From 536649082212e7c643ab8d7bab89f620fbcd37f0 Mon Sep 17 00:00:00 2001 From: slontis Date: Fri, 21 Jul 2023 15:05:38 +1000 Subject: [PATCH] Add EVP_DigestSqueeze() API. Fixes #7894 This allows SHAKE to squeeze multiple times with different output sizes. The existing EVP_DigestFinalXOF() API has been left as a one shot operation. A similar interface is used by another toolkit. The low level SHA3_Squeeze() function needed to change slightly so that it can handle multiple squeezes. This involves changing the assembler code so that it passes a boolean to indicate whether the Keccak function should be called on entry. At the provider level, the squeeze is buffered, so that it only requests a multiple of the blocksize when SHA3_Squeeze() is called. On the first call the value is zero, on subsequent calls the value passed is 1. This PR is derived from the excellent work done by @nmathewson in https://github.com/openssl/openssl/pull/7921 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/21511) --- crypto/evp/digest.c | 37 +- crypto/evp/legacy_sha.c | 3 +- crypto/sha/asm/keccak1600-armv4.pl | 4 +- crypto/sha/asm/keccak1600-armv8.pl | 4 +- crypto/sha/asm/keccak1600-ppc64.pl | 3 + crypto/sha/asm/keccak1600-x86_64.pl | 18 +- crypto/sha/keccak1600.c | 19 +- crypto/sha/sha3.c | 100 +++- doc/life-cycles/digest.dot | 24 +- doc/man3/EVP_DigestInit.pod | 21 +- doc/man7/EVP_MD-BLAKE2.pod | 11 + doc/man7/EVP_MD-SHAKE.pod | 15 +- doc/man7/img/digest.png | Bin 56894 -> 84676 bytes doc/man7/life_cycle-digest.pod | 130 +++-- doc/man7/provider-digest.pod | 3 +- include/crypto/evp.h | 1 + include/internal/sha3.h | 17 +- include/openssl/core_dispatch.h | 4 + include/openssl/evp.h | 6 +- providers/implementations/digests/sha3_prov.c | 114 +++- test/build.info | 7 +- test/evp_xof_test.c | 492 ++++++++++++++++++ test/recipes/30-test_evp_xof.t | 12 + util/libcrypto.num | 1 + 24 files changed, 938 insertions(+), 108 deletions(-) create mode 100644 test/evp_xof_test.c create mode 100644 test/recipes/30-test_evp_xof.t diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 42331703da3..ab670a8f49c 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -502,6 +502,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) return ret; } +/* This is a one shot operation */ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) { int ret = 0; @@ -526,10 +527,15 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) return 0; } + /* + * For backward compatibility we pass the XOFLEN via a param here so that + * older providers can use the supplied value. Ideally we should have just + * used the size passed into ctx->digest->dfinal(). + */ params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size); params[i++] = OSSL_PARAM_construct_end(); - if (EVP_MD_CTX_set_params(ctx, params) > 0) + if (EVP_MD_CTX_set_params(ctx, params) >= 0) ret = ctx->digest->dfinal(ctx->algctx, md, &size, size); ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; @@ -553,6 +559,27 @@ legacy: return ret; } +/* EVP_DigestSqueeze() can be called multiple times */ +int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size) +{ + if (ctx->digest == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); + return 0; + } + + if (ctx->digest->prov == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); + return 0; + } + + if (ctx->digest->dsqueeze == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED); + return 0; + } + + return ctx->digest->dsqueeze(ctx->algctx, md, &size, size); +} + EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in) { EVP_MD_CTX *out = EVP_MD_CTX_new(); @@ -1032,6 +1059,12 @@ static void *evp_md_from_algorithm(int name_id, fncnt++; } break; + case OSSL_FUNC_DIGEST_SQUEEZE: + if (md->dsqueeze == NULL) { + md->dsqueeze = OSSL_FUNC_digest_squeeze(fns); + fncnt++; + } + break; case OSSL_FUNC_DIGEST_DIGEST: if (md->digest == NULL) md->digest = OSSL_FUNC_digest_digest(fns); @@ -1075,7 +1108,7 @@ static void *evp_md_from_algorithm(int name_id, break; } } - if ((fncnt != 0 && fncnt != 5) + if ((fncnt != 0 && fncnt != 5 && fncnt != 6) || (fncnt == 0 && md->digest == NULL)) { /* * In order to be a consistent set of functions we either need the diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index 0c2afc29007..38423ff540f 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -37,7 +37,8 @@ static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ } \ static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ { \ - return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ + KECCAK1600_CTX *kctx = EVP_MD_CTX_get0_md_data(ctx); \ + return fn##_final(kctx, md, kctx->md_size); \ } #define IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(nm, fn, tag) \ static int nm##_init(EVP_MD_CTX *ctx) \ diff --git a/crypto/sha/asm/keccak1600-armv4.pl b/crypto/sha/asm/keccak1600-armv4.pl index eaad86d39dd..18948fd7c0d 100755 --- a/crypto/sha/asm/keccak1600-armv4.pl +++ b/crypto/sha/asm/keccak1600-armv4.pl @@ -966,6 +966,8 @@ SHA3_squeeze: stmdb sp!,{r6-r9} mov r14,$A_flat + cmp r4, #0 @ r4 = 'next' argument + bne .Lnext_block b .Loop_squeeze .align 4 @@ -1037,7 +1039,7 @@ SHA3_squeeze: subs $bsz,$bsz,#8 @ bsz -= 8 bhi .Loop_squeeze - +.Lnext_block: mov r0,r14 @ original $A_flat bl KeccakF1600 diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl index ab7aa713acd..72f8c3adb57 100755 --- a/crypto/sha/asm/keccak1600-armv8.pl +++ b/crypto/sha/asm/keccak1600-armv8.pl @@ -483,6 +483,8 @@ SHA3_squeeze: mov $out,x1 mov $len,x2 mov $bsz,x3 + cmp x4, #0 // x4 = 'next' argument + bne .Lnext_block .Loop_squeeze: ldr x4,[x0],#8 @@ -497,7 +499,7 @@ SHA3_squeeze: subs x3,x3,#8 bhi .Loop_squeeze - +.Lnext_block: mov x0,$A_flat bl KeccakF1600 mov x0,$A_flat diff --git a/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/sha/asm/keccak1600-ppc64.pl index bff0d785859..3f8ba817f8d 100755 --- a/crypto/sha/asm/keccak1600-ppc64.pl +++ b/crypto/sha/asm/keccak1600-ppc64.pl @@ -668,6 +668,8 @@ SHA3_squeeze: subi $out,r4,1 ; prepare for stbu mr $len,r5 mr $bsz,r6 + ${UCMP}i r7,1 ; r7 = 'next' argument + blt .Lnext_block b .Loop_squeeze .align 4 @@ -698,6 +700,7 @@ SHA3_squeeze: subic. r6,r6,8 bgt .Loop_squeeze +.Lnext_block: mr r3,$A_flat bl KeccakF1600 subi r3,$A_flat,8 ; prepare for ldu diff --git a/crypto/sha/asm/keccak1600-x86_64.pl b/crypto/sha/asm/keccak1600-x86_64.pl index 02f0116014d..bddcaf82941 100755 --- a/crypto/sha/asm/keccak1600-x86_64.pl +++ b/crypto/sha/asm/keccak1600-x86_64.pl @@ -503,12 +503,12 @@ SHA3_absorb: .size SHA3_absorb,.-SHA3_absorb ___ } -{ my ($A_flat,$out,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); +{ my ($A_flat,$out,$len,$bsz,$next) = ("%rdi","%rsi","%rdx","%rcx","%r8"); ($out,$len,$bsz) = ("%r12","%r13","%r14"); $code.