@KCH|1s*qQz520!&?22G9_%{>p%8R zobln8!{;9T)gAfx)${Sq*AB_aKHK`W^m|+VdiV6jyL+87w&;2K=ZCLM*tW9aKxy6X z-Y>6iwg2~+xV6*a-X@SxWO$qK5n^hPWhE(^B+BR>C)5fTJ4)wf77uaH|2bh925NN+2fVbY6LFd5`>$a%?Sn z+*s?F{l}>;HxF7+<0y8&dL!@Y!EAGujNi`cxvOj^&8#(Od#CRm>%ZQ6 zw&#QGjgS2F$;W@UZ7vHodzi#`l{Qp<}|F6pb_{6mT)_?zp>%aRuZ}@Nf z^Z&5@dGWD`|C8Zjbdw(n=H9vm_t?8})Ownj9QD~8;A z`KJ3Lw#~Z#L}ltXJ-U5?=XJK@+R*sbmdO!L2 zvDBE8KR&r*^4fW0mzKVN&#@U(1~fb2KALj==Rbx|tBAV%LQq;mo%xm{BmWWh&HOdh z5jU5N&6z)Qb^iS;KkYZ6af_@6Rt;O;=)?Xe2i5fIyJ|{8`GL^8-)MBl1CO7tKh$`- z?ZQvrwMpNeOiE9f(z#LmE%~o>{JhtTx8Bj(-M_(s%?(cPxiTdtGjUSW?DjjFC*S_l+jn=^+sntjadAQXkQb&z?|tBdw^t8-d1BAAP3B46#tj+L zspPA7HXqvjz?YMIeKvc2?twv%&5FEv^^(|?rLP?Qbl?T^*KD(i{W1-(yy zT6t&Lh<>B;j$MBGHUrcTMnsNHeO&k+DobT~|PJ`&C`_?v(eE+lL zxPzCj>>7Uik7uiIs?_xu(`VPIj-&tBc2m0k;;H#BJ$ifEtJ}Y+>6!lJ7p;yheX43w z%I7b=9J6}m_c8rOK3v!)bjqZcZanK+AAM8HLK?|kxwp;jJ4;H7K2OWNXO@2D?8k#n zTs#!E?si+v50hFNMn3WF+v8ukk$2-{X7K0F-B@{O_R~RGt}m{Re`M<|i%mzi#4ewG z?!LrXt=}AfTCO|g*ObHieolF5`$@;4(5eNEZoPkY!>>N9-Waj#$Q^Y@eR@aZoTXE~ zIUV^{^CNdhW6+iyGHKlr8FLo+9r?-~E&(x8$ttA@;JIClD{Gu97zeT{C) z;`|S;^l$ubP@89dKJ(7kp#%Fr`OcA=Uw_b#pJV@I{!8)`tA5E!`0)C|#~PhmeB|X$ zgHCrbeK_b?XyY3P*EMWeI%#0c(ZxSZYV%gj;goYTzb;rXp*;WUkq!-)4*220<(pDo z{H=MDMrZGOrE|zFzvi`F|Mh1Pn_fMZwCea%N56h!&ep=W%^MaSDi|I0l%tDf%LA9U zPLvw{^zw{Fx7wHNZgcac(EOiHNBvTf|782fXGfcx{TAH(K(V|sGC5*)_qk8!M$KFO zx&Fm%PoLa$ zf62{j#(y+qcCU%=EV17_vh-N1CSk8e&dYeP>ehpAJYnkj@+Su#8F{%?vn$668n*iK z#ajm~-~M`!jH9VHz1e2{qtCy4CF#d)@7?uu>zSb+J$zSR>*DXeN}Vxq#k}?hm(G6b z{V*|2%m(^LKl}X7s_Zev;rC3x{C)hw;*HL2VUI4J(&?>F@)vA>d+d+%-uyB%sNw2X z54UMBO>cYioyiTWQ|`QJamk_1?|r><&(%HWt?gf%HT3B*+BXdrrHkiS3%zWSM@PmGI$+9r2;nbzl1Wbnmy*#@!r!eeLe=w!b~8Pyfy< zKWlSP|8D%mcdySsmUhQu-4EWsI_}#qHr|x@$>2B2wv4(k=#ICp#Pmx&dgaHOfqD5a zw|#Yiv?%x6btN-?{_exoj#qZ|eC);WyPDQ}@8d5{+)_5=Sm)NKV-|%y_-4VJ!}&?c zJ$4M)ym-`uhMX8W`r|RbJo8Jd%EBctENt}YzqWG5lFsLc=2rgxnv(z7 zm%#51iy1C&(6lEe2s7J80dXgt1TMVr$tAPE#WECUVVJ=AI&vYOEXw5g5}F((#c^7T zqHvec0tb|l{pxhj;7fQJ$A$ZM1x^beq&S_GObhpX{n+TkG&pTxCij&Z{0okY z{1AL@;<%CLhroZ~xJiSb<9Lz=r;Yg(ZlMNm#qlK?ybH(6G&oyJ%)mC~$;nv-X^CBQ zIOsSoyI^8sdU|R`8XX=?%=N|SsG%04gNa&Bj0P9=%n~im>yt7KF6x;|Ev~6&1V5g7h5#smi+aYS#d$rGq{VqXQ>ej3 zJ+nlEi+ZL^gDYI%_fOuUtNjceJx<47qQiP==e(TGxFdAh*c={$k`>l#`M zr6{0A^-(4tlh?qb>jBzAN0?aa5Edq((R{W3+ryq}+ke%+SPKp0f3GG$vF0M!qP18O zb&~-2S2^v4dk(pO5^r)RS_V-cT7Z!gZOd;I05uRQWmM@&Yr{YJk0gUi8TrP&zgo*x z+If{nt{tS^_{VWga`@$)oF;JpOL@XlcY)%pjX$M}HthlFs%g_NRBugy8Y9{U|NfU! zM+i#0X+Z0r)>1PkdlysxYX4ev^xuC=j$H(-u*2mUGnAH!Gj90%lvh~pFh!FW81&aWAYMk8I>E8i809bs0& zoM}2KB~Fj0qt;c!F|#$x<)tQ2uyoi68c7y;V|jI(^5b{Jxk7@>j>=x<4rTEvW!6jB zI#(u@AJeyN1$xKzOK&osn`jx5)b>#|E4e+$Qa; zw8)#J2G!Ee-|>QwB=@bhwXLwl{#dY=PBexpJN0fzc$h1KpPOWi5!cV6Ffd0JrwOOj z@SYmJU^C1dTV`;LMVu@h%H%cDBB{Kx4y8c?b7W1~h=-+JJ-1TQ*qla2Lc*J2k&+YU zp)u8FM|F_BuH?*$IYVz#AGF~Oa+3uFdP2jWp(6(9rB$=DA2DgPApD-hCUKBz?%Fq0 z?h|TunQ-1vFK>{XE#P$o(J&Gn76C%3i zoE4s7b4{;6w(PYAotJ{n*yJNt`Gf^o3Tk0E4!4ao;IVA`amR5SeJcw>q(cZqpk?v$ zHb>IK5=nAMLjX#|Y!oqThxK@Gu=u25!FP88wn? zl3t4a!%#E<_Kuoh!<@0u(1E*cZa7eGXd2Q5ViPLG-YEDz zHY+^AuJ3!!VQ^RgS@8xv+!>y{pFG4?N{;{W^Uesq*a`2} zlwo?jSZQ^};n?%^ZPhw^0^8{8w$TG|U{`t25l*n#_YQiv4`&?}jGh}r73Ilry~XD> zKhK$GbLk-jq`Yl50XlY+lD~e*qF1#>Is00=2e#r_%yH1;yyYs755?(=K1V324NCdD zPnppfHd5OCx~ag#e%)JWPmy=OF80d0LfC#?oL!t#kG)IZzsa(oI?g)SvfH=TD_qt_ zHsH0Nl$WUcO??kVQg9D5^r~nU`7Fdy}{QbEUv*n;2#CR%LCwB0^mD= z)Ba*3$vhO3NqqO?-(S3r2Efk;z}XxEE2!+uqSAF#y>aCK&?0sevxAB3fFU>V1BBw$ z8=8k0n`zHi-kb;Bto)43bj|Zgs@Lu5eWfWmd8zrt5gxbq8t{(2*N~^B!b7K%j5ynf z2 zJVOSI_#Q{Y)jS~cZGywh@A9Im=I?p8BtKYk)VU56h z^D2hiQ(Y|Z=Ttb&kqCT=3a8VT!pLSbxMWP_56aqnU@E$reTr5 z#oG&n)A&r_MJo5S4OHMy2f#OSoRW`Pa^Zff%00~!2>eh0_tgR18{wA}(dSvj%t9Un zF3SC%&7J&jdRyZLPY)JZ{AlYiN>j=^6aLkznlckg>}Mt;i9F>EDKYoZ4tm15_>mP; z4{0ZJIL?a=H|YYtt?|$Lj{+s4shwLC{`nMwCp;0p_?o!?NRJCeGnn)LS92d$?qB0w zSNKoHe+>7pmPw)|{BP3`7U?hGN1^eTe;HKRp+vkW|H!ZKFY=GlK^rz8T>_tDUBWG? zcO__$z3?As?&SniZ(J8+mfeVNSKZj;R3jcY%*@SWGq1|pg3+FnW6a9Q9;c(motg6K zY5`pee$rBnQ!?!t#EZDn6+VfO3HA~qJ%~u+&N2~~MIb@4F+&e}%5gPL#&c9HH9t8q zJ10AZ9Z2(_%3Yhv0k(d9yG*3#5*ZDyC;C2S{*I<_n~40IoR)~3_Vwn46O;4ud?@5k zs%2)qMx}>JPWgL}UD%tAD!{K<_3)?HD|4yzeN~`HI!-?^KXYPk7E2F8givx1+=w(w z919sr$q-*O;+B?c+XIW1gfjPt=(IENz(` zs(v3gOZ2{GQ$1g^PGg^-u}{*Nb2a8djk!c)uGG*sY5CK*57oF|rm;6_?KSiYHRdxK z_hlOMHjOz_V>W5b2^w>f#+<7$7i!EU8gpm^-~33@@V`wH|1ynzg2uc}W3JSiHT0Hg z_{r6{FVUD2H2mr`_MsYcq{h8bW4}aWPSU#9m~|SnNn?)G(DNw_F#HeQ-$wJ0VlJ{b zg@L=-aATU@(kK}>v;|hwv-@|>`6*+fdY=2Uj9j{?Z>-+$qrU&c-fw8d+pjot3LD3(hyh={D*p-d31vV;DP4$Sg!<~aMtU=T|9~D1=%Tf z<+*B@(6h>?ZX4aTm6em6nurz$!`e%J_!lB!BJ2B-WYHA4BYu?o2#%FP)XJc*m9YH+lxOwHBc^SODE27is4mum2j zxVcn=f5XiiHTWiO-mAfXiS)d#7 z&dp-q1sN%wALjT}jeBwCeXa%{$IXj0_)KnIs=;66=28v*5jStt;NNodUJbsDn~!Vo z{oGuw!Nt3?dJ=pnvZnZ+=kCHZcn!xRG(Hq{HtV z5995Mz^`&VLW9@k<`@m$oSP*L-j16`XmArZXK3(Y+&oo-r*ZRK4L*gN7isW0+`LqS zzs}928vJu^-l)OZ+9~98uLl2tn~!VoecW8F!7I60+~+6K`2@$qsG)!o_<4>;Xz*Ze zj?v&ZbF-wuTXHk)%Td$sz|9#N{C;jWD$d!w9Tx=!`IG&A|J0l{bL3|a;D6|96^a+7 zv3Baz1dLQ~<>UF)_FV$aWpCt5!&A9WT5qCo^xPcAzwJ2AvzMbf-IE@juZC!-6}8($ z^I!EJ1;0d7JC`lO@5S>UPM8wmi*FoI(rd%7T5;fB5o{da+DxyAei!-CbGp)cY7V>Gzn zU%;3T@EiY9TF8SEazgR=gT4^1i5xQ9Hc* za^#;RX9vkqt~W>R!mcB;%MxB=zO>8IwzB+q8|+P!+8&o0Y%s^}F4$$2Bjba)Y-JEwkfX5DY`ZBV7qK zW=BCyqje!&f-R(#4yifPKF{;p;xDP?Kv9;FiYEDjBik(@V^0r$(V z(PInX8Zv~@mcIzr-Pu`bOF7OO-kp`!@}qTZDb?2U-|BeMhiK^IqIN{pDEq;zuExzJ zXRy^3eVfhM!0NKyibMcqX9JtFo~>;qHY7&Ix7{bT-DhokJnDw6!6rvVkknwKd=~fr zU)pYKP}cTrxf@Y{la1B}Yhn@Qg7;~+7~A+~l!CBp&?dt`TNc44Hu8a2`)$~*h<#Q7 zl@|=u`^;jH%hB=(J=R|&)`u2%8DhU3VLtooRJ+6|-^|155=g6Z3FMYxHi(@x`$Pui zt=u!5Z8o)Yc_VS#jr7GPOYF~FYm;k^Q*wJYe~C?C@@XsI3`qPYS>&lcGm&KoO_H(k?66J#fn0lcs=a~0uo+B*C;UpY*Acq`_MNdn z#8$O3`)YGVU)FrG@GrWbz@|>N?`#!FV8`!oEJ|SaHVLnBL|s%0Bm=8nQ1;~_Rg@5! z7jII#DKSde?oH;N;-se?b{#-^_SM%>Pz?*~GW}_|G%VPTUu@tDC4TS?qZMnbd>r>{ z+T_i+i&Jc|qjV1epAw2@lEM%rte){LQUlwD*_Olpa?eWkUdaw@E9~#IS5^y>fAFXo zioSxC)v+$f5}O(xI_q1CDT|B8!3%JJf~kZh|04D{Qe>V3lX3K*1PuzYxw_bauj0@> zmb_gZG;5UO>TQMvG&-c{QOiovqZ-=#HV4@lxec|c?qHS^*jTGcc6Vb?P46t^o&4#! zKcej33~Q`8VryzxkfA6>;c7t~zOFt&a7~VNW)?prT1)Z|J6+XHN_n=#+QVDgyRk@G zIw+5rAp378VZ}Y6_aYB1sCM-`D;*nyKp@nNEufYj_VBQRbu1m6Af}Yw=x`;ew_^wL zCG4km4qcbzNzy*oYp~lJgqZ&h=L~Zzz&OMiH`}P=CpiTfN&W+L1cBlbICEde)QrM6 z;t@via6iQ3UlrsY0xejf2SCj7hN`Bld?TOZV$Wj}JV}s$;syKNZ-cN%8j)x$vxGrd zy6c0EstytL$Awjt8`y>~$y>1#e<#{3R9~zH;ZZ1P#+(RYQZ|#C%%u;&pV;r&8+zLB z`2@afl*9a@4hz#1Z;w29KxG+1`qg-W$ zH#QW_X2ej<;n@|DkM{N!3Q`FH6tE*5b=@B}`G%m2%JCaoL+5O}Yn1#IW<<^1ffbb^ zkjDc!Bm`c+hGKf(rV0)=&A@K%oC!GO*AJn6|DHCJY5Z@r^B)KJs{21m8tQ1m7d zFF#t(B7Y>op?UW8_fTaT7S1Erv#-88_e#R~gQ$yQp`c=<45FK=WO8Ix-8!-MyRO*PlY zUjLLoj;Z=kLvba%K+tV6OGm~hPtyl!^kOKgi#c#gR`*AYxKcjiqAp5~Zz&_;qB91> zo-A|60W7gON7S-Ams7^LLRuKUbP*PN#$ekZ|FZK~&>4#>e2p2MDwC9gY`<0m zE)5I260eR5^!t80BXzh&jXz#@TH~mUlpKeFtg)u7lU#Ww$XEi%N%C?MFKT%pO?i!R z&Iq00@~Ehrr%SoGsw*_D3qLCq)Rxk66LrWG&79{XmeTW zp(Ecr)Qa;4xG#FyO@4GOME^!4kW6W`w+VfUD=a zsEe|TgaHSy=opf#*?N%DF~U*`vw>8W#C}KatvCfj?{=|d@32wp-sWT$l9N?Z@j*u= zXMz!_qi1d5GNg#(Y8}IZccCdhzzUgR(7C8G`RsPLRDLLgof~QvjHDS_m#0m6!3p^c z&Otej1=$-=%2?&0>k*58ka*#IUDPJlpdIGy7L=kuEkmvSHKNbs;4DDO%_uR;`{Lzl z9Fjs$MsW?0b?h&GO}QQ~pNN;Qn|WhcinQXTi+YNa6v63j+GkA9LY^i(C0vUCwM|-eBhwj#eS~vaE2oJ$>E5Rp88VZnrLz&8qTdLTM!s%#04p> zu-S2~4JR{mjpSh28I1fSo>7z=7>b8LM>pw%K{h%kF2QyJ1*P!LgR0G_2T`KQ!_lxb zz||N7J>m(2f?(#w>bTa_JkmUhdnj;tb4y=xhL`-`FGqXpFXJgqN{H& zBt@aYy1_X`UtV1=_RNe}c0@{Y_S$*aA|JB2dV|_Fo2xMmUs0_z+k+#QhT?Bf9a`G1 zv8Ak0w>PYLQPLL2zLXKc#kKVf#nVvN+mu=lJ^z_KmGKwaC$r;3U3#QI9Qs}O2cR|9<9&wRNtWWp|(nCjaeoXm!W&M!Mz?r?By@^J9(pF z;9888d&4sbJWmy^D;J|fGpfa&JcddnT+wH$8Y1f~h%`+fI2%ZEL$nG~&=o0mLqQel zBnybeftm#(N0dNxnVFI6xn4;uCgGAR0n{l3kgQMrQ-Ac7iZ6&_W+=J~6$02})g~HQ zI;H7!v6@x>k;l(abQBeVGj0(&>nu)vd3-2p3KPEZQ5e94OX#1*%jWz@i3{W1yo#y; zn%r@GOQoug%{4X5u)qNjCko@_^YQX22p)RYh?mkIV0^M}91>(XMZv>yS6_}hqBNGc zBqV=dO8$+=bXEE^$H7HOZfXlUi_?b%Rb~vvtd8}1OAl7}6g(3zUsH-eT+}94-

    $ zv6h3&_XU#gDQfwKE02heQH!|Sf=4Eqh==%yc+or59O0Pj&fjA<7#1vo$s!+DPA8jP zwz@i$0~9LB)Zb~Tug5WCslhgL+j69X#mQK~v11w97_e z;7y0+Fj?fiA{`pnsg(>UBMr9SD=C{;>F!2Hu3H=IMuRui*BXGBL!9xe#Ut)!d826*9L4Fgb zaM3X)S4ivPPM0tqob9Q<6;G-$jhz+KVJM#%_9;VQba~0=&F3h}tTV)Xxy#QJ!208Q zLvaGE1NFxdKSS|-%>UvHFrqxeDIUC~-cu^0#dBtW@9pZlt3c0ZyuhaT*iZmj zt8<@$eH2Q7(zv)YVU!QDnOjuo(ddh!%NbpcDmF-ptu8p>PDlRJWYdE67!30!h|{Nr z%G1%JhDg)6d+h!#IL6Mk+dTxCpmhAu`iXXLOd>^KVLT;VO|?d_&S3V*+;+SBDGbb` z%6Pll7(GwhdTMBbV%N?(?S34I;AABdF2})#r#vrwfhvo(+i=N(yC-P-86uL%Ri33_ z6?vo#@rcJkmaS}rzm>W96R}KySfU}-iY3w0ie(XKp$qA$WkOW7jKNdc($x^|IVhw` zJ5BRxR{2Moez`#JGAUE?Hu*cua*Uv&D$}h3@(+wOd^nq_SFRKwUkkw~O@ABX<*jUj>xw^DnQ(>a$_VE2L1lit6T)~XRRapk#x2ni%bZ_ic2bRF-S6Hq{2{;(RiXk6!V6L;;u*; ztVKl>?=Td#0aYqa#Ww)bl1Ug_cHrcR7m+T{(>xGcx1byxj8G6^WU#WTLX*W+GnIKE zs+hdt@d-XLS&K$4n+0K&_p#(Zgf$QnM>cnPO0x*U=ABD>Q(&rjqg4|T0-H4Q37-@4 zl2G1a=JSJ|wzQ}{`V8)=s6Lc(!nzBmX@N))J0?WPJUN}*J%t~|9UJp{I~MjfEE>G# zWmT?wnnJV)>``h``BEas{CXK<3p{aAsG-~+V}?ngA614n&?iFfmlaEeo}+q@Vc{nr z?5M_?$Z%vF$uuQ4zD8u9&P_1`F&;i>DKVl+Y^3{Z%1W7Nn?*c}^H2j;IZB9{kyE3& zDEB_#=)Wn2gvPb($`2tA#p@9mlLwL#_c2d8F$qS@c5!>6tLJoyTQ}yVh%Tj181KNd z!a|$ttWLc74Pk;9qHYYPRbv@9-&_xxIT2G-p={uQ{%6s0xHY@tl@UAzFTj*YsV4A+c>-Kw;B5CQM zOhh1aZnDUiJGd?K^_@o?-yy~onEOY71>51fqYX(F18R}DBL^3xAi+&k-N9QDzL6q_ zFu`>YOGb-my(mHCQ_*7(BDm^^M$X(}ondZsBtP;b0tuvZAEF6tWj>N>3io!HNt_Tj zox1=A@@b*Ej@2&~+&m)WON6SCi=q?AcQacnI$Cgme8sqjqg+5D)_|TxKF!KXy8r%3 z5tv2zG{4Ton=u(m#R~V3DC^5xsWIE7tS|HJ3=v{=nU{4@l(8D1EH9{PpBQuLTM$EK zd7%LGYb`I}<|Hh2drRwDMSi?A3`J#>_l_BQ$U_>mqE?VGnl=>W1EC9U^g2V)RMLBw zvstFVtX|fRVZu)}1PPsyHJ=PRK$NKxaa08x=F(PDq)an>5MCDc2FMrU-%& z$0Pynw>f4gOhnCq7PA>Ou14q)77e_V9w$VmDO=rTPTx_iu|S(&9xq>FZ5oEKbT3b& z)lq}keTCrARy0FfQA}}RlklP`vG=4(8;wRx6sDChxrR2$v+il6{SK@(LGGw547?#> zNn}J4(cWckQ=-WL-j72YV|9+kB)N2{D{a2eyB!c0A&2MJO@z)6X8=ohpX#T zbLj_=1D|%qBM!dR@JXuMAg>@tjQOj~sXjyQgps^L(v3{ul^RanM7nQ*1ut)07O1WR zx7%6e>{&yE92M)pZPhoF5B6R@=??jWm6E7g;N$MP3g+T`PydqpR!YOOlN2Rx3xW)%E}_!_JP z&m^LHcXJ>fpR<@x+^FR*?6I&!*vy;40BZ|Xi<_)pqO5PSE0Ng4r(49WNIVpKC#oR| z>O14GA;oTD%aVt%EQyQPkT{n{V-7}H=Ti22)UsDuQh3^R&QBO1Di>6BuW5QZ1ul#( zQ2cRO91C_d0yRH|%f-wr=rJr+3SdiMXpv=uuT4Z;%AmC5TlRLpt0bnD}yu~Dq^ep zQhllPK}lz#vUCTla7dikdW#sFfM6ft(QT(TMF|(|K$yMaPW3m9-!GZzb~q)zZi~k~ zm1?C|On1m3YYoNE!yVP#eCRO=MrG)+kow82g)o|2D`y+jG)Qc;xzxRjp>%~1KY_2Z4Tu^~q>AX-nMCyx3m0LcS4S(=lo5!Jj#ukSgNz*^ z>)j+`KHfOS{cHW`UNl>i!k{`4!G7;wGdIH3X|=Ck)9F${wh;fMx{)lgJKlQx zd6Svny|$!I@FxK-Uke`PH|)Mxz1K2OU&jb z5xtuj!4Z7)ZlWL1h|wbHCiOi1z-B?PP>t*1aMDhR{hbj1i%Ldz-eB{A00Y7P5hMT89Ped3vCw1BO53< zt4E=o6M)VF?q0kN%<56Ne=UIf&jaApq4CG(h5-1E0Qj*0_}KvXjR3eF<<=iREdtzC#AZCngMu>phHJ`y_55qFaeN=O*XbJ4fo+Euj7{{lsxBabG8HOc3{b z(gj3A#En68%N7AXS4XLCm-0B|_jG1wg9qV(uJBY7OV3MVS0jlVMU%(oCuZ{dMBz?c zMnrx9v-`!MrAX0TqNZO2)Mhbio5|#8U2e-~@A089V&4 zD1PgdI?2eLFi*_Mw)@@#Rgf}~-CL!0L78LEQLctc&zzc;3RAAQwv_HyN=dfk7OigN zj^aR6)%wJ7$@UCxuht?SbQ>GVp`SsFg&l@cVxE z*?VTq$(;IV@9*=!cYi*~obx?vuf6u#kF(F-Yp;FjRZUZ;AhM%;=V+P5i&ROtolB+e zwO&*AD)yz9g}*f8ybzse%~mQ$uB01Qof5srEpGNLT{i1$GiKeeV)TqT3+7)tAHLIk zih(-4#VC=_hp3%iV-=`9$nsjdE7Qu>3ee?cG@FU)I$=`E^vuQ5cftkwm%~BYUgN7z zg`c2*U?47ien>y7K|C|`TLnG)4}(7;aPFTp__H2(4*CHGrps-WhJK{L>2uQH=L?)u zkOse4;GY%vwE{mu;NK9q^vn8Vf%DVV@ZTeF>92JJ1xMhI^vfC%xYWY}flK&a z;IiJT#Zb_ZUgj$*=wGZ%~(zv@^UKRART>N@GN;xI}*#ejP{IJaoYU#|(g9BG*Lb*%obWxA4ot-xiy zxHN)BQaD41EC;Lm>VI{2BZr4}62bD+K+M9{7HN zR|@*0*y$rMUCHNcflK-c0+;kZ6!;gx%gDb$;F5m7z$O0=1up3u^&pmVO8zqhF6nO) zxa9v$flK<`0+;-I1up5o&&rKJdCtV2$?uZ_A0_ZN1b&vlPt?8!