=<<___; .globl SHA3_squeeze -.type SHA3_squeeze,\@function,4 +.type SHA3_squeeze,\@function,5 .align 32 SHA3_squeeze: .cfi_startproc @@ -520,10 +520,12 @@ SHA3_squeeze: .cfi_push %r14 shr \$3,%rcx - mov $A_flat,%r8 + mov $A_flat,%r9 mov %rsi,$out mov %rdx,$len mov %rcx,$bsz + bt \$0,$next + jc .Lnext_block jmp .Loop_squeeze .align 32 @@ -531,8 +533,8 @@ SHA3_squeeze: cmp \$8,$len jb .Ltail_squeeze - mov (%r8),%rax - lea 8(%r8),%r8 + mov (%r9),%rax + lea 8(%r9),%r9 mov %rax,($out) lea 8($out),$out sub \$8,$len # len -= 8 @@ -540,14 +542,14 @@ SHA3_squeeze: sub \$1,%rcx # bsz-- jnz .Loop_squeeze - +.Lnext_block: call KeccakF1600 - mov $A_flat,%r8 + mov $A_flat,%r9 mov $bsz,%rcx jmp .Loop_squeeze .Ltail_squeeze: - mov %r8, %rsi + mov %r9, %rsi mov $out,%rdi mov $len,%rcx .byte 0xf3,0xa4 # rep movsb diff --git a/crypto/sha/keccak1600.c b/crypto/sha/keccak1600.c index c15bc42aaa8..6682367be19 100644 --- a/crypto/sha/keccak1600.c +++ b/crypto/sha/keccak1600.c @@ -13,7 +13,7 @@ size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, size_t r); -void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); +void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r, int next); #if !defined(KECCAK1600_ASM) || !defined(SELFTEST) @@ -1090,10 +1090,16 @@ size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, } /* - * sha3_squeeze is called once at the end to generate |out| hash value - * of |len| bytes. + * SHA3_squeeze may be called after SHA3_absorb to generate |out| hash value of + * |len| bytes. + * If multiple SHA3_squeeze calls are required the output length |len| must be a + * multiple of the blocksize, with |next| being 0 on the first call and 1 on + * subsequent calls. It is the callers responsibility to buffer the results. + * When only a single call to SHA3_squeeze is required, |len| can be any size + * and |next| must be 0. */ -void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r) +void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r, + int next) { uint64_t *A_flat = (uint64_t *)A; size_t i, w = r / 8; @@ -1101,6 +1107,9 @@ void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r) assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0); while (len != 0) { + if (next) + KeccakF1600(A); + next = 1; for (i = 0; i < w && len != 0; i++) { uint64_t Ai = BitDeinterleave(A_flat[i]); @@ -1123,8 +1132,6 @@ void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r) out += 8; len -= 8; } - if (len) - KeccakF1600(A); } } #endif diff --git a/crypto/sha/sha3.c b/crypto/sha/sha3.c index 633bc2e1208..2411b3f1f8e 100644 --- a/crypto/sha/sha3.c +++ b/crypto/sha/sha3.c @@ -10,12 +10,13 @@ #include #include "internal/sha3.h" -void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); +void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r, int next); void ossl_sha3_reset(KECCAK1600_CTX *ctx) { memset(ctx->A, 0, sizeof(ctx->A)); ctx->bufsz = 0; + ctx->xof_state = XOF_STATE_INIT; } int ossl_sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen) @@ -51,6 +52,10 @@ int ossl_sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len) if (len == 0) return 1; + if (ctx->xof_state == XOF_STATE_SQUEEZE + || ctx->xof_state == XOF_STATE_FINAL) + return 0; + if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */ rem = bsz - num; @@ -84,13 +89,21 @@ int ossl_sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len) return 1; } -int ossl_sha3_final(unsigned char *md, KECCAK1600_CTX *ctx) +/* + * ossl_sha3_final()is a single shot method + * (Use ossl_sha3_squeeze for multiple calls). + * outlen is the variable size output. + */ +int ossl_sha3_final(KECCAK1600_CTX *ctx, unsigned char *out, size_t outlen) { size_t bsz = ctx->block_size; size_t num = ctx->bufsz; - if (ctx->md_size == 0) + if (outlen == 0) return 1; + if (ctx->xof_state == XOF_STATE_SQUEEZE + || ctx->xof_state == XOF_STATE_FINAL) + return 0; /* * Pad the data with 10*1. Note that |num| can be |bsz - 1| @@ -103,7 +116,86 @@ int ossl_sha3_final(unsigned char *md, KECCAK1600_CTX *ctx) (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); - SHA3_squeeze(ctx->A, md, ctx->md_size, bsz); + ctx->xof_state = XOF_STATE_FINAL; + SHA3_squeeze(ctx->A, out, outlen, bsz, 0); + return 1; +} + +/* + * This method can be called multiple times. + * Rather than heavily modifying assembler for SHA3_squeeze(), + * we instead just use the limitations of the existing function. + * i.e. Only request multiples of the ctx->block_size when calling + * SHA3_squeeze(). For output length requests smaller than the + * ctx->block_size just request a single ctx->block_size bytes and + * buffer the results. The next request will use the buffer first + * to grab output bytes. + */ +int ossl_sha3_squeeze(KECCAK1600_CTX *ctx, unsigned char *out, size_t outlen) +{ + size_t bsz = ctx->block_size; + size_t num = ctx->bufsz; + size_t len; + int next = 1; + + if (outlen == 0) + return 1; + + if (ctx->xof_state == XOF_STATE_FINAL) + return 0; + + /* + * On the first squeeze call, finish the absorb process, + * by adding the trailing padding and then doing + * a final absorb. + */ + if (ctx->xof_state != XOF_STATE_SQUEEZE) { + /* + * Pad the data with 10*1. Note that |num| can be |bsz - 1| + * in which case both byte operations below are performed on + * same byte... + */ + memset(ctx->buf + num, 0, bsz - num); + ctx->buf[num] = ctx->pad; + ctx->buf[bsz - 1] |= 0x80; + (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); + ctx->xof_state = XOF_STATE_SQUEEZE; + num = ctx->bufsz = 0; + next = 0; + } + + /* + * Step 1. Consume any bytes left over from a previous squeeze + * (See Step 4 below). + */ + if (num != 0) { + if (outlen > ctx->bufsz) + len = ctx->bufsz; + else + len = outlen; + memcpy(out, ctx->buf + bsz - ctx->bufsz, len); + out += len; + outlen -= len; + ctx->bufsz -= len; + } + if (outlen == 0) + return 1; + + /* Step 2. Copy full sized squeezed blocks to the output buffer directly */ + if (outlen >= bsz) { + len = bsz * (outlen / bsz); + SHA3_squeeze(ctx->A, out, len, bsz, next); + next = 1; + out += len; + outlen -= len; + } + if (outlen > 0) { + /* Step 3. Squeeze one more block into a buffer */ + SHA3_squeeze(ctx->A, ctx->buf, bsz, bsz, next); + memcpy(out, ctx->buf, outlen); + /* Step 4. Remember the leftover part of the squeezed block */ + ctx->bufsz = bsz - outlen; + } return 1; } diff --git a/doc/life-cycles/digest.dot b/doc/life-cycles/digest.dot index 8d4d72480c9..2f22a0d5e69 100644 --- a/doc/life-cycles/digest.dot +++ b/doc/life-cycles/digest.dot @@ -6,28 +6,30 @@ digraph digest { initialised [label=initialised, fontcolor="#c94c4c"]; updated [label=updated, fontcolor="#c94c4c"]; finaled [label="finaled", fontcolor="#c94c4c"]; + squeezed [label="squeezed", fontcolor="#c94c4c"]; end [label="freed", color="#deeaee", style="filled"]; begin -> newed [label="EVP_MD_CTX_new"]; - newed -> initialised [label="EVP_DigestInit"]; - initialised -> updated [label="EVP_DigestUpdate", weight=3]; + newed -> initialised [label="EVP_DigestInit", weight=100]; + initialised -> updated [label="EVP_DigestUpdate", weight=100]; updated -> updated [label="EVP_DigestUpdate"]; - updated -> finaled [label="EVP_DigestFinal"]; + updated -> finaled [label="EVP_DigestFinal", weight=2]; updated -> finaled [label="EVP_DigestFinalXOF", fontcolor="#808080", color="#808080"]; - /* Once this works it should go back in: - finaled -> finaled [taillabel="EVP_DigestFinalXOF", - labeldistance=9, labelangle=345, - labelfontcolor="#808080", color="#808080"]; - */ + updated -> squeezed [label="EVP_DigestSqueeze", weight=3]; finaled -> end [label="EVP_MD_CTX_free"]; - finaled -> newed [label="EVP_MD_CTX_reset", style=dashed, weight=2, + finaled -> newed [label="EVP_MD_CTX_reset", style=dashed, color="#034f84", fontcolor="#034f84"]; updated -> newed [label="EVP_MD_CTX_reset", style=dashed, color="#034f84", fontcolor="#034f84"]; - updated -> initialised [label="EVP_DigestInit", weight=0, style=dashed, + updated -> initialised [label="EVP_DigestInit", style=dashed, color="#034f84", fontcolor="#034f84"]; finaled -> initialised [label="EVP_DigestInit", style=dashed, color="#034f84", fontcolor="#034f84"]; + squeezed -> squeezed [label="EVP_DigestSqueeze"]; + squeezed -> end [label="EVP_MD_CTX_free", weight=1]; + squeezed -> newed [label="EVP_MD_CTX_reset", style=dashed, + color="#034f84", fontcolor="#034f84"]; + squeezed -> initialised [label="EVP_DigestInit", style=dashed, + color="#034f84", fontcolor="#034f84"]; } - diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 409630e5d4d..492180def97 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -12,6 +12,7 @@ EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_DigestSqueeze, EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, EVP_MD_names_do_all, EVP_MD_get0_provider, EVP_MD_get_type, EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, @@ -61,7 +62,8 @@ EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); + int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *out, size_t outlen); + int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *out, size_t outlen); EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in); int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); @@ -291,9 +293,16 @@ initialize a new digest operation. =item EVP_DigestFinalXOF() Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. -It retrieves the digest value from I and places it in I-sized I. +It retrieves the digest value from I and places it in I-sized I. After calling this function no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex2() can be called to initialize a new operation. +EVP_DigestFinalXOF() may only be called once + +=item EVP_DigestSqueeze() + +Similar to EVP_DigestFinalXOF() but allows multiple calls to be made to +squeeze variable length output data. +EVP_DigestFinalXOF() should not be called after this. =item EVP_MD_CTX_dup() @@ -478,8 +487,9 @@ EVP_MD_CTX_set_params() can be used with the following OSSL_PARAM keys: =item "xoflen" (B) Sets the digest length for extendable output functions. -It is used by the SHAKE algorithm and should not exceed what can be given -using a B. +The value should not exceed what can be given using a B. +It may be used by BLAKE2B-512, SHAKE-128 and SHAKE-256 to set the +output length used by EVP_DigestFinal_ex() and EVP_DigestFinal(). =item "pad-type" (B) @@ -795,7 +805,8 @@ EVP_MD_CTX_get0_md() instead. EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated in OpenSSL 3.0. -EVP_MD_CTX_dup() was added in OpenSSL 3.2. +The functions EVP_MD_CTX_dup() and EVP_DigestSqueeze() were added in +OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man7/EVP_MD-BLAKE2.pod b/doc/man7/EVP_MD-BLAKE2.pod index 205b0c59be6..288a6dd7353 100644 --- a/doc/man7/EVP_MD-BLAKE2.pod +++ b/doc/man7/EVP_MD-BLAKE2.pod @@ -25,6 +25,17 @@ Known names are "BLAKE2B-512" and "BLAKE2b512". =back +=head2 Settable Parameters + +"BLAKE2B-512" supports the following EVP_MD_CTX_set_params() key +described in L. + +=over 4 + +=item "xoflen" (B) + +=back + =head2 Gettable Parameters This implementation supports the common gettable parameters described diff --git a/doc/man7/EVP_MD-SHAKE.pod b/doc/man7/EVP_MD-SHAKE.pod index 8a31cd53a8b..6f1fe9cae64 100644 --- a/doc/man7/EVP_MD-SHAKE.pod +++ b/doc/man7/EVP_MD-SHAKE.pod @@ -65,15 +65,28 @@ For backwards compatibility reasons the default xoflen length for SHAKE-256 is 32 (bytes) which results in a security strength of only 128 bits. To ensure the maximum security strength of 256 bits, the xoflen should be set to at least 64. +This parameter may be used when calling either EVP_DigestFinal_ex() or +EVP_DigestFinal(), since these functions were not designed to handle variable +length output. It is recommended to either use EVP_DigestSqueeze() or +EVP_DigestFinalXOF() instead. + =back +=head1 NOTES + +For SHAKE-128, to ensure the maximum security strength of 128 bits, the output +length passed to EVP_DigestFinalXOF() should be at least 32. + +For SHAKE-256, to ensure the maximum security strength of 256 bits, the output +length passed to EVP_DigestFinalXOF() should be at least 64. + =head1 SEE ALSO L, L, L =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/img/digest.png b/doc/man7/img/digest.png index 9f35deb5dcc8c03c8631e7d60267e9bbcb1b6a9a..8a9f78a26b39b0e091095fa0b67a5b14d4bc153c 100644 GIT binary patch literal 84676 zc-q{$Wmr_-7dA{t*C+x*H%Nn|l7fJ=f|N7}NQ2bCkdg|L(j`*TNarvT14!x6-5?D^ z=R7m~{J+n)_v8EFy&SKB!#;bjb+3D^b?>v!$CsMQB!o1C7#J8NDleXEV_@J2V_;wf z;^U&O24MU0uiffiSYnNgMcymMQwv_TS#&y4v*Ik3lgjkMmf!B0IjnNUDH-jr{Hy_QA27 zuz-o_H)XS&o!a{$cjPTd)9yv0h(=;&=J8E)g?m<}?M-&RG3UiW+deIuO2YrkCm+K8 zx*0g+}CFwpyu zmUuuqetwt1-yv`~pc-i99wZ<7FtY1hgn3pm@=OUXyVKUM8A!_frTGYg_UN?}u`s*J zOf6?N$Py3|k)2R*I11=22Aq9Jy`R7$MEd=$Q}D}QOhjEY<|M%j+yj7W%slW}rH_Cpuc%-ohxD zPK=^bAm`&EDuq2jt$XR4w#+sT%m6Dk+z!MGM+0%oNitaY@7J5ncfhs)ZB!F3vx<@h z0u{K_kkYvGzrT$@*HkWMCd9cFEE^LNBch3x%$A~4`h zP8xdJl7zs47YQZPiE8@UhN_KX038;)g6++1tha`gl}57m=Xl0+FVKk8384_tE$>Mw zZxsXtKEL%@w|!F-W*I%jI37zE&>VahAp7N)QYzZIzJ3>! zJSLyep>c{qBWKSWaM&#!=@(9jo8~g_;LV{WQI4DyNWks*&iqj3kGpt0+JQX_RFaj@ zsC*ojk4&n_W904v$RLkLw8$zvnD3%?zf&FMU~fph>;0~D)d{#jx8u8`pj}S=W@0q( zTaoCsxF6z?`rrwE=d73;J?36$U4E?TyB$wgyFn}Ah-|y~-L$`!jBNR+U3?Ep)_!KT zBmG{&VWMIU0$#5<>s>{EjpH4HP<1E z39l(wrhqKizRT0zw}-Ji-q2vWvzQfXk#~TWXyDJ3EdlFenJdS`x)_;L37ON);i{3} zxx};(VaD^{ilf<{V){1+s^hKK?=v?1R?TDv|MW2QEdC66a(uuF+G$!tjXWBMlvhl; z9UeJwzqh&z8!>=7w)op#FB1VsMmNCwy9db~3mGI)wL_QrUh?T|9k#7zfH?AMJ58$bT&1G*(zXkD zF^RKrB#XRh(;&1Pju`S6Kwf;VJjy;A+8A%yUpp)iK*zOE)8!r$jGtm6EU{kx5%2aK zttvY0HmFf`tVEve8vCy*U87;dP7776>?sf+;eE`b25z2?7Gd@?lboz1dlAY z$!F#1^L;5BsrJUpqA#lKdo8vytV%JfAIJhjmn8S)AK}GUR+ufUO;5L&X>o-YG7x=c zN1nmRQ9kY$8>D18MS0= zB<~Z~uE=_QuDd2I^EIUhRZmAn)sibfM8SCA<>^4fb9~vWzSyRX3dxI}5iMcY-%LvT zZDbp*NU0$oWK*T50T!=eYpQ_BwH>9*F_R<-Ev!f8q%sq{gokO+w5$kmGh}UVUu)ns ztB=lAh2)!2UNoXPe=N;!^kcK0bPtu9?>-4#&C9TQ z->RRP8KZ4$j<_owUBJ#nfigdq{z>6`vhBV~pq_cwh?^g9-MgX)rnBK!DIsJI#W$vu zPf7mssz>$yo_OyUG$|(T5LI#;tIFx>C6d$Id~=xyv{GHC!dU`Ecb%F&wFv}WUl~lo>froTL(wNIfp{S1PTk_&wHQ;)-5(dHySSzus{ANgr6L{6#(VA`aoxYUv=8(HUrVKPHTIiv6%iF z&zj?+S#4DVwAIcgtcHu8D8|2x?%Ggz)HcYZbJy0Yg>@1}U8Eq6YheV3EkZAuEK@iD zO#Lh>56-Ri7Fn-|86nMZ(K}I~j|TWMsVBK&x(HB>{N&0V_robx{?UWZsL&m=Q--Fa zXjQ7a{%h2af_hYd&k$nCa$xq{ixb&8lPq(TP5@w80A`Ac?lf;#RK9Lzx`T>z2F~b( z5;p@MfDYk&W^SerI`l0m&+wVMCSxTXc^OCAZ zR7g>$s;{b>gRwN;690|Li4h82kF&;+kA#{)>%v|(2Mph5%`W%2(|4mrmy0C<)Xt(`MKoZeUJ#cuDP^h5f1~n@FnBUHZM3!