$meW<4+#7mf#1)@ zgFt$T7xSfv;KrZ!zys`DG<_9*jr^qo4+(sXz())GQi03*e7(TW74+)_UM=vS2>d*O zZx=YLu#xkCz~wlnlAQ9A^4E6Fd8@#s{yPMIp`hO* z@CyW9%RvbO`OEjqG=a-0cJOY+nNcm+6-2#SW%R5|iI)0+;>CjRKeNuWtxkzW2ZHfxo12cYAqX z(98F48JQwbPRTza@Nzse^3NAIo0P$C6gaD}!FLE;*4q;(1On5Q{m&?Y%l>Dcz-76t z7r3nFzhz}baO=OgRKY{)!x|4f$U!86TR){9c%8=G`mY!C6xrx!w!mfkS}kzdzWz<% zvVHwX;IckH;DMK&p|UkZKMMptM##BV;Qu7>?+IMi=gk6_^*MiJI$c?RP7=7RKeZaq zL9}B;x|axgsn72ST-LY$5V)*w+XXJ`+sgu%@*ENP#X_Dhu#q6Jo=Eyj1wIzfOu64E za7llcz$O3t1un~FtH5Qs^a)(@KbnJJggpF7{+|=Lm{cPJv7M*99)q9l^m60{KXMfd~F*t|A|jZnt<3vMC$={G62l!7b;FqPtb-_V=&hyN|-5Ivylouh@JYdEaatV?x< zK>tpwaV{#@$PxHXqsjxkL0}zVV09s`)ksK%epk8%*TrUTJ-{E)i9PK@L(7 zzT|r7&OiHd7m12Dtx^5><~cv9|L*u$Yr%@f=#=xsk2(YTyy}`7F`7fk)p*utUslD_??S z)Ep^!2l+DF_STfhT0cUGzM+r%0`vqEjB`YLXSVOpv4 zJC#asHXpVGoxNX5x9uG(PKRx_vUGe2=Jp}@`S?&j3AQaj%@#Jo?UQg%1AJ$11I)S8 zrsZKgf;DLqtVw@_q-fz@!K&bF)4~2lv*#z+Mz_+A9W0D3VVMmh%2;wi`4XC$&ZPNm z6}M!}!`^;cY+7ksZBun7*^yUJOPtMyS3)O~67g4P+-up-O5@&NpnTvv1IE3tt=@!W zrjt2R0CR17471HdQ!%Y{o0wH3SEDuPb`I3jjMhQHI0t z)Uj^kTJ7g&5hpOtUjhWb}!kw7Y z)E+c#zCFp#`-@SBg?vCAe@Uq$?Qn;tGErFK*4MtbdNb6a%y4!4Q-un#>R?2k-d`DP z`zqqF?ZClAY_I)X>+AmD+9GHiK7%NZ1z%`XY8_fgx!U0bw*)YM$L;Vl(P-@5sDtWF z3}hyahO2t-ff}546t4YKUGT0gWm}Z z@}O;)3!`emycd2;(dSG|-1P?gg_OeYVnyup2fxmv*&&ULlWE8cM`9p>fa+a>lf29Q zP8PT`bS74dS(4cPr&z6^|d?gLirX&jWSAY|K1^N%Gt?u0#5o(r~|&< z9|LyMpQiDt3jdZ)pZ4OZ%`Nu7LE7FwD3Klggm?Z`mJUkvWmTe6UtVHTZrcKdnB$3Y5v^ErpoDDmMju@OeL@ee7L3Q zt6-BVPp8w0oQZBuZAlFK|D=4CsC|oc|6q1g#NR}Tm)l#yI5PdtW5F10c`7?P%h}MN z_d+R8hQ^Ok>mbbJ|9FI+d}|M^dKo(gKtC1x#(JNI${<;YOwoHSK%Vi$zt`T>=lC#% zJ-T!<8b5#*Qf}`BRgKe?kW=lp;GHZ1iUF6Lv&*N|+i$>OMVCNf zNEE4kbJadLRVE+qznB($5RrN(D|X6)pYH_r1MEInt4;Yi8?MTsQ);ZL_hekDMy6e! zzK@#XHi;kokG6@Qjk46AqrTf%Q9bRi)tTfCMGqX6`$d{L4?UB-v0xGKq4w9t)i$fm zkbnw+G49((hCBd}J7h%dP~~PFRg#`9Y-spL*!pse?DMe)85*+L`m)cVEu0BTx40?8 zAD_7c*E_P|VGo=`=xp>~^1$bK;MaTLt3B}BJn%a_@c-k1|I`ET@W3DUz@PWPIg-t$ zpMxIwFceib`V&2HTB50slV-=v7qNNx53R^80n=R_Il8p^J?7k&}Nr` zxRhtQz@zE(Oa!JY=bFzDIN!sD{#t>{`tu!u%lvK=xXjmI1up3? z8%Ajyc_h8SLY1^Z%1`cFgIzHAZb zQBelht$KH5i@#0FKTk%+wL3nBL)SLXPEFN*e9^BM)ekP z`hzj&1hl>}k5jamk9&r$L9j0#o1ynJ8b5~TL7)5@OHWo^p%Bn$w*yDIR1!Ky3l8l7 zwR&clw6!vd{<0On@K2#g0AcsNxs2Ld%q8a;oXbr^F9syj;DRNQ_< zO@SI7m;ybYN3ztJX}ArnKupKMp*rIlxn~d;b}+(sMf|vSOwt zT%Ea6eS`#ND%E$gbcp>nlSMw@at)i`;mF}Nm0hN`2alAiunZrc9Y6-#PJ%zTO}n67DRb-|gG&8&^66{@yyIo4Fc@1e#Ise*H%L!SSjr|U#*Q1R)kVrU%< zDRgKZoCF_$?mBpqQ_WECWYGmtUaC==s?c7@5=5EQnA)dYF<6OF<$dQUJvn}C(sgGC zRGqFRG5dq44Zm-1X4aAR2s%bnF(81g+iPuJIs7R>Ia!{;34?n4EFYsrV2uXT?`$Y$ zEeH-BrlhZf?K7Ycwb4d^ZSO!nzq4S1yI@-)*_18TdBWlyi* zsY9CBCBKFF#NHaJft`#{Lp$dm!>y}~b1lwt*Qj0qek{^@*vI&T_~**k!x&Q!$=7`V z|3;m))niw`*?tA`)Vm0ebh}1XgHoMIaCSxXq@j8#A=cW%3WQ&n%&wpJ4hD^gPf+4^R)nQ%Dnk5` z`t~F7<0I+_7y(~|nw3s9xb{~N#Bm;$9w@|5K=+f`fwq63Y9KX+@=(1)ac>tj#Mc_C zpc0gY-~I*o2JT&me-5Q`$%w{*p_R@Ie29Ws?@G-v<0YqxV=?$f=(1OK;q9lPwfEkL ze`w7aIS;lqi$20AAlPm(6^oA&r~;HTE#!W<=j}a&+J+He=uI4Hz}Eo3Yp^iBJ$@+; z_b4Bws4+f6JsE{nr_UN)<4uenr3VKCZGvCH^(Clj8x|nuBa85Fh(Ex-ZF(&T^}@nZ zA9Ruk)#W=X!l@T{=U{ovI!jzyhTr@2Xcr zLPWtq0bNi}MW%x;NMLjat`AwwHy7drtUEZ~j3mBXh{eUw!G~~zith{8zPl=9B|byv zV`$&~Rzco78|v`P8t7)bDC@L#?hpGP#|mo8yKv75&(s4gJ0e4>1ifS{RMw%k3xOu; z1BuJf@DJ2>2V)x}$tCb`dyr?VIm3I_;kM&d>{RnqnA10-#6a$7iIn?QEv`pnep@*? zeG8{ASOd@CL>H||r@5lZ!JD~)!nIo?!C3$JWaNfCRQFTC<&JI0AS$5x@YSB~CML!Q z@a{sLd688kfCGW7L~iGi5d+WQcphtHO*)B;EM5tLTIuN#)wTpjHl7+^1Ws&DiE{^@ zgO@FPCp|&GKVoFjKzG@;)*gSTzS!Q%qXU`;2VRVny6cs@{EQNhro%dJELGVQ7)?b>cK!Q*oRM)B8g_$XLAM*I~2I*D!wkg{2h@ zlP|9<4Ta7=@9Zj^csjbe>Vi;hX~m^;W|vyC;`+f^=T$<33})`Y?awKOXJ+lHm>rh2L9ahVt{-#9(aQXeyImO!vklTXG?dv2j1#|Cp>VjHDu%euO9gQ9{8_4@P|C` z4iB7Pr`hD$>487%fxqm5zvY1+^1zQmMb9P={m^B@z1HMT_n@!vz^gs*F&=n>2kzzH zXNCv;wZK{bO}$rr4RmvZ2mRMQ@O2*eziR&7PQ!HiC-DEi2mLQRaISGW-L~?mG9T_i zfY7_d{6#m+SqeuRo{O9=KPO^wGVQPgYoQ;x>IoX-Iz_E_B7NhZW%>O0Jni}fR4Fek zdO1}4I+^7-K;fFJs;_?a!&Tsa5MKwPe^Ua!!h_$>mLYkRi9*?vvBcX{C7^}v7X zf&bP6-{gTm;eo#=@Z)f8^o*8=fFASuY_!R<|YrSm$45a7S#_(A# zaJk00R^W0CkKfM>Za$j@F8R=XxS^M8s|N+nbqXU-A;&cc2z-4~bnXy_<+1`&6wgNI=qXaI~9qWNl6u8XSOb`4PftL#T zzb$ZCZ+|IpncuAfm*w@Wz$Krz1TOQHHw;1`upA}-a)FP;GgF_XzamLLUC>KCEE9OS z;PVZEOL;m3F6(oTz-7J;3tYDA5dkEIzvd_prcax})@XpK|ij$T?QvX9|3t#&dvCRfc|{pdTgh zwE{m&;J@Mj7$)`u)vV0GE;HPm=j=+4KgFhor$OCWiz^@Z{mEf~X;Ih51^1z=Exa9M!z-7BT zkA;Uo`6Yc+;IbcHCUDt*+5(sSOUWF8^^<=lEYTMRH{a3UapC6s_kW8G**#iMMi0g2 zLjQW%kWJ%9078c@M>aDK`Pt?fI0j&#?uqMRAt4p^y3#c`X=NCN8}j_L@k5A9o}=+6 zgGrx#wG1YG^IM09yk=dLp-;=tHYS6KXMUr2Xs#vQ$^01365O=>ekLaCDx;O^_&vN4 z!RX&WSK)$fsm=iUcla63g{ALVevE74oAS$+wu-_|6M;wcGO#-`Ja}*7^R?nGJ3hZh zD_$LbLO=(1{yApJ7JsIef1Zix5uejdb4M>s8IgU|e&5jf=hjrK4Zk0Mzi-Ewv=DXb zQrnQJBgC-Ic9~_rn-~{J+z_bUdUFAfSl(;dyRl?wmb=u#(dUr&Fc+J-(!)batV97$ zYsP7HW6G`MB>}5;kCnVKfVHy@Tn6vn7;fthwhbV`WYdw>L;m2ceYg(W9id&}o%^Gm zJ$c$zf@jhlhku19>VxS{;EB|++Knx**c)5-9lp;WFSHVcJFRmIVb)f-C&GoG+K!v& zLx5PK(T4+y>#@?8tbUrA3s-JxOqPVK$GntdBY=HnmAKJoyD3{f6bVi}k0j3ENil5?qIKc?Qk02RdpLeG%1KG0O650r z7EZKa{q=HR`@!HHkK;a)oD92#M%a(MpA)?GUw}AA25t}{kmPVtydt#wT&LE|}lLx&h z{W0V1`yeec-q^gW-u^RkJvmvpE8P0$%$y?w$)>t!!q4rwNCeBrZTB-`qB#%ij^Xun zxIv|8!w=c*w35rz$+o-q1iVbm}oSq(LGhFf19TVHuNY9EPIB2xz%VPkPrEVMEwkSM}pbRNvnehMjh z_;*Us_Jzo=X#}bbV1+y&O!?L&hEe0_9ol(TTJKNsPn*Y)QbiHu*o68>*zON?r1A^f zBviFA8+k-=w6>$=fI4@SRjqdwmR4o^c${4pO#_q_0?zNHxogV2G~GJF=>BQ?FdnuY zuO+K}=_g;n6Tn=##$s}CEgjeJ+|5|?UVld{aVB(_JawZg-${w7FM!LQsJ$y{qs4be zJKq|kOl+~LymMkQ?>&~*sSVT5)SnU9@w5mDPD*R4jiG z2Mjj)4_cjXRp1$Rc;al%&fao7h$Y9|&FHcG{+Q{>5E~SAsEIX=`6#VtEI;bhYyQ@K zdA!fxGcj4B`aDFMoUB&yTldu=PH`;%okn|4Bk5oD<0gzavHV?=lO;(<$bD6Sig7+Y zcsx!B5kb&s?`ZUI$0Nx05@W>jcc3b_>qwCLB^_x?D$?*fSh?ccQ$fqwqO)>-rB; z0Z-_W-BiBw0Cp$fLd~QEs`L{y_$P91uw?UZ!BeT$tvNP7J))PQ ztqy4WUf}ymoxQ5w&+qa5Jdd4E6?>jiIz)k85lwqB^l9U$F=lVV3&rVhw0WGeOj2)c zE}x>>DeGrgG$p15a<2|VlGo*7&vm+wItNts_M!k@L90$qj?WDpw2~!T0w`$5=r5s7 zn33619HY*0*(n^C!30N*ZxfgESUP1&0y}cp-r+1=I(!JdY$bxcgUg4!+S-2f{fXJN z0r&nBThQg%ZJ0vMIA!<9whENHf_^x;aFdoH-(c^{Go%B6VodOYj?!+ zCMK#YaMogsW|}xm)foD7;AkZ$p#Y|Wd23frv~^1{l7~f`&kB_&gG0*-O&yNm#Z+vl z50$8kX@rI&BazxetM5?yqE%21gfBssYrAe9WdRsoY#;7D6)z~2H*6hnln7gMypu(7 zs@?9SF(rbuYN!bmqp@kl0CscV22=%b5^9XS<5_*7sgH)5^F<2 zWrm9p#*N1847H>X_qC}?rw5k$fa>ENE8nycXv>v`vhQ^DKEivlT$(DXP4(mo9T!6G z;c1C+4q_cD3#7?_RYuksfm-+H*qd%F>bp{p$Igx zj0yx(V4QVrBpQvnr-Xu!8JJ2tV|IA!Fgm;%6~Z}FG(1C}Y0UQB!}k4qG#+d$QLM7i zrP@Cme+|y%M)PN*Q~r*Or~__Mk+9f!klqo4N~^kp2if9WX7a(ddll-~C~IR~no@?b zsiXDJa31r3dY;N4IK`KQ;VvX+^`zcB5IVNE*f#?Edtt;IpQN^pNTilJgv$tgq}kn_ z`$zb@cMih6%bl#Z&K`se4lVbm#%t&oj8;*-YBG%_q0i7kadv3mAJ?Ub9q&%5;aY0L z5Hj&IbXXP08&nc6FQqS;;XGb*6dFfZo4*!^wug4<;tsYg=ctssWR$IM%BZ_-25=hj zYr92^;a*1SVvh3?!jen-za^DT~m$IK^Sr0=z_E4p&lD&j(Lztqs z^1tc)v5A5vF73oS~x;$oL90g(r4ZGMsrBpczXhv>ZZdOTv%vd@?b+nD`%>ya= zj{!(ukuvTs;NG3l!S>6@9kMBhLZx)tEhmWHf5)km@p|ZW(PjY;(gXbh{&)ec}1N=XSF{W57us46^J!=jI*b<`|zCt z`(0~iZ|$CzeQ7Q?ZU9jcW+m{vD{{9FSw6xpd6S+PNXd(Rdr|u@keHUv8;(X|=vYv( zUV+AS2I6P54j#SwH1$q^!Mm=_t(!~1FMKt+_Xx7Lo~NO0_$uN*(u#jW^oiD4s^%mR zL!93nzA~2lC(!%CS2WsNh3Pf>H~kL7hZS_EgxT;MQo+`XcQuzzkso9a^=OIK^tN3&63_stOod zSK$k8QwUb*c!Wk}@2JFQRLRo;C`j>CanRXSSs*S}WU8aE!vSqo?r>#KF#&2P*>KXw z61CATWupYYNWnV};bR@|tI)w{ay4wir(t~LrfbkaK)EZdW~5Ki@i>U3J_GfdRqY9c6>u&E&5O z{!3RGzSVEU^y(2l#SKRKl}D`BBd7CWUE5%=jfS08(>*#>Mm~>Ct?Y0#AIw9CXqTY`P<*pO*P|`=oRteXd>@8%=X zjZ2qYOXwDBC5JCfXhYmVG*8t`3;@(8h-ss$GET?$DjGRD6-ATkF-V+h%lsgvvDs2Y2qg??X!5NO@CZ zVg$sjjwLWn^Jjl_;Q7WxUU_5L-o|r>aXy(ZXr&2OnVD)5&%D1Z`w+Ef?S#L`52Ky0 zjE&`ETgB8(gE4y}m~6%a#V4<;5w+2I9<`@-4LVZvw>-ioGmRso8cdMn#{7fU&I3{G zi{V?d!Fux_802gPqWz-%8}i z3%Oqe&8&AERE?otH8SPv&Bcv)9b$e_zd!IL)5X^zzUnTI*;_EzxEpUoJ&R!aYt$~h zBe^qMl~b450gqS8=jHnWQ=da#4sA>y@3noZtib~*4w&+HrX>0vfjp`AbJTu9zn?(` zx2&o6GZsWr?`Q7d%KCn0mwgW3&X_NE-dd>fz%IrM`oh!;8q-VIL8r8d$NB|*I(Rw? z#s_3(J}^ETu2R%*=e5XE`lXyH|Hm3%{4;v>tnz>Q@ddp<+Ik8C)%qjG7c3S~V?2du z>8v249$$R2^4Q{)pTDC#o&-7qYzQ5I%DH?g|YZT3^ZzsNQ zGSg$HWBQv%Q`s{)pw5{t-UuSya*;0cm)Sy7+_Oy7|-WR#OvJ6uUcnsS%iDbaAJFFUhY|NsyKXt+FuqfxC+JOAnntgQHi0=37lTc`2=F`@JxKc#n-hT314^QB{oDv&PH2hF&mKtsV5 znE>^BDs_RN?6+OK(q*XpY(|QfRkkk z?o!Q=t0j_rEGEzdf=>Z+2{*B@RNZnJ!_jz^?m|x zE|X^CbD^fMIu=9-W)G3q-qmY7_|WNnHvTI#|8D*8J|`KUt?@N94n$Dz9sJ&{ab!XT z)j#6uM;`qD(*x(~GWF1{`KWgZ_&n)B-=pb^X_$mmv+u?gdqi<553e_Ix%+h1(xu#xnsPTRpDnw7sd?_TVOMOYRpO8( z&!{Kcg>x3tH82u)9swS`Vl-1rk;0R*Nda4Bzcy#-Vm@|lA~qX=UAuI}#@ZA=NE|l| znI+ILq zf9X|CQ>V;WIBUUz#m(l<>^wHHxQUuEO?Fb-jZ*}AD|6}|xynciTFba+t}}sDHd8P} zAI&_Z0KN6t=pmID5?7e6cc0h4?55e}V7f?!(P%de#M!kNTrD4KT+&~l`*}D0T!GVE z+3=Bj_Sl6O{5e6-rf+aF7U5%=ZeIWZf;(Mbej2Blw&7DGaJfflj=-fn3k5Faxkunq zp3MUPtVq}F$)TKb@74=6*hU~Os~ z0+;#yt-xh|<(?V2$L3W*FZZUtEpVxalk|I;`IYtmO9GejTqAHP&q5D;g$I6@z-4*; zP~ftjbO~JQ?M;EpaycS!R#l__bC?(c^DF5a1TOV6U*J+dae+%c+~R@X?twon@KVTR z$#fqzcmw+LLy zX$xG+`E3vU2OjtX9{7_2FBkGWFL0@cHw4a0lP^CD34wZ(?WIWIQg0`F;G+f3SBl}k zNZ@i@u}CYk&0_B(VpW{mofp{hUj6914&R2oKR|{O~;adWidi#mM zWqo);;F5kD3j=}jNclth`;NG*KeYmv_2*K7S0Ij&f0n>yy5ADGl=DX#clQI23VK=Y z`vflgfdPTbe&7Tu5rO$)S7+p`6u9gMt`fNH2j*zpEoVZ|OF6$Ua4F|Q0+({`6*!B| z$k``wDQ7toLtwt7oabrWE$5d7y_9pQz@?nG30%tgV}bJ%+{pQmz@?nM0+({Wr*XHO zr|5YA=8GhT|7d|rIU58n<(w<<5rWT+0+({$FK{X6MuE$5!fOJTbzI_VhxWYcyeh8e%b99QMb7A7^;Y{kON#Fd|;R&y+QWVa` z?q7y!Hg7P1eKKpN$DN?7`cf0b;DfVV8GOM{7?G?DC>KwZedJ$1AM%!lf^o7e6Q{|ss z=KX3j8@7v#Pv)JHIJwb2+=$b4v2O~JG-A`b{YKfQor4kk1z^>E^{KrSv5T;uA=t_# z9G;U4>t!CD40F0DyxWgYR#%T(8_{mWu}yn-kAG9`^zy>s?Nbq<{rPyu!A&sR{WWj; z;$K$GmQA-`JTqQiXzw4`3uDyeA&6P~Uhs~0@XM|D@X3uU`?<<@Xk%MD72NLbsB7zr z2Wp=Vw#UFK_#m{l^N_te_^YkG+*kpdPuNHPk~T*)=`2&%ZQugsIU3u*@sjdsp>zlP zU!}J2`ZC}~dAo4E6;WVHS%H1{ND2EAHp3{kKVxIr8sOM_Z~-4{?h#x+atHq5PyyIU zD-*hO;V7eH7&>mS9SW5+Pa;M%n#vZ3*Uup{Xt#7jidEVUukVqx?Utrr3HrV#kZ(-2T{ip)FmVdsjyhkI8p)4OeGp;lof zZiYXO-8`Maq-|e~eFTo#Y1(&2cs*ASH>l!RhbyP5I0pr&dZG8qWSFSw-mdvm7^#_e zq1#3+hO|$`AH!eJX*jkO%BCu9XQphb#?vMzQnbdO+mqc$NtstrYYWH>Ag-8ZUO?Kht=r#!Vgl zod^GontrCHSM?WIw+H<*n!dx8?#mkQ*0`y^gC2aiCrIT>XGqm;(3SwtrZ+Chr@9ek zO`r?}7A|Rt&zZ4&a(IG=MFAGA#VS267tOhLR($>qbGWE%mb1;Ww_XHy;+VDi%(ZpB zT&@<#Apt#v#}_YAmJYa_y>QkFUUMBE3+j$_K-#8&Rsm}1d>IW5nwQ*Y;?aBeG81uG z90E3LI+e?%OXoDF(lKTair#qCRz8oRKGk>eGuq72TtpCoYL;`FUsb4s%Qb^rG|nzH zfIq|MTY_HB9nil$1NpPu3_WdN7~Fhz2ztrqI1*-|uhKaAbKGtC*9)9&-{4CGF6p~G z@NbEFEZ4AqCUAZ?82&uSje$R$ela-R(lGEx(n~+Ya_-FdA*NVT&sPgRQhw>DS<3mQ zkW=z61z!g8*I8HhOVodX>-cRh-1IB=xNy_2{M?0`{-ei*n||UiF5L7J#`ZcTr_TTX zmbnb$S6XL(NZ-aXW0va-f&LxN4_5@*ZZYtdO^0=bfpv_*Yc9js%sN!*|GN35fKj+2 zPhAaC_{WXU_X~NBPQ`RCOnlZ=8BF@-w+;_^T_uTdt9qNC29>T;oMnbxykE;d&j_S{-SP2$x^C%WGm}yJk!R_i8ya2nN#`<5UMNDHk|RBrk>2$43^(OJ z37|pJ>Dhr18&mIR~JH6IT{vzj1pJ^aM(oJWK z>0;Yh8i2nE2#mDh#wUIvcQXGoSUM-8`C5C1)dzny>eg_gp*WnF5&-KNR#yii9Dzvr zQ8<-@gP?)#_FeHJ`Z%;k=G>PP&kYZ}pqvaHavhw#7QlEcCvHz69VF9kW%m!}0b+2Q8 zp!N}{Z{74B1of?(+RL&k>t2=#1(#&S>)E?_2j=C!^P7>W`+ezey;31cuD}J1_th|Y zo4U?Ty&+SOy2$p;$nll@W>mTb#%b(q-yr-J&xVIR@R$ca)dQd5fzS8A;~x0eJ@DH- z@VhYP*I(JvoAjDnzO6;DaHFa&DYIY>ir$&Wshxar8B?N^f5=mSR2pHHyIL4 zA54@wPRV714SL9gJaCM~z*jn7Yi7(ok{|+c`E7KzLWklkX9m*CZ>CEWIuz&Ff`Rn% zTgQySiL*W#c{nM`;Ko^Q48-L(!Os;s6yGUu`E9gM;Bp<=j1kziaM)qw8O4T=;Fdos zaLNBm0+;+Z3!HtN;cveA$Y0v$oJK(q-1+6c1O~U9@+=?uZ8XD!PpRS}zJc`pr~T&e zo!z{6;leqK;=Z#NEsoDQ8z)Adg^&2=>wIS~owH!p*>iCA*V0)FSrz{wp%h%GQawaW z@vPHVrXMp8+9^IuyM33zHU_73+iJ`SKV>>@XK>0k=OhWan8PtG+}WH8 zw>0q!;Q2g$MyR9pNNzBq^y>HwOE}l5_05mE*DHL8+@^9tw?c4X)VUuHgf?2CL2KYS ztMkxUtE`(hbfw!1Z+A~xp-yYyPgds#zGt6$OfKxU&@L2yWxW-;@=DDB7UTNXl!M-lmEHF#YzK~lkwnj!z{a@n2T#p z{=!pZ$%A6VtNrq%j}cEg3wl#;GG&N6dtv^cdc7hXT0NMCZ6wytMn)={p4 zY6mj-ybJX0aIL4M{XKwlUaJM~r*P+xmdCRD6IYbLjZ-X9oS1@(hCpI@am+q3mS}kTy{4cINM8#;WehUr>OO%BDl+iS7tj9$=_-(FR`0S-1UY2kIq!C zH4b zus#Z@IwEII2((;aA&JEKSQcF|%DSiTSZ6&Gx9uG(PO%atU2r+S)q*S8KC5;Z=e!Kb#)-A=E1h4zi8c%>XrJYu7^)olT!TeDuwzm*u zOMhX`T^H&=Yd+O}2Y&HuuMDg@o_c8B1rIxkJh+$N5BJKM^p^cTqU?