^6szs z-qld8JGq*)krNouQr8#MiM@0HT$W%_Ca2b5!ijuI{1S^W&Sm>UG~mR8c4;-?BmBb z7}XO)*Hj4K*ZoiA!|SaH4-5*T(0P)7%U0}x`A__hQirGg`?2JMMd804L5Vqv`*)X% zxzXzJ?s5s?|1XAW55K|g(v*Q=M%4fCccY!4pN6^Z&hcO;W7h;78W|u@os9QWH8amn z^fuJ_TwF?F#0CUX_5Ux}K642Ye#ds^+ixKR!o!|2BXjD^@X~`TG4Zgl`_DjB z2Q!rW1#%2F*>hVo3j+JHbz`RveIZk?phRm{^9xEOMcA><-Qc+YtnnQj4^Qh!9`^Zk zs;nK&wl6VT-d!KFcXEq>D2wTUjYx6Ev9zjxMAb@@Kv|wL+SGd~`XC*dJaWfjhzmw% z+dx%@UT2L|f&&ObNFXjEgO->T+0<4?RHybI&TYVB#_-lzQda+@|&XyCi{IND2(Bq66>>1Iqt*s((*{5CDy_!bt?I^V_@7S zCH6`;$_c5)(2EY{md#KaDrnYoq{hF8AUR)h1RQOVVXK`#BulMRtY$wPy=f*q$9qZC zTJZTMhh^W_uQh5SqO~5$9e8udCw0bxSa7j%TyJdYZD;J}YYlKW5tC@43R+*fKh|mo2NzJ9xeAT1NH{D$OL`2`r|p>Hu2t z2dq}UDe`^BfGEh|$dO-IYE2|Yl+X^?d+yE{?SO54X1XY6AY)tSr%w&o|Kkr?t>{2& zTMrJs@y0qrh|!_$<_ao4BLOLAo|S}46JeBd1xf=!*?tmdsgyl_!BT$M5-}BI!g#A4~&6<16><9O0_>{#u?d(gL+xqfW0Y_p6+jz2wg_vvGddkM4u^%n*5vjw8 z0#9qD1?!D_o|?8Ju6z0?{LM-ojJpeYsudV2=Bq_rp8pr;vD_MW8!wRox<%TK&&gdC z)g5>3seU@V+g>1xg*oqcior~l;a9QOk757*%r$u{ki#RwlabjVu-WD8I*CERBCRv~JrY6$S%6M-PhRLDZAyVP?>g!2!GBMn!@`#V#u< z!Kn0x97AC`u$yw$94E0dFb)6O&d_pco$CKe-DNu8?!eBYfqUn4v=L-Evp?P1rqZV3`8EgCdqbw5E_$!| zBRgR+KPwuer5al@TaDZ?4wM!{R*&p&Kl&vdoH|wryFc=I3G$P?3N(^ImhhF))|Uyp zvt3*l$6^=7d-s!ak~x^=?hcJxO`f|HTi=8Pr~H}`*q5LC*L<{TI|f7@pQc!VV`Dl7 zO!^|oWfiYjd8V5u#yuG7z2}fK1BXs+4O(6=t(0VpZSsIjL zBsGquQC{D6&)6`R=0DD}eS8SQjLZU!>U~%GHyCSi23qPt_ZD)Gxa@WCzd7!?iqPYw zX+X)i^|JoWT6f_6lvE_P(!lzET1cMN2hYan+4^Hdljy(cisuqS5;pdOn}+ZeOTL*=x#3}^A6vYNswkT#P3zkTz~9b(9$ZVjrSzL z5rQFwBSmtZcYUG*H47@3^ANZThW*|1PD3m@jA%SkTv$RxDmXq+Nomms@$xVYv0`YB zLo3Onk5$?y$vcr!dBuJ4H$nwE4DvsC@}1WH+pe8^`44ALxWQKjP;{&CdoEXc*ZUVQ_ihU@=sa?rV8S8{Elb_&O|_jm$YvVcxBow2@NczOwbdFjL$Q zB7jOEp0MSxk_nPkynW?AFa*U5mYf120+RjyF#ijwG%qFx))^-C1zmh%aJnj`E)FRh z2*vRK*;s?o8tcbDz;e*OdSqqazk}fy?8pB{Kgb0`f#*&9KMuvx5njjp zxn(e7U+L9n23X)9*dboJQy(xRD)j#?XCjDy&f&wko&~+1#8+fSL+BUf_v0(LHzMz! zP@BfG3c?E-gN8Le@YbRw8o(Qm^S1k+^P%2}!y6zf!RC%SM>YGP{@#cqBr(un>iz$Y z3U6U@!1YHF`MZ_5X=Zjs27=r0Oz$L!<4j?fcnj|XKe|wAOX0iOW)$@c=K0?pWMS^yhGA2(b zQVIR=K(*jfZSgB!SD>p>0TCMiS|@JwF^M)3V0AjowUlWvQ56ZO7_>YWttsN&>MG{M zWDVXwd2VvVshRmaT3Ebwh%oGriu(}-TOU`K0ZV8L-12Z_#kqO&FnMDxaN3SFohZx> zeX8KX1RI0q$S0flu6`Dm!4O173)|e6p9^=ljP|DU?@se8ChBWc@eGsEy zgShiuz2cif)$J|HU_r`AOj1I_>-Vblf?1;npxlbwA2yaNOZ1t(q^{xz&$UK9M`xRA zV$#J004t6``Aru_p$Fy9Dj}CJHkdd0%Etnc8^wNi%FOq_oCocE1%$H6msT9`NN5=3 zB^ZDViK`W;h|yuYj*^J06Egc@1p(&UnS1Z`T1rtdg`BxedabtlAXV{gvDzi==UZJn zoEj)3!2&^&4i0C0-5@IF=qQ!#N4fzw3 zcdiI^F$1tLa<4BQOiAL(P$f#Rmpd5HET*sxJYvvpO}xA;^V|9fEpO9%mvH^}dz1S< zcYCw-Z76{_hOI!Vgjc2 z@PpjEje!fNi^&MoptdTG{$!7={fjHW7F;`>rwFdBG7}RWV2(pN`PaWAT%+ zx#qfYw@`dD;p+KjLNK0f4ja_muocZbdv!^2XcuIO@AB@4=YzOzOE=Sgh1k|Z*oFeb zBE8$0UC}P-!FYy?Ddy~p=>6u6;}LJ17vmM>tf3b|uzjo$2i1Zaj6JEfFH6uv2Rt$e zgy)O}rh_?7LgV4yZxx#%yfFokcNrAFe0||FY}%ZIPQo_Wkh%)IkYk*TnN}k18F3yE zZ!C0q(ST5rqNXFKX-SP|Mv603|EZA6O89VA7E>nCVe9c10VPvIHygX6R}+sLZo~Hc zXq^nt;A*924a_R(k@5Kk>KF`?yS2eQma_y*`I}oPuC(qQG#<9z1lj(otia{yX7gb@ zU}O$G3My3@G3u)hB)fQdl*1t^x{tG-C1?dp=WCm=D$1(&!`ZO~Sq+1UYwh@;{yx&(Rqt8;{1rmc3f zvd2Y-LL~@-^6z!~fhoyfdw8 zACcx0>xKt@Ods7;_4h?lB`qbGK0ww7aq4t0y|d-OtHqM-CH8e*${y#P1408|@*#x~ znWfwG`=M3t+j5ViHa`zsz?V-oHN3fvmAN!SQAo@j)n>%Um;C!X=q?O$==F!6m(nb^-7&EjmKZ_dP;$0c+2_tVb) z5#vf2r|(ARWPIKOvMbR7fDX>_3d5SS@B_Dhvd6gVOHhRVwY-Hz5ey?T#bdy)nk8+V&{F*UD-pqOF0SIG$n9P-tYhV_yJU@S18 zleSvqx?IFzEB{o}h19}{#^*7?Y}U_BX850yHMvL6lI1~9VFz=L=0{{r`_o$3j4U}l zPqxpm=UBqYcTC;p0KytHccS@p@P#Mu?RUAMj#WS4Gz7jw1qt>K+Fq4Sr$QWJUP4~ zS~xYOo_2vIw#8tRAapg)lC|jA=DZ+Y3eQ^~%EGv?l(y3tWQVfJPlf>XF#|O%uP@JO zof`|v!Gk%1ORvlqN*@@LR|`ow}c-TtnJ)5}ILZSZ-Ls1ziW~#JnUzU|fUr(ABB+^kV`WKQ~YChRct> ziGniZOm1M?nS;;Opl(JO2*g1BGfaj z+~ByGEpf@S@Bbb5b`G!?ht)b?hQ+(O1xbJPDbjwyq=dg@y}0?p82;yCYDbMG7*>Cp zG(Fu|_bDo(P{rWE$55bNH`LP7I1^e1Oz38YDN9Nr>n~3kRGlV#>_Dqbk+2gN?fR~FIaet3Fj(+u zRM}d+o#ZorffOFJ5|Twp?9sq1y>_d?uWvmlJO8GJwJCJGTg--+6;IT9s|FQeyLnM| z3I`u}q$AD>C$EWXw)E?~H5<~6Wm^yImj>NjJ=_Y+TcSohP+B-!s5*V;16lJNRukC}mo* z-Di9h?3+6Osf@5Q!S&ye=4~QFA7wDg}`FO9>EjmGY<_xl$?cvtoFwXs3FDCWX z&n^LvAL2^mOv$krvWX-L1sycoIpEfwH$SxW``)02KHL}$M5)iMEBngHTn@^!{)9$G z>TNamq9Nz~-vCtsIYd$P`3Q#Amj~JA)|&**rDh8m>@FXHAl7(WmTL}XDP#2vs`vi> zC!QSZr5>_P6#5|Q@7U{!0)p;h7gFgZ`Aud4R4!5=ONsO7lt;vLbCz0I#IplCGu60Boy~!U@6=l>1v+x@= zJ6~QQ2C7B;gw>VqG@WMuq`d$~DOc8mM}qeaUQNBPw=-kO!S;HZxJ^56z?vt4O~Z3EM5?_8)F^<8>0=L2;=8)nY>>NS0YcS1W}C#k%XQ{$i9$=Bu-=rxWXj|i6z7F!0s7u}OJe}6NaSeUMLZ#jiv6i~dm_%s;$jDCLe8;`^JPv!KMN)L2bxk<}P zOYj{^J7Fa%NLQ#1Z3yL!VHOmF{$AcGw&FH<~p41V;ASeV_j5>~uchB~p(2Zb$ zgvv*O{0GN2!|9-lY&-2tB?iA_kjZ!I9InCadgY!CEygTdO+sdB@{f3!co;4$Ncw^& zq32`EWp*bfAlbX;3h1;kveCYIX;12#M!iwn^4lAgL$Z&TYgCBIC`Z=u(hS?n#MO4H zKc?)bg~Ml9eBu)UBzvo7IKw@sYsJ)o6 z`txnkn7X}`NYo+W;#pKVVpkIx-XbnBl)4NW>aaK0ugyp z4iNk59$c|ISR>Fvsm;9%y&=6xwJ6L#)qwaFbzH8qR*OUv3C8qFn0wH4GHbZ=`+SG5 zd1g%apK2%^dIL`Hr8CXb;s<^bnl+_Koga!8sHpJxh=mxd8OFKIx<1-&S^c?Qg4%tr zX<`*(D`U1}-7;ov!gl1A1}Y(}HdF1`D_Bbz-BT&XttZxAuI`L_0C2beM zfiJZm^Xr%L2o6c^Q+|2GXRdiulT=Y$iaToJ>l%N2>6D)i}3--=YRUdW5; zW3_jNeVBesa}IE279>nnkugRFt5S{~S^j+&GhbWbhTD}D+}_pOsgizOfFCP}D&=hk z`RIL@CaO);urBVSt_{C%phZ$I zzY3M0>@YyY(INK7IjI*ZUHYtw#rr<^l-w zBYo&+sEM3TH}|&mRiZ$LJLQ4bqAntLRhCDVibwwqMe6SZm^^dLAd40D(pPQ0YZ3SD ziF$94#%@7`sJLycyUvYTn<4rkW^FkNoXcEPi{AtU5FGx*Xi)B;FTm`UygcG=SD8E3 zx|fg`M63Ga0%p%ZQ|T<6Ej4=0iI785EXG3lpyg23<5+VS??tE8sEf>dJ1P+P)n`ZI z_cJ6bwG=2#@n!F|0d_vr9om5rWryF5QfeCoK;XFs(k- z6kQk3S#g-9U@S_8MD89Yn4|DFK2qXph(GNwxu=NH&;v1n*3{i0!mb62J0|y!`FL zpK!s0Uc@%mMcht1W+2WjmXxMU!>TY;_SY47x&q3uN}rM!j2$Gjs_@sFpYe!HEWGNd zPoKqXgs84qcx#)S;e|4l{A9U=`_}F*gT4_mJhVeLqPMdEbF=gMGD^#%*5K}$S*LpO zFt@t>xe}$1evmk}A+b~{)Jf>Q5!XXxSJ|a*QpJy+%&~*QeBcoC$9;nM&fpEKfk&j1 z$Ym!Ms4lx>4-D!`>}r0o-4=woX2o*xO>h{SCn$+8TOVuCk@#WMszMtkE|$VCGqOhu z4wB{uQ9Z7RivGF&9+v|;pQ=lJ^H))}MX&zi*>i}}rCDEpfWAX4^qGdA;|odADfm4i zIow+}G=o&aJ<&k=qk&W|@FbBX4b_c5zY1V9O)f~J5nzImVfSG0L|#AbI`3cpihXMy zSxiWc`lTU9hT~%@IYhBty1Ra6utY&>3 z{wy(Fm^M3HoS74_BmNJ%jij9_ZJA6&$e@4upXfrNy<7q71S2K`( z=~2+XsRo}8=OJ*!JKQLE#TwX8CIdI#OwTVD4D+)-x#2d6EE(;(WTr3A&mI?3=Xgm) zKo$X2D9FFCsHhAq6jwu^H27wqW~SYuIenoZl@^^yu*7B#B3`PQDpP~J+Jv*606W!B zzI(urRk{u=5Q@2{k6cVuqRHYzBgh*I(c0|4%pcuFpGa&q3}wm`0uo~ZD}DE2fX=5_ zfzk0W`2lC=^sBWnl(f(vGyS2U;m9x}<-IkR#IKle83He}s|hm1$aI^k>IgbdF8e}H zhmS{2or2@cYQ}bV(kzbBEWR%+v{xi+fbD6}!LEahWwpV;Wt7@Zswiz38x@Q0$D+dA z$I(kB<=Ip8_t)EO&Nnr;ExfF)tyt2>ggtK*ctDA}{7svN()EUYShrd1?rl3%r)Xa2 zGh5)NhaU&9P(71k>0k{#4~d40&UDBtX{TABC-Ay7WM=D8TsDeq4TDA^DmH@gRKt$R zuP@cqxDE5ro~L&X6z~cC2zZhHa9-stma8@wCE4CPw{WLd+B4@(0Mjh_w@h8s%!N7p zgK6)T3$_#3+Dz?+YPW;8&1PQCNR(i>^vO%HL37zEy{=_*_?xR?Vbkb&XHd0tu-IXe zHTWZ@eeg;!7V|u{6~ez`v9@FEBAo?%|YhDHV}cibU-mn4Buo9$HHAcI2+cn)HKnIAATR?uBhFA1F|h6z5b6>uky4 zAHI2E^Dx7!@pFdEiG9KLCON7i*7EVcWmB=YQ1aIys9+6T)vR2od-;NFP+merW%5Vo zkw9~Gc+xPA&8YZ^YXLgOwmSo(^-d@e=Vj=n?X>b;KEaog@4V2GC1c>{Xo@ zEgI95Wn%Y>0Sre8wF0rtSg8;E3i=b+bSo|21xO4MQUMUmTfv~GRqoSYo|$x#-w%iz z%=Yyu*hZy?_JUPvv6K8@ms(E`n|e%WjhbM3G&^QMQYhTBK$U7jKkJFV`WwO#{8mZm zGH``cZBWu=*A=V+*ULaDwR^HC-_fbH^c&cbi<#^J3P5d;58%z7vwCJbOR6YIKH4KO zV0>dttm3qiqp%2IQIn4pMt#z4{VyP@`r|48vHJ-7S`;SO<^ekL9G$RDs!