%aVl^LvYrWi9 zB2o*-T`MmhjMfgez#&r3iu0}JjeWtC&ncy^Qs}D_PMDytL)6zZ#;U^P6LLA`K|aL>Tb zSmm~8=S#VWyVYub2hO2$qse%Ge+-Vl==-b2*Ya7tUfsGM2SoJ8e@ig_wkjU#Z#`QO z%FD95mFMKMaZkTetq1&(#Dst~u*)iY22~txw#P<7a1DO|&If@V3WvHQ_5@V>3B{qN z04qP9iYLW*QW9z^PBfM9N!cN|i+17wEot8#ykiqmMm>ySdLcO>7_02CS_k2)?CY!@ z@B8C7hwbfit>7X|AiRU)0>V3c-w7W7G;*64^}o%tBTmL28b3~sfWtC)FGJ;A{OH`^ z^BZx!EqL6-emtMqkDJZGh=ae6Y1Mm1mD#R9-TF1WdvM+QCH(zms=w6pEnN+&hfwVutqLBp(CY5mh}o~ZI)V>& zl(F|E2PpnTt9EotkGV%%3BQJg990^|$hKo#RDlU?^7KOdIBn;=&aNPPzUdx#M zWQ6YWGn@;<42!T%S;rZg=BGPfIU0?lTM@MT1QRfFECML%8hx7kP10aX9{nEhBvb}Jm z9`WywBuC*;i{*u@w?sxRC@<`tiGB$6oTtk35Q+5rML8;kFC#77%%awgVUb|8Co#S- zIc5v92GMe@X4Q)=!BGX#=Eqd^Pfk77M^}OOSeVF);Wz@gL9Fc1`HJC87P}w)Ol!|z z>r2DnIM2`axqCm}p;jf1DuHLU&iBWbZCeZfg8fz{+^z2)Yx&WCJl(QMdk;bh;5d%I zn7J&2X7q1-RkR;$3E0buzf5|Si_pRLj=JDoTNNnC@%%D1xn{D9LOUjLS+Op0zE6}P ziF2ld^O_`y>Kv^0=UbHhONQ^J#N{S7-;;cl?z`9@>-w}R-+2KI>2EQ`sZv*Oga~b) zaInKRD|snirrU=ayr8}w4fB`@Xy=P22j&JZJY#YpOwop+k3oyh?@nA{q8N8 z&Rp#a-nk2+J;IT`ssfzn=2{%4Pn83C1v>6xbNP&Kk67|7{P%4buIL<3x0t1c57}Vb zdw39So(jL(yH>&NV|BUmjH&0em8oF-OvM-pDBjU#*wAsHf?4#h@hGB)o?sH%kzLdt z1^?hZVH?JHPDN2}bLXxzGMtbpLoeM)v;KtFbN1VE43ai11xs`ZkF3D2Dh8EwFTFi$ z{i~E86Djw#>2l-=%7zbT;Ii=fo|-A{b&8s4fF``2?k+@PD?ya5AK5Rxx&Ot5u!zw9jq_$ zx8z>E3GeFz8(xE?y0%@d2M0dq)PU3)M9Voe2;0z|rc|uRCjL<0hID>RJF%KuaMsh! zzK5twGskX*p?zyo@9u{tCp4EtStKByLsHyzFlfH7h7({V)vf4zo z?o6#|Ia4VCUh5ihX3?3#M>M54TlXvUk8R!~4r$BNNF?Ja`f1bb`~EBvM?4HO*4_gR zIzxsqylUg^31_abPJA~~du?FV=VOU;8k=9XpH)o(hd)iqkG$dxKh3y->DMRY<@nNY z&H$i%7O1iD7&nB_iGGJ9^+*9EM_d^F{ssSPVlt2S=1`vpWa6 z%XUWa;f&+N@;k%!4h)`K9<{e6FF8_gUlPF6ZV(Q1hs(ko0M?OjsDqCbGMC?DNPHyE z0cq}r%j2EqJ<|F*I*bc_Ek_}(mbYz^wG7jvJJCOcF;LRuGp?4>1RQP|>6Vo1doLm< zII|>w%|*Uo+xOIsKIkgh0ynO&)!XmkT%uv&&Np+zty`dP{SrW3ZQB5H`^|dzQO1Zc z3}>zC)6??5&{v4^3B%d1Rr^BxoZy3>QRlv3@exPB)MG62G7Y}N$;Kn$N4TZ~_pO$l zw*wtv?F%g!Hao8i)TiO8w^;ZqsWTwpKGNU%CfxW&o$(qI4uA_PTo2=zI)VtQd`y)N zbu`+qpg!b`WHoQG{F|V)W7gbs1Zw*}FuoCgieE^E z4212s!uFft&bOenSB8Z#{1g>6*!B>a3_M*=hpP@upb@dpn z9b8e!p)DLe*ER%JADcNJz|JRe0S3ig8}Xt%V(rE^U&&TgOiqi(TTs+rhhL@L?{Hf+ zg1r|`MQb@7Ro)eg1%U9Zul*qYqYU$GXO;usaXQF;GtU_f%2e&rScL zhX$ERz!$3d(EEh?X>8u?tsnK3MAbB6w*$VBV#(N1zR)gf;Kg;Z#Ah(&fCKhY-$^;n zcanv&RUb&^;g_6)C7~YYJMr(;&(G5O!BmT?5}C=MI%L?wbLP4k z;70_$Q)J-1!8qdZ{ex@^*hw4Pf=kF3fmoHgLNfZ77+!BG1oSVlY5Mwi0$ZT3Pt?Dq z_+6u~XYp6ruum&0z5E#MfE0GWfPbiIR6Ll>Ukd+=Oyl<&H}Y{D*sZY;e_;UMnsaSY zVEiUU|Av0XX?h0oFv^qpQM15!WNceWSD}?Wl5r4-jnSCN7qKRd-9aJ*VzV`Nk^UvN zLSHW@5dyK>HO4hz24eSWtWqHk_Fo#~It+t_KeIP(F9Br-qWqAi_dFU|5Ta4ovPkfkn_!yU)D&$6yu`RsVgxZ?+nI+56#w`NyiigA_bSAyjV77 zpDyhvoafW=#Hmwjb=ob1#^xYAYpt29j+X%LuZL}PghajIjx8_Vk8I3DwI%aE8z$#c#6xeDJCGDv?L%$~NM56OSTMuI) z&|X=v#L!X)mZp_;*Z6vs*b+^r7HbfXaoaSe7Q=8q3V-ID=N4Q$WubfnLl3QaIrXVJ z7^W_&@wZL$;Fo=7om~!MXP-@^U~1}`<=I49EyxdejXd5#U&6^;w42-WB1ILq9%U6( zwH^(9vIy`9#Rk{Nk%F9PQN?(HOxU#bvB&Wl$^1;!JXet?0x`2U`+SA?d^7R8Qqw7W zifnB*y-%qDzMp@Pwb3>durZ@`qXt3hl!(Y6)9BG@RO>o-XO631$V}tsS<{%{od)~o zh_2)laP6C2R6Gmqlkbk{8lOY_@}lA^iUN&A#S2uMXP>oFKR-RQJwVa7=IQp(l=Bl; zgP2f|Gc~h`IQ^gIRra@d{n*8;p&;i<7cYvMEs*Vhr>&b~$DOC_keI%%&Z^(^P*8UsP5hzFlbHGPwA z!ev_inI7~U`%%s{n%?wFH)?#H#!b(1tH$ruxEeDdjc<7HzsCdrsR#ZC4}33h%2`+F zWJryzaLF+w@q0C{#!tZCF!avGRG%6v0Y9X1We|#cQx6N!9>}M-2%x}+YrItBrl+ga zc$LP@7^zz0O&V9@B=8%f@otT)@euIwhF%Nu1163z8F;pOa=E5A56xI+k;d2PNM<~9 zv&K6#Zfrzv(|G@JPI_t_f=lkNqaLbs1)tzN_T6jvYg~;T@az|ckH*!Q0r&=u7i-0+ z_dj`QW3XoDV&Qz{Kw0gLTrl6<&6qd;+Ig7-GZrjf?m`wWh6QKy;zi5iv>QHqv~SV; z1=lQsdGqX9@mUHA`HUZHZo*tL3r3yGX#C7wpy|6CW-Vx$qfC$S$ZRonJSIcf`HLL? z&Wq+O_b`>#TTH*^cx2ApehQAu<}|k~or8U>%bE1D<+GGy<>m!*W-awiX{w)m*=4aA zyj!$P?Qx}S++IpzxieSWZi5C_Mtp*B9qxdVI=*-Y3-8*+ z3+F6V-lC05?@V<0{5ULe7tFd=N!w6AdHgt~#!MI3VDCIqdwk`7Up!&Cr#Mix&JEND z2iNe(J=$#S)$vrZ!1{O29J9w*7oRR&O{PIXt%aIB408~iHjQ*i?=$MJ__Bc8r_=lS-F00a6@0?!p-|8=E9B5`3)ZU*Il?t z_nR)<@c+IG*SF4G3T`MTyJnMa8{X>-#QAD5INj|q7+k-0)Y$?CXP0W|l~)|xQ;w4b zeo*rveu}_9OU4MqIc7I}_`YNy&at1t>-9K@_!kAfNZ=<3e47VepcP0y{Dv|7ewz1e z=WafQdSFL+WI2WeK1T32TeL_o(`^>?{3bN{GQQB=>8=y>7Yq9PHSVUDKF_6oUJ!i7 z3O;Xp@CoROP5C9Cvpn!y1%8p>FMXa%Jv^%E-SWRA_(=NqJm?PzdiE_wpA~xC=jI>M zIP)d-aFxJix?lCcZxOg`7vIphJKg&Qz2v{egMNpgm-Xaj5Bgp~FZ0!`$D8hYc$2_6 z#xr{RmB3|vensF?{=Kl+UOaAW*T=G9jkC(|u@}DPg$>-la@Mk>mLQVi8 zkpG$ZGkV@8aLK=0;FA8Y0+;oClpfc+`R^CF+Yd?fyD(Ox7T7WG;7V~Pp>@wH8sEK7z`_1_r}u+5uLtuKi2 zZ>GMt^sm7m(D$70V=#D!y7T##=wE}cp#TVN&QFT|UX9=9!iyOZp+o&o^RLqQQ!ad+ z#`|4(x5o2yI=tmyzs85Va5L{@zBdiMnRlvl(VKZE&Nnd_`ZX*#gn2H!SbvDGbm3;+ ziTkh_3?DP^^g|bJ=AD%7f}l6^PLH|h&Aiiaoo~b6%sVx?a5L|;#D$xAr`uh)nRn`N z;bz|HDHm?$o%XwMGw<|Q7jEX4%-%IV=AW5g;`{}J!Oc99<-*N;(R3GX=8KlNa5G=j z;lj;)&R<-(na?TJ41(eF>X0k9zm}L*~Xt8_P*-5PS z5T9RLizf^pe-Cl7Q5Mp#Q}SrPMcAQ%eX}ql+==Y~@4(m@TXIA24D?273rz_7WU#C7 zbM&fQ3`<_@X;d9HY|F5jW1r(Z2d39YdSF|t#u|L0ZLu|NA1spBFxl|sjrJBAnm@+f zI{OKMW&YJLHk}^Eo`9H*L(bDY!_KCFv`usvKBM))^Y5u`UG{G4mN(Xejny269sHPb z9&Zl2TXVpTN>N9W8*2VUdiChVxHFAP0zRlaY*X0`&`4r9qH z{ZadaSaQLKKI_bt$E$aVM z@SB^g&cU(Kk$G>&{DZ*5sJtmDSl%jhYlh-76M* zR3HzEF2g4lAE)*-{bTCm!SLl#`)Q{>(t^Dv);tT9aV7UcylUAo776wSI=N(pT*wNU zD2OIbk78Q@wx?Oa$g|kIgr8nog14Okg2v{rpn6?i2=nO}qE|Fx7eTc7hC{?k~IypJ!*;rzBd1>fKv~ssKu(z=i7OU??VV0iK7mZkxB}ZGG zhsRDFS^X%tvrim374^&Rk5&#wE4v%*ye=3vTea^*lQ1d@2mhrb8m!08f!D`I{W}pi zSM3^Ax4WXXn_GUtYBfBHijSl#u#a%yIc$do2YVySJCWBPwcqCce1CWFn;R{E-rH94 z27mCuT~_NZU$piwEq{cCEDUO~JHg%)O7Dd#8MMkk4$tM^+-mtt(7q1U1s^k?ipb(c>u|?Ymmk zo;7x6j*Tw6HrYY-lF3|ApRnh2Ak{^E7_+-jD`NH*Y;D+`N+Q)rus388I;v>xpXleU z*HTW;P}@~S!NW^b^+At_-NViTiJ%l|HD~(Rk zzU)nkqH@!URkeM=DKEg?emx80RkL*gg)y=c?&97`11o-q9fBDoE%#F_Q_a+#nT+T0 z9_*m#+o1N4flyRa(6+HAVb9>_(egJe!sR2hFL5?(3ZLc~DZu8P+nd?-pc-R)E~*+{ zp6n4*ukWkPd%GIjl2MisRg^}laHSu%H#_QaY7+FWwj4S2#bg(?6n%5NST{7d`S1Hr zlMmFXt5F4YybKF-j%%7fv4J@9t*7RO_@Cq46X#YLIBs?9E+^7fcuG;}Y}i`Dpc2-S z^#$~G4ufE2IqBGIP9;6U`TVDBVPTheJN=^Hn%9`J(i~UNXiP3a#(BQmNspkm*D0IH zw7~%n+0u5b@R=m>ffZVr4r!RsAxbWjjby!1DT@EbrYhWol)W(#$ zDb*hvYKX1UZ%EmTvn5jIZkprURKEkZ8f2OcD$HO7#cFH#Kij8V2Kf1QykQr|l_|^|tlY3%M@YviVbVrpDFx zh>M#1-7_MNO%!c_Oi+CYZieGejcLsT{d=|tex3(D#seP@oarvXFN3Oo_??VD;tvo+ zP<;%3(P?IthcAX~a^B>D-{yhe4V>wA$o2s2#~$>*(ezNN3P%18jn`>h^*O+v*0`~C zSN#OAS2fhLCc%j^KanKEXQbSS<5xb z9B1)tg*eQ3Ib-hp6?0~ra}11?5S}B3HVKnvQ2IK3SOTrB$maT%`S5v&crF_uK4;=O zMRHB2NCP3~xsI=ag)Ivxt(VhK@p#T6WlXf}`lTj&;&Q>VdGqJSLwq7GnWDZ;r>d>u z($B;r9Na(_(s<2@?;B#DmyXXE#&C;6B>f8tb#Ts)8Tvn=J~5E~c>EbWru!lO@V#X4sTwCe=k5%ClLx)o(?$9cLH|p^ zN2a@7;H>9{zgcr4pA!Ub{3;TcdZ3Le196$(BHhoq>8}?!=ig1bHwv6(Wbl6x_-O+F zxxo1@H1rP(oYSBN-zRXnCVial=P0MdrwIHE!RHPS{3il07xeoD{&|6`32odn-7g6I z7~Ma)@p6Gz2>SB`F4JugxGb-01upY-pT=1&WIgo|Gx_SbAo=D9&|BZ z(pJE66yWG#l%W4Ut{F%#`HvR$P2youzOp@@EA%hh`%-~RKHCK@^;Sw@5U3yinZWTb zgTa?Lx4w1y*WeH6`yLl=#v%0k!(iymc%#mRoAHKw&D)GO_PXfJc%xhko#L?W33dASQeA)b?U1p7*IHr? zJ6(htR%8U$HKt?Oas18jdHfOAY9yq>Hw~cy^sg@F6w0mOh+B9_K+xxvFPU~!;yZt&1n__A05zm-e7N8m~K++fXl9dm=ro`c)Fn)7ze z4Sui#@KgBh24P(fJYGH-JkCOd=QqO9WsgZk!uelq}D&Y?l zCqj0Q4T_B2_H$juZJNBT+ z!^sIp8k_fEodb(Qqat?y$us ztXvSnWGrH*`KY4et$GeWDG{ujV1_wyk&|fRoQSGW>(?d>t-HcSEgt z^hXNQ9sJMB#j`Ei4e6HPad7$^Jg$%nKj7Wn@(dIPkA?8QZb2lv!WJT(@2dtn*xx38AXce-+Mp-GYB5o2<|~R@n~zx2FQ>%G-o& zAUeI5qP$x6^nHhO(Xo_Xk0`Bj!unsK$9kwO+Pnwqj3&m0p+I=Kvy#=2@O4F}Wb6Gg zhRF7|(5`{KrsfQD9{lTv^w0-+=uh-XuI(Jw%YBXZW~_R^Z55{56IWHh*KFd_KyuRI zTi!p6O13;uyD8ZAT}bNh_CH^{chv|u@Z|J;rkm09+L4)SH@}v>iCLHyt9>($I`9(Y zRg3LiN@_g0I0i4b_KTRq2j~3{e}Lm|xHh!KFzEY+lH06TnRqSR%v#W!^kwQpMQOhZ zi>mgEMs2~iOK=}eOeu}xxSX*4Y-6&a$x5_fIqzbfcuQfTJ`l!fJiVubG*Mq1J{N!X zR|3xAKw*1Aac__-wdwrPznfT_z!JpJr3dL_lKNI_X?v(|7$!WaI5QEt~!55IhLkoBMLHPGMrD*DI7Wt~S;utOb5D`98|ur*dbOTpj3Y7$kc~ zxyhSK%|(s6KvV1J8b6a1!Q;j^!I5cdE$DLNVUmP@n1_FG0gAretnTPV8FU6t(bD1A zOw>HKEc)4W{8Xmby4UyO87wR|gz@_brvTHwA^RR(N5^~Pl?ouV7V>5z?ahv~2kU40 zg&)KXT%&ONZ^UBO8t~TdGgWc}>MUaL#+sb{E;3*#{wTYXA*+SeBk@8r`Ii+$uK}9l zrGEkT(PVw8>IPM3tp(=dI=?wGJQ&ib;7JG??y6VgGAoH*14@I7vT~hI^!6r-W9y-9 zT+l_2(xL|2moc;UpBj@l|6k_b20p6l%paed$@|+RBq4z$WI`q+LkP*_g(M^)nPdiL zWFjC^L8O2&ycBs65)qLCokX0bBf8eAYh87zYpqMIYZ1{RLrGTu3F(Oi` zfC&7)&$;JJPA+rRZFl$oKc8goz2Ebk=e)n%d!FYxeAxC~^-uhvcY6bDZrQ%{9@}pB zIn`=@y%A{;$3S66GgUOaKmz&%FCQ9)n2AITY1l$X2uK2KS7)Aw$<#3-FBFk?(!L;V z;Hg3#uc{FQpHY%O7k*R*W=iVrU5E^`mKucM4m`s&x&__xw~7U{gbcC1`u(ab&ty1HzP?EG6}qeU~G>Og~Td{5d`jLFqi9^Ts$U29kUi9J(J>&s z5NvDh9+!U^)(a56U}>Yls0L6qL28F#<5Ra0vug81JKCEa)2U@5@1WC3t{~VyX?#*U zF2f&CWu4gIhb?w=9@Rji?|g6o@O0;ihDCNUVP9UduN$0aS<-Oq93=%?*x0j%aXv8_ zAicbAxxBT8_Ds=eCDy&aRLjHTt8MXp-Fr&(PeIyypJvY&>*rQ#EO1oB^gciffpE<~ z;mrLH*$=x5%*1!i$0R|hc zg`j(i`z@wGNRvMd_Mm=3d&9S4uhhx59x0zxS3(DY-g{NsP;JcK(?l{21?W@G>s4wj zn)+n<>nqc7I9DB;u^|f89mn>pt9gU_A;kq=ednUnUNbk?G@iDMRohJ-kdX}ua=)UV zzW6nJ>8wt#OKim6cZlePz9g{-W$od5i{RIM)Ah zJ%|5L{KL>diC*X>v9SiUgMf#k&*k)MB0vNu_>&zD;`1Ahi}A$G@dF$edr)+STPXgw za{46RgxENPc$VtWuhGHp=X}IBT{Z@R&yzaz8+CBnBc*(aZ@_G<0-rrP^dtupDqqKS z@Y6c@MIAgGV^%2si8?sxdxfIU(ZPr5;N?1alMa48a4I*U&&9@NlpCFu$J!fxAcSLM zFRpj$@VQ?H-=Kr5o4;(4g3o<(mM&f>ne0$4e6USz{4gskWn^llT*pERI7qwH*a~Lb z&txlu8Gh;8wx%zO@Fg=K{kNP$ZYy)@etXm6{7Lv>S6N~ru@>9TA}Vf&1QhZ{I39!9 zmiSt71mg6nLeBd;pmcve-UrIgv)#G!zG+P;|uy03D1!5TP1vugnK1i&eyXNK3Jmf zm2g>>;7bXY_vo#B{vvNVUp5Js^QE4prEN$%T$|3% zB>LeJ|8!}OUaqek376}uLBi$wnj+yv68}3TTrU6h9H(^3d+U!$^fDh=_F#m>f44+W zYh=-W{vhEaCH$C#%k64lG>G7+9%+A4@F|pVnSZr}mrC>w375-xx`fMomP@!z;v@D- zDLpd%ZzXy;U$VU(nUBI>Nr(^a=Zbs{mGE*2uhqf7C*dSREcmRD@Jb1PUc%*e^12Rw zPzN8$*FTj0YKec1gx5&;Gzq77ERoK|5^k07l@c!7J@HBSFp2)B5-!L4TM3uxUzf%c zdHn2=`eUKQ-;8^5)Gz2?xS#VIfs6O6QyTmj6%-uFfRYpR;=RSA!NvPYy9O8UC--S^ z@qVI}IT7z62Q>8Jz2b8XF5VOBcqT{UY>8bkv zOjVuLiy6OEB)l0gjD8yV-K!$M{8{^Mq9!)>rgy=*a*rPP#YzjFHdl% zy00|x3Y=G;c+}Nb|E}R_j3S;iCdp2Or@kUP5x=-L!jtaB`?H`;q7OZAX7=0nBg#)) zuZLHt@TEMwC@;Z5Jd5je9-hX2*;VuK-zMX78v=>E$l>Sm@G?gCTG|yH4`GA4`TPD=PR7R_rn<6{W8jK`stf? zzaupq%CYSw4&@`$?|mtB4omp1=5Ppbv|GZlap7wH(xs@|)=W#i!-O#5;k22ko;kB- zeE6E)-o8B+Az|aaVl>^q9w}HuC%;`X-A9Gy=q>?6yJ?@(_nF&2HXMh|nz}xO2lg#V zO_GkKx`f9ToEbc7&B}1>e69??3wnef^*ep)0!V^~PEE%?tWc>V{X}sX6>ZOo^P$Av zC(f`$-tDi@0P*S%@bmf-{P2VS`nGCimfE=Q5ph$c3poH>{YzAt2ste6t+Dv%gWId~ z@bm5Qv0792olRYT!&Vs>1TwJsC-yXP7SyLA-rkS;Zw#T)wf;TIfJm7b6P3GfFerB= zDVgz6(GMVxv>v8+9&&fm5Bsh!ogIRc3b=X}9lyYAOL>S6ZZVY+=;iYlplx<9>GOFb z!+xMqpK`=~4+u^Q2yUY^$6>RAj?M@o_Bhh#k`ZSJ8Wwx#A4<~y=3W5Bs{hSj>a3%3YjtoZaQbGr23K;dZgHJ}|4@9U z>ELs9aGEnh@mZ;Zvu}*7y$k&q7?{PVtMe5RACcrQR(-~Z5ro^Z=L<<)gbIwlN{YO z_IC}hx5gIX`BE#G0ujHsHo}MQOM?{Z4ee!+qwz_0BAmFo;VJHAx;wsO{=d(|Ysv58 zzyX;l?nU_vn8vqI^(WpvMZU!PR)iPzM`_o_O}vGzykk6bG^Yw4&=;CVkx5Ql*0jd$xc$4Yac!j)T#);_+fk*1%+6z`<=ybR9Nz{sq*oo{x>&DA};7GQ#bT9|@29=x7tS-%|`pFG%Z{I)4NI z2VC7XZXay3Y=?lJ#~0=@Id^$4DW=Y+h)eehm^uo2HbFL-e8WtgKT>^h+G3w?lIm-0 zpNDW6-rjK4)8lKxnX5Pq`5g-5?J>h1kQqm&SN4uk<*&%HQd2b8w&R3oJM1SlC3!Cy z+s$~$zyon=PZ0rK-8j`e3@Pl`B}`$k6Ko-$YmdGTLSqo#hJhuQZz&~qxA)SOc9^ZP zC-w89l)~$B`|I$^=;xKeymo}QZxAthx)qtCObvUrRRPxgZU|^6x%{gj&<%l9RV)rftO#!<&kT4%AYArjMd~C^ zRK`woFd8==+}<};aWfuMdp6NQFl`k?i)AKMV;yTrC``Oz&{?