%I=Oe&n> z`y#huY5V>yP6ulj$c*^#RwU|7oGLnAbX)w<%wMKvGM z>$Uy_=xjYkmEfXL(|Q-x%}I<1rDcmyS6~(EZ#oN$2c6w_J9fA=I>=Y(hxDVuC@z|k zW80e6o4xrI5fMjk%63CgQ^ae3cCfNdMEWX)O{GLLJgr1q=;0Q>B!5B{W26A3t=5%g z0Z&4{9_nV9l9v-zf*pb^XJKsfR920ZU)a1KqqNI^FWl3+V>0Qc5R9Dhuw_yytTf$M zQU(R}o^hM#>89PWunA*XrNB^UxY*+fD$@0-LhNjAer$9MR_Bidxd*F(9HP82@mFfw zxB+nsetSu(6I>`UqA`_L3~@nt+D%_K5Jma{I)nh(Bwab2Z}r6oZxNkI{FU~j6P%kj zVMqAtcwVGkE|mHyTl6-ZCqPNz0(+s{rO$Q`V(|$gdVr+7gOJrWfF+tWD)2&LVO*oJHgJdTr@Cnt!$oxyZ6<hwVtPBU*>S)2%V)J-m|}+n z3n$jy;jeU;#d=BR$~InsBqhg#M*K%#P<<#D&VHhnSgA&zET9|OIl%73BJF+|8W-l> z4gH`^xol=c|`-9Qu0A6#@NBItlp@)^K_j zI*nCUJACY72V)YFGu%c_n^~Q2AiTTsgSNmwDJyMD)Nby0gxQ$5RT#QZ4G2h0N)Ox; z*h#qLk`!jI+dseT2%=BGR#ox6C&WOD)uSj82gN~Aq_Wt<=YKOOF8M`|jk5AZMOj~^`*g?eR4c}cyzcROo;wE~5d*OTDr)lZ+QN}hd! zMnUQ2SY2H>x2L|Ap8Yw`8shl%@@p4%_~Lq~~XZqu*}V>n|*_05#X zKT`^4SDEg5xcCDx5s?rPSo2gOfI_gMdz&$7*lu#b-v&F!<*>ONyn8Q`fEOn{C{fIP zu)Y@JOc;%|6=c+ZRe=>=`_u)D*zauRpRE!2J1|@!Tyk^uRfeV50mN4B5NT)9*^JV^ zSz#)l7gQZ+=Z8Z#y@J(H7RhUGV%3r~l|wo;u|45kl??ZaI>Ja_8@r&lzHda5e8iaE&ppKTK#@k@s%z zm$ti?VLI=JU3nb)|1GB(C3_n|v7pUDt+tv6xTUj_N`~s%(J*Li)0pO;exm0#$wR+6 zTCJmLgbJ~PN7i!nP@Y&>bg*ePS5=?Ac!t>N ztJ=wr+z!>&KFtiKE#_}z=j3uW`RS011W7r3u#YLoJ2w-1%toWBC zE#P^^US1L#y#AmF)xwn6mBe-+6rfKoaO16MKX`w|*#lLSeIy}ef@%}Oo$8(@sJhMe zP?kpiRK?PdRWOQ0A=o;Jzg$+8Q*?;!y;4wRveM^w?+|47i`yHs{9asWO;4VYBcAXJ ziRisUZWH6A7S(AvZo!{E69lld+D_k?r zRMQih!)bUrzPwXx_9IVz+QyjVEtE}ccUJ0?U+TpyU*kObow-$o;g*^3T)1)~nQhK< zhWE}OVtdc);8pim6}aPAXBgzYEgIsPM|qSzu^13+DHWNsjrWVb2p>Kp8hm5I>pH(V ziq(apH;5(~Oc^7{trzqM-`+$T*Q+<}m2E+03Es_+7cv6tGW2xqOIKB*qA!e`YU$P@IqeEOkl#*uXNkl z8S*P;{;Z7hDu$ViUCYu+aAy9nT)|{x;I;KAO0ZfiACo6G!_Zp0DXcjhrkZm1YCvV5 z8GZbySin%<8oOQ1)0Xs$T@N}NNRgj&zpJC5kAb%dKe~0$nMl*d_ zTF9nfs*j1!jBH&q41bYAj6^t4TL$8}F#80SwUF$nbQ?9(NO9kjZ$(mtC?xjkA(|)hY@>}D%$(0iVVgvocqs>@iTFF zaT)d&Tc=h#Gr%L^7&U29Qa8w*IUhe`&lBX~L{pCBro5e+o!V4x^`{-RDX!8l9Kt$m z6gUrmGd_C6{Y@@$@wfV$_(}?#Bt=Ta=O5wfaP5a(+zth0Sk?WIWOy<^oBO_WyR0)@ z)NVwiPb2ZjPikE#Elo1#Dtl8zLu+W`$S{LEqY~LXeZ%-bi)_KF?y9Csaf-Th4#{u` zu9mGLaVy%G>&hydz!t}heXtLKIDk!`<4HA7?}}$sHdxN>hX~Pif11HtBlb%dUVUn{a){t!mK?Hu_HB$S!Ho$zb3c zKf>!D7uz-Z&5&XuVb9T}!3i>QDv=pD+2oh=IzH#M!&svy0r-c*d_;ydM;`6#D_+hJ znH*5j*&paauwoa^5W#LB*S7V^iE>7I4u`7OctoTPvNgmOBlFI@p+J0#mc18BKh*>c*q+czqdR+0!;HjPQ_LputQ3q2xBF* zylY#ZlzngO;qu@Ieq*Pdq4}{kR$qBst7#XdwHXVOZu(~?-QJz@YpGRl7Xhzg2yaGj z9Q;jvD(c$z?~L2-{*;FMSVw02vFHfv2?NfQ<``IF^M(J%{`GdiCzH{gh?e*J z>{)%l#K@+uZL9kA1*m(MB4j4AD6Vq8Ew#27`V8u^EXq1zt#@?tv2;$BaIzq2WuMKI zVWUcqp#=yEq3GY>Wt!)rUncznHu#Zuem<7n^6-)2<|&b!w|C!JC^5{#csH#7!{x8Q zSKvMra6GTvG;X)~69ap!kGw&fTl@Ja_&8H)kg;f^ZQ3Tu$o!}JE_O{g0&7@(-~9Ol zN+%_vzzaR05KfF47yk}QOOJZBC)dPBCyD^=m4U=JU&B%vwv*SlLk#{Dr?JI0Hl{OY z|GH6FF5WNt1JUeMf%+|S>+RUwK3Sd^pBC`s$1$~&>5*8r+vp5(5AF|&ij)*LGA7zl zlv4D6>n?-2XXG^7^D(Mu=7D!>4DR^6$@m2t_GUeway;K~eDQC@RPpIA+M4zV0<-&9 zZGAV>)e>XgMGK)o_Z1Y#s`N;^F5=G$>@GMensVuGG4yec>mR@Fwniul7~SmVuK=x@ zpZ7bjM;W?*?y2W@^0bkk{b9hiC+D~g_Hx+p4Zt>2Hd;~YqL0(UZnx}iPU7jWN3`zG`cW`H%_d_&ak;`XKX1(6|+X zCq<4-Idt`E%vLvtgIJ{qAmrWj{Al|e60&m-&(@=aU>-s5bg+l9hLyG@;MR!t=ZA+N zCgKxJnv&ZIdVkE zF9H422$*;{i?g#D8RNihe43NbN^SMPs#_g397j8?&x)lL9Q5SV?6%LP zxu9hiU4?8zs)ral3a*DUq#RK02H=9CrXi)R{hdW`sRksDodI~Ea>;Hb0 z+sxV#{wpOh=IvePKYixEmxW(=-)xacN4Z7tDe1Aq$74$~4-iHQ2QB=L7e$ZC=bt2% zPjPMnZFY_8Z8CEP+h2HXk)oM@3``74Ng%aA4dW?(nM~U_uE3!_m1#V*T_|_QaNCgq za0$ZraT$iio3+@X?j#pS-Mi9Ge^|2XKd5a;PQWZUs&u!Req95t`1<_5r#(8Pu; zCE-q}$-sb`tR|`u!BS5U004%<8z0`f>D@FF#vY*6fRcq5zrjrB?P7uujUrjxP&?r) z(JZa+PwCM$N)IhLbYwPu*sa6L@C0;pm>;xJjqA>(dQe)a#~!&a(#rL{iMhB3#1!#T zV?n#$a7>Z$l#hW`GbZMB?EP~(02Y$+5BRx19m;N0rdCGKBjO<~NO7P$q(cI(_JL#}& z>uCL+gJkD+0u01Mg zMSiOPP%>m3Pn$}DtzTX#XzM(@A${Thmtxr3cP}L0D$R?#y|W2MMGH73upkcmC5}$A zsYgdUs4ls?(D z#}{GzM(#FnH+4Mq-p?MJ*Ehx0eRv%7-6#$<-Fs&_R`=LUOC%o6DMAXkj<@R5Fm&;~ zkFpKNxOv^DeKK+5?!R)(?k@(oNMS0Xn1ZvJ7E=KHH9MXbk^YTDw*zi{5Nmq z_zcC){EfsRbWI2vZGKRangqBbb(6uk@fMh{h1Z3C9Xa&lwq`1W?IPVIHLmFk&&5d0lBN zpFAnYut&LVOPz5v2RI|_^@4(-bI>^p6<4ylrVD~1VN}@SYbK%3X%&l?F>cdA|< zM&uu*l6>j+*&{&iLyIhO-y5T~N0z;VxxP7-xw5&@^77g#G`Y*<3!e-N|AYF6#Io-o zZIO-8#?;2%##9QN9<7i6hi9)0i1PWur9qHRK|nydTUxrir5mKXyIZ=uy9Aa-q`O0E zX_oG0xy$c=@BIjG>^pPLd1B^_JH0{UKTjd5v&nIo9*VPl25pdI9zf~{S~LQs1U9QK zoXcMzT^*&0LbJW=N{bX5pK}vR-@e=LlLv`M2~Xbpd`_sTfR21c)*{Kh$Q@|DOHk$$EUE$>ZwfWNIVX8Y}#PeY3i!2&qt_N$<5croJtG9AZK$;&(y9 z2lWi?-B{?+M(^l|vAw63ql!Wj%4%_eni%#CG`N zc@Qo0l>cW-0oYCo>-c~#;1Qygs!GJI)gb`^znAzW||?tWIASi8}X@rG=^7z zB&9$=6ypH|XG$40#%&OV1ol``4yRyHf``XuSwN4)>=~2!+iaXofq`3nKn(K(-VXXP zf~Kv{j$~&nKnI}IHtjaFV?$#J(!I^~?a)a7TDcAUNzbg=$IE~D;y^2)K2R74eew!% zj!95LIXy51IKQD4%^`}FMZgZR0Q7XspGQ^m1~1aH8FB{>pchR{ zyQ>H^Mm(mhBo`8sai>)%YUrH+lZd6b7f5=vAO^I3H&KE1F35>Q8I$I!?P%|y?vN!dMecJNrHGOWA6bKWIQ^7qkQS4UUF_$?#0Rvu$!Sum|Ri{H*i0$dCI^;%gtg z861r~`L;O)-(+-`vp*~|-$Nqj!kVJiZtjmeN?u@AGhtS66mXTR09b6U!<+)XlL|L*tl^a@3k75aaC3G;ZB zhull0O|9D&nODP;+Q1_OqIrK^7_RgCr-u6m*uxr-pPf7lIPhJtI4aNCWVawt!C1g} zL!(1$!upeKC=I`Zl?IazJK91=z+*o9_oF_V2YS@D5@`!a>Cf>%Byu4?cg(-Fmtqsh zv@<(%T&i7BM0T*&Q8Ae^NwXw@2qmF6VH*37t-&}CxR=Q;?|=*6)mvmcrv)`ivD{D$+;30^GEsk}jy};}X)+boNA!73WE#MgdI0lToneKJ;U!$Rx zDtdX?Dqgcc(&IAyAo*Sqbwqz{+ewPdpynZ}Msm}6F=)JQ7T?TgLZo7rgdUUaE;y>( zud0?t+etyrOf%Dk`4Zb+soCiQmd3o>=$(6|Wl+mS2C_YR2byT|e~k|fje_NJc1_){V(pn=0irj!wbg9GjW#@ACO8E_+NdMG&%V|K9Hy^-L@H*LJC8JVj}dl zGpQoy#%R`4?%rV~(?3`cqCs<4a(7f$GJVMxs4x}BH;WDop< zFF1v*gGAKLvb5Pa;cdFg zFW$41#tW4IZVeBQPSM`AIyGj`{TrbH;h7rx;0|9upT;JZ#Gglw-PBq|1t=$;DgVA6 zk*$s(Fhj(eJX|nX@+hf5@T8ADypi{Yb%(x==wRDCslhziJH5<$Qz8lJlidwQRpkR^XuV4jA>b*#b&dA}s3(Hjf;l=FWfsfA)%@33TdiM@Y z7!bYZr>gdCTyBz+@@Sw%pU9r}yVyb)h?v8Rq2S)QEjiAaIa7p^0>P8lYmMp~# z8l6Mhn2@>Q6z>*ca{tt(``bKqO^RHA>}r?Dnz;HdF_cWs9rW@&WK(ijz4w3@!}`+& zbRR&C*Z;fhmaD5DjvxB2eCYZr=g-rA3=g3Y7^RE3M|!n~f@_t(A{-sv{yi_$FF!-0 zl?15E>)MSX+zEFdT>mU29 zl@(5FLdOArHS#{9sE51H{>p;}BlE*%e`Gi+cGOAvX@k?Ns$N$$n4$WkT}wTW-(!EA zbE9aI_wC92sDvE&+-u!C71$am^!3v_f?BDHF1(RHe7L}dsO`14yjX}nJ}TObsrj{% z_CT0ZaA98W|1B$Ql8Bo@4GmSZop@f+YkF$mK*h}BP1;=-%3tS|M}OBJeoz0b+M`wP z;LAh!Ur9ss#0g?`38u1l51fwCe3xwi3P=!yUzW?}q#?-DJj-!Mi zxr8q~r*M--mJI`Zx%jDUhkis)`qTZayN2|_0?4>MHNRaexV3eAn}>m~g#D?kX>xPj zlj>{0*kbm|V4EGZQpo~{nj{h^9n1Xa@-Jd*&DD@I+SFB^@ zjtl~h^tP7+CKALjYaMJ zMo2KvLA#o_yN}v8tnVRZ+`BKQZWaR_#n+qB9ZGv?G~(3CR6m9Wm1-PUju`0XbnL<_ zJ9rc;mE+*UphJ{dg2LALN6TUyqx`FhO}sK*#2bC&MR>-|t{BBHSs2vZb~gjIdeH;Mj6{)vr`%=L z4ADnd_nx5b0ob@)f#fg#@_0FPn3vCdDxjeYimpB;J^8siKKt8Gux24j!!6V5dw zj>LWlqFfjjd;QIVMV!pm(&>0}Ed`-LXrCU$D+p+BrQ&L_43o4D*p*vr4 z&)(WAR~v~3X@aT-xMPd6WK!~0uvGKaU33u9Po|o^srDFt8SN@H0?5I=!-ElLI18;E6Z{sNbK@|Xsy2LH+bNZYu?)1to>7cC9fO` znOyI#bwsnXeCT0iH%F=$Qz!ilxtGJ>rC9*o5LlX(TYee0cF$RHb|%&$e(M!z6)*U7 zh)e8i3w52-ApwNB?X(YvMX;&OZS5!*Jdea_(QC1Jv@kk55b80TX_HjWDR{vdu{x6mXS^K?0giCZZx@9Ll9F){AEBVY>fs)D+zy_L?XuR9FF$3GUDwf10wB`4&oEmN;gs0%0>HdGI{A%Ig4Sk9Unwen5*WP>SLn zc}_ctiCZalfcEzxu!1Y))bm7oSXg+L{W@RSZxQZb$4QEvL3L7oYYjqLK7;$N-HRd@FaTe61qI~lc(b+BR2av(=>&2fd z@20i_1y!q%kE0&bSYJf61oqNK*4a2j_>yo80BTP?1s@-_q~ld8?d(WdR~(A zs)NNDquQCoO%_v9&qg$$V%a}U62h(sp`&_y{N@M$Qat{ql1PecFg{gvMx3Vs>6d{%?}hi;H0<=Htt*%@j@F zi-qfD;)2iGkGuTSQU$B(-yor~b-t+9wlDA^?`;IXzO`R9gfA`iT%R{K;;Xx+p_#2a zC}O>(T5=C6GV%)1iQcLu?+6n|H5zkC>kiL9dl&?~{5w@T|MsC>`Y6VP>R1`}~8q`qR1(iOo6Zr6ZN zA(uoel9z&(forSmLA)fv!OO(~nU7iUAQ)gZVK?B|bBGun1_i+KC(C%LjOV^DdJ_J5 z0JVX9Or3My$cbL$!