$)5D;WI-L{9np4evw zkX{3ohts!1+lU>$eUp8ANpchRS4=+*w|KgLXITS!)63x&@5Sg2cjxwYr;|)%{W}`* zSbtrn!yjG*%Tth8b&x#ZNrx{>6}NPBXIbn@uj#%YVTeL%TvGB-UfxTlA8zx#?cJ#dDv1MrN%EA;2$n~Ig)1gDsurXJ2n+XKh&HWDq~!T& zYXGl?VCf(o3Ri3Rk6_E_DwGzu%@)YkCq;K8uBo#a+DWOR^8`jte|Vrqvq zAl%|=-GO70cM`uAe`-3U*)63W-+QMBz`G!O$DvffWY`-Nw3-?qijS;45iJx7n9SzM zt2myQn#QR~XvH3=HZ!L_uMHN{kB?eZc)s!G2*>dL~^)!Iw8(_pd)!y*c&1m)uKrK;`4gF~5FBG9;D3X7vH z{t+-mhqx(=89`${p!I#gq#R+q2jiv0!}o#9w-aTQN<-_tNR!9+4vR5Ke?3QCT|^JRX$R+q86sK!$_5;O|L=z zF;*j;Xw?oMiWE|q|5%X{$G|U9shA(W1K+=@RRt4qR8N7)2q@Ywv$4h!rB~0I!1LMr zKGhk_eDV5n`|n0mJ?P$z%A`(x@`8JJ(_QS|deIwL(-SbBb3HFwd7xN|-{bous|8fQ zR9VW-z#WW;x>B$=kWS5`Xeq2qToIZ&u*L_YdB=>@=d00rqC^K_e9?1H6+$^;rhO{) zu4)e&O<~}1ykc-UUw?Rx{rq97G~1WTDR=9k=`(1A`N)W(dQ&xP#0N*#^hG9EK@Owp z@9Rr6->7oCOi2VQ04J10f`jK&S9ho70V*K$XUwBCbVix(Z!%I3z!~gs;c$4gWT*8Q z%L?VmPGcYp{#8WM0B5mVk8(?cVtAwKhe``(0N*E|$Z#oV$>bb{!u<~4Mb><2e9Q3A zsOx*fgEq`Y3QMy;-0e^fknY#|CFl*_3s+74DvWvF3tyW$zeGhMrxvQhds@8Pjou5& zawkQGF|^L&^c{nlLAw=WG@9})mJB{LAX`q~1=unJVJXvOVjjea1_2K$045e`u)+-C zZrx2;^e8Z3hc=9wi}YTKHg%2$DYeRK8unZ?3R2g_;N~J#mp#-7ps)nva8!(qH?R`$ z_&#JYO-0=|f`|;O^or=uBOg>Dgmt&6C6f+>qk!IYwIU=i8l4T_tcuwk1 zuI>s9mmgBuRlEGJuK|CS0^*&-m~yFjw2D%U<7jh~okF)n`)U$G;alp6B$hANqt;K* z+@Xf|4rPk5qs*W$Szs6PA{$7dCvcMa08j^73k|e>aAFMsDmm!6jDiodlp@U57d^`P zzLB;)*P&br4zhp7AiK<@&PQIdQpv~Hsr}Xrlt)@gOobiOCfFz(>kp6XBT&~hK{^lbL!A5Df?y+0nlA7jHjC$XnskXX4y@tN#>{Lz%153fE5O|CJ z#Hn0njrlZh%&HMi`_1<0D%(pek83E1Zrep+kzXksY47x+>9se1a|%y-fk#l)r_#1I#;opI_9um=!iuXV;Cc2J5<@KnyuY? z6?g9;ReqP^y%=U%w-@&`=yv@F@o81R(ED9i>7YQ>lJ23ChmK)Mm5Mn5F{>rw!fZhO zDj$KIHD9Bm(0Kk(i@t5Te+4kKN2nWNBIr38Mq&HRK(b(;fj7z;EcqxvygmR(&BE!s zh&Dx&iTSDxBcj>WUGD3#Tk*G@M#v;607B1`wd85v2M`ZMzv$l4tbc+lY?Vq}=_Q|N zzyxywh8ct=dRKS2#nsIh=gsIrn3#TtlpD&Mp+Yz|$zAhVdm7VHIfLy578#OGRxiaW z4_&=bt2BmwrW%UmN@87$*_g=oIC^*Cy#nvlP&s4~F`m6!)c*E5jdfDO+uv3bSZ?1v zHk$mTOb0w{pjZPGHTE^*6L7PLSgE3wFnh1cmzdB}Mbb^3cOlp{rQQlquhi8tM^$S| zed^7DE<`6SIUe}$>Mg46-|b_cCz#z%_010T63Zu1`o3`gTIA8;Uv|aeUx`)*mEW)J z*4@2R9-y~PdY7eFT1+P_lfDnVpBUS3ATRbdD{%TUP)DelUSnxef@=Di;2W%?=2Ck$ z#X%&b6GktwA}lGsKZKf=-(J=A6{dF>PPTuq#kb2o#nT#~Ro16d>^-06P?vTppV|*1 z#mC*Pe?sw^T|Fm^_KCD;P>!&5hFUGCj*O{T#^+4)_~VCouw;t1doMTqa2E8d@y3ej z_dKkhp1L2E#GbI&ptJ`A;~g3_Uoi`*=TFV;BlEtAk0L~>nSsQ3r}D<@%MdLu(Somu zj{%?b{(_p_x4Zu#eX2UdB=**rtSH+ngHDs5Y)SI7%AtRQy|Rm%oiS$X@)m@re{zY` zy_x<@pH5U0=_kqhJB?wxpg?o&x#G=aiV_A5VKh-bZhSjf{to}-n2e={zeeY3EcAoI zCWnl`5ob(P67N%{CO)7{z}124t+?6|1ZUNUND_3!#*p32YZL2=GdhUZ0`Ry2*Cz0w zjTOhT(86P3S66r(xaC|Qe*R6V_S1VT-a^|Z2^nvxZ1(uM*iH+S%$6B5Fp*R;om`1 z7TlY3?aPBk?~d!f%`(O+iSt?#m&{6>XHT3J_CurwdDK|?#DVu)Bq~+L^xt_r?9(ga z`AOKddT|aUL7XMS+J`1R*R+equt!7HwAe)orx2}Za|jCU6Z92`dqH-s2Ti!vG+^g?@2#wJ1<)yuS|P5Om8e&O|q~-Hjd-7 z=p#KGD;xC|d&``dKZ}deKsy50x={LLv|Ems8Sq;S}0XQoMP5I|>{3+VFg=2jVSJJNv#mBCL z-=Krf(81}Ps!;st+d(LNr4GIhIOS^z55)R1(tp1W{S%!2DNZlO{1-TWO*`b9KkOW4 zQiNGb#}qG{e`lL|FwgAU=g(%!IpoJq7XBsz9L}uEfRsR_qlrTszeH+;vPdx2MT?ih zW+f96KpKMDLX;q~UfB-_CXUEq7*dXr>#C?3hVstBTW41j*)>f1XH!Icje60tb{w=! zDlI}9A*eV*%16+!p^!q~31mXyMW`kLB9#}RZG-%7OtcHDo|H=})&7Ohubin_ zv$II)8jgPwtrIcUHoo9sEZ+cs8F4h`%h;@DmA_Wea|- zgCF2HMH3;V-$sn#=t6q|B42-!a9L(Tp}=tDE#oZ`F6%Y4>fo}?NtymZiJnAjMS6ZK z;c~s~mvEWBB$85jZ8~q%!Pn{FZ|dMm3t&yPX8|?T(%jzMZ)Fuyf5K$`}|bG<#LPT^F5_g=3~~ur%AY6Un?b? z_={9h$pPXAE}m-|-{5y4TsL-8-t zIYtMcAmK6}p|4JScmUD$F?t7yt@bSulfASt1F1JjDRtvnVg7M=%WhRC4nE~`KPu=PT)dM)y&X7T*y{w zaZYBKrJ)z^CEGRlc8Um2*jN$qidQQa_ZPT$5BQA+7whZyHMm$uo27LKk%)El-y!4J zc010#B+Fp9qv|FYZ8<1djx+>88+D}6^0_cH03?^u4f@bKFFf6l{; zb9x1Dk$&-f6K+D~zmXT*c1}q7rzM>TFY2Gtu8o_5%%Z`SuDoJte4>ACc;cz8dq9Tm zw5Wi4Q&TvaM>f}l3NH+<%u(3{f3@N9Dz|9cVBf)lFyeTMxZ(V-LK4=XQw>Qp z>CAL4q}5-LP2Drbhj@QIh2lX?oeJvAw0j@ty6G{S#2w=VPby zL7vam-HhEqClZG3Dv0hm{c|tVPT~FGVCI4xgn!)Eu=|GZ{`*P7i)xz1hrK#%02opsIi^3tLZ5Qb(LE&|R%vN(1s9m8 zb^Bmma?y5o&n0t<@}Z-9Mv_PQBgwYK+w2LLf(|XK({!f8)RF>G&L3C&afi$)g z=sY?@c7?|7kvIE#9JdT^*9#_oXEz}KNxh)y6ll;RT{EQy>hC=t~IHy!X7*NLHnWxNT znwgSlnF`4h9Fl3C<3@jY3;p4^nS_((k%``zx3HJA|6sg6gOF*6{IGs$1;(q)bw>v$wF1G|1(9`P49{Z_wL=4D&9#CW_m5v^Tz>5nKqPbsrY{$^Q>DNCIt?pe@=Rt5mrJ%7*q3cxKz~m>oIh9fWUKt>{ z57uwB{WY+X`4EGZg{--ltoK+NzkCC7@%!NwcwP0^8C5WjXJE9+2uxsPki`no?y zfodM#`FBK#QDrl!s$e`27={Fl_mtwwV_(z|izoMzD`rRFA&N^K$5;l?yuDu`#~L{Fqfk+L(S#kn9J31NN+9=x4>pLMxk($ zy2SMRhB}jzR1QtKw^=f}JHkEI-_x`Uv7=ioSsv>fF6&nwD~|3wNT%7}fG)GE=OSkL zw=uOt!5NdY$GXd9z2dR{#bf=m+xI06N|>hIJy*;g<*cK-0~7c`kFo~`QG2Y%J=PDP ztw5~y;ACk`^;ahNE3U`?ShsSe1q|q5;6JmW>TS;Buclo+_nDHNhU@&PO)h`@-Q81C zJ<4&H^#hOfpv(6*G3&vx!AKMYKT_|8!o{uKQ!*gB>9HblZ)?-^SMa$N|2KP-k6g-E zF3RGE-7~VFM@_7L@9y~;DL-+YKWjQ$V!ZFM9`IP-@<7hWdV%GR2GI*Y#@(|Uo%rxUv46Pafh;}c)MiR|1hWQ(5!(fR{rvu}t^+!=`w1n|= zk7AjVmgpG!?Y^BHy{i~UfD^Hcq;KgEU%gfO8W3UJ|BH5=z5?BB^*DFUr|oyY9?2MS z*&CQKp6KeH0Yxc@l97%5XK5v2H!U7!O3tI}A`A=*lIZSEvnhF*xwq~C)hazPgJ2n@ zhAie&#HwJ~PM+BQruiW==JB1w`0y1QAC4g!m!D*2{o^3u8XO(m{yR%mUTn1=i4lUv zZT;2$J(kjLBaH+%(ikw&rCh+u<(BTrSmYnWm{CE4!c>oPz=5|8NB8)6m-TZ8C>m+# zj;2n5ML69lZ(zo+b}7I2C?8U{q%q_j2u7((a_aeb5iqtW7u;C+E1$cqZ?#yD(K;Z> zEtn*=(8}Insl(N+Tx?MewkXHl)}9uOAXcdEK%A?^w-1RxkjofI0u%i4vs;w2Ze@>0 z*-s;!!=t?CQI2}7yIt1v^aq(kv)gyIdu1x6z@uEnYtBp%<3+}$TGms`2qqU`i2r##C0m;}3m9>sCmC!-GqU@>%igN7G+;#al0urPOe}z@W)2+BySvXWcDMt$=N9ELag1I9U?1{lJ}3f-UDh@lP*SC#9grOU2lzr7RT=TtxREACKYw^pzSKN#nW=TwX zuQPShcL;j7bNk1s?{<>`&n)H2r`J0y)!XCHUb;QI5qtcb-mhZtiWiN#(!Ao~Xn;fF z6%TC~BNEi1UQDr zzY)n7Rg|J6T5t^9t^hb&h4-o$gg6K?rbUAVv}kau#_(0#PL$biE7p zwTe3JJXF_0%3mYAoDh_6WVJ`Rb(n58TiZqQEe5OMTpt^RfMT?j*849 zq|p0Sq^a{p6imhCn+o{o+p6i^4cHT`lNqy7<;a9;@diTgz~5Hg#O8e@~5p# zzMUD;pC&u{Cl@L_^+5V37s~(J!qeKF{>g<3|84#lc!PTga(J4!{~?E#`HwkDnZEnS zcq8<;WRScuBwVEwh;osiwZX|xV04eJ`mIjnjtD8tH@W{Ve~MqEo9@4@I>=v?INd|N z>Kh&Ti*`r%I3w#Doye=Win5|-IqxE$+N-D!%9Bh_kqVx4B|5@n8aXZzUalWeP86QX zKwDm-T*#mDtSui=4&+ax5tWA=r<@j|k>iv7DBa{wP7Y7F?8yI{cu-goUeJkW5ucoY z;!QkdC*l+I+GlNe@vLoUhW{a5lG~6tAxCkTGSw%O&-5Jn&Z^-$0&5i5Un8Xt_{d5h zP`r4Dv>L9}7r-em2E#1;cjBMiFQ{U_EuP=##uIi=$Y{pJ%>rAtn!`2jyTqZNmv4+i z*sG18M%kB-KAj4tdoYf453Wl*pezhoUY@wHbs_WNh@(0YGAKXzF8O#snIAHa@lbi8 z1Cy?;lW|lhB!`p18?u;-2^$dtYYc&jGvMX0^E7l7;CBzlp2ocaXA<2ThVz}G?Qx6n z+Z5-*uPd${zm7N;JFAGu^c?lK|4m&CDi;N#%^IEnAyZ)CxS4l&ffq3xD;26IIG1`c zRN+c|X7Oi1PupCCjFYbxYQ@qTd zB2T#W_@{Wy^Z+O5e~Ej-w-X2_@E34Td}i@^{xJANYY>B>3h~OiGibkiir+`0j6)w z6X((_YMVQ|9ZE+Or~`UCEbt9g*bBtmC{dDNItVi(zcORY*?*Pa;V4= zzEAT90s1^ENA*iP^55?nq|>IM|C&)74A<-6lXdtk zmhe1@|0W5S%V8oV9F8t>`5XCCf^b?(iF8iX!Ba4&E~T4vvfRzlW!L zXe0>XC_Qrh)=9Wrk3ZwMmd|e_`eEQD@+Ho~(WWPZ&tuwhDC9WN%jNSQ61`dCzm?;n zJ=DRE+*=a8+#Zf==>MdW8?NZ!Mm|AOI%PgN5-zugHVK#8!wV8_0WVQLf0Xci39si% zEp54t=eQ{UpVJN8a~#*!Nc^c^XW^fmtfM8DztGVV_5M4R+%S+n#KLLuOpa^ou}Z?_dhC*L zxgHNnxLl7HBwVh?fuw)}r!5By$3;EfqNsF!j%(}j-z8kG$3qfc1Qwz^PjFmYkE8f{ zP#f=Lj%(}jW{zvqe^8<~OY#0m;!pJ`(sNRxm+Mh{R2TL2bA%x`gnw+;;&~j`*5fz{ zm+P^d%it5eTrYo;aJk$*O=(lj3;vIp1(XMt#IQa?uj~f1>91iR74`}E``Fy5Bf0g4D=SV5uIIeR+IIR^$ zdS>FD9F^x#{0qE+&%;{$j5L4A^byiHBjbru`_)*{#Dt@8U zRjr9on|~X^)0onTf7zMI1MYM6!t}xD)j*qnH!zBVH!n_YFg%s6-nxjnRsAxxY83?5$Ss0w zq%xHvnny_OhnkWIFTM|likm{dMUy7n1zvun!cUMkd<-yc+XH0So=3m1(WS|lHvcpo zgbJTg&Vn0OsF&ccHax!IETK;?;^YEb)u_tK%Cb?Tbk63ol~c0vrZ_Qvljs_HKjkyzh^Y>}t;9len#U+)gZ2T@SfY$!5*hHR)p zWD26Pz7IiHM*)%`ORP#KQ|vx4RFjDOF`4?#I{~SBKro3PjG1iR&`}3=T*0c^#r-e+FC^|HSj@!gT z@68a%>ZE1}savKv+G`OqPLv+9$Lsd)4&wq@?wZ{=6AqZuw7Cjx4somH3%jlzZ@ZwY z#byZmR@#84s!3wrfuY!N*Z2l*2MP5vuz3x|u2xk2zryN=X}yE!fz$BCIMg>{`Y^2@ z!Eu^PRQxa!V_Hw9hl!r%aTTW>7t{K$u>dBVmbof^GsFLj7XQ_Dqz6#6S;G?53_rBDvsLQE!C#3 z3=|-1FzQGYAf+;%9}W}ez$;YF#Oqahl)0I@9)loB;35b(i=W_Dt8=9ehF?#a>h3^-LGL$SZogxl34U%eBT*Zufm zrv>tp16lTM+XL$njM^6krS|1Q*l0sX7O5MgI&sY608$|IUWkBk>I+6w*Nq^0^?D*y zHIlc{4w+h(NR^pYXEb;+NDPMO(QNwamm32Hc{L-a?Lb75iX^ZFfy;LU(~N7-9+&s{ z6`apPM&>Es^ZK9&MzEdGSuRow^=`+>j}FTcHTkB_)8Hwr_lheKl(HDf=pU<~U?XU( zMqRn;cRNuU>((IsF5m4?!oVpSX5QmzjI+J71tFzz#nicjih_nyvX2~Xy9)JDC>%i^ zow26D;c22EBe(s=r*1+~)`bS><+0>oJnTo)zCes$HK+m8`mdyzUA0igH2vr#G4VSw z?quT*u|O--?c3RF?wem--W_3c>?ED*-5KVoxn%03`NOoiTrhXhphULtS%Pibdv9Q} zr)#gMW5$i3UVB9yC;ka-YwZo?(s8q!cCCa|1ZHqNg6 z5;k_x8O*Q#n5DLoQi_DC)4GUPT+t4qx!O(NxIya%nlI4s@H2a^F$e=8FZCkfC)T|AJw0ViN@!^M0LEhzj7TtO<+$Bq=v>1wRxV$ zLWV?z=c7O$V55o5*NG@u^nss&`2!x`Z!K%UiH3k2)4w<@cVTjS1;83Nw7b38XxeM; zvD}4LHvqR(02Fv?um%0Q^+FPQ8u^W1C_0S;}hXP{a^yC^uTNm_CZb{{w}U6ZN%+P((D8P=WsltdX@OG7Ei5 zJtBwEk#Y4-nhJ@CI+X)mJuC1A24=LQ{`n$_@q1UJ#(Bn|u8!jV4w-u;Fhp&alzS|c z)Z-o~iJzl}9RRafw6?=^QcrbXe-)|iSI;cTvk{OOgrO2NRO+giQPpy)Ke3E`rLLs; zvY0~O0e`F!YoXuJ@eo@^2EGp{xV}NkQd!)r_Pefj+}&$t>klvNKdilCh(_!0{56^m zU+b7Q$1gE$c61n^%uH?JEZRcHJAJK}6sRzHHk$6G@jz5@;Mb5XRdtqSzTf*MzNm}k z2Ya94^Q{BLmKCt0$x~0lxMK)JUPRVJv!9BAhd29OChtI$8Jhi6q@CI@DYv2B-)?~x z!0nd1_>@SEzL71mJiafSUE5oHpF$bU)b%Qu_m=Q@`?n8_9i1Ius5Xzw?L*-W9YhSZ zR056YG-&YZsm5sao|?~>ZNt$3)Y==VmEWaVl~$l8M1yC8epfA8CF|X+Qv@PWhU)my zKOL-{(&sagkjK6?A+HCPqJ=&{+ImujM zuh492y7wN`PGAMAY0Py}`-%7_K59L0qH3iDX`tjh6gKz};p$e$r@-SVi2fx>F$ZE1 zBSwhe^g`1~;D=}zqT#8<_zRRO@ke7e1onTaKG145a2XHMa%|26Zr@wBJ#69H@7QAX zeY};vX^ZHBpq z1%`!&I}EFFD!0$jZFt!5h~Wvt2E((4jfR&Dn+)3wJ%*iz-G)PkqlOcPj|~CC8N*pv zR92KIB|$MMY04laQ^{A#l`5r1saM7;la%So3}v=5S6QrdC@YoKN|)kS9#kGvHYm?1 zFDNf6o0Zp;9%YZRPuZ^=QjRJom0snXa$dQt#Dv9#WryX36^E6F)r8fC*~7+%O$xgy zY+BgNu(q)IVGF{Rhpi3shOGlaf)%8ak_D)aiQ@J<1*uNW4Cd=@e$+G#^;P1 zjV~Fu7iH!g$Ge*%%cb6K)D06rLHLA6^h%9NrM#9PSKvhffHf z5f>hQJU-Qf>~KM}qm{JHQK!?%X_gzpaD7rsCI-SFe#z2TR`uZ9~VVj|)q zk|WY0(jzh>3L>l#B@vS%Zi<)@(H5~hVr|6wh=(E`j(9BM$%tnoo{!iV@lwRLh&>T| zBlbrejCeQVaKy=oa}k#!q9PL_lOxk3b0YI1iy})R>m%)v<09RWEs>KWr$kPVY>QkG zxjNDt*%kRjbtF?Yl) zkLil>#jKBcJZ3}8b1@rZcE@}Wb0VfU=1j~NG3R40$E3vO#OB7@VrydSW8JYg#m)_}%d*;y;e>jXxWIKK@d?l3+|QC8Q+eB;+O(B@`#rCp08XNSKl^KVe0}+Jvrz zbqU=G{)7z)&nIk7*qX3AVNb%oghL7MCLB)qIN@Z%xrECJR}*3q(-X53a}x^^OA;#+ zYZJ#O-jp~kaYo{T#5)o@5?3XzOI)A$aN^^MFD7nI+>*E>@nGV+iH8$UC!R^Xm>6Y> zGbNbPP5CCP$!2OcjWe~FCYUChrkSRj=9(6mR+}C+J#E@xde*ej^pa_l={3_q(;?Fb zrhw^;>5}QP$(UqH%1O#i%1mvlKPA~`NOEx91MIJqX-nLI9eTJp@~*5vugi<8$Tdz1ai zk0(E!{7mw*$7JK+b@?0oDOU18f7T2G|FT8!&mm z%mH@{STz54|rt23j1PU7UJHYDcO+^|90^Q=d+KF?Dn5*3`YJ@1~we zJ((Jj7MGTsmY$ZAmY-%#D@vV9LO>frAES4$L1|KCotB{Xply2?M7LoIh~kz{LYQ z20k?Kk%3PRd~V4E15UK|*cZc5KfFGw#> zx2MlYZ%tpGzB1jP{&4!^=})FVlm1frmh^4ud(!u&zngwMJ&=Ab{fqRg=}{Re8QB?? z8C4mz8PImlXvvt8F*oCmjO7`tGFE4FWvtJ5JmZOsXEQctyp*veqbFl`#=(sDGCs&S zn(=W)Z^joHmow4^We&0pDj(z=(DXqo2CW_R(4a>KJvL~=pyviXKj_6ln+EM3 zw13dyL8k{@9%LLGF*tc}`rzEbd4r1wmkh2P+%ULh@T9@>2QL`Ba`39b>jwJ;*vS>1gu+4HmS$nMBqnY}7|UA8a#;q1qmjYDIGnucZ$%^jLQv}mYpXwA^^LnjPv9XfaDvY{PA zR}bwPx^C!$L!TJ>6SqjtEJvz zw=`Q?EHf>0Eek9wEUPT5EnSw!El*osuxzrtX4z@kYuRUc&+>ugh~=o|3(I-SC5w_D zm7kJ7D8C@zmS3OWoIgH)LjJP+wfX-1hw>lEe7FMogj2l>bI&*xvv zj~Es=%rq=*Sivysu*zYz!y1N-A2xZ|v|(+-<_}vuY~`@E!@R@R4|{yrlfyO+duiB? zVS9${9ro_9Bg4)N`(jvn!JvZ5f~ta+g2@F_3T758C|FpqtYCS;>Vk(09xr&J;Msx~ z3SKJMQqWVdv*2LCiGni)#=@w=gu;}<%)*?)+(KJnePKhPyKqwB^uig1vkT`Ib`-8H ze5CNn!q*D77WNdrTlhiY;liVZrwh*)8m$r5WNWT9&)Q%eXPsefv(C3Jwsu&()^*nP z*2k?+Tc5Q)Z{23yVSU&7p7n$^U_EU;XH|x$49^~(KfGl4gyB<$&m7)1e8KRA!(iKnJ{wD$efY+Ba26tkE|M5 zGqPdiO(Um|Ts(5c$kijeMm{w1k&#b~+%WQ)kuQ$iJhErxj*oCmONAPe922CJ4*JK94t9pa-`&B$?1|W zN-mZtr3s~ZrPk7_(%RA~rPE5Mm(DG{qjW{-s?x5~2TLC=-B9{m>6X%MrMpY_mL4p9 zuk>i?$E9aVFO^;{HQHiqgKW9B0$Z`I#@1|e+Q!>v*k;@2+7{ZD*;d;gv^{2f()OI~ zMcWSBZri)I!?x45^R}zDn6k98^s?+SYguL4w6Ymxtz`?!7MFFDEiYSH<}Z7!?8&lc z%Qlw1RJOTnPubqG{bdKs0%fPm&Xrv(iz?4AFDfr7uPnEhk1L;EKC^so`GWFgRL*>2YXUi{_D;1`Sl!`$WnH5zP&Wb4&H&wJ&%&%Bjv9_YS z;=zhXDxRo#rs9Q)*DCf@9I7~8akk=WMNDOSWp-t8WqD<7rM+@eWn1Oq$~!8TSFWsF zRk^m(U%9^WvC79QpRU|oxwUdz<&MgCE00v3tUOa0F)C_Q@~FH~wo#R%sz%k0Y8f?Q z)Z|gqM$I0zVAR4<-J{lz+BoWkQCmj6HfrCfgQHH23XD2GN~tndMO9^1HB>pP+*K2* zW>n3t>Zn>><*(XM^<35SReP%5tvXtDw(4Bf`KpNOxa!>M^6JWJd-b^L@zs;7Z>pYI z-B!K0`i|;V)$6MttA4h6bM?;ZJ=OcG->rVH`bhQh>J!yhtCgDUn!K9)8f#5SO?{2M zrln?j&4QX0HLGg8HQhB2);wJEc+Jx_&(^$9^HR-gHQQ?T)f}n$xTd$}OwFYlh6{FXUerEJ@qc@M?SvzLk zn5V~V8MAfFwlO=#>>RUa%zI-Fk2yZ(Wevh6fuqHf(Fy*KnxeNJF5Zx8ZEV<%Z10+{XOIqDEU|Lt}HJvvEe_?8do`3mexp zKG?XS@wvtq8#gy@Z9Lp~w6VAGeB;H&7<-&O*`8+4wU^r~?X~s>`!su-eSv+seWm>& z`}6kA_O149_PzF#_A~Z#_KWt2rl_VtO*u_@P1dH8rsk%}O;ehtH_dKZ*0ie0+tk(M zYkIKhk)|h_HZ|>R+S_!f=}6Owrn5~^&8Fs@=KSV@=JMvM=9=aS%{MjAZ|-jPH$T+; zO!ITiFEnpz-rBsod4Kcq=9A66&8M5sHeYOxal|>&9eEC`qt?;ja5~02COIZMra9Ui ziydCaddJg_XB^KvHafOCwmJ4V-g6vwTy$J=L^zY3Db6CN&1rYKos*qYoU@(FovWOy zo$H+&oEx1lIA3#OzuQ#fN#BBehUV@RnAqQ{3~jU(9*MV4S)^C`7>a(C4o;gqq39ph!Jp8)<^)_(2`~xDNg|9h{nAsC*^q;DdE= zI-oTapHdyXP6v1C;L~*QHXVEkaB6Q$coSuPA7#*`L;sKt{?px%8p(%_`2vx22pHYYS=z?<5QWHSFk0a$&KVQodGhAAEoxgj zySbvfX+#FA6iMhrUm-^`4mA<%;4t?hfpA)UJ402R+M%G|BjF@3 zDDXc>IH^4d{IZ1893$`uv{!NzFU`RMAE1Nh=-?xCaHoW)N&HD?oE*hF5dR|Hr4laF z|5(ChdbV57`H*<4;6u^~fv4Kn6RHTc(jd~->BhDvfm2VIIU$x`dxh9CT|)41IMY} zY0eV#A4v2C5}rj{=x|#4VH_v^h4>eIY9w4P&lU-n%X5l^%jLOE!e#p15-!spm2j(+ zo(O8(aH5@y_AKkR4u`);|7cE6`I2?cCQA4SiN0OJWnH2*5^j;`|4G8-bpDd#BAuc? z9+BvWN_=`H+$`ZY(B3tiw!Wrwobn~>LbXb`8GfQ19JP!X*!sYUOOu|dSOXTYlj*D`pxX1~eU5Z!c)5#Zh zgv;^D=PH`vC;0!HL@)Qdw-fYZ_&YD z@ht>0h{Nek1T%{P`&jF5ag;*Wlt@#=k=+ zj2)#ma#{OQ+eq90xhj|$`Jkm1AAWhR42DL27t700cxd0TXstzM+$ae6byk6T^FHsd z)Ql+}K5Tre4%l^?csX0fL)_DK1pbL9UrrFj+;>O4Lj6SHvr>li(xngG9Jl&%?_Y-D_#*a7>&2 z2Sj*H08xK}?`+(Js{d*#Sh!j27q;_orKTXl(^{V#vDd~;_ycD8g)SE{hofPN{u}A= z?Mp->yH$0#NS}ZXY?w?sS*OSYlAv9ikmK%E(H?&>A+ORP?b`u~+n$r*q{`B&YDldIO5-zU$fJSs#uW`Ms;>FGiT=e)n^{V{jAK0kRIJ z$}B>b&U@U1goxU+I@RWFYoEOh(n={ zn_R7U2#;-|F!uXkcDymnj$p3t7NWO-zOWxXV@6@(WABS*p%}H((CsM=???IVoHP2- z>vHDlPU=Vf?cAgL(SHN?tWw_xrk4++FnTVrvU9Z_MwtwLjanHM1}_(v_cIuJzhden zkyR=nPj|S@+AFJ!*pL*+wa{# zkv+)-NVf+jAnEiRz_ZX1vfsoN3GCkss^XyQs0v3O-xWGvp!JQOuX0@T-=8~Y&K%eL z?T1=!#pyhkhT;T=Vb(*|1FyOer?SJ}9Om5-;c7kAa{}AM>va3gLO|H%+ku|hK36E#kaYKt z!QvH~BB1gS34`uT_Xj)~7aY!@UcGM?dVHVv)2~>AFetY1`1SZMs>L=B4}Ha^cPMQ3h;OTlDrQ-|F+x=s~%f8cQ4evXpvW7OF z^>fadg}3gqZRdS)gFli6v85dMk zJL&9S)60==-`_e>qNJmVGAtw>b;YL6f5Efuu-)`}UDoTgn1F`n2v4gjd`{#29Qc#Q z>lj>7Brux~eJ$nBNJ|zQ;YR{@bu%R*RSER_1o(FIT5a-&Q-v7nw_m-w+O+;8Zv9Id zh)Gh1$N^*JMKzo3ykhAOb>UBum2vW{UqKJG)G4Xh}D>!0=F=qMi#?c?XjIMXu%c)3w z%aVGBi~dA~(p5|o85NYvTWx5+P0bIoNV6p=tz}^_s_xg5kYDHwL094uD9om=1*qNL zeXJa)wosSRT()D6mHY`180$VBHya^n|Et&w;eg|ql6148t-3}ZdIDb2hbTmNrT*$K?@TYF~ zhfj1^FZd^>yh032jsteT^Qsf-a{k*RmEJftpDi_?wNFL^jvVi=*yephfdY}@Jyq&@ z)Z?#P;{7TG^)3wus?rNOJw`+vV-S2CZ+nLr*L>FTThX7nXSWlTU4#%e$}mo-=q+UR zLiOQZ`!y1V`uaU8frqo5c6ncU z+s6uy$kTOeYKxgZPdhrno6*x};80g_P6W=LV_x0YMR)CKKeoGxb}iW)OJvY-+l6CY zL;-fZOyOTc@W)TrcuXdV3rZ6WSY9}0OLMZrY;9Pw>qPJZ{RRR z(|u$C*VX!=4+kHzRi_K*cJ`bwdi)hTX~{^Mf^_aj>R^}ekFK82>S8`Ob+K{D2f9<$ z-eV?HR}+hZo-5chwNV%IFJ;fPug#FGts-g2e4_ zk5E@2VA%1JL`UVTN7pUUQMv2TnYw1O5!8uVWpPuT=+c(=r=|MRrH$%OOLeJBdl-d8 z>Fsu8P{Hfcy~OD#t!Mzcblnmi%99$0F73?zwA65PY0LZ5QlrwPjp|QJ4NjN#Fs+)| z`xUDLYK*$HFZ8GV#`5w?wBNw9GY@ou@8O5fXE+7oa1BRZuN=* zrpV>niPN!c@4Ws48mqV&3XCmyMdie2#NppGU}1C?oj^T4#(pC|6cNl4u(Y(_BE~cH z3;QdL;JSr=f(u2qYTC{AN6_!pE}@3QlkBvbV0f!<#fO>v+dB;TrM4PeieYuPF#qn3 z5%{+nN^NE36%ekhuCX^YJDg)-dAqrJw7GEH^;4{7n{8y}$Wn7zX<0>Sm955HcthK5 zX4mX??onK6W&5}kzjF5t2Ia0KB{M!M`T-=-1B@+1a4n>d8<5%ZhczW;{KRNaG~XNU zNG$Y5KoZROD+p>8IugzH#0-!$k^TD{fV3o^39!;1?nZpS~lWf+fC88CNZ#{I@n zGGLCxSz&uaTKIRxF8_ z=^9ElP3ASxxFYm%5RSMy1fR%x`G_Gq6Tp#};Wds+G~X4Qm;u0^7=2yb^x%DS+>MDD z%?xH`PGwK-I{M~>wA@c+?x!;P36=T1ROa4D<24;Av^V3aYWF5weYKAHxX>#T43TDN+yuntSl4A`Z_QSB>l=n@VG?> zpR0p+=-^%*{6XN99w9@(#tLAM>(D=|ga29wr>|FXUE`6tH}D$@r;k#h@FP0-C%`HF zzu|k~YyK^EmY;oxRe>T;cn|#qLDyTncmjMq|an2HX`K#g`AnVLYPcG6aeyRTxQKZVdk<$ zkVae7K8I3^q?X;f$gp_XvfF32wy#*yHnVkJTk8TLrN)HmCQNi*KY6l;Xj|vaURs8* zR7UcN0eFPW9)#h_C?uDxLyCzv07&fxMdoB#zuC(K1xt~k38`DYbbdP%=3~&zIXKLK z(mZp{{M!NJmT||mwS6gM0dXVpym(3b{Kbow@#bUT)yl?w8goPK!P49zaIptV^Mour zChX|Za)X+>pcm(z5H9mMK>!?G67VnRWBEoA@u&SKfmd=|%f~Iz50>cvRl?ox zk#L$zM7$qKxLiI)K2g$z)`5avoJT@yeNVuFYA?rltOl?EZ$MEr*f|(`!MvfCbZKn$QTXpE~k#ITvof0mW+Z72P zD)F~R;sK7*lZSs1FFS>p;}!`Yz{hc-&zJBr2_Gim|19AJ68>8Wm(v*^4I((=FQ?NX z;c`0PmvAe>i1eS7@Zl03&gTzp`r9R3PXA9NTu!Gfvm@v0&k}v16mKD)pD5m337^4n zs&|?XMfz`*=xJ>x@MRJ%x3`~3d?*QmelKlC!x4XZd^p5$N{`I{YaLwuFss&!Oz)w= z2u{mK$lz%4r*!E5QwNvr;LGuvDKjDBb?M;kI`~sM_T#olmrD3<3Aai3I}$!Z!jDKet?dQ>zjB<~3FU!ThvAY27xZ~t=7Z>yB|al1 zocQo=XsF^iVP=W`G%u2QdP)uOdt+N$(Z5wYS1vRo7;Ku{zik&7k-1U1}L z$p3lfvO78KQSkfvegE$=zu)dT=Q%U)yz|bSIWzCP^B#f-yse^$>jLo~#r638pEg{N zi@8R?py}vwD1E}2xE@zNXv6ima;FW~<43!nZau#HpJp57RrM#OcKq0#?|RmuM@LY{ zI=-Y4v`s3z7m8B13w2xU4I{3G2{@Bst}S1UtLo5~jgbwj7q z@y6pM7XNyZmSHQHu0NfA3{GOzf0|py2+6}q+eT%aDihX`I0E}6+F0xSb^GBv&)#+b z#U(36N2RU6wo6CbsQqqIiHj?chseJ@J?13bo}=AcyMNd=DlH9$Q3xk)8#S|gBzyIo zdGJo}5Eof%=hBuH*a%&8D*Y;3fe-7M0#aQ2y0kJrJMXiNb%(0wVSx|}(M8vI|2YnE=tnQQn(8gxgY}!&A$WKT zjjoy9u{Gl6I@RvxI#VpwV)@NgHV*uNv}@kCIPtzs@@h@3v4Htx1`Y}{3sDHMq>NPe z9z$f;VsPbdYXx?TI4Em0jxYrH2$9|xNrHjh+H;||bRU@QY-iRr?^-OwK%c&pby5{i{m#XaWFD)1JX~4rOIt7X0U^5Ap1<6>ypy?cK zG(;g;8BgJYmC?=X#_||ty^m4FeI=H!u(SzsFy+g*Q9{N?68neg+Kc%A~3x9>l#%9t9y) zuEuAg&%+JgzEqjy!aVoU9C3G;opM zd$V_xceFQ$<^t$nX08l;U3x6OD4~2q@tc{!{%u9;&V-}o4r)2gi^mJyf-kQ=6Hgc{ zD&%8CpPGsECfNb46^^}KWk*neOt`}jz$OH+h%K`A29~FX;CFYSYQe*XBhJQQ** z4hcuh@F3ePWK3p7_GFay9A?>j>h`Rxop@g?z#EZ-e9CK!{N9pl<4Xi@4dcZV1i5)# zi%)MD8GW8)h5G}a#_IRrDL7X|^~41SH8176SCp}V52RrV#(qfK{scDB`X|*2^h<#> z6H(!rkqX}i0w+@8sVyp8*7vGteg9Kew=(NsMd$5j2dlmA>aLBZVd$$m=w(@NAjBF) zr?v~MU`^K_oR!k8vFrHx{d(L!uK&tRs5@w7lil~T!u(}OjORsmmP}KJYta#wh3;4f z$NPmf{c(AIbN_ir*SJdX8LgMpnDx?c=29XqX%qc$eIcCtxXc@6lJ4*{*0yA?%4@ErEWG zm$DyCZ^pZ#VQo{31~#8N3;s3vy^Y}$ZMqw7WR|*rZU7i(v~c@1`^)UWN@=%U0}I-@ zd$_fOMzk1&9r6eNnGym83udow3mqvwUgJ+m72;XSZd7%B!HJzpLv3BY`pToNgR}9H zJ1U=k@y0_JP*#ObY-uhMh!NW7O1`dnWx!z<*bjH&XhHcAqXg;iIruotZP68VE8)Fm z9{d>wTCQ?wx3}(Cg4(!fpwnxn%2oE!&mxxsRxnqde+w%PwB1; zG5ZA?gyBn%FZ))y2Cfe5w_2mOD?O4p{q}>E3DVXM1KVWR;#X5jK*%#Mjj0Y+wsMvC z0`tLybV#5dth0ajEA%w9trg#vN#x*ji)5M75hEgWq%bn}r?}JQ`1BLJ7eo|HsJyNR zs~Sp?gQcCm2hsxX`zmJj!53j>r5(0{Gtun6uu4BaY{72yG}sBREZu&%^qa(Kr{kC& z!W*YFlsLGeLz}^Y4sH8ZPy2$5HrxcRRR6gf)Rz|FZ`nQg6GJkyokzyKJ2^W_TuSp* z)0`16sAaiGC<`^Wimk|Q0gC5Cu}|*36~p>`7Z{fIo#13W27Y*d19rVWtk1FWxN%I} zSb`fZEQrM1H}7PPg1{Ps*3H;$gDl+R+6KdOY(S1SGnw?~G!V8tfta>D1KP*UMDmFw zgs>fAlC)r>axZOEf(cojQtvsXh5gM8km}zl4K^z&G? z%6q5CIWCUomd@qq&vL*fX->?%2efbXibEc)?vKe-W_y-9m*qwH&n`E0Ss$ys$B_Zl z-#st_O1`T#47pH78YIDzYe0M0F8Rc%(0?USMhFx5_kC&nG7VK+nJSH1<`QZv{p~}I z`4LZl_wd=4^&r|n)DM}k=Ni~4l+bzr{e!_4%GL}}tImN%{;#l2B2TR%8bS5UC^lo+ zwvR;#LAbWgIM@n2b|NiSn;27 zz+ZO2oos$85ntHqun$8J&moR$@FTvk4N=uM;J6t-;&q8cqw#m)oOrcb>l4ouu&?op z#s4uC-=i9`#SZvg z4*2~JIPFK&3u^2Xo=9I%JqyN6E9|L^Y;p$ruf5vq&$)KMfT3B#a)x=Y_Gje?^OB;; zbe}Yx=dg1zoKV5TRK(7N9<8qT4$h=srx`h8?|_pmCK!9m6dI){vzfd}`D3O@0}_QO zdz_X&pah)=3FYO9YzvB0g#RslDYDZS(V{74h3OC2h{TFI!77-ZUo>v25DOz4m(e&8 zXI0~-kI9)bbxNMFl!3_+id8UXT-;F0+b6wOjt?eF`h0i+ESK{2)qq>3j1eBR=&{PQ z9nwZVl*p9n`DjZF`d!b*gnE9ckVLqYHxYGe@YO6@!1YFPMbLf;+^r+_<07-n zsWx!a_Gp`doAD1AxEcSaR8Ap~Pg4%P6wYL3doXRG%yLaM=$PgDoq?O>dc?p@K3_I) zvpuX)xSgLmBfi;AzB6z$-_9&30uN?;zQn-I_*W|2p6^XYd^6wK4!G$*%B2641O5FD z_yGs{J=KfK&S#dwnaq@@_FqEWtjBdme6t?+8Mw)R7xjK79kc!1X5glLK2^A#&(9p< zYyVF6_&;xp3=!<*y4t|a`kiIqW_kZ+;3oeUsqqErn{v2D;dXwmHR7A{G5sl-&(Ui} zd{aJdMnbUDKVRYG$BaMPA%2k&->mnA25!oy*}%>6c2nai=4+O#zk!=_d&-jN1w(wXT%XSNaFjrgWKEdzIhmVQso zHE>hTj~RG(BmUnF{9FV7rvq-h~o?^t`uW-A3 z4jA!GIVZ7kAlTz~RXF)MA3rU(a}E3g1OJCnk2G7*@hc77w9R!R4g>S$PlrkBMB|Id z07AVyMB?jt2gl_MI=-HF)Y))7?>J3mrsM1Rg=NDRDZX#E;d*{iV8iwN;@@pMl{aTHIp zXMKauh#8!0rV?5C2x+RnVzRh{wz{}rv;mJP5qXBiyaLW_U;~7|gOsmr;6GR~Iwk!m`gq;+^^QvO_81ZLM&*ovT zJ3w){eEB0hZ4-{|($VHAsk=-+Q63`y_Vk=q=jRoiu+3ASUKuBC^OUP(K_)zc6KV4_ zbi8X{2!0}5o!h!P4@|<(ji3A=ycPUy@=Xnl9Q_8Qcer*EMd`oo!5=o)Qai8q?Mf$6 zg%|4OU>{b0r5%eGYawE4C)bg%3D-Mng?GsrAQ5rTLt~Ms#YE$#`Br&z;iYtfP>(xM z%FmXx4rXP<7quR>Vm?d`mi}Da>B9)41iR3+>;1h*N?WdP4gRn^osH$Mb6GsSl&n^C zS7A#KLZE+|SXd^b^okHIKGslufkVRP!V0Xz%2HsH@Tc{jWG}ifTsR<;>maKj4si<^ z_D(-2zCL>dYiN2A9q`%OYGM>jydoADdW}ndpuDj*a*Z`DU*H3^W7-$^&L3Dc+#d*| zjPIh1QaV^Sca<$iGlP>LSJ?|V(Rtu#VToF>B)_;`I9V(U9a3D*oTFK*7?hS7Olarr z8_IO~Lz#h4X5aq33%g|omQ!$6paJP<$I(Hgq}4`;K>ywXflHpkpH>XTcd+}V=nvkP zhl+-xUg$qVO9^%r_Ei+v#OZ}FELG{Wrgi$H!oeo$2GnMe-#zIvEV+G{6x(N z3Lk~76_)9b{bFdECI?BEib(t*H=?pNiWiA0IBfW!B=HBn5#M3e4lrD0gMfNhWr?WX zw>bhZmeIh}y!n7=5?44*eAyc|Ceg%naHUKfK3Dk^g&Gcv<)AX8Q^kQ$8orQgL|Qno zu4ottD0*Gh&=c3*B@ZFhQoeMT{SJS}tz|VlhFF>hZHrNq;KeF1KK-4<_YQScIiyN zTkUIR?A^2;jblsh4KHn#D|S<-;xdC6!c_iYZ6(-hDEHc9-}oe~$7HFU^^(Ro#zE-I zzX6?+?rJp>d$X@@KV)U6#1ufXC1CA^_gm~iFVb7k+IYTCTgb z8ivXvG`$IjfKw#PC9isGKjW}<3jvm z#ed!bf7JmG0T<;}q7%;mu=gF}*E-;zIpAM9;D;UX*5HHuEK>Z4X9{s$xQQIPDT;nLB(i>ml`Xwkq&|E? zItDw_Z<{9SAzAz%uTv7ESlnY5ors^-U1S^aIW5yTpKAtIZwLG|K7k;D9e-590(aqD z$N#H=bE=^6R~+zn6>jHquMwZ`R!yfB+8YD;;j~KQKQVA~t-)vDl$DNuoq==apmD8x zA$?P~L;nQ~#7!OG-3HG0yr#3>z|DNMzXj4U^F3t5H*xJpg7MA$&p)NW5Qv-Q)pi%e zO`TP~5uf%1n$Oz}+~ogZ12^UTl!2S|@^1!i(lNg|;x_W#WyCl6X{{#EH3prpevkc6(QUq^>P?pN_;<3C zZgYtmIxkS^Pgb{i)RwQ#Ux`~^I_fr0G<`ZKk)~a@snhHEm(Eb21jcuO{ZC+tlexbVe!>`wlbQhzp9^V}dvzk|crW6@Ie1&5%-- z&sY5rn}eo7l6rjMq}v?A$O!tqDX)L2(vd~e)@v!1wKmYosO&lCfif_zm<>n9V z=j@%<=Q6hlC%&I^0XsGoJmM&Io2KrsVnAZBAl~Y`ukf~ttfas|wb2pki90eYhC=}X z=f8RIfG-@Sw=Qp9_x;4A$qs~ya%-}ePh3t8|VZ1r7L^l5f5 z;c#HJH-5PdNd_AgcjJOYtIb{ofmj1kNvtU!52qkOf=dHQlHF0n- zAp^V>7Q?7JA-m$N6kpy4rJrBrt0>%f*c&+FJ@k>c^wX;{1FJLf!Gc4ZeSzh^%H4^+ zcFQdo!*8tjcdv$nad;;l(Tx3ReXP6<%1#`&1&zQFYhxYK!g-}{<6h{n{oU7F?N&39 z1sAv2HMfaTK0~{}R&tj0?E=CyCriwaNd zCzAUw$~VkBKcX-X#BhwMb>rS8BPcwzU-EXGL%X)@4>(3u@NA>d&Y?nApnihaT&4FL zN{{5IoXmJwRG22fqEg}DqrOu2)GI# zCMY~3GjNQ10Yz1+y@IZ?=aJk;_oR7ivVu3D;r`Sg?6BHb(U*G!ugD4xJSOz1zS2;u z`M$unXxLv;6MYyp5%|d8z0S9>(cf+}s{boA)RpnRzWa+dXXkCWCV1M0z(-y@6V^s( zz%S1V%)y5U1|(@Ue~S%(`uWt015WjXeOy&7)&@>m{(nSi?ef3hN&YRgow8HSJ6Uxn zXglu{=#6_EQ!*^(UkhDitHOvA%mM9hmPY4rj;Z{64r6?To&1A7(DZ{jFyaTZ)w9q| z!e%|9n;h8wx|YDrNWPFX5YpLaMD>)|J`hZZ+LlN3lpjO47;C@4&9U|!h;f8^N#!sT z(2v^E)6Zw7(A`??C+gF{~dIv^0gg%AQnq^%CQJ_SvrU|iVL<`H5}2m#F1mpSojsdNhc&?sWyvq3%^+L zhdSVFKc)^)v{zu$9pc}q;_v5V20^qx9Lw;FmG1)%_*1}{?+`UG6KxXMYYHz=V|z_M zIta_7!$YCen8?~mK! z>-PRXMJKRM$yHuLZ#E0uOhPkm{zCP^+)pN^QNN5x!cOKRCV)YbpjTZ1qg4;L*(C997lVnG6Lb}I)Ud6+cl5i#DjN4d-%`@CY&lvc>KZJ6TQPT zgTHC^4)X?T#EcWu%~YDS;Oj!GGFKgDI_?gK2Pi)_H?I=%g|Cr0=UEk<{J}YizC3)F z;7}%Q6^{9WXRWMf3V*N&<|uGGbaTqF^4d9<`tmm6(>5O*7P+%M5%e2&*mD;3qQxD;DW}3KO(cM37#8 zZbED|_x9#AkQv%@e5pPe#5pxfSo%$ZtBeaH-oS_0MeQo%Vu&xWw)7j9>t1d~gH@9+ zZ<{}`jvL~Wz3Y$i!z?H(3Ys14eU?>OCnnfQR{Va8PF*n977Y4=9nSG%DwkXyvH~4a zT=y*l2d;7tNP<6__8bxvrI;8IU(17q(EA_^&aL>ydOs{?2%>ldIis)7AQsq?iOF;T z<~5&-QKhZo3lCC|E&OzpP=4aWQi4O+7s;GO3CW|Vcjhk(^#>Z>uuu&bfMKmG zXhBs}iD(Bcb2|Z?lJE!K$)ugr=Qb&tzCx4^MKE zdMMm@%J}(!G+)--Dp8t1y-`i81|}k>I7v>?Zrl{ri|E8S!ro0#XZgzAsG`QF$ItiW zA>(1H{fhDgt>z^tM%>0aZ{L-L*V2^fLn8|9&?bmRid4FU6+hACYxtR{dtG*sVFSNU zqkTQ_-42QyKhq_3l_h@eB?gGf4# z=@E8Q+=7mnQ%C3dVoojQ`JmJKOn%4X_(`?ZzEx(-8`rcySsZLw_fEPL7zXMKwG#|RWPIK*r z4s@P#z+ZL1mpkCqz{yXY8ncNu2kcXa_+L2SM;vg@tzyZOAFGRnJJ~7G9*KNbv;RU6 z?HR{Q9Oww00|t3{>V#%6MboC=G9$m|B%0=onRLsT>H6N3snf87+gTT(zeFGs@Irr% zKmaW+Ft8NHI1$>Be1!^Pa)G+56cika7L9G00=r(uj_Iv=6IU7fDyrdtej=u65hxm} z6K$(x*cNG1rHIWCO@ffhRF6b;Llig1@miPgD9#y(n>v6c0+o12oa^}S8Mvtnxe@io zKssy(IzD{@Fc3F&8({-C>3?M4ry`A}^QD2C@vl44l4L8OWz;Pt;`KX1>i1_!%UCz=LUj)X%_8K23WNlTWSV zU@}u@Q{h18Zw7AaghB?+cf6KEt$~}mqR$N6v_sj0v<$p$)^D*P+wL);H{Zxs#4a@2%C!8`cr?NmPW`78#s$M178b#f$h#%;KDXPCB9!O|NxCX%UL@ zM5q5D9na;6Zs&;<#+@Ml*Q)ep+hh8PDt&>CxRxK|FmN2hXTyV^8S444AmoaF=`Vq5 z1)W~YpXBX%Gs$MvAhb^hj^9{^_VmP5mxQxuc%C;9uC(!QyL8m?SW2%#9hMpF>7|aR zFrws%*nM0IeNP&Fc1Qj%>)qS!zU;DI_-8nAyN`u@A*kRHM``y#I|8vs$~z2N4a|?^ z4lqpPO7~dxjED(rSG6xkZ+vo<{RKCcQRbM@t5~kGMYzVNkPB~(IzzVdp!L}1i+KMo z?2pO3_iq8}`E>UwtBOP4rp>^PJ`6`hmno2A&{SVJp(u0mdU` zh#MDI8jh#lM^{SWzS5&`KzX#Q=cln<6Zjg^{%qLfUVMRySnav z2@iOS&0s~ZQAL;L@B6K*%%V0(Rc^ztaADSJ+0OyQ7DD+k+~O7|52Q4SUK54l2UbUV zTUp_sL}`VqU|nRCI3P;QTkh;Y9sEo~Sr#ena*;brl>-@*rdx_%?-b*$Ox%)5;q6_j z9wW(8aZfxkQ9fK{T>$#QB-D7rBDqR_HM6cVZfw&GaZi_-;|AOlkdzK8&Q-Qdi6&Vy zD0O(e^=EMl@?a@t^CDb_L5z1v4!WSFQ_)UUgOFVuM(WszKyg?6~xFaY9!Q5dNA6YaoNz7jl9*h!S9ZojTF`3>G-DM?z|ErjwG zT$vj}Dt}HBVX5U4#w;I3w3bK}+bP8_U@5*x1x~O>FJB{~Ly)4Zk%(7{i1bs>revei zT~TohRhbq=w1(oNiJ>0T_oF5M6jkMy-&DYZLMfqvBO9H2c`XX-eH(vqjThuQ&+L2DRTg04(&qT0u+hS!v5Qvvkylc~4PZi4kax)%BwxxN z(xK6$N25|jD&4wAdeRo{tBq)dI}xk#MX_~JGR)3sUS^M@rF-KWq2`obo>3gBO~l>u zy~TBAiH#;8o=g@g*@zGoD%H)R!1Atmc%yd{aW^w?wBbQCQQe8AuSwqk`T@CM!PeCO zTi%6+UO%`qyL(ILB*hh7V#!Y^3uQaoX>&E>cMES)0X$fk}^$Pn1c+V%898u4~-!6E!BI^Z0` z#)_ZsfKPJ3XE@+<9Poex{-6W?v;+RK1HRM&U*Uki>ws@|z&~@qzjeUr|1XxDxo#8- z|Cs}Rfdfu&)UoLFb-=S6@F5QP%?|i24)|>j_)G^}DHqu(Y4a>@9)w=dX}cwqkJxEA zb)0ZzIcDs1UWu>1${P;OHPshhnR1G7L8*6L8rn&{fw855mXop*_>?K&l~!U})p_eQ zP|v$Hf0_WJt~wEgrBa4xIky$vk|(}cYwWAUZCIT#ohrXRRXZ-Vs#Z{jr%*)H%3q!v zc4}J5N;u-RlNWk7XLRqTvwfM?F>oGl>bNp-&0xoGlCZ!{UF$6d?!r0Vb0V-GU?3f~ zUyVOX5P`UP#AIQ2BT zyrvG^toQGX_-7dLFQ>o|NZ-^gn|?se`VAWKO&zkSQ#I>%u@S!op9ao%tLA^7ftxzs zu9)dEkk51Q)A9AUB8hi1aK91XZQx@Jyt{$lW#DFf^IOR#{+bcrl;?T_H~FbI@N6{(zyW{Nz|C@PHgJ>9P6IdN zpQ?1Bc7D7Hx7Y6gBfeR`lN{okeo4*v0fUa&4xck{Q$Ft)xLK}x2fU3MYO`Es{BsQa zeB9IR_96qnz`(CE@Cyz6I)zh9m}=mYjQD1IC^6#qFyg;t#5d*efq|Rtx!%A{`rjD1 z+1}dm;Y6Su%zo8P5P|i}UnKOLe#hj(F=Mf|Q#ef?C+aidv9K_ICY%|PKePWDD%Y||e6%-~k*8SJAOSbt2b(`%gNu;&d(E(GDQ zU%mG@57#t!Tc>Y_a}|YfB<$}XPx-w7GuSR2*M>3_|Mv3R({pWTTGZX)58D6s$>@91 zdx8^&mTi9`nkaQV~BO%1DrpGSohiXb^DKX-;MkH zF~qvhwxHWXto!V9_+v2d>vQ!=7V`%gOa7~=P4l*mdlzgiS(AI)ls8K1M|4}g?ZFW< zwhu{r@~;iIj~KXf^p3@2E4Zza2Tdd_ZFOtgpvajyiwgqxFwuUG|&571ni1 z-*)lg%&QJ}`T68$XFmPPfquVebNSYr_O`xs;vMyOhn_AT^u#w?%S$i0YxTQ>ZcW=g zY20_yd#~Dm-kHze(AcHztk%yY^gQ?6kA7eF-LfS|cU+wR#Ey4=df$07*L?Yl!dK7h zJ@LTKUq7Drx68+;Jag*<2WOnWci?xwfBU&^g>f672rllm`d3TS-DLxHgPl zd)nqtt+(e)zHjYchk1YTZ*6M^g?~M=`Sq-`UCZXJy==~%FP!&v{i#lQOI_UhhpA9^%xb|mn*1W%T()*cvPy6G##@Z{lBnN(d*P;s_IX!*zh4c3g z{mr76;?umBWYq5JH1x?A+dSBO_^n?qy<)~WMQc78a6#_BeOyy{LBXsIuYR-Qvir+g z^sNch^(DI`8Qf^A}$G@V`AeDs=1Mfj7=defFJY-A?=N-kwM9{Uo7w`J1)%{+ge^ z(@=W;miAp2_n!FRnf-wnDq z>1f?|H`Vq}|J$y@h1YIR+&Ua(=u`%jEH|C+i7?>XngOWW1n^U{I8t=jqNv*oTwUYXsY z&8Qo0+x`2W?5iD_Q2ySwzjoi#ZTCD~df^{i-_p5Wb{9d!VC%=<8sqo8$1^>KeaGwqnCO`aeLE9dio_zEAa`%X@$DZ}@i+}$3yixh3 zIqOo6K7Z9uZ+UFv@Ut$nwk$a1?YyU!%!*rn#Z5c+TsJ<|_gS|=vpT2z>7~E?De&uW zZ_W5(@9S-v7T?_5{?@&}e750gf78l2qsPv8t$b(J^6Mr~?(^xjzdSAHtI0q4McU8$ zU;f@JXFRlTYeMgP??}Anx^w^7#KV| z_-@*c{67{A%ej8?d7t#zdFP)tw_g3)gNwhdZ8+TLrQ3eDqWbx-7mWD%=EN1hJu6}D z<2{DH-+KDsyI=n7&Rq%fFU%b?^OZ{u)P8$W>u>gKD7x^@=SI)ov?%4Z^Rk9nw;!JO zS+6Hh#2E&2Am%U^xuonPI4+O3)Aq@MlUl`A%Rt8biM z*xXe6lfsVA?;icgo(JwYGJMGc?Js%wh2$RffBk0Dx2K#r{*}vr`q=3Y<*r*a;q|?@ z^i8ZEax`Jf3s&)a9n)J6`rE1JZMx#A3AY#3Jur9gqYGbsx5xB956OM)iU;pc|E}#9 zcb}2Jc-qUCj0|)c{mJ+*|M=K7y}Y%z{{77(ebyh_F=Ji!d5`%Xa3y#BdgawA_dNai zJx>n&!|3L2t$y9J$7@R(F8O`&l4URKxaNXcr7yj{_Ruxcuikl2@ub=Pd)}UZSJmq& zS8TeZ_QHpI_kAdS+mr+MJpPL-k5+Vj>WQsG2VFII#&`b+*Ul{+Ht>qYOLw$?GWUOj&#d3K+V*k%xsSa$d~r$t!_^CaHGgE+9(U&M9Q4A<>ppq+!YRXZ zuFc6_d&ZzKFMP4A#Q*n4o6i1A?VG=S=JdOM{^dXJys+;ZFZbK`#Ev$Np-awQ`KO!u z&nP{Xaoy3!{yOE6rgv*D2~C=IO22>Zow(84w@?z7y z?=Svf*qB#8Ts3O_mO$>=H~a40S@Fh@?VC5%)vdh$gD%#uGB(cL{cz#7!VhNTpZ~Z& z{ply$_iHY?d(5=l`tW_<{N(VZkADz+<;6FC^70oyVyl!n{fV4&{&@0h^?G&{AtO#& z$DFNm4o@vY%OG_=QO%Op9WYj`wRh?%F@CPnU6c@1 zA(m|dZ^hcb^a1eBhCKD$c$dQ6I5KFw3FnOOA&8)H?zbVHE6^x@s=`ZbxLe^1ZFo`z!ebm)_^nMk~N-Zm{-Qr(1Z{qs- z^4M_w{N>tkx4JH|;~zd9RkfBrQ8`uWrCN#pwY`@Ve@$E)A@86ly8 zhk72$c)2x9tL2^b@ru`f&w)C0@*eFeB{h#c9QV(-X6TL!Vs<^M$Bbm0+tXi&d#v*x zn_lbCoziF6GSuxzvqT*}n~FyR>bQso1PJ@(LF_GHJl#HZ|B(rdS=irLB`V)K)gLP| zac+I0j(!{&HO+?Ssx^!s(%}zR>21m5?o;XQxMC{;^V-fkZ_Zcg^*4+78lsJaz5Gr( zbc+j=2;*%T+AbY+=nI({LcTmi{_W|}LDS&p`27{VjGYy7mxb70acKtkT%6qgip}a> zOC~&m6YWDoIh3F`i9`#Y1v|tF#dg2R<&U0VRA2B@x~L@eQ5w z(3~@T6`ia+_-&lE{xDotTmh2sa|suLi8M{^iA(RQ0pcNQ=q|Fu1K?X#h12GSB>b6v z0EI-}2K&|$mX1{?w&@>$xRR~DD{miNaeE>P<(hXtBf&#L-of+@hI}eIKtSN-3pm=W zbHf8C{8Lu$c3bVL(>GX$;J<-K-f6cQm*ofVcn{)+&yi}nX&gUah|pTKoXn}uF>Mp( z{Hv6-#V!uzFaVbO!V@Kuf&g4Ydg9VIG`=kMAFK+I#0r$BsJ-xsfZHfHx7B>dZ8a>9 zuCH>A=)AObM|&uL0T*zannItKFh}o#ZC_^aNS`< zvC20TqF!Mr-?^}($c=?!iBJ)6S>gKCpUhvI0GX*HH?%(Uf1*O9+gw z-%uNUKBr?B!7V>k1m6!m_5P2D>r%tLNQ7|142Zy}UGR_3K1uJFZ2LuLNZ%7|@bG*p z8@!Ygqy!-;0Ttbn#cc=h9#eF?FYjhJDh)MWDEA}yDo#sDUjq-b%dOTwcimrU1%6KF zvQjwZYYLz2yP~+Z?~0;_gVW>nz8spB-{Y%DNb#0J!tqw%qRkD{!KtV>up)~hxoLoW z;>frD7nust_MTHgKPtxWf&r;xFNB8Ls2{3BI3{# zgku>Yj#EW>b^Rs6yDh%abd|;JDEhHPg9;UHt$+vAz&<$T6$uD+v+{sd437(1@qujI zJ!`q3)3{j52@?DJkC~t8r9ivgwgs`!4vHb_*D;o_2XCj0(zcnMJim@a;>aMBLKvo0Vx0(eA zekURjJaf+aKQhp=<7kLXkWlyc8E_qb0NiuaM`K}a z{XDKnm<4OgX47I=n>Hgw#CN4SpOQaeOd)(zkXpo|nA}F4U}_%}EQCIv&Qjwmd-5R0 z(;P2qyDaKN7$_dLJ&jY&48%E1*7#GZUWs!Us_{1sJkh|lpE<@i?WQ`Zfh}U=2 z44lJ!jsMfYIsDXkoq@9t)%Ydq(Y4brG4QTNeEn?=#%H_GbT%6CO+LFZA_5O4pO+iB zY4FB-KQ}4*`NVxeU-9>SbK}_d zY5z$EX{sD<9Lc)VoOqTlhl+21#+~fahA17wA|)4I@|10vLC+~Kz&UYMZM-GIKW+JH zT#?h4jy?xYG<`ZKk!D(iqCC;*e`rp6xk_(K9@lt+{9mimn{AS`v|X>Zhu8GA{PZ<- zv&_n)0ew{O?wRVE^5-hOaq#0P&3uDp#D>mge72&I@4(k5 zsxX6y%r@fGer26c(SpXUVy-4UMeY-M37SkN2Gx%U#nG>DE!u!5sfI&`OnLyraE2a?Yc-Q;Sc~UWf)GK0(_CC;ASKbRwWWz#%Wx zToiCJ1$H{VJdsi$=I_|n`FZ`Huyqv~o|hg%;(+>mE#^MQG2p>$TBkh5y{!2nW#LM0 zGRA}gz7w$pUAo>wJ}=7;!rFH0K5Bf#RLirlOzvFO6!d0OaO*0|$Mi^3Laxn9K&~=6 zv&45CT5Mm2;{u=+{gaTt*f$ThT5JbCozzeY%!E!$K@+gu=Eq}sr{O`i2o$Rz{oqoz z5|Jypgd%_+xRupS{=!J2Cc#nO76F9UMYSP!SW2!aLG=E7abI5-ruZ>yE)dO8_$A%8 zte4IcSyOG}?ymM3PLlSNOCr)KDliL^k&u`eB;W8IDZ@8@+QsZ$|3Evk((41>YKO>7k

    1#y3Yyf&Iby2u+9(5#auyP~3V4&f0$kCXC ztLHWPDQNQ}(Ef^XDI+axvxf@qbCH~GLWWuRQtt$A{a!}xVzf6YJktOpe2fzPhv|P) z$WUoG)Dw@sNo5egtbT7%7hRuGJj}e8Fz;6ye}_gO`x|Nw@!a{K&?p%E|O0q4TQh(9VzyIN52n|74eBF^aukx<>EUNF+5pfj(%Ir8~9GH z1+r_I0fLy9Mf0%vrBu3#A!B3eDmdvM2^z`j<#~hzqqOkd;9!E_H|l$HV5cF}U&Pq1 zp4om@r;*v6atC#qnAxddaHk<87CSJzf2EFq^CE|hjyrS4~sE9xuY+at5pEG{U^uogY>4n%F zO?;%8mxv(onC>VM-`L%)_EA$|a?6w%`O~Hgjfb%p8qvkp>!PvD$<&@q$P>G~$++A+ zF4#~;0{J;33vOeI7JIF={wBh7B(^LU*pB!arg%-=Nq5Q^fw-wV`ISH=Zt6~k7`VAt zTldSPW9n1_MtqabGX`$b*<;`)KlG!@K>BP~TDNh5ft$LGOC4~J13tyTO&!Kd25#zX zRv0+neVQM0kFpv6Ylrw9`5r@Hxy<8&Z?gv9h3iy4BV{8Ob2|Fft%%e&%nZ(ZEf978|%p=UoSUn}M73 zzcX;NT&F2DK5v`&2m?2DpKiosU^T0%7T1%+e-sa?>uMXW-xp`8=R(sdQ2hOO*Wuk_ zTNYtmn!!njH&f|gw62x99*QVYCFV29;H1NQ!IrO#Eota;9xuX=G*$B_B*KZNPe*L> zl_rx#{&o5vtHaZK(<21ciE1Vh*hz<{(-+thX!&UZPCC5RY~%>J;{W9RhFWTwtX@47 z>|0rfI)7b%#O$(XmT63YFwn-o?b6Y%B~>-FAJXAXn?B~wi^t5E*-KfrXdT`!r7es3 zFYH?SUiu@x4bxqgh5sIL>cJS}C-9h=kTMi&`&i!};k_Yz_;z@S^aVCqbN6^4l5D7| zO81q(Dx<_#y0^p!?E>n=H+L0Z-M-3w9jd&2_N{T1{Q(r21ZY*|oT*tQ*4&+O@Il6l z?1lUv9^(I~I{xR2NR!<>FY@qzc5an-&eZY}knsoqo)SXVfQz$A_%8?)3j)Q0K(QcD zEC>_}0>y$ru^<3S#leMwp`Cm+hL24hybymQLiih9hrbK(o8rdb3=jV1XV57$wi-X*AG{|eg!bbPK9dqc@xljc)>Mt1edCCd@ZOpYRh6@geI?;t zHMKmuZee(9%}$=(7z%Hy*~_yrb>a7F4)Ux=I9vmP%r3soUFE%^CdAV_JVJm~-r2?8 z-0+J{14>AH^uq9*;z7Apl|@bORG~Ef6v$z6(*}9Iu&Oe@X^T7ukx@FwRaYqZ-kPB$yn&MMs<~+)Pf_%(HF+VP_JBBUt>f8kZphz=QrJk)BKuGczO#+ zkE+?l(=nhuyk-wi(@}N^ocG-*dd*RBpCzxUs;WF+<&{&1()7=F5D0;XLwn-1X-{wI@)~sZSe4-eqquy#zWgwdu!r!fREP2WzH!E7d(JgcCeT%jL((g zMrOC+G`j|_TEj=1mPtBuikU2{W>$)a$#9PcTxAExL0{PXzN>r$RHS%n%To9r#4~+Q zid&vMn8H3uKiE~39j8~H4awE63jbyL`m-Uf+I3a^kH#H*Kt6{!t$m=Xf5%qqTUYfz zztzFkl=AYb{(V~2wpO(=xn^Vd7@ki2JwW~}=;Zx0DD%UyXA-rL$zZ^b0vwylwlx)P z>)2GbgsEr=$EKnNr~cOM3skyZt~?*lPq*+LQ|c^yhS~Kpx;s1uJALu6hN|ZEJYQwQ z*}iyun^|1W&yIh`7rz2`hA;5N*Z2d~nud27-(iiX9{>D;dOfM`t@57TG<;zsBQzAy zT28bmq_bn~e?Vwd-2`MbLFbE4L_=2j=;cTx&KF;m9lwzkjIIai-TuI4aKbwLLZtSH zg0UjM7Aa7tSvBZ`&Te{*B4ddu*p*c*Zk4xd)2IbiUc3u7o9w;I8^f3I#;C*K#$uH%EGgt%6#{1Sr-8U!!Vvuyt-C{KQCbp!geJgZ@%em>KCf zMDpMQa(ZM+NLCCA@NI-f(fq3Ivu_N^#^LSLghvicE`nTmGI<_};#mh<)uPpeyEfJH z(Z(|}XXk|sJfBu|=9HRi~idOV+O?)f$7;x&~t`7mh;MMEg+#%R(4 zvX1^9@$s=~NM+8{hvtKQNGa0Sd@P$Bd0rt>MjD^Uef0!90X6Ta8kyZx^gQ9=Sc#D> zQ#5gM{63!7&AeBXXf)IbY^mZ2AnO~^D^v@zsYdH%A-04&HtiRbE!B)y3<@T6W_dn~ z5T1yylB3=P5flssMYYX~R$ErhS0rP#9+r|^Re43tF`2Rt3wC76T72hAbPDv#t6$qy zm0fEp#WODYeb$P6tFm7u%c4(G{hREkL@%WK9Y`%RB{v*o_fa|9>^{OzOy6*}>O(3g z*M1m&X!=HRjgF);zjhmM?Tqv(N8|S5T=XpHwb8Sj9qC#6cWt#3oebLq`kTEt&9C{G zGTZg9%og3)z>=zH-nhPYp}_#IZwN^)juqpr8Ju1N35=@!93AK;oDHwt2MK%-kwA9s zAxPlEhy=1~Ip(3*q#W4y@|0o_-RzE|aiNGv*rOTZkm9<~z3F@P8^F zkimrpFSwlQHWyRZ&gg(Z&i#uYz5t4uQ0mqlR0fUe#hV)S#kVcy2mpC{okSEhwKDhSqHLRSug`% z$DzGd+JN6a+wdOAF~E0~EyRPT#`fW3Q@vtnkEKnV`xfHwx)A`bi5_uqx(WQLDB>J*5Cxm_wL((6Oh=ouNEiW!&~?5#1W)6?c0kJ zkb7_6L7aeOcpu*L#e!^j_EZjL0t=Z%>CTX^VpJTvui?xnAtgI~&4ldq4cY0n+37nu zqThg-i+oQa)qPCG@qPF;Jg!z?Gfd_Ol=$OU`|yQI*UKa3`O&$+w7=5pdO0L|N?)KB zH%8C*x5jJU7x)+#;}`f_^L3AL`$D|aHir+?tmb$qL^d!Zz)%X8c-M)30FU!lL~Rq^ zT2seZZgzTm7{SBt`vA%0^3hoHKsa1;7&o3R0h6LgiEQ*$=!?Oow?y{4Je?=ISDw!2 z$N-%%&adO>0AmGoi?=M~O9k(0j0?kmY4SqaHPyg5U`F?XGYo3k#o!*~T~p6{f}bX) z20wjTeTJ?G<7h+?a+e7)fzeU}50LNp1?n0+t-$q^B^aMD`TO5dhRo$tAxJPd8qDHd zcy`lvA+}>v2jJaZRI`?E{M|x$BzTw-+=SkviS(x=hj-QB#lu8MkU@fC?68}0M^c!a zaLKqc!|&DLHN&`brrygpIg5ap|Y7g!N#s+2Hl0WS}VgAEhnt7hvYx$RYKog}hf zG*KZG(nyN1E99M~*%k5@Lk_{Nkhd6d9FQ5znfek38*H?aKHI9G%AAHLYo@(mS~p-J z+C>yA7_AXQxfXJba4X~*WmL#D$|%X)5@A%tjWR0YMj2(?7fePOeZah^a47?fdLZHK z_>U<=JZK+dKTkxiE#$fSczM>hlxJc~d8W3IrzM{Li0mgus-LodiGv*{dAbFQ_Q0-WsgwBfgh5Nd0w=kNCPFC7^sQ{ie8Z%u4TG<(Vmz)L+yniV|osih>06D2n_D-qa{c@`j#Pi-bxHB@(=1sxXS8NW^3e^8koMkLLbs z`M>}Rf|-gIjiD6&qN6CGk^C_uC#Am<RD(j%T{PgVXz(!x? z_RG=vwDHG>@b34=SNlpg##w>3n9w4{0;E`o*r#U)-a&%icoTGxF@2>Q5N#l=c`%?G z{XF6>@>TBWoE@k{^qzPPpNi=yqWVhLGakOuvl=-sLEI3sY@Z$2jOeMp%6d#&s}a># zTFrR){0lf8%($eBNS~g9_~**_SNYc0OD>}+F!g4NI;5ya?6YK<`l3v2%>oTfl_lDb zxQD^wPi2WNMTt7LC=osvgq-m~>j8=25Z`KHfi6aYy0j=zhAdDLm`nzPKamVxhytC_ zqCg(Wo*V3?B5oR3OhEkZGX9l_-^yMhOD4%c5)Y#POqM7EB}!~jq9L+G7D_Y(Ja&~O z>V*<@YEhz*vW`ZgNVzDIOBU%O6zQ}UMaq>$ng})vz+yYe;ss#w%oat0(H12>(_is$ z3A#Uj#gps>!D(xxa?4a#AXRI7!3sped&RuG;$gnvk?2fWykDYt?OGIXCW?ni!F-O( z{S|GNP*a3#@p&1H@*3lO-B%QC{xM5zl>+h>C_jM2X0|Vzne5k$E zVB~a(EWq9My?xy){ef#2vfi=->mh{B5_ukXxAc^B7C}@f$QDp;FOem4liYRSd9GHx}wxJu@^8C;}EF3yrj9l7W$^Q;FK8Ip^iN@PE|xKz?P3@$v9izI=Z zP9`pvStf!BOEU2ji6k-G3uPwB$aaX#HbEjN&bts>cNsU8Ok63mOal`mB@;iBNCuh6 zkW6^kY9td~C1R0_UXsoba4}JG;gZNma&eK&GZ$PGNG{q*WFqsuK;}|_d}qphTT292 z)u=AFh%080WaJ8w?IYq%n;w#^oGCH3By#ghk@uh2qWpoo7s|u)@~}uAmf+BGim7c9 z(Z6CiaPcNAaa3+ku!8+gUm{eAZB_q?n{BM%40qM`;g^NN-xRmCf^Tz?xp{TbPNZ!~ zG`hVsV)KYNzQ7I(t0!@2!kDMk`GZ}#DaQ(Crj$UxwjHnVsjc{Tjhp|!@j$mWa%cGH zu}$HlGpfP|j%^Jen6Wl|w78@Mr3mjm77p*7QG@Gw3wgck*n8n!Gd{-k{1C5ox}(Jl z>UeFW7s}zu(ey$`oF7e3RdM(V*;DCCGd!MHxOibpWQlT!cExMW~}(ggRO) zOLL%BmSS(M;*~Qo;0FwRbW9 z@TSIw@N2dAF68;v#_i!3Yab3tyfOTj+9&HIUKf6%_AWt_@gJ(aSI}krVC}<#_NKZAn{z0xzkY_aB-rBgUYRBxpyW+#^8~0Rg&$^6L_e-o`vAg*lSNS1o4CK_m zEt^E}ysxG0y!_D88*%Z8aWu1w>s~qc2rpcj%S-FrmG!4MwJ_B_*)KAk(~M`G+y82l_W0u`Yh18ih=-I7h>#($3l(0cDo)GhDupjR z9VZA{J~!Z8(5FEbf|k)#oD4Vsoet{1;OZpVrB!c99qJ#P#QF{kyh;}gadPHYJ?qn!Lnw@kQY?4v_5?~+Oa9tlKZ}T)|YGHoQfrE!%JiTyC-mP%xLq|XP6LZE-8#6gydBX8IjK{Ln406hermDUx0Js?Ay!`vgNDqnRQ6a$;RnK z(`y?iO(#hj=`u!0^p6K#x*ozakRgVVLakX2X%vaY;$2!vKwfth` z%_NIxWREaJ35;EJtn|d~vS+$DxA>3yn>+LWrKo)p)*%)k&Uni;ww_*@c=0%+~c5_%z(PQAuKv~K>kgx(9v4CP7+U^U4KpI;9_12*s z)V5a)NcIIbh*>{@oC63O%lM@IR|85=aR4V z0|~682A67t^flQ~6!1gM&=nl2^Mkt38epqmfPQMgh;?X}%ru!SQbj?4nYu~B7hh}Q z%sW-$ADcK?NR#+h6URou0T~jMkFgq`8wAS_v53;Zhv503hHZx4|N^Sj8j#?VKE>uW~!Lkrey-dI7VmF zP~w8Uf)JO$F|n?e;`%5euDxhA*_{tY#f9QSqwMSa0UONjYt$o3QAnF z*{O`ysDfkXow$YRzGytY_;(^@hufo#*_}htviss$gTBt-ip7S(j2|2IEZ-qmn1I0k z2=lmxHla>3UmIZ_bzRe5h#Ni&LVph~|uH*wmsLLZ%~aJ3a!Q8o7KgCmlx^u1MMzdblQ zdA#41aS)b)UmtwdjjlvoR`b?NsrvFG-kp&qZq(37CTXT#7l`QILv~pCOnLQhv>Xq2(e@n#fyL z*}LRsgyd$O$YWEKn@!-xt;M$25Zgf!v)&NfAuTrDSCH;#nfEG@_q(J!SmwQ2q+c)M z$h_&@wHquJAiTrj&%eo7>rs=ZA zXd)v1hpNPE;G&7hu0=dR5z=)+ynAI);5@7X;$;Ir!RmZGB^Ry8A9yBZBAXtHvO%+@ zt3YHw-UpgtQS>eNpF=62r>S@_rG)8Etanl!)6M9Zp1>6HWICqo4o)4@baYHsuqKh@5yHhbT&(BCYFvDdi!HpU#>GBd?BK;_TpYs19$wVptD%x0BrN9`NZz&545EvB6!HpbHixn{f|Dr*4MH>vIeWf3w?%@jH4XVO^aQqMP zOwFRqre+Jl4|nr?R8;W!9!gLMesWasMY%+U;AcbdFaE~}UWhj$GORGRg$Tv^pq5$^ zM`+nJRazgBCTAqc5?^o5R3dYP?D#F_ge5XZ$d2D(&RZgLgzWe|=JX{pN63zc=ZNSm z2IJ&5GTUPjxfdrkuW^+>2aPY7$7&PGa04a;IauAC;PwZmruqZ7W7u1qVO6NcQ}K7v zcuuru@k5Q*Fak|cjn61DjN@Xr$f~hB4z__?#gz1BzD))v5*U$$G#FeFQDZl}uXh|A z?-sZixJ^kF=NM4!h>Y5d@miy}yMKZ|utJ?(e-dm>|6jE)YytW9 z;9Yn$*dJ#c+$`Rr7(P)vqA($WyhB8ZYPCQ%5_ys%HxaE`fFBc7l9Qx%5mEB16LG#E zvX~9@X#n=PC6P>((#y)PQiq92Iixf#JONzg+F+C68~=T zpCZvu(ZQj)TMHi{)M2TkbeGN~#7n>aKFf!N0g6URaqz`5-zyIeEs6 zX~)3_)nH0=(39m0$ml>{i*}&V{&P0^&n-spc}$!iV`2M?!p{GJ*RUUg@>gVw`aQJX z*L}6WVmM4L*7y!>@K=mV_H}>9cW9%(A|I9s@A?ka_$wyE6lAUM&?bLHQJSy&d%i;- z_$y|^V&Z+@p$~oC*ZEtw^>@KrzYE^_UGUcLg13Gby!E@_t>2|M;|I8DQ8~(g7Kd^i zXmC{779*X+|H4t_1Z)0Q$eEqa)`C6 z5(b`XjDnxi0lvH15HMsJ1u2Lg`is6aA&Rcz*SBfEg zdUIoIJfG_MYa<@NlN_w5(VZHpT*+*r3cBwdttd@hee_AgNTp)fd!FNlE8>A`wm4R~ zPRLJm7ss)CFS}I{*BD+21)2bj5mrm4$@57LucACJqxMA5S7R&1EGo$3hY}IvDL=$jtOwb{&;`kc*-w${FhIs6^rrnIsR_LzrkX9H$qJBMn|W2ax?)8V(J7{27+ z5A)M%#qnf>T}GLr^A+hJKw%WOKw;YiBC)?K>}3NBDQvzvGHs1I-(_I+>O57YWxao= zFt<9YTaJhS2pbz_MZa^obdrRi%gjsS9y;Se&}F<3=OVsps9GMED_l4q!nrQLPvP2j zL(2d#hWTtb$A{K&Pzu-r{cf1HJ>nSvHXc99*dF=;V0;gs6$H`Nah!>tu+>riKt$UG z7F2khA|~1*us`egr{V-bv@IN8$B%U8pFuP(PS@iaoD&Zz+^y>}Cr6m_^hxiP1IwJE zy!nRVSFN2CXVhc1$$)Ek3iO*KHSa$qpG;Tn!m&`q=mCz?JTsZ_<1y-j`Q8}#I2ZP zI`+;wy_O$u+p-V|3zY4c{-y&Tdp_d!^u+D5BY_NI`5PCvg%?J!%ZlAYtn`bz%S1zr zv^=$^7abbDilIL|rfr`tbMUdA@yoQ{Cu{o@Qg&d>-@`xrcSP^!y}=jwO8I>D2f{=B zfp?)HT=G+D5MUi)1s_aV#0#i>*iDsghc+NHCDrNyb>S@7Oaya1{@@~3ADu-f`-4kL zP&|L|`4DOZMjz+Xp_6rr2cT71-=VOBKTw|?IGP>!oL|v`u|+bx8gqJ}+?4}Kq?2)S zD89FJ=&gg0t+@6FzLH-xgL`9t;8TUcoB1ILSV1u`h~h9=VMG&`h@kX^&L@2XopuKf zsf34w|7bW;7S~qbBRKx{2ex~Kw`>i|6ieCcqS5H6Tt}1c=2bMd?h}ZXcw*5w91zrW zVVEzxunSD($Tq32A)w|cqu-N;ZCIocWp*qKAHfrd#y9H;MB_s&qJ0lz9Jh!#qWYVc zM#T9&X*gUvf$aIJJ%MO^WBw4AYxNrV3LM6zf9{zKXGeI`p%fn@|dOs>T zxbH39cS`A}Z8v^Xy1iQqM&Z<-eYn89rTFH-AG7%}%a6QE_?)BX6m>lp!5@}ZVN~`+^R=Y1*Y`hcOTNQ&6t?nzW?&}rku>wFU1|_vXEucw2lUtxe zfF=WVw?Ib%bpuUpf#w2D1qv37+$I7|1DZhwa6>W%(?uW^gFG$b&IIZKY8mLODJ7y_ z0agqe61@??Ma3X2{iy{NenP;=;?E>weH8alZ zTm*X?jF}F3U5kfb1^*CN1~yjiPB8KTMg7dGr#bMEWYk;wsY`!)M&8o8TM!!sIg`!f zl4rUWzpK($HYBu6?~ueB_Y}M81u;udgHqjv4V;Y| zpbCNon4LLi_yuB&NFty|6 z@0^*<(nR%Xh=JqDSArey*6pC~$P>^uOXq?$EHDiv& zwl6vpbO17K)eWf2W%dgTv?O^B@6JH|x9kbfWM5}zU^lo-GfGd84MuL+6M*re^aSiR zTJ{9&HCpxr!vKx+1Q+?SQd%^jT-k&w!7&Jd)CcC;#XuACqK()ei`TMMXibRC=Sy(j zF9FAY4+`g4@V}?zUs6d24;*-vI}`ijvfLg|@5_56?9}r=L6X`oc+Wb9}M% zxb*U@rn?bNb#Lv4MC7gM{uakwFn-=!o1a{NY5Z>!qun@zMu+HAW$~_N-|WEE;_jO2 zuJLEbN5>`6w0MwjzUsSQ;xwB#2k>-1z>{$Gt)BFYW+S)Z9Okri@exZ*bH8Xdc#bV- z!&Xkz5k63*QElzl#(;CbER{Q_`vCya;7ek_e;Nb+WDNM)81U^e;O_#?@@^w9!U;aY z^B{iF@|ghAM1yya0q5L9wD5gn!1H3jzaIl`+w*DEnrIZyE6U9_uD`+eeS0G@Z$p8P zz2i6fO|`-#CUzai+BeK;0>{?lSX+ssY+P=+yI3TK`HenJo0oANjk>L6c4Qi3;7||y?)HFu3U{Qf`O2jZiWD+>Ye6jCY-Pu7c zoX!b<%m%lBKc~StI#qbKN;nN(Y|RS(s)Q529{wW=qEA4tETP5a|ZZ}j&P2I zRl47b0Vn^`F+BNOh4*W49nWYDu7|%(gX`g!XmCCJk2Sa+{*M}54=-;0llj!cZ`Q)= z^xUJt_3-;NIBkBaym2HvoRgm2HMou^Q-kaI%+=s}_@NqH4?k9e>*42Wa6SCp8e9+0 z6`j%Y|F{O%!;2w}EU!+7En0Y;o^NY#9nWD6uIIBO<+#MJhfmkwdU*Yg8$G;N3$N#A zmgKXPO4r@o?-%=S=rn4X)>Ns0P>5ov6We{IfN< z9==qA>-qed2G{ZYL4)gfp4Z@dKDTIaJ^Wq`uH!$b!S(QG(RwfGqvvy=2G`S_r@{5` zAq}pl`?Lnv@w}|Tbv*BAa2?Nn31_!Oxvb>ukr?4SOI4ipPMuoGi*yZ68@+=6Uh1C= z&q)vk|62_BpE*|m$M7`BtMD5&IF0ZMzDtAa;SXqVP7$f_adK^h6aNJooYO@r`~VG3 z3%!Ehq``Ik#TuN}dKLa54X%fON`vd+U)JDy_zyL>9zI#FJz=>xjib`-p~3ZfsnOti zy&R4KcLOIK`9z91@jXraZ-T4wM*G)j%qp5RzIeRRdt%Y_>4h_jjox4Ffi*JUZak?1 zNp_b|&TiYT8)tYl$F`MUAu9eBVFR6lj@rNf&abm zBTgwMBk;Dy_aFvw>UByaB{KaIhliJ*n(K#m#?RJZ;+35t+-3G7@?Yg&JqN%?y+;D! zcq7}!s%Ssi0Pghv+CrvoLQ@?zSivVsk!}Q(>h>QeRz%8W4~Ed+rjkIo7NX* z)kohoJsZucx_HymXnJ-PSewoD2^qvu;CYQxG?=J-n@dPi3Ou+Sd>Up)JXo`V$-M&4 zF8XH{c(CVxct&=C=K%e43p`jzGAYAb;5kfxQ-sI1KM{Uf#wZcKn2Xid(I3-SnD-ct zgFveGB@n^yyF}Fy7@x+!>6K|N# z9m9iXu*Ay5J_$@Kfql8cDwmroyn*$V?4L{?va`9S7|Mb@i-}N}Jn|zbChfg7qlE|e z$q(lSC$8H9JlD)&h#ZFK#}J|P49;mI1n0OgpA8(-kgx~4);5}+ou-BTM zbO-5U@n(ZOY*%F75quQS(7|Lc^Nz_i>}dF1hE3nWgEITvGCj*(FlSovtuv?HiUa>{ z#r=4bi)Oj)-m8~;;Pp2R8$NWfuiysvgaz*Y<7dvCRpc$2SvX_%>}kD=W=**UTd}=D z|75dw+V0txQ)i-E&;ELFa(P_*^Bt1WS+oDor3c(d(b><3XWspZdEw4^_jSs;!uG5TSOuS>jqkSa+-0-1HMhhZ@(`2)vAunKl81L zHIZ|#_-`1Tg4dmsma%k3w?wFP3(}0~D2`I_izVDC_g6a7Re8{9Ojs&%hOQ*M&2_8H8jB_Iq_+*Sd2fG8STi-pXr#zUAM9 z{kE?bgs{Yhf~Zr0r=h@u^{hB45od?sD6~v-jZid%g{^rX8zCc(I9g4g8M^f5gUFCOBTMpx@Rx>%_@{^01LTdMqNr zMNe@GxT!JUO5Icto*P#eSAJb6{WCka!BA?3NPszJ{HVDW_uQ$hyC*l#?`uOssmJuB z9T|?CvBHAOd_S+}yCs51#tY(bX_p{HQ~nG3ZE-ER3K|GVZiaBDm9;hhyo3Y!R>G0| zkpHtpmN9U0>zt3x(w&C6evMG`J!@D&2pLL3sMOEQ9&egGRu8eD=62Z#${Z1~O83Xj z*^?hC-jryruVe$j83x;MmH|#ooB=Isat#i4tT#iq;BvByp$kR!B1--Q58(iV$T6D% z@L@F0t8R_+I@EO+XT!JPxP0r*O*nwF{cLCABuySCfRk^0k`Kv3CJzL_Ntz&WFzy}H zPXb>}tA7S6yZKoMI2{qxJzCEIimSo2{u7OaG}Y6wnn+p{#ys>!+iwz`&F&H*3E@Ff&Q9`U0kBigFxq{!?W zqV=N5^*=_&Qtb_mP4*BxEj4y~ixg5-7w=bVbG^ltI|?}@e)zG|s<7NPnbDRr8rvv!@wjM35rrXPj>Czgx_m`j7i`bE(r;f zU3DAbH@tHS#)L@>@s=H8k)I*zb^$!5GdAIP-OSeC+uolxb*P$jw9m?`Zt6($tc^bV zVwsNUNQZ>S1S?JJ14`noLlEQKx>L|^*Q{>AtUdYRX$6&a7nBbPrxtMRDZVM~*RMwB zj(b7|>_RBB^n*$$1%a$OsRabW89jwy?DxsMgu1irF|RHEAuR#i&wF)_z+B_!NEahi z5)`N3*_7SNA@?r(xSXbQZRUKlhG_=E=};V?&TK@SgVrid{Fa| zXK4gO7X?GNVc0qwr|kSN4R=(#gXa|*!Skjk2G5(55sjg7MoCWN{=aKMym{41&tlvcUttZ0)o zjavKiED=kqe^x&4u*}+sI!BGBu0jQt#H_&hx--k0q^YbwFhtj&m6QR~AM8Ic!Uale zVdV02DZQ{>piXH-%dWG}atPl6JHwe~7-vD?fVs7M|Jl%K?S$Vp%uS?7MGPG4@$-fm zDFxj>BC`*|otuVJZFpadIA)?o{6EYCEV`pMavK`O!4%>Yv779(bF?GG ze$8xOC(RXd<#0Wfb2TBB{8_EDh6&2Rv$FtNTaQR%ND8cxxDqM?&G9QAcO z^ES4%dw4Rh0`Oi`!s$hgsVmt?Gt)YzhlUrTOu4A_@dQH$a(0zYF+=+s7pR-&!C})l_%+lpIZ-47W@Z`QUOS-_^(8hI;KezRxKg6@g~%&TGWb1h4Rgk@EGQPqJX?+BB8O-EA6UFT}X zBVMTS=LJI((SP2C{&TkMKhF)GHy+*Rt>`{)2Z(Lv0vyJO?z0FrGf#G(8|JJIl)i&~ z7$T)N*tJtyR%+cR&QfVp|Jl|)(=7eiJ?BZ&I;$<+W&y_IQ;Mb+&RX#AnJP7kO)i(y zh%IcECi)^}vwRQ(Y}{dE{1AtyG{1kRL(tWAUg82H_xuYxU6dIAR$Nj-;&mFb#V4*-^npVQt5kdYq)esc^sO}w!7_MMOQshEuCQr6pN|b0(h_V(osYP;&cH=IGsaJA!WMx<=EF%wl17;_D-!Vm=Y+49aE9Z&sA9F(-DtuPn#y7P4E@69#=WwsveIy;j$jTb~b7<>}>u26@9Uyz;k)d6#&AG>$)f}IH*HhQ;y<{Yg+IJ^Wx>=6Y0F- z>9A4L2tB8}v`*IsKxc6t;AGc~X&H%4!&n*tX^CFGsRo+N>6ip@XXHKE=wxY&4u*eI zf^>0WIu1+6zx)*1xE~9Y?!{nj<~{=&%Ded4C$zifzBmOR7`EetcGuj^h_GnDOhDEG zvI~&c2)S1vbQNLze*)9ZbN3MV<8r3rD#E-lj(P_o0v}mn1DhdSveE`N$609uo8#PO z1DoTlwt>xY*4x15I9W}|QgfUsHn2HPw+(ELGg|;p>;g$-!P(3r1s=u^pKCWJu=&8b zfP4(k7$-_TPWoc*7z1CN=ZAyjLH z*!}&LcoB9GJHDvBpk8~3UypzTDj9#9iVq}qeE2oR$N9;~1#XYxV|WH@3(>O?vjbzN zsMu~58(vMZZLUT1VRrO!cJ!G{-OKpHRQz!&KKx{SSKSAw+_gghSgR@*m1@_onCv=@ z>7#GU^XZ$_Z_6nlFcBC9bOt(IIe{cB zvewqRGc@j-T&~S2HMDO|sqeotr_^NJ&~if?=oHR?E`Bf3o?+s{wKN2|*d$S=&@zS< zYXM;veKc6f5wi6`AnOawESe_FqE8mkv)LKj!bXZk+WBGIvwddLW>Z$u$cAhP<7kbK z&5D-BwhU;sV(YKvxEH)5Waw0EfbUqIWf()kPj)QXKXyhfF)ozp z{UVcnQHz18>~@tRxn(Kx!%1Dt$Q&+nTc_@P4}>2qM|T6Y;Qv$utQ?J^8VJ2$Xec!~ z#vC^obtu|GYYblye@pYJZnh1@7MM=e7{BEj1u_P!wIKdROue?k=V0Axy}jAo6OZK` zz@Twug3j-39B6N)pW)a_;6W+{P@ajn!X|5&JFnF1s%3#*Mg6=1ST~3-=jn{?K zlY^liW;hFTnw;gNW!@V&xd~HuxGVv-c+6Xd?njOtVw0%;;q`1aOjbC;1H<6fQ%kR~Wi6a6}x3 z$)K;9;Q~X1lu>yJa6#N&K7hs5SO*0#9b)h!F8pE)aVu~W?$DTIOpA-lgbU*8c&D%k zyB1-CR=P_xf!CT+K>Eok$f1@@1UJ(Iu9gX;#Y|v~3&`wii6K-^RSvWCsA1oiBGU^` z7hRKFXcx3DL&~N#GBL^=)G3LMC3c`SmIWz7^AiPZM*Vo3`XrC2i2~32k(%ITvvwWD zPr9tJ1;G%7^u9ff}$S4yt-a% z&P=$_5gj$=ECqhS7{XtS+M5VzmcEGDzUMJq!9qO6wSyGX-lBL`P)-&vl3U!d1|ll1 z;=(-#XN^U4k>QwiK2or`xS!b;EcS{@Eq}Ow1zE&cGMKfQiz?%)*-}hva3c5sGl^J; zfmT+}tM{;n2c6&8#G&Dg8v|7zV_Q+Ln*vpJ*A{fawJ{@8up30W}4lx$}gd}X^l+@;F@DFXwVv*hKQIV_tvH9 zgDP#XSsp!4^*ZXtraVolZpu_mv`n3&M@($WQ$6y;q>!h^NW505fJxcYp@P3RwtEON zXe2;wL6cqa8g!&csTl7tSL!E z&zpodt~xpLW<#Y%4;y0TbCbQ(;9gZk}>pl$e((^p6%7CFW(@ z@PG40s@_y}!qdGV9#_t#m{-Gi?kX*zd9jtNl+1InEEx7!aS|R0B-ik8fC6OL{nO(1 z$UNDHZ{RADSQLs%oUev3p)s2>d0Cg}4^OZR@*YWEkCLNE6QRrOfug|Xk+&H%c-ARz zngV$QWoqltrD~l4^|$yAygO6$kr3SM`9=R-`Z}I(7-s1nqvUFC zruwg%nIaV;b8<`6)YK_vrd+!RgSxwi!j8XtB(3|49vR0@(zSam4f*z@kE>`(396u| z9REhHKp@UVxr)ZFWefdbCD*O9nOG0w3ZzjKjz{z zT6>jdCRS;3eJ1!6OJ1Wb(rm+0KC$lXlqJ|&9IcOYg7Lw{J(x{H2q?ICZs~VEy|VHJul?99 zxEd2=V2elWhM}gZiUyN0hc+?h60Zm>8S~y@c2pbBI33SS`@^2Ba}{+ankL3vQXIoi?cZ>C{ z;N3Paa9um04s0)$gUV&DADiJM^w@IYs#?ivuVRff54H`DSPGlMhSOazYAY*SMHuHg z<>qaqn#-2$rLA17OnYzLc^b=TuVVeg*JF(<7dl6lII~R7b*@26E^)TkxXR|!^J>v_ zxX&&PD_z-~WHSmO#RR zp)u3cM)juvYMnB*or^VV8d1%bTYA zEQVmJd5c!Id3<|?Z`1jc2BR-pg!9_*FPs0+uPhpjer3_%ar`$^-Yf~d z%RA>~Gjuk$MR<0@DpcUv$Ni2TjG>S!ns1%KO$&n(#Zvbw(d@RZ-TQa7@PDI#V3GI} z4R>=fmk72)0IS#T{cXeDZUuZx0Bgi@@=Ouz0|BXDyZ0vzgR%wW(?bC)GhfeT_q-kS zMtf_3ebwf1+;;25*chX*p((h~8hK;RZb=cjNfYr`3yd!_H@CP2)FuoKm@VHZ`; zMkK{oMT&d41LV(4@fsv)UvIoyBxCP5z!@)tGm%WTs0Vwez&?=yl>hGyx7Z2TNp4`t zB`xhslV9bAjme}X>;ZE#MLfHDur+m|P4zt@wGV{f2S_a!sd?9~{(Hl^U}#XTDEG#- ztDk6iM}*rZ06W&M{%u1gE*287-2(O&_&&Gc#kH$L4ezWS@biWmo-H4q>lL1Fi-7Nm zL~M%gn=)nXfPXgB3vYY(z+v<1Vl2^L+6C(vO)LUfU)2c7AHY2XA+RvDsiCHLj2tE& zV@KgSc>iLGxED8|M)Ed+XyZsJ9%=R*laV%=g%)8ui~q52jur+XP|34f(5Uva=EM33 zeJH~PW|rwi9-ZPAm^Y)}uno$cX-#i2=*Py{rIlas0%Y2y0%*6iO?}TE$A@l0)1i%O zJOmx>RJVf1X{)+D8-~x^U}ynsR$FUJ?D!^oR2l(>!3Z!45yv6YR75~W#%_vJhp>(c zBPsew(XMvG28Q&C&@jJf*d;*k!#6}?+IA?4wYp=Z4O~shG+oQutt=DM(5{ACvlpet|&=Q3B5Q7yEEn+`(+6{Rd zxa%*tqFgs0a=#*NE!cl*^IX#&u^9Kczt7*%QuyPuY`}?t>8MK^sUID0G$w>OOP}nL1yQfJ;murpa{v) zn*EOa0V0&v;^--x5VZzz(LMY4p{Q%Q3l|gG3 z`ocTVL0m6(+x`ItGMDR$9mfbD>B$3P??l^;@ zxAgsb*yXS!Rj!T;h94o{nBk=vd`9eV2oPBwhxevMVy;Er5&)W(Te}vS5INO7WYJ5gjiPbN<8D)N;bF%GxG8SDh?*jzx)I*s+vse@Oi?ibw_^g_6my_gL>(rgj$^64lAGplEFrc01tTExX>{%SdO)uDIIKJgR!y(P~8UC&#HutsMv*<= z@Si{Gp2dgc9>M%*NKz2(NydeHi+e@jy!ch(M^`}NVejFXmU( zScbPG-unf_hS63=muWvlxCAmATo3ypU}+LoBA?PL>f_7Yn>miW1}FFgPo5vmJ(%Mp zy;R*_%s_yzU_mu^72ZYob8VoizoFtY&N!C`Pit-x-o+kI9;62+>K0EfJ0iSV!c~2R zB)sxMyugV%!}CG$6=%3J#7pGg6B1r>sSQ$fQ6=FczY_@>d1=qy(l-!G-&-o$DqwZ^ zIY=Y$AD7|1a&MeyH-M2J&g{@cPt_J4l5kZn#b2GlM@%=RHv+&ZeoB>auY@a}a!YuL zgqJA3nxOApl{ds+ZrIydZ&jO6$BsoXdsAz3*vz8Y#n{@~9B2m=_t*3ENx3~%ZGqL( zAS@CWNz5#oS2%0_<+$YDPOsTcSOH{$&0^_6ok@yqwvqIrZnqUFUd}8|DJ&j4;nw2W z;zM0;BRs|zPc58vxlL!eB@nzx`Zw*p9VF}133uDkM0iv|#7%R+Rl8g1gv)lf)&W=i zL&b@X>GD;z$8-mLoNSNT4!AhL67h;1aMkY09B|d{HaXymKdT*Z)$TrXz!l#nN_#bqI02$sZ_}?&k%Jl6oyR7P+PvVRgzn*3| zxMB7q^522Zm@sGZ*uq(}#MzeE5FFV%9P2*&J~)VYTK=CaD-GsL~^X6f2Qj&02_mv7jrg#O+Xh~BZ?fDwbn7UUI-oieLvo}qt? z6&Hg=Kr;&GMMr|HHS;KUd=GPcHw%o9FX_HRo;{+@9~r$g*6;0pjEne*0 zS6}v%s++ER3EBb{>psE}@YBm;V=;`|V!$JfYocJa*~PQQPM$MkV)5+A=d8l&S=dok8`!lW<$xw4#YPI^{ogJ&GFzVwvU8DN;PId{ca>Je)ijO9yyN3WoVIBI&GXOOUDu zj>QOf%8?}u6vZ*D?qcZxZH=#VfM#`z1j=P1&hk3H`ym|j)JKL_j}`KT`O}@szj_wH zlkd**SIbCV`BV?LdXY~P&uBV?n?N}F(~CP=PsM?+KQ~6fU zTj8PJRTw_i*j9(}-5GYFggNQ2be~)Y0+oLSUVxWq<)13cugb~tQ)a063eNmE(+0>; zV~2-ihLZs!4rlyWI+R;hsFM$!<&UL9mB{>;F*BNT#)l3yxv)uvYE_52{50-$S;KDGhmPamANB!&V-&_S(px;W3-m{%1KZzS%dX77uKQGoGQ|tb*0OQLZP( z{c^q=eItCsna&NIF|ZDq{pww%ZzGb~Z(fS4^b@@KR(+q}Ve*P$E4tjm(?U_cRx_?htnF_uOg6hVNrVA;On5oYKv z#GQ^sGP|&=#wtuPdyc?%r-s@rQR9C>GGM54iGhkEt9n(69V|y`mm9^SVc(bhU zi6XTFc70F6hp2B6X0)dgr1#zIyCs6J8GX+Y^gZY*CU7CwBdN|?AJ z@fRfVygPOB-VlSl3tK1e9UKZ=+&XDTf?s^AEWLc}3Qt)+(o5#Rx9T1db#Kr*pjX6` z?W~9rV2RX2wV8!_IO4H+rfxga!@d;K z-eO|MZUk61SNc&s7z9V$V()Ghc7A-CGTD`DRJpq2B=mkq=b$le=Pf;@@79}HTgxO$9c;ZVx8534gyHC5P%&3#4^4G@d9|B z4U7j6=bSD`5Wr40Faf}00Cp6>1E3(HcLeYY06PibTQ;y0fLMvMptAt3w}G7jJPKf< z0RGJeCIZ+9U>5=Wg$?Wi;1K}33SgNH>cdaS zJogDKcs0ZRbLyMw^m85pVp{9CBCu+2LNM#~$>pfuGw}m2)F5N4MIB?7Q&jY@6j%2F z^~@qxqu~5pT)4D1!3-yyV`jZ>_5&0B02AJ>ifd3h!(RrvW8(Y{6zQnz?qR}b;Yk)e z&R;g@q_=E77G&Om+J|o++xG;0JHYn@e6eNg4zK}yQ*Gbl^o@t_arolqu{*#I@NK|M znyX^rG5RLJ_ZWPUsXM?J@ZD+qenH=k@cjb59pMWOf$y`n@8|UG1mDl$+X=p475F}C z`yQolXZRk4FXotWrZIgN+P;nSO@wbFe6e@)4loaV$JxF|=-UOpN8sB9zThJG4zPV2 z=-U;(4e;#>U$7H=Gi=|(^z8=U!|?3}U+@-uJK4UU(KiXcpTRc?zF;)?)?i*A)Hp<6 zaNO!-ggAr{@ZIjZd!z8Z@t~{1OfDO8uxwcJnu)U(%q%Xt%vM3<1J}4moGbZ^q;6fi zBzEr9F(DrF17DU+!i^M^P2wh|HXu3Wz7C_3-9x%2rwm9=90Wy=`kj}4aAKa)mz+}C z;d)`SpsqVc_!!1`J_j?tnVfca{NQBwq^`+n!F52i3CDwU8fwfF*bx zup=?TCxHU{Mi9s+n_&ZOfG& zdu-wS$mir)g@uNUH@k4+oLPm!S_{*e=ApmSmMeXA8?OV$bUO>v3#U(mL_7E5jzbPoXN~8oLe|+cA=p-p5)~?RN2I6lc8hN=eSkDhY$!yxNeK% zK#Y#?B>YtPdkKVd;wRtGG5neMsqk+S2uC=1Tfx7DdZlyXxiJQOvV;>4r`#2udo=ht z8vIcWuIJ}3G4Q{jg{PcQ_|@6XO!r(3{td~$PIx~JuG6zb!ky)PItKhj4Ub;ly&7CE z?-32Im-k%RZkSI!KUYdPqv?ENYT?N^aOM=Sgdl5w5z zmlzn1(Qp7wB)l8%bPUg*a(?-u;N#@CdMbE{gfEv*1y}uHwF9pDE3d{sjHCLc_Rr%w zZNB0P?A{Y+7kjSwk6C&R!;LbqNKT391xz@H$aTtqShn6uG0ub0fkc9{=Vn^k%3|4i zy^eHkEG=z?w52krWH%MeXls00fmr@Nk(l<2iqAHtJ6ZiA4&h$>2xFVm-8h+lC%x3S zdb0mz{A@ik-e=1AmpS0h^hd&9!StZNY9sxo$@sFGA}ChK_{!$0Je+8!z=Lhms{+X9 zW3qtd@|*R~en!P_&DL7az;NmgZOS12obegVS@!@Lk1;S@nu9ow&zSSoxzfHl*G3ch z?~Ffj`m|}6+Lto6={`nJ_T^XPwsXFE0~?8SUh(vz@9bi%D#1rq;|nZ54u)uP))5Xu z7y(~>=i2CVyx|)^hDjNjSRt)!4S6}q zc{zg;@^WrT%*(kksoaN~wtS&MseVtT-}ADo;xkvp7op{c6Huq2;BlBG>Z@u}ToosC zh96F-s!PcU9#60X0bu0Zcbowch#{6ACMN*K2k@o=Z@OoD)y71hXQR*avd^=_@7d<} z?EX?yaU+!snaT#A=Ov$K`&UqwOr+B5D=$knQtA7Zmn9de^#97s;zcU{=4HXDgWdwz zBgx;PAxXs-`Fm9QyX@Lt>GQne^HlkJZ1;D0d3%-5vlHA>I{}7_$>lc3_~8p4vMPPn zn?77}X6+CxjYiR~_V$L|-bSJ0D+u?!_J66pHG(q7z5*Vt2j0)V@_Ma7DxWm3*RP-~ z)kx+2ue>Zfk;+?Nd0Dn0l~=#=vTQ&qo0^ve?X6O@x3kgQ5{ffU+1w`5Zg_!#ChPa? zvTM|5ZSYy!eb#E9wOh3}CBJ+YcCEgqwIEwuNdaXGCtOaP2LW|61k{M6z~Yk>jm06rIR!>u4shoH zcg~0;OxE~2b4KIRyYTRZ&Ic_Lz5=d9w>2o~E3Zi*kDJ$|v%p_L+5Xq0wPXy}vUj1! z6@>ppE(ugsyD?qiF6gqMpv$g6D6b?Cy1A^t$}2ChMm!X-)|ge*IQbICE!BE(N}wm$ zWrJDuo-5d8cfiV95wLE4tiW0WBrY6RpuzwbP`ZE*cvb?>s#d~OBFqLmt@G`)E<{=v z+G(9{r?m}f?Q8{4^{MlFb4@Gp>yZzfZ^1HmxASos@^P7+kM4Fpu)ptS%psmKObWu_ zXdlw$LYpq<1JC(3T`sigg7XqbWVV6_2j$(IYvbu|;}Q9>@pQNGc!9@UMJ2fQdi-xX z%Lh7ZHkxu@H04}0<^JGoH=1$=nsO$Za<8v|voq0Z|5tQ3@Gb5@N41#{z|!2&S%2r&1dK-Gs}?xRi2y(Lif5t#d( z0&5PK`>s_1>y&sZfoFqViRasuD45%>MDPR~$u?BtPMaAnwHfa$Fw9vt<6UYq9+;a9 z%=`ck^CR&vKfuHMfPwFl3>>r3N(N@0(b!ma+1OZiG&YtU3_LHU3N4C;*kx3c+e1tXB_ZMwP^@E zZz7Du!ww60*kR2C4d>f+kz?1z8OYBWc3tF%x>&|uvB3Ii86K-Rwr_2`*VN*)-I}ex zmWRqWUA<`XFIW6+_T#}(HFs1zzhr3bWmoQBmtM5v!0&H3Is99fPJR3HOFl?BUiIPM zSC`$m5?N{PX2KcxTe4(HFQXU#di~w_``?XEKKZ25sI0{6-`_Xhf8V&|l1oM!BS!*M z`LXfw$HoUAeDG)E&wqy3`xhA(U1TgCE#q6?GJHPYkBuMy7*Q{}+qnB~WB>mBe=+{@7ofQ9PUFryji3DF zCl?qOTmV#g*BIAaW1M^Lxo;V7y#~%Y4q%gEL~7<)YltZ zwrp8yEM1DMUGt9d&N~L~~3`Lj-tHQ z$LQ0?7(96JqsF6;qDVL2VBBzn@!ju!_n>j`Ad2?p3FE{GBQ7p(tFd(}iunCC#+o(8 z>#x6lhjGUpDC+kzjEoH9#v5;}F=}d1|tLysGeKW?0H#u+P& z6)Ql3M}BSm`qwyJY4QYP!UT}wi{Zxb;l`#-o6a}RKOZDnS#4BT8<$>s=_F&)B#@>! z#Yjmp&OFmL-}UU-^S8!te`~-#Gsl=S2c)XM*SPmyxagNAA)2{yBJ-%7!N=E z@E&8&9+2*xdyISTF@nKhsZm-A6283I*u2?Ty?S-IQC<#G_ML5Do$tbh3mc4v29R{_ zFN|OO!syts;|sVztK z^dsY=kBqa=KKpj#_S;caH@s@R`l^wZmiC14#1p8pgJnipnQ`HT7lw^+7*%&-mN9FV z;rIKWF`jt_Rk*d$Xlyk8_P4)1X*~HPs&dU0#uZl>Pe1+icZ~0R2UU7Uf1`hY<3~UG z(E;PY0aR^<*YJ9c#KgoM#*Q7R;+lUN|NN)%*kg|kGzJbtRge3I@r`d7$BrHQlkulN zp~`QaXUv;t3>!AA#3(62)jz%jjo;X|ZQCbk^k9J%m!Pp5cinZ@2WaGAg-;c&?j2=DuCup=_k@L?*V>N#I)1UT0BL%BeC!=xl z+=U@%lwg@jg=mb%E3drrFEm21PRc4YK4b0LwGW`tv2&_JV>3+C+=501R{Cu=8kce8 z$dR#VRA8w&FQPFSyLa#YCK?e~>)vE{ZV6hJeqp=vfcJ2Bu8VOjfOB@=9 zaqYF&zK%u#mfLe98iTQX`SJoZ0A8arM<#UkD}wYcKYLd5i}ieDH5z8nAfL(_j|ky6dj{5tsz5 zepVuw!+8Gr=N|)8faND112Y)Cd-om&CIIW#ZbRi83l=Q63zd#0@COT(ZQOU?eLq7b zqbdAqG%DAaF=NJ0QK@JW&z(eN8u#CS|0}3OG>xpas66BF;lm~>4Nc_e5mc5@QBkoQ zm4v2pSv)GoIDY*2E>sGd%v0B*GK`yUx@kEo0ZnKA7!coh=%I%?faqvKo$^6!;|D+Z zK@NzFru5Mi5Z4$qXwV@L6;0~)MIff}?6c4A1rgD-Ui~?UXMFqH-@X_`Llb-AN)XE! zFkrydAQGBd*@GaC@tfcL<~k4sO)mUAh+%yG`RBbs1T?)_3s88YbLYb({DK;KP;fzl|{j>swLX&**I0|EQ?b`Jw6ar22iiePSBM=Du0GUP;{mvj{ z)|fhV>a)lsnri=VBXdS>ZtehN3QhLFZ;%<|cfb4H=g0(_uD3H1H!?FbM<7u&;T@kM zG2@3n{9#ulf~Ne>0FWCmz4X#lAVrfNmH6R;b)6k{B^X-c1i$QFCASrBXF{?!og?B$+7^--EW0`WyDFbCZqd&f=? zU(_N-LftSRZC0RK$)!Jn7$Daif!HGVJ`Ht)rFaR=o7DOZx>?rFePC;H-7BbGN{4cE z1C$C4=#ELn&MXyr@jsv&W-oRLx^vdz{Sc>Y9e)FxkeUIIms0j^h&}d_1Ho40!Z8rr zY?W_7%#%v%QT^0Du7S897aWGTXD{^tnl-s{3e*E?DHoudWvfgB`;dEPpt(_-`3ss0 zrNw0sv*gyj5DV;0mqDzt*Es`Xn9}?Pbo10I>cNhb@{gkXWG`6=cBZ!VF`65t>TkjJ z)Vlr*F@V}LehKxAz4j;QuGpKGpn0*^x)f|cZR|F%JzM=_U|VW0J<+{Tnp^=fPp#>H zAQsu1z6f=MTG-uC+t@1>K-{zS<)GUow;zYNX74x|Vv)VoD5x21RS!bkP;0pgVu(_` z3)Bqu5K3`f4;kO06a6=GiJM(Cx9e*$r_^Y5OX~6kFv(5FgZfYS7(L z%L_qFvX|)qHIGuJ4$Y3OtSi(Sq5VRgp?3N$s2|k+Rzgjr)=-3IPH7#6*rxO@LvyB7 zONKb3v^y7Kk6O$~%&!%(Hiy3bmY4VHmnc_L9$|yPE>Y{APPG(T`ckNm)arhP?v%ajrx06|GWk&3s4cI7`cG-l8)AUH zW);*#Y7KD^%hXywgu1|9{M#6IP|BH5k172hhPpwm?HLRQIBNPkh9m5Se+aQfZSg3? zG_{y5Q1hs*z5q3VqlI@c9H4f1JH!CB%Pfd@YQ3AGCUaCW4eBtp)U%-GQOlkL@k=T9 zbBHf$trMXJQw#nD)E)y>TnTlY((O8^tJF6B0d;_*uirzBpftCj&QW_B3-y88%U_}H zPzyN+;)YV;GpME1cAvxWiCW|i47Vu720?A&sA4OIHI%AXLQUZ4>lO^FsAUa?`a&tb z9K$0@v(KUSP`fw=wVYbRXbgX-Mf?oI2#!)tK>g$>?E6q}sog$_;Q_VT{!rJcMFlZT zq_z+bu}*FCa;U?U`iG#7aFlrw)Fx_+tDpvQbaykMcI3w}lB2%wL5=6AU>(#IYCCsf_{vdZKMWr^`Y44u$5G~6P>VS#dK}`KqtQE| zHd1Sz2epOTa=! z`$nh>9JO2zaZIh!4RxHOz*MMT9F5dMjih$`FNklBlJ;OY%u)FJ7_M@3_G_rA21Iu? z)D4cV?uB^gXy5?UaB8`)L#^ZJ?+&Of91Z*v!&zzp?_ro|plkMG_{h=tP_y)N+`hT4 zgMRxaZra3#A1@Bwstks|w>Xfs7f0j=7VoWuWiXiaYQQ=cuyEGsnt-*%A9^Mwj$3MQ zsw@wJ&4x|?kNZ!ae8!E2%qtwQdB%;s7v5m#=5eNNEZ+N(xp*HJLc;3O32WttVk+Io z%ZQeqWF%Z#iwz5|KsYruX!XtD?IPGd6U;~n_S@?Z#rs3oVaEN2M1N>>l51%gG3vT$ zc9OiD1lT5n8JKH8JWNXD<&4SD=H;KP=J~^YGvLF6^$_AE9w3>5X?w>keF0|TQ#e&0 z==W*?uAZ6mJ8{F$`JAxFtOoiVZ92bp5~v{7{^OKGp18+scqSsRLi)BdERTV+zMojvUn_38A0$fiqk7Z*sA#tz zxy^VKn@EarJYV=OLy$~GjOY0QC~I~w)DP!!V(G-KIR0`x7Eas>9=j>i43Ez~v}WM= z>4np#-8x=7c*{LufxG|snKNe$z?1?U%Y1v2-cVLDb~LGxV{~0)x!w`k~8n`I3PLufleKUZ_V41w>fWJ z-kQARMB&*-!OM`2}mx+pikutQRZ+<{yDTl|~-oBZqi zYy6-mFr3oGKC4O+%Mlym!2z+?Z}DuX71Br1f#((wo2Nnc;JC()PK93~z6_&8J{4TiTVIn({EFV2 z9N`sTR6F3R9-L<;8L}QuwN|yo5d|}fiVJ%W9x~$6*~Q~Qa{Fw8!l_vPj=oAJ{BJ(E zhLq)$>=VJ}m2by;L_p$2!4;I=jPGn&-@QHB1S z@`3KWGXGN@$eo>1e?(%d_v(@HF1A+VSt;S{N;~4G;#TlP#Fvm`uJV6~AkeCRQ`S6OT7wb{GLFM}-@ub+Fjcw{_!)oY-{q1SkOj%;T zpQe91H^!whF*v6#kPaAsbX>R3vw8+4r{yKP17hDB{m4IbvHZu_-ckLfSBnSh=&Rp9 z=Ik--Y((3~MW1Lglgos4*(hiL7+IHkj?-NQKr}dcG#Y$7;Kc97lTP8M?2HzklL!p& z#gk5j|2^KLg*PJ1KT(rblP7rkuRvFi(uI8eAbo=%x%b z$J_)*nN$t357GC7sIszO>xQ4&CnCE9v6fs9pN%kd49~3xD*PY<;hgw~*@kg;xa8CYn#<#n@;>amC zt;+n%`#=w%YrD*^*9hblxpK<5xIMsJLWeepA9a&kIU2X#5$W|I_ z8DDoJoqa_tS<%+`v1Emcf4Z{b9!I{_r!)Vt zWJQ^bkgFofr|PQ}IF_uKFX^8q1GZOIRLXd6nc?=zifS2eyvnG2I?EqRR+P*9w@FqM zPHg-5@bYYo65A&$sDB*fwwR+Fn6{*s;cUgezI`4JOlyBW=Hq zGD4ND2lDUiUs&WTW5CTAa9c)@DKr^@&&UX;l|fSr!(_xd$lNr^2Fd`o3pKtVFVp?E z$Oct!cBxy|T`bv<`)|sI5h_8))7iJgk_~N*A4@i<_@^rymOApSKArh*O*Sams^Yg* zHcb6DWy30&;OWYSowA^<_3g1_LrHsN!}MEcPn5>PR>u+j+AkYsvaw6&6;E3>1gu6L zN;wE;TJFFZYsFVs_12Nn>KDFSf&w>1iy0Cqlp(PUcR z81OuaXB?h%ias~uJsO_bfHU0^Jn2;UrFf4P-jT+)mkO zeyuVppAuaJ8cS9yn`LXVUfBGK+A+`f<=XsG?0LQ#mgltWeTw{_+>uCeHr+}+Td9?bnGYLhw6e|sKCRd%Y?;FdbwfsDE z1PfoWWER&SY_abl58auO=GuT;hAUkgC%dk?aCIDRhs82oA*+C?7eZ%p`DvohTH~{- zaL$UWqS9AYmxzNN60O&*H+)qer{uXRcKfPo(|p!8UsX+Fu**(BUa8uj!a!A@rUkof z17JJ90#=o)Vs$|m9MQfJo8}YEE~{~}cqLzP<9VPRn4e z#YlJA?l~K4<1p049S=Bvem6kPNLP1dWF7CsHNcIF5F)s%fxAx%5SNWOS%!O}BZz-$ zBi{TqB`K*3vf3oAO#pGe%<+2=Jgvs>cT&g0+0_qp$V*PUKOXCc#G2vzc)s=Bo&3qU zrJeoBGv{Jy;1x(MDSSW8e36&|z2%U561g0j#~_cVnXLoS>@s zZWwNVv}Sl_KsA(>Bn-)?bNu_Z6edo%TZUKTR{8n0pMO;Kpvu!$UF0zm2rk=xh&4ha zosy-kja#3S;~p73@{r_@e8k=t%v zt;wFnbGZLey3W>{JaxHxT5tYi2!~;IXd2Bcc zu}WwQAKTi(LF)jt1ZoSfKut)qj@Wv^O8`*pHwbNEekiiggVLIZaRiy^X8JMA9cwvh>m{V@5-?ha4l z!U!L)c_1{VBaeI?WER_$F0({g0ps2hXFmy$=nJF4zZ)YwWSN{q6#}aD2~=H<3F)US zzD&L89A-8xwr6F#t)eF!;j9@2cjKMz|8Fu))stPimUR_te69NA)0Jsmot>Y|fD;@` zrnNPGESaX_pRP>n=geq~{Kt}MUK!u32rr*)m1%C-51+0~E0O8D<&$lIX{+>gyjqtZ z$?Xa$)AJ(``^8C?STZeFB5i|Ao1x}RIc{!Erd{Fb*Y10oS87HkuP8?3j=_*PULF^d z1+33U1VdsVenV(%Lg;LqK5B;8TN!b?c3_md#Z__8dMPiIZdu#&a?)2)7=)RqXRwb*_rq!J+hr!BmeCMOxLq6lgp9z)*hyL*4H~ zg^!vVGN++*JJwil;zV=US5Wis=A{10Rj~&#tleO!hi!(sKV%krUJDJINun`_uUoIU zD&CYV^&@K|G6_}z$L6Fz*b_YK*^O+?51DuR;&%J3ojWRB6|cG~HdwEqTtD*Vq?TD# z(9Z0l#iu^dGxcuI$3E-(38Q`1nYd+fP18aEnyS7)Tk;JbaYN`qmOXTVKQuIfW|qg$ zpUCzlo0V)mX6PFT2+|1J=4Ea4?O5$c69Z{Mgh8RypIQ6z;!_1_Qb1ZZwVc$){XJ7b znO&h#!$Kx1a7PnmKu&*7(l47Rlm1Z8^uNTX-y1T6I4<5FGEHCHo4y@YehYdeDxg+W zKvEfE{iS&YB>manGwI$u94{Oi<^>R1{~S$v*M*)G<4(q(2zTu zbE`jYqijyDiUZawf=}|$@X=Tm2j`^zL-MrUd{e96+XQMu zz5e2h@AZ)NGTURFXpg-f>DlXkpYjaKmzsem>=C{6#{Egr^4jVm8QrV!Kq@Up=dPJ61+E)g}Cp~Dh_<`Cx zpbBfJ67UYvk!E;6BU|+r8lVH#XCr8Rp6UzXc-m308sC|b>Dmly@r$mPc{qccM_}aA zZoDRrR_N?J4hAPfW#GNCW&5CWn^iUO!SJ+TY7dQ=TNkwdP9L889u?3dxS5GL$} zTYc6pR|RayDiYS7O zW&r%~OyL0<5^77;w_66@aPYWxz=^^|Jhv5OsbF z*Md$x>9;#Z7)%vG@#cS~41X*q#RfEH|6EW4|s;CO$KHaK!VLz!tK-3dnt*w}MVX<>fD;Fk}soFG> zY^NU77H@N{jRWeGF6&I(?dqxsoJ9PzE?Ycrn_&~*Uf!y!;E6c=JUkR%ixBFglrD{t z@EbhaIR8YpTNj5~5w)YSpC7~@h3t&+TRVK#I>Ci6LMQT7eVXXEUdglG04JwdZ(3_u zK609M090x4p{EXZsrOr-;%gtZclcrEDvf9BSZ@To)cCDk@PZB`D1=v-rS_wV@659r z@r8`C!EZy`ACB8<#D{413MM)Yd<3k7jM|x;R2}GuXe{?bO0{FWin@ zJKMg$z}jYQw_Zb?stU#|m$PnbF91SC@5MD{Pd|6&^@Wq%=J;aiap~n*c1mj4=3L{F32$X{8^m#@xTAFl z&!91r-K7cfm&7NhVXqtRM-^vjm@?z5W!U?9AM1VbxJUJF-mO~NG5(hwx+c4ExXU0B zX#@;I!w{!L#_Pt#8e+~0JKkH&S^4Zas}*taC*q?{TeV^V{7cF2v5RK*(@(25RPztulhg%wc+~u)Y+0APW*Rha2@|*4X)!a)8IP( z9&%BW6Mv=#*YW3Ta2?MG4X&rVS=L(u%1544ba+0|E-+12lPmyZbiEeTLOukh4Mxat=b zJVB@&P3Nd6_&Av#RSpGDm*L$aS55hJOL&F@{%c8>Ob1+r@8y6mm*KM=a239<1Aeaz zpX-2^N_c+?!L{(LwQ#`i^Dm z-zEdDl*V1M4PO<%DqHcz5-yv+LTlXSNLP6{ZN=mh;ym5>S0FBNl8<#aO{VYFfp}+o z)g9*w2=nSdyqDOg_8TQy`Pq*+%g@8|7)0?kUWI#7rr+9J!(fDV(u4?hw~>BhWPE4& zt7ZIcM5Z~Fe+3$emuTfzi-}DckoC{5Q^i;HAC2~mvXY%Q+(WW(?53i{C(K#*jAu&z zTfz^`IcXJZuECTY;$$r@U!CzMj>THs_N?W@9h;n!XwO*>iJF?_75PzX`3kJ{G^L#I zjld;jP1Y2w<-?yhL9FG&x<1!dF{_U8+-i=2D&sH`;7U7~E-;|6M