+G`4VeN&<_V^rl43VEVaWQSebyo7hhmm?2y^Z408hVXYIbv0vXiyS|3kINmWck=laUEo1fJh0R7-^X>Xb2(qe6cV^XCb)K}H< zwfkK^wl`GMRuexarZsHsjn|FYz&3M;xDr5)$!q@v1^etPa~e9<{;lSHu?j?fOP6f| zlkw7nYZt8s7K12L=>v#>&MjZUVb`O26Q9x%1IH45R#E_O zdxRi{&Wdj;bKx5VY@k`nJ+Jed{qXjaQ~h9Up5m{rgllj(!d*Fz5opIy-3LnPSAHs9 zs6IngFPV!KuJQTe|3oqeQn}npK8TEcn;3LBMs8tLuMzueKlVQ57!puFw~Lv2X9gzJAI$3dcNmH`?8_ zdwXBnS z!f$b{-ReuL+|_q=fpMs`rcW7}Q}kXwQ=$QR`8FgCVG@clG zb9z^@Y}!Fa)py$I?0zo;5!pR1m)kRvQ@O-yDT$o#H|Napyy_Ki1S*JNKr_RMWOfwedtniGw8Rc{%7OWR$t&xT z535WoikV^#t0Wj&H8>u!kGJPHh}uU$s3%sH2_OCf>H=zSuKPGMwNzL^^!6w9K!uT~ zo$OC%dFdezNSPY$Fq@}tZdrPPItsnimFh)GK|JIsI$}4}y~5;blsRSMYUSA<w# zop|EQ2+m;MFh1j#JALevH~I-|{l3`I!B|;0{+#hbMdwwMSFu5Pu_pf@U)L~By5%E) znesEa?62apZ_VEf2y0e)1xNUW_Eq+*pdDA)Ib^(uP48qs38C!7O7Y6m{3%g*E#io= zb6Ux?52d}w@Hy(F(quX`i^y(vaxY1`_>orImR|t?q1@yN^;_%S$-^n9JoEBWU3{wy z|21NN?7hK7C|)EQd3N4A)`p#qb^_PAw#8jSjph0I+wNw@cne|JDpV2fKc9Fi2q!_R z)dF^CoR;x55WB6d!vBqOW3~hl#ixj!JhXC2Fj2vv-m~GM5ApRG-El0{7aPNLz=BMw zgy}XINTc2bnrUpbA89m0=j1uim6qnIOp6@WW+cvHilPdgB&K#)pa9+UnY}&<@aI=p zb+CLagN_a)%SrI=n%8e+xp}@%nlT|sT8~%!(2nncY1xsAs1%DA8d~YCW7i=!(IBE0 zsT4#Pm7fb0g(5;D{n}Hnbm?y!dr)$nGC8L+yo+CmbEy?`MLWudi5ID)a}z~P@hYQY zr!R>HJWw`wUDcI(8Ui*IQ}~ilF^sL?}iSY4CRGK2}k!M-2)!P zGa8Se7hGgfcs#K_k?GLFMyN6rN+*=yau6$_6Hz@y79@?t7W4rOAwtmp#(l{XuTtoc z6k#2#p56l43yglywCmes`tdJ;Jc_l-Ipf9HFv*R$`l@7+mmT^WE%#{23wNOVU*BNj z;l0AUY*}DvzEaz&7ox#4z#kPQg}Qd{ffIaIesx;jeU-_zfew#H+et=;?lEfrzS3wf zWgeimvI|Qw^~}YBM*#1G%wOf;t%jw$`VZZaNynM0(%MBil=4q0V<=qONDsVC*UO(2 zZk^HnFy7mx!%X!pZ)Lqbb?d1tp>J1vX9+U$|Niu>*+&i_Pz;SLLx=B~Z+t<5ok`Bl5I@PRwv1aVyR!BMUJW#ON` z0g=zP)uSS`!AbA+(xf!!%>VBNfRHdl<(y{6GZ$`~gqo)Bo4WPjc(yhVgb)^{ehbU?^nR9r5yz9~NfN>6{^N|nXH^?nQIUH0s3m+~tWxn$#&h4AiRFd?B`a!Tod(9Po%x^smZ z{4a4+9W{I?MUP5Nl5fuYba|mX)H%OVa^2w_KK_Eq6~1*6>qh*%nteLR%5LG8Q+pR$ zQPhPFcIQ#{X#cob@SzxvCg@>$lJrEe8TnTADFtDhFkX3#p)30lW z`x4W+zO*=SW^uhB#`~r3St?>5nl#dx)bmhM-pEn#Rq$D`8Jo{q+U$L2y5Ho<>SgTb!PQEP5s>R%v^y+9Vi@LYCUe4lgU5_dq^Te4 z-u@0}_g#3mg37m!vhTsVXAETO~!dYQtJD=+5^7;Q}*Kj zYYziJB{)M1Yg;R;iaROm4eUYLiMY}h_Ti%T&5;00f zvcDMn=S0)MJ`$*TQ@00rdZkaU;)0las3EQDdyEN(sF)jQ^IZeo z@>8uX9MKTqbp78h?K4bnZm1K-MJ`P%0->&*H7${e7dE|lranEBdE++*wcK2n)XCX@ z|5B^4XU2ltD|Na1wX0%jt*yE4Ue=3A9k3mcFF1ksBZI6&ku`xC{c~AEbBhw()O!+- zlxIYQBjQM}mS%Gzu{SW69uSOMUpOMzYr`t^TYWI9&!OY<+7?i*uCjDCAx^6hlob=i zFJSggxc8Y>%q?)64JY=9?ULo<##yr0sw6<84?Dv(*KZ%>{mZCZ`qT;}M&ykF9J}F? zJLwkB*yRq>sIQ}$S_j(Vv{0NaqGBlEUhczVl5TTOnAq>vsH~04Ju)0^6#Feqti3lU z6jysmZYHtg#v!5L4*dgTLCmn}4y}2v!yXklV30NtPN=a$wp2j3{Yj&r=rbN2+kaul z1`hS22UrKl22w^+u?eiu_RHdQ%IXf=IJe(8?X?-{v$}SRJqd*TDffs#jtYwoN}S9V zJTSY$j~o_LbBE!w?)E0REY+N9qj^$S{cASmw)p7Pb!7#s)#9QR8675mWLuhxhN8OF zQ$8_a|N5}Tvb1{!^Qq|{1tyE)mZ&0+qM0Z4gGgvAoIY-XCdGoL_-##nw^RFT*?;o7 z^#0$ss0UNJ>R?v&ZjTIh8O2DQ8FSh5&US2vt4Dgzvt)WM+9 zQ4XCw5wPrw>_Fi_R_~|hYStE*doYQ0$t3Jb6!K`Kx3`}|+PpHtsq=)H7pr!UVTLYt ze<8-iu&5617@M>*{@*5xe&N=|@CcInibx7(ZrNYhx?OHcqaE{t_EWV&TmA%FHCK*d zOGA!f45hsN?Xq6}>HFSir5Vozgq}Z`%liZnug1W>*90gPU(4{Of8S7@(-5;*ya`Q787?}tvkVtJlcxyA00Ydr0#Bj~3gChmc1H0nV)q9%41DG( z=(Cl4%%OcB?ysDfGuVCYqwL(@jHs{J9)|=D%P!I@1^0P886Li+kNwxycTE5CK{ZY# zwnfDSfX^y&8Aid2>;m{gf%7UjEN9q2R~K8?P*}1*dRW5dbAx+a4o^VwV(H-kW z>Oo?UFR)=zxBc9bTgF<-?Fc#&BD;bIk|byKZ3Dd^RFUq&WD=vDMPe|1)5xh__(WkS zqE&7q#T&ok0dSdEiO?s;qeED6VK-@C80p0^KZSSx88{Dj?e=hl68)Lu`VZeIGs0h`p{(wl@lBeaoqZc_q_I|uCWZ>_&_Ri zY1f}*>tixQJ=`AJRCF!#qTZd>dsAd7r$GCE){OiKQGGJ{h`vr9G6KK@=p}*fh5h47 z*r$|Z{j>>!xeOm5egAp}MFcluJAw!Ah*IeoDkYP#AIdTU0J@w^pQ6crWRE}BsiS>* z)ga_m&9$|@+qm=9sRofgk1a^zQ{$kM#9o^)M|+L0BgN&{66Fg{@m$=615wwhhQ0kd zhu1c7sI(Dg%8g+p!-n20y3XjUmflri=?e;oYgm67g?y^-Y+DWgWzY5>ZR8Fp=f87?72h4J&&}PN#qIMh{#Y6OEc~x(i7Y=DQ+u#qKM;U>+Z3l;MqI^;HuB+5lI3 z&w6dP3(cVqf5+;`ZQp%iGRzh3)E=`BwCa6J{Mf9V@rwu)ex?&~ZgUTpS6J(E=VKxE z_(*SaXQ~5J((mskiD`f2Onn)qcyHwIMs!xZMsx5i2{l9(1KT40s1(}iI%M;rOZ6tJ zj)t9H#j@l%Q#6pE!@tfZ?~4n8Q%d=b#RBTpsz%0yj}b@oWz9Sf(rwC2d-xchvcL(N zS#G$E8xF6UL&>^Tw6nqV$^A0xI5ZBg*f6@RNTV2#hCs)AXKrchD&hm%g}5Of(AN;p z0spdg2_-Sw911Z8S^;Jd`WYq<>+SKS;PIc^(V579y`tN(*b5dAuGf=3U?m!yTKpV+ z6p4%o^$Z;xC;_B3w4>pD-)!gQcnDdO5|Ys?EL_cRNA*|@jw8=Sj_<>MUkX?7qJ8gK zRTF|^LjVvd`V*fKZcXI5;FwkzBot6=OlOskczGJ8I;x%yP26AUXYxLTu@iO-1RqS@E(8;=?VEgjD z@#z4fjR`MZ4ukyNo_=34%MqXA2eYf2B2E*3cl)AGw8TkznO3jlDN~j^M=<9tm);mn z3gX5Qz+M&u{>xW-%qcecWa35rU+>=vLCjaC7Gi1LwKXCsXxWG|3&9y5&qP446`ye3 zD54wG-B%|47Tp#*zZcYP^2^}fo`8e;TV`&$_wY)1lzs7$PRYT|h4v$|xngjf87HQxRm440MP3nLJIyKnz`B5f%m+O5kqRuY{6-Uj{T zpU+Atpvskc`*YW$_L(soP}U76{4h%r4QJ0Om*$*WlQ2P zW*X?6)MOp80n`j?eu5QR;1F6#E1XKog{h=bi}(JT4T?+S zQd!N-sNoM=jebRstLUj;-&drWlHNG$t+mSesoqFR4WB zq3vPnu<^eMK?&OU+2~&{36vyB1#I=#8F^fr$!>%4RP8La#!%c^PiyT9v> z+qUVi#jeOF4(>m7koh6Z2pj1w#7Ymb>J_&EBFlpRwvVnR#Wk$~)_`g~^M^FEIqIhP zibX>~Pn8|3ylaXF@oLL6s`@lf8?thFH_GmVoP#cP|J$xm6F@X(7mi^)W}GoDh3HCy zUj|4{DoW)K)`{A3=ZpNeR;Aabb)_KODah~$=1#*f6`S28TNjA0#ngoKH%QGQvgGfTToT>3yeC$BcQnp_C(iF5N7 z^DsK%MU%o)&`ITRej*`;b%b^b)ma|Qhs+#(H1*dn>m~OeN*X2c7(vseRCRjBsKSPj z$~l>OWzo~9j|z{RLBV#3buPwDXnprlv~(GyV5LL@7`0|zzjZ#|{o0q6ZE!?#Y;a84 zfBv#jZ+Y9G!Svk^29ADRABKZ-^B$6VvO;7`5iKr}EiN%Fx*8;7>8ME)sLeT*-a^bt zd0!oPE}4131u}X#GrcjRtx1zDx=aU`rah-VL3)K!ZkTm#fAv>Tx4a=j(I7F-G6wV& zbfo8-aE;TAh6C?MBnDQr0_?`V_b+>On?_|osNF9~NOLQv-ZX8eBFB<%CX?x4c7dAW z%3><|j!~iKq~g76-m6QxSG#vo8WG~mN*-%+c6xgAMAGF7t|lOImPsv_Xg><!Q7UVOS&LuY-d&A*c zTb_$(gSNI+X!-M9f>RMgREu+splyu~K;qsybV7u>Oq*=ZCGA~U_o*uHs#Cu+a100& z;pB>Bv^CI#xO3OyXQ?uHhfI2iO|O`XTd2CKlM~{Vu$Vqd1f&-7GaWvP`SrM>PX~*y z0fhx3MEBIx>`}z?oaDh+LP`FqH}g5~Q)M*(G0^Wlr&?Gx=vS`lg7{u`=l_9Ri{1IS z%YO}d3tny&3PpqYj6+7z)_XN%xJUPuOL#QVcmwiHl{(onUTKgC! zvd18v7Bb|-y~am&B|B(AjGNZL1G^(vzUVad^TQAU^-cltqAoF0=GY#8K45dbQk%&v zW-RNkQ8|*Lqnyuhf2IKR_xkUx+#~-xj4;Rferg9K(5UKu!O1VXb8fu~bswxxoO;6B zwNx8uAZYu&(&|z_VK~)DPhBr-sHAS0V~cfapo}~lJ~gtkoLJfZrY>I(j17!WX%<2! zvbN|aF2(peIig8@lXdPRN;}zFkIk}Fjnp#`Wazq9@PP~=^(%WQhDbyp*@zsgkNWtE zmboupA&M|CMc_!DL*~2+m{Q-cUkeb$GG0c8Q54$JG+rR1(sVXo+d?8k*a)Cve>F9K ztEYTv{Wwk^f?*7oXj)2;TWKD@Fu|z!W2{8k)=8Q!qL&3bRewmqm zOw^Ec)&re0{^?}ah!3v{4r73YhoHut?h(1T@E23$BMKt4H;zSxfucW`= z!&4v2Sq1)W$J{Op&$Y{Ba)HaSDjb^RCvuq_OI!=D{jR1?Jv0HSQ=erww}arfiAMNY ztRF~ZA;Z@Qm4-DpX5TGGT_(QUibfQ!1R*UidTbcb=5^V=4?hH>gyCoTV_Q)4cfHfH zBdQ_dcp9VJpGq>PMKzCUdDUYM{ggz5#3~gZh<@USwEer5WAcrlUA3w{5bw~DB|MQS zIRTY7Iyw%~^iNx)D45q?(VG)vxPKLi02BSP+xHV+SJtR_q|vb={7HmhOeBJ{K7((2 z^t=y7lEVoNpT+4Ua+eZ`Ad_#;h~8pE;(rw@%pE2%eQ{8I^1(9K)0>31(y zJrVR%!m(hbYmXP?r~kRVu(nU^NO`}+Aes-4Oh#j&n$e}{5v4p>X{{vre$K(}wh-_a zOXNoWGAU#455kW}#Xvn9LhBxlo2yU)slBGw1$~da&^={s4}#l2&yL|=LkJqbX3&Q9 zP%y1blQ!+MT6<1%l#cDZhrLo;=g?dS@$Rcqbn}q(gtK*S9A7or>0vb2LboT16x18^ z+22aScWq3h$;m*?A%H$uh?iAka9>*-qjMJKkB+``BS_kYRvbmT5qyRQZz zwji1q8xFy4vg+^HX}r6*?p%d3w2#zH{R!P8M3NKhEAI4@ zssywO;$WJamG2yLsyi}F&9eX|*djN&$~xv$DjB}yW3Yxj7EaCFI88QW2n(9b|MbJn z1DiWZW3SK)z%RJ}&5u*DSt$W)XVeKiaxO=t2$enNkR(rgIa&#zL;JvOsQ|JAz0O}&d&Itwq_IqXH>gy6Wm%Axvl9i-AmnP1+oJ z27j-~ZRX!baV$?mo7Ld#J7gq(gQO1PI>!SwQkGlQCHdBP>)3a`3P|nT3an}`z5%aar$Uq(h4Zr1Fo}gQm`!+PHIrlN@THLh3`{t_7KGGDh}+VbxDI6%_szjrw#p)%pbP-;BT2%V>^2;g0%g z(sFXzl($izMTj8^10Um4PQx1wnwPD5-L$~5D$P`y*WrM_*v8-0CPvlGTWh>u)Od*23_6DWL3kq-ytgIJc8}o6pl7-d`Eu8oy7SCn%KNa{~8#+LmBnyX#VZ zDMHubXz738`28#ZJMW@pL4IMAu>B1UK>2n}Xy}qKN=z`wGbU`2Cmz0@%e6{aq@kx$i)zFPn2q@?7 zT`Zc$*ADB3Z+9SPp*lB%Cb`OzRw;~NoGGWV` z7vwhLAt+JcM&(?BP&Wp-+o_KES)8oWen8N@lp)Vq`}$Mpuxqco%1T*eyHYcNu{UZ9#9H)6lou2&#gcOe0n96I`_2avQJ$YG zgV-Lj3;fzanmiCN{U`+%zhds%2sbKKG%^4AlF`eje7$UNZ?S`XjsO+SoBM_4v#eP? z{To_W zT!Elvs@OgY7F@1^x!pb8(d3T<|Bqy0NmeU0+h_${SY1Oh;F6SG121*vLtpr+MmzE- zY^8a&w{d-SHF+k1T3`IN`UbB86@GM^9iakrW&*=q()c|)yDHBj$<;3}d;vjv((pT8 z*arHhj7`wwbxEl#6^7a3zMDVxZwh>%Ad_@0ECAOcQr0+hdo%$dga!w}a!GlU(`NXk ziafjIyQ3fev4nFSt#2Cn^i*krOh4r;)}}c9p%##AYExd-k9q%bYtoG|8Zo_ouQMiH zOpYb|S(ljcITXW}Bd$dw1NcKn5Zy);oV5WHH`Kg*JR^Yh;0^X%dbx`N`2flCVU{u* z77%;U0E_v?>2vk$hB}MCUplCd(G$2@PoSlczQ`h@J}}lF>1;{13O-Swo_K!i#L) z4R1yT>H=OaXGb`N14=`Kv94j1RqR{O5sa&_mv znYqv`i6~&HUM*SOvh!~Y1LS>Y+S{bGx!|?6b|g-f zron*J*FE$>!kNxax1|n}U=6(LX^r*X%Z(#3;ADsqfN@~lQ#jmhCc2)2ht%tyK#yeY zs&S*@{V1*O9VA7QPFex0AsSxVr(R4oE7Q=|SN0Q;()K zHTx=*fojw_7MwCGOoWR^5|i=0VnC(;}P6a_UvrZ zz4kYP@3grmQ+M7cEt%Zq!!Jk!vH5cK{glVsDCl*?x_1PESkjw6K5!?j_3-$w-Y|#ImfZx^*$| z_VVE?NnS@CQx(u|WvA5UJ`ovu%JzFcEn2ELu0|TF|6<8^K4x)R=*mHqC3K$RMTk4` zRmJw8YtL&g-R-~^^H}t?Vy9X&T=j{a7x^H6J^|otm7sjbK={*u0pJJz_R&&6_M^b9 zMIGA(HBeCvJ`0rE->`h>LGH{ky=VGGB$+o!mOB9%Tv61|P_GFxb!%sJ-L%j@y>=W> zOT5<_>8X~zViu^xzo|7VT__45nn=}oX}ETkIx-z>@ekn5pS!h3(I0S4AUZAR*#MUy z`4%?5bW2jNBpYJqjH?v_a4awDg-*8gadBe*T@V5plX+7|+aqhny7v1)THegg)^7`W zSI}DB`x7sUg6G|Q-3Ru+bznV~@1KZ8(K7~b-k{x~bc|0?d~-gGbIfz4>;5PhhPDL! zF!Hx8bRdei#HwXGF&DLsBZ1~4KCvogSd){SF|A%_XmnG4wzqa&88!G(GTC3rF1Lb^ zMN~yaH_$|ra;=j}{M&6ufPwv8i#u7t`@p#sjFhN@XEw$5E&Z$Ciu0{cgh*A3gpZQs)nN7hM;X9cSYHMdKN* z=xDoE)1tJ_4`xdhPxiH6Z|u(gv?XsEzAXUHJ1*A!%@|8rOv_R)60E2q<4RO1r1^a{$N65mk`dH=|P9dhu0XHUZGGV3P5535yZ{6H4 zYd%?Uq@kC56+R-Mam9R`_#%6M8?>QLNXYE*r*}lJR@IP;kvqZypRuy09oj5j$%7h3 z6I#g?M35;YIH@`#oYOPq>#zhyI1m1DC{8su%dwM?d!kZyG^KB*njxEF7RRMV^uPu2 z<;c$zvF>8Z5~Q2P*y7GYgLa(C4IM~s(zLgo&3MVYVrdqMrL=m7d2<_=ojgXO6EFdI zOELq9(-q^fy>9v4R!$&3s7xbT)!-eMKK~JkJDD{hZ{QDB22>*Jv(dM1x)A4A)6&A% zQWsO^Bk_!ZR(R##66^Umob3#kwu!D*P2rC{#?4N6A|F45nzNtVZ*#mXS%Xf1uqF6ueT(rG2kN|{%%r&2$294S1 zbqE9Yw4O^EuQEDd4mn8`VQ)p8?IaHLQgGVbv~{L-XLsalskE!3zo}S)Ca>|nv=w=K7|}-5wl32?S%LC+DJ6jY zL{vh;^bkY|FIL)Sw!u4gjJZ#_{RlpYi&FBvH>;w($`V;q#r$d$j+dgzhVF2 zed(OP%p*=Hn@ms+Ub`tR3kA0idiVMF*JZm(-P_}d#27+o!=O)o4VDFUDF;w>*2(jK zh<3|>IGZ4A6n6`r;KAM9f;$9vx8M*UxFxu|ThQR{Ho+Z&4Kld9>mYY{clW#hho`Gc zPMxYgEbDD}wWcP@A+RJMSG$w7F66DQ0%J!--K#w5Hsw#BE}R}vE}WOV;9dyS5;+W2HJD!sTo?p> z-`{L6^k{?wIs^b=YTQd8QFXnYMTfxn(ZCN>hWU0=v97Wy-Fsf1271;M$;u_&LHsTDR5L)h&Gy!W<&F|`Adr%gKI@z<+1%w zAqx4apXAZs4|T2LF7o-pNEzpSDtC;RWnYVZekG1`wJpOcNle7#RBv=^f+@cgb)D}} zf@23>f3R&GYxrIKZZg35R@IA&x5jTIS)wy=%qGD0wq1}L3xvu~?!pALpUJ}3Ff0x) zA4prCj;L1OaWGv6Ausdx9C$3f*}Z=2vQ)1o3?aH7o3(t6jGfp^u~dN)RrJLNaB1bm zZh4x3hqp;rpF#3DTusw-O&>V!!vlg5(aPdW*l@ov~|SHsMAyNn)`UGSF>5V zZRNdA+KLDixKuXK2Cv!1)O2i$4gT|D9Nx`g3J`qjq+TUUYC&ZpiXxi2q6e|t36oZB zn>$V`jaPa5_<|jV7tm1;T>K{Ir9kVgB0A?zmG)uR{^Umz1C8~?eT&~zIRkGI+Ug`< z+|0#a-1Bv1o_NZC);q3KhBo6x#4#I~Fyk;EvE+=3R5I4Dn|@~#IGYYWNPs@e;I%l1 z@L3nCw;4)m&f(_LR*L#;TjuqGt%8bLs~)yyw`8_8k?6bJOg(b~9~;<*(6LFLn61(ncnAVYdPF|Gpr`6WJZN1@x}WYZ^J(RdpTH9LMw)=nuuB zR4aR5S$uv>%l$Oxr0mYop`&dP$9SWsAn{}hKLw?4Yw3uPwS9*w&^%7)d%Is#dzP1r zCy#fo5B<|xAdBxYxYPshZeYN169cOxt zz_~$y1$u3m_4p(`ddNM&No6~BAPa!^c-o=`GvtOXqYYlp+SccisCQgct~qvHm_(eO z@Luh?oHO~!;I@V-={Ni_SwNXL@{@$C`9u<3w>6&ip+?Deu#H(ditGFvSInUkVU zZIAk*tzl|B^6&om6j@6T+Kij4T$G`=-Ht8Q zOjelcci%qhAivP*^(1)$|K^|7!;revPg>kS%=dnoaGOh?d>9!I)mmDA7-`QDS9!zl zd8F2Q)c>|l8lvg0lgm{h}$GZ<#hc1 zvw)qU^Nao)mR-U6k;WY&&2O^6`DMEWO%y@cVrBchRp98ew6?{Rz2lPS$HH~8<0{=- zKipA0cPHa9IMTl57g?+3OW|{Mp2%iih9_(GdvzoV?@j3qGXtqg+_QwLZRfMFEdJ-O z2Eco==>{jQilDxrF&D!u0_eO!_XK~Ov^o287|{57)ru!n+H?hs)yA2`Y0YNO$WRj+ zaAFtSni_dL*@zyudv8hvN{?TGC8@a;h56(%GI;I0?N|+%;K}W!{@xQsyq@U2v?1m=~BheAwaXT#c)fucVCz?GUP(%_`Q(G+1ypRw`q&HsKW2`^pXUZTATO8 z+HcZR!)|OdpXHvhp0QVzIcl`Gzf{QrHTND?m28wTL_qnUIUD++{c7$an8(ukKyBMc&r!o80^%&q-(SKIw_1``~ zSzV+1dS;3BCn_p>)PRs+vEgsMt+(xoE%N1n^KGv!mnyMHSm6Mtz%dmce=E*mqZ!h(Mc`zG%#gFc5U*gVQ%=o z=croLQ&Wqm&x>rr4Rhr_ z#SIM?8%LOf#luC)1~s{w3rg>09|Rn>&3|w~^Zp$qYArJU-LLx_JjJoBM}MbTde3bT z)ddbZb{?s}Q)^AlJY9`GX2GncUM4mWpBz$3bcJ@NV6jOcC>0BW=SnQ6li*QZ!NcK6=#INi?Nrpt z@B3XN#lY3QFLPn-f3|U#oly6W!oh+Io47ngd$zOiM*}T|C+>!%VL|2An(&qp(^-og z9)pSgY1F}3zZ|}^Et4Hj)j1C0>7N5vJcfdVmjpgi1WIlJs(*DvX zg$!jY$FG0hLfSGLwqq^-Tqk8%GyjMlna2pbHVRMF(8_r6#Vu3nGibVL#->)H<=oY& zmZ_VGdeBl(fBM^Mj$M%KCTz9Go}uzHGnmN42+hrtL7ZJq!B|Ts$q}|TwnC8b7pwvBN_4Zm1~@>NcA(5aXpP4kWXlnAxQ1TD$}{iO<;p!W&XbHtM5UJD*T@|J zqxH#n%!{=j3dOa_X4eIajpnK|%$>tkyTELZ)MbcTQp^L+Dbrv=BTBwv_%+z3K_Hfv zr9XV$(h4#fcocfBa}||hYJC~d`eq*zn_N#2ir(~>Jb1SFH?AFpgz)Qc8d0O6xVk&i zSsfn-&?OSZ0w->J#=Qm94Qh}{U~>SWvp_APqt*G_=AhLxy(9kR?-OE>PSUAmkQ-VZ zZcg>^GxUJzU^(lI&b1ck@70H25G z$PvnQJySD4l7HnHg~%odV_VZADIVn zg|j2SKg0d~Dr<%E&rTpinDit@eyOlGbh&4MBo0gbMiuk4 zQe9)Uz;}a~_+l!YDEUlj@Zpu}OegrDjyb%*Dt3DG#Gy9q=g|ljkr|aPRwaT_j3651 z$HKEVV~Q1>1eK-!!s&k@){O(t^@>>}*rjlUi<2^Xjx0(NN5uAxE#BWCbC8H;nyfU^ z&BU+(AZWJ@{LBLs;lg6T5JFWfl5W0DLVKA_)7?CI^51%|Ay@^$4n$b z?g^khfycN1-c5f|MC;Aytj&s~4Uj|;>V59?s{>UgEfM4WU2qwq?AN>f8)oI@S@iQb zs0YF~mQ0HOWfI=)P!X8*+jfnNw5p1uVcBHR2V+qWs#wJ}E(-o7b%5}?ev&vsf#=cj zAV~wKO&mJ+T$?}LT1Wp1l08SpZBYD!wyYY2gycelKlEiZj^mp3t2K|IEG9EbQ$xn& zoh)IBU_#Tx42Sm*xP(#ke?fBP4v)2Q5+5T{nZ&|rcm3L`bwuLX$dmHw@2ZWW%vw` zBw>k%Lu!e2;#H%bHS5^#T=5+ACsV+lv4)C zeNI`TJ*y4=X8Fl>&qp#08tgqP%6;Y;Oh~6DhbQhySjuNM?B5^W~nlDMTrUScaT9&vM8bR!*k`i zv&pc*vkvqF0iceQif)WZI7j{A>nt}Yumgy3K|MYxrR{{t9#V0 z3-~<*ry-IUEb1-teB|lVR2u-|LZiM_kba;#0xK5<$~B|)sdeEW=nJuz{+;rgv=OHF zuTn^sT?6&&kJ^y6Do~%{Jc7wb6e%PTM??8Z4;-0AGnPc3`|;zPC+ImyQwWhsp~Ow> zgMip1{ylyheIE*ZemlIT)!f|vW>1^J?L_5%*J}Lt(Ut|f3|&aO>5Mp0M{v?Uw4w?= zNQyMEt9sTB!ULR|5GiJ~B|UBQy+7qcy}}LqY4JN#E>wT7MdAOE?-`Jb}0K<&Q4DO1N1Myhnj&)gmO242+I+b@TRxUhIJK&C?HcMy92+M=c z?BQF6pm_xQ36a>Jt_!lFqaWddG!%a@MYt-YmEd2iQriFLIZ-aWTgPc!5z^hi9+&w< z@5fj>-uk$}Q3n$)b!s#(H2e#tJFj;38WYEdtJsDdLYj$$`^l*tz7;!OvYW0u@`P5% zvgh<~1ilF3j}N0AASS1_7xoMy;hD`l%JsZ2c~}GtYju|3nW{h$2UdFeMTt9;u{6t5XUS;E65s?`_Sa8QJbOZ%%&x~&ebU{Sw>fr^~$vHLogS{{+Qa)LbDYfMH zo|c>i%0E|A^9e%}f~DbH0uLs$bQ`49ti20aCf4-fHA-{5$V9f5r>?JI#;R;u`T;EJ z)r5E+vf?*`-f}^ysRupy?jn|(GA?kCBv+MCGKA24`_BP_l~2$g&KbtyD0hWR$gbCm z7#5k%2ty8fl`7ZgpDj&X(CWfJkk{WGTS>L1j1;Rl*`!~7gU|qWw=x9)O<8u6Iw&FB z)XKkhrjpbhx0WlqKw=9+1_{a$)#$eK5AmWzT2(8}ne)4*$8@+H(t0|y6ZpB$WP=X| zo4>#W>TyUHBTlb3KYf~aCGUPucKfd zo~LQ91?5;lDhg>B)(n1`zi6|>{*jM=M0RRVpxrRHbNmQtw{87(FC3-}H6jVY9u($+#8 zv!d|P-t{BySBeL3*DwERq9ly4j}4fbKhe5` z(S~+02LYkcvk?ujo%jlh;Dh!>H%09r0B!_5|3^rZ>}=s#LfVzwp}N+Mv#V8J`)u?x}%$O$*?G zC26EH6i9h&Cy<(I=9=^rf)J7S&j!<3CXVBZhyQS6aHUMmN!fz7Yg=Eupn#y%cB}$g zWL3~7iHWf>6ueVXOHE@$ldO`RQM*vejr%ArtW*g9-sm z;OR9*g(sWZk@WlK(>1-|oM#|Ls+F-8hsCQ+;?+yhKL;sI(U-`R`Ry6ug4AJTFa?14 zxE~id4=De!^2lavgu?5;$G3deMq0gV1p};iHF&*`u~A5Mj8G_Vrco1xj&>wiX9V;F z5nN9x1eH3ED6i}nQa-UFb@rRT<|5qU6`yDaz67Z*lwTJNe){P61rkU^twW1De^eqF z#$G=itjbuy&lKsz53hW0r6{*)siB#)kN||oqR?_y{G4!eHA}thih3M_e~KUhWf}VOi-8;nO?#X{GS%U;Ioa20nGLFqvZy6;#8fZc8_~LBt+L2RU3L1?VU3bL8@sH^X2e1A^9YkSe2n?nt(*sI~vq^+(i4^WF*D z?7}T|oN0FARi0^`JLWJ8k)Hys%2rEMd-0_>v|7W{*n`%lkWwerZIqk^O!heVx63{)i}u1<0j>Iw87I^x

QvT7F(0YIMvXv5eE!i*3m9iOXEbNR+K<&M z_k95I4ON3JM=1m7)WFjq*r2XJ*g#=tW~n@=vq{l2SiLQj+8w3$clQTpr{krm%+O4t zZ3u#W`1QY<<^GG(q>QXuV#}|_`E`3$5X|URSjZ{(+H>`}N#%V30%59>70O8&{v19w z!NNkL#XWrK(8v&s^0=ChsOMc<9{J`6wLtpEgcY?zXG~qy-21+@k7%nKNfEId<>aTG zyC>NN?*_|8#)CK!HV-1k0Ci9tRP#X7Og7>iYykX1KfWP-dg`it*gyYKbwnMzd)Ovg zHWbf^MxfXjKcr-6>J7!q7(>u%9dn<%hWV!uSTG{@PxlLe*{Mv zxXJ!NCTVp@b5Ye2an;`Tiqjp_RW*O&g*X^4aD54NGcpx?qw{9&Ft3gF{DbWmHl(MN zUec0nU`yr9s5UbGiH;#G9rIO?+7qQq)u~9OW7RVgzeR!!ljv&wE{w2=fRR>~of_yC zXxh#8_%WT}flK>W7kPMl#6#N(m1>xx=F{{;UEA3uUBMX3!xQ!d2e1V2 za83epL2GYAEcCSeW$m-!1Bhs)+CK$Q172JZ=FMr1bLf1oS0e@+I_MWy_3jYvsJ7n4 zV^NUy&_A8UXenF8^!B`gGUOk?)3#g8-Tu*oj4%o z81KS6TMT(L5cdLhgM8y0plBi%&F(I*J?A&&eWYReD8zDSRpF_pOFFPDqgZrCC{~pf zf;I5fy<%Zvs>`nKkWL$1@h-}RKmhNEVhLOpo4ganwj?rz^d2JebmLtAHNDR(u^i>#qg*5`iCEk%P}*{ll~H{4SCa ziQH~?%d3Yq=;P$@bEgyZW`s*VOayV$q~+p6Cf9fEGt2t`X?BqD zec(@hKcXO!B`w24wv?Z;sc6_P7}B80a=M+qZ(x3JN!Sj|+qR0taF$cd7%#mc2~-d` z|79m82&13&4JOnul3LZ3FZ)QN%}JUZ zz4Si2^eg^H51^(;PRwev%pcR#n3_gKDk}Y18t?c&*{v~bmC$U^r1GP+lD0wt8Pw58 zQ23zJe`Q@h3$`vzfd^{FiNkkW7Op;ms6r~f9@$j-^_r!9n_63cU)jAn${R7)l4HF1F8ec_La?1*EnweT!zpIxZ)Ktdr=1gpZimFVRi_~(9| z-NT8>m_h6ebe)%=I9=<5QEosKKy4%A$J7{^3)a0ndWkDY zlm0j_j$S2k(LVLZ`2bMIgEtAEtxyFW zB#R&!Z$gy{aj=O?mA>(0nvd|sH`Xy`%RCq(`r1zHZ{O~H5dIw2PD&amY?$$30L_RE z3c9F7#|qpIEJ}ue#8X$)LU_^()gBYe>@qqZ0z&c&t+l3Au|{&)oDi8-|YdoKLxB zOiM%CmW>Qu7Z_WPv?en5hwSWVH=7Jy6>)Qw)u(?gpmPBev9FpYs3uMuwgv@uAFG?Js0Us?--SM3U%DC5E@P*qzZmjbRzdB-Si>TN zbP8T916!O&CL~-&=5U-NdhUkAHn+|-yBx9nkkG=eJ7}e6x+9I$Jb9sX<}TsHHmB_V zSL5vNH&G@U5HeD{Z??)!D}MWysV=%Yt#h4fBfqc6;`gWiEVHnypV_f0w(2~c{QxnF`;p~z2*IOHru>tOMQafd~N=wCOATfpmm zYpPw_B5ue;TM3!cNEeaPm@;L~vGvWq=_6#rWk)M0-bn=?E0aLwLB|eKqrOEe;3}P% zw{3s3OF^z~+PwzwwBl!l5Xafo-AiM(T;4xlS3jQO%|5ouH842Kt!a@#32x~9LZOfk z9w{DbY7T@&BB~%@*sbP&#cAK*9*TP2t^-Xta0|EZ5%%`L(k-TFe4VpXUes|F`4a}v zI?!l7&76Hm!c;W(Mx0G2T>@tR6~RDnVl8MzFZKrkKksA{?;%|BNse|95M~kXpYlwv zU>C$2QFF#X`0!ZiEzK)0A_MvR_IfY`Km)kn!jMF3CuT|TgMT@%CxX6qsp7c*>)vIA zrg$#(@qSy63;(tnyNk!V6Qezx$x?g5Lsq0lA(>$PZ})=qs0mQ+EK`~9)TU9fnK z)PkXFCA06u<%VRfaL=Bk{|YxPd;2hu*i!Y;PMHdrt(O1U9dFTZjG^B6WCFaCjVqH@GUPkFTfv0$^gNm?tlXcNs<~V1zTS&L^sMcCCbm4Ke%!60FJ`D}Y8as%#T6n`BJhsl@-JHzBt)||+`cZQlb!@dZ7j;FmpO?0! zmxQlxM^Go%dUhhS-QLpj3AWPl9?Sx;2l1IBgNo!igUGf9Y2kV6rsW>NZ+p7`l?1|boAM-*6g<2p{*|@Q34n`ltle-Y#mXpM z^0uX8|P)t3b$_>{cRjm(9NgTJU&Q+LFhbkW|=+)m__mtl;$+Fyr>S zn)>Y2)mR$Tc4bo!)J$Pk7A=+(qW&UNWPuME3#(|+tuUsB#>uxz!(cTZ{VBn_ZFX}J z(}DvoO9$qKvuXAcbe^>bI@AETGl%9M1zNU5m0i+*i{pf@hO=Snd@ZUBThBYa7~XXB z+YEen67-wCy&x?pw>U2k70Ni3Bxj=8TM0Y;lNcgyFn-TDrwzSt{)NN4p{%@tADLKc0ROQG}$(XVg^|oi8g6_z&BIOwOInEy*xkA&KLC7 zh5R;{<1-|t-WXADCKh&|&yF0wS+@omG#jZoT6!mXMM!{GuAIv>=6Y}^KrOBwxJkH4 zD4tS>AD6_=U;T6PcE{e3(!Odu%G8B2+A;?qvwV0#HMsf?-%iK8$g0>&MJyyUC98SYGrdbec4+KQO@T$fzH4 zMvX{gYoq1nO1iDZJbRL#-SHtPrN~mXKoe79*)lWnkJ6;{moQ|!%{rvZjBd)3T41?i zw61zlJg86UX_U{2(6mmkN9Wu_QWeQC3Y*b()C|JQ2o@98R45Cl4pF7O@@{tQ8}GJmErN=0H$Kj6Z5H; z%3e}-2kbXHYv}DtHCiQG`%cE5Gxd9IjqLRBf&c;roxeZ*_9r_2tQIhmF|n>A7EgLR zk0!UvUGLYN$OV>Eo_wxc#VGFPFDpBYecmd@RLSwqzU@qNuIjrxv&)7(QQlxMhyvtN z!TD_48(dvj7*sTC{U^HxfZt`e+2K(H2LHeAmip~kge4*6FLf1yxD(Bn%n*gE9Jt0@ zOa&L@y)=}{fDg4K7fKtkKaR=Li~~;FLhUB%8x7kk0$p90F}7o%A^-#;}N# zYpn*>%g}W;+bPc%n}2(K;8T&xF?PL@D{t!g3(m*)P8ezAnjlQKo5ate%M?BH7yk19 zl)Bs=&|H0LiSF|ZyJbZ zd`!2Ctp|pubfaMRUEdr{K`(U8{y{%FrEKCxvR6+ zkM{J-JZ01)eVyrbU6ve3FH=XN=)Y)yy{KvZbr2LM@MCuEEmkmB?Lwe-Ws5QngaTz3 z2cyI7ePg^*<6~mJeJo#g+da3^Qf9Lza=qu*2DnQ#aS%T=ieXKL`Aiggz03;Qj}=_g zVEIrF{H0#vTh8i&@iSmkPsmXi%Ce@HnuV6&cO`Mf~9cv_MnT#Dd{_=ZjSjfQRCN^~=@uusQ zX|`dTQ9k}B(BVV1^;=$-AZA>7Cn?{n-+4~3lx`7{*+7%6RF%T*zERl#`Y;T)Mn#jO zdzn_nJc>mI?+Bc8S%)U*Uhi899Nn^Q6j%+|toCoYosy-JA%48;{5+0RH-iZ$5yZ5A zE#!r5bvB+Ycs)sSmT}!ptD{aiM7)1DHA%lh0$9JewP1TIt7fu!O*j8z|5bArK1HhU z*Jy92vcf0mV4|Zq{=Tpl-*K0#SCsn1m~~^<(tth1O!L^Jd&#ecvk$_TwBQKNPUy1^ z#pbdp-fJZ1+Pt(@YDQWYa(GwYKnu%%)gxX5Q7d)U%qTE5|6FZ1U<2)w=0E0HC(N?z zwsgggC=%lHfyh4l_|BI$)iiq6DS3Nw`jdJ)GA(!)ExfA9(-*5DKskVyh4d?FBjU@!@*BKHUy$ zY&8VU1{xRpuh+@_bB|s2^NLNaFa#%j!URZfL+fN%fho#*^vnOOeay%VaAXM0gNZAx z_CZNk+U6EoDd6e;TV>CiyjMX!+npxYm6kw%$N24$U+$jt4=96X}xt;yL0878mN7#q9x%LfO1os|BYG2c5XEe6WYmO1^c3!xF zjyJCy)g$aO&15he)VV$b%6T#G2mOW zn*1$3V**1{HSQ<#dfxWA^xw=}J&&QV=9z9eJZ!zt{z?<2f}&3cp#(I_2B>IH`eJ|g zY_LQ6GS_UTd)|DvL8gQ0sAeNO=Xbh|2d=PZkH|RwHqmX%d_cEq?PVwrqsDK2s5rFM zFg$NhW2}h20he1Au7WV}kbszs&7HFf9KH_4`?tIKfFh_kRm4jcNrEfO7IQphu|I4K zYBjGyRZ1m#WHq>4RojSL!6ssXh#xr$2I@kimwePkb!9_N24p2lj4ABoc|gt7O?U~+ zn*4VX3mv{48OJ?A8pAw(mCG;B$qRW&Zs!S)!)mYuP(2dmrX=+=NAvbVP7Q5-6E}~V ztMTk-jM<0rtkyz(Ils5<_xU0~5YGDZS8vgJS1kX6cjwVgy1C-mP`1>*6FDozc@0d5 z*X&NhuMbw+r`ph2rJqt7uX5Q~($fU?viSuW??(2`b6f~uF}>O%j6*b~GKgK<#XZ6) zCr7pW+8%NWaZ9&XeoLcK2K8*hPsNh;SlfQu zJO&Ft9dJNp>%*~`thSqfas;a>PdZ!ZIppxe!;8!~?^4TxtOk$W| z_3)FF0ZOOJ3&CbZeDwx7UO|9ZiK<{xpSOfDEPBs3oybaey<-xKWpI$JrI~}sQG2A}9M=?U$s;$`r>=JE$) z(pkFsj_`+-&pw6s!D-qqWqE0yd38Jp8~fB+37itK{4LpLO^Pk+3ucmN|3Gj zIDAvqqbZ;8#fu9o1s@cr8;_~{rnM&q?OY8!7OpWymRx`TWXVe#KcvSFgG?kuDlHz(T!UvraOb9GzJ zmTcGWUrtV7vKiS2v-R}rGUT!icldaWvT7-#C9z{!$!GfnM-2hH!x3sOh-*$h^VNM` zSTp?3NESz6ug0ogGXXY?Rs=5<5kz}TgCMGd%pX7VLfu}g{i3ZCf{mcR{^T05(JA}x z%1~WAyeNQJrtxf-1ooqD!YoWETNX_Gw2p3oq(Lz`Rs4BT&C*AyAR9 zCo(XcM&AM50y{6OX{j(Z(kx4DGkY%^AGwWG)b=lDcm^492ISMW`#)70<6;a=YOVm5 z6T2!w&S@JX^x(e;7^3J(w=-+Q zt4MmW%^g#=av%$4Ic2A18?ot*B02kcfg#$n)k!`UfWH7XYBDx)rY3Z??K|RIhvNme z;q7Y!(e&is@FY6Xk0<|{WOEXcxn>K7clIBo?>lVwIu8MYmE!nwss#Jv*-4TFXi|>o zIS#|ilGVzc2qUSe?QoL%^d7-P0DPM>YglKp8Sd8EE-pt&wERD#?~2r^udqu~&8lA1U7w&6{-NfBO01eKL__&x^0qu#+j z_&A}oS;^+4URwcJYEOrgBPbr{chMq87r`chtmJ?wV-&;yPie95U}`GcDelM zzh3((kw7)M2}n|^CJJ%O_5YADm=)0#v`#tF=`#HE(|G32onIyY5$-^1_~+ADe35Z` zzi#`Gp1fa*nNM+taaiStN0FI?7al6zg|8w+HL6~s9EPMtS4BUB`r~Q%X9Lx!Y*udA z!=OXTz$7smCf$)#Ux;Fxy5e_s@8dC6j}s2JT1x#tfUtyeEz{pNZ45wyR^o76EZ{2sRWtoHopa4`*Lpw%Dit0~ z)uI9n157E{yV;+r-lF0-1hRrIfCrU?cma&Zw$Tq zv#zeeT)w_XRS2Pne$l{)fh?-5mTU8UL}Ey8i0wb0tJP0B!I(#c=_C1?~-RCxcLYE#FKY~!;< zxkq#iP|JRVH-6_IYeJD0bmD>9=`{_9rgz65*h8qM5k)^%#(AZID{LnLP#}cs@Iu;N z*hs|bb0Ff+>74%Otv4wWWtBp6wX)o*zS0b9C5DxXz0E|R;FEufn*997=t^{cm@=bs zB@LeE4xXT;#_tx?^=JBh7CQlpd>yC&bGqX+EnL zyT)yaOo9QX!^%_&+Vc zZX=`*qm>=$V@HF&TNJX)K618ruq+}+le!AbMDBbK?Z3PCb9#f~%E*X~l`HnHidC}O zOFPF6-8(mOG_y@QGlY;=Js??GG;s)56=6taOSAj0v1aL#Al^po4Ezr42f_?JU9iXL zE@MJj`Kgj(GjJ;5_V_iBs66lg8uCb06>frOL1o^SQ=*=ph)!jtJ7p%awf6sS^+x_!C zYo<??Uiu23e{MN%U979%L^;?xv(ss|@-dEVtmYxe)v?fA*~B2*Ye4uVefIR> zF=EK26GsEzeWiL%fX0Vbl=Tt|fi+z_ne4wiCv$VYboMg?F1xKUs{LCpjB_ptA(xJM z7!HVSR(j!5(uyr{fnU}J_{fT1!BUw%y8Ozslldj?}^Wu{MJ~ z-XA*~T`H-D6+V?<7<1x~4=d;HJB6R(!&N6<-eJ93h#p1{smhnJ%#q3IoTcws^M0yP zYQvW6ect*1{VOUHW<6MM5p@2hp^&5n8WnQWQ`StRkXUGmEt00Dyp@n!F6N2znhkie$ z$CJSZ{4RI)n*05yyTUaw0}3*DrjF-%HJ6!Vvp_@dfj9`Y zF1>IMtE1w_y~{Y9>DQE!;#7bx%QKJ$h)XCR9}6O*I9_{U8O_%i{2`V(OpFYIe?}>j zy^D8ORe`~fX}6KMj+pp6%z-YJc?`Ln{>Uiv3gUhi1iot|Nut!CTG`;Xo4S9ikx-TT zBBBj_Zm3L-RNSZLgx*u~;T_I$p)#7-&w1j5WQz`3S@kndEn}kR5_|@R$mgaBgd&M6 zwT&rRvpuCEicr!9fpwBE)NH7&n1|j*2+!0In<}I!S4RRuJB=~ma~+)hkeFm&0)53U za4d4>UIN9+#_W=^NM{`M*Inhy99eHVZTR+~hos)k`b_}JBe4*!UPmgg-U9D^CMJWc zND7D+z<*CN+Lcd)hz3v~*iJa#7%BzgdYbiFfc=JAK2+J@O(Bw2@ofO0aQOI^sXnye z$fz07QMwz>6O%9N&X1y<(wX_HSS-AAuLdd&YW*nuONv@~!-E$dD+I;0B}u~6@6-IGvQod$R zRwOsAXW=&^7{8NRjXcjSO&PJ{5q}TD0U&?Tq7|`1a7e$8r^jd?6ca> z0%Qwwm-Ets=0EiR@h%Y#909P)UXus*P#PZQ!5DqPHZISN6LJcJ5|w>H6I;mi!~G*J zFrqDkXF`M~Zgig%R403Ndp}G-$tp>Zs#eY#zDr&0?ric^*X_$3_C>1NF6azbu+|EEm!SCuSD%?z?YYJc1?2N8R zcLL)}poX(Z+S8-p1%ADom~kC<{oO&3Ed1W9EQd4m1yv&8nX{Iw9E$fJZ$ddJ?=$$( zX~VHd&%-j<1(G-Pth_Efq%VD5Qo#56hJ+p{wNCH$-K;|g@Hy<`j@RG*%rFI`I033+ zjV$|6st*`qiLznjs}X6GBZZ|w*71>LnGkdQrWWRCFEAwAm+#jt(+q7z-kz^pv?_Hj zQ7%+A$Yg(B!+QTnbmgnXskJ_`#x!9)>Hx4xl_ZG9`To8@NIW@J!ho7Y@DJ`xy@%$d ztf_mqgK^-BA@;}Q3y<@NaE4P)tN`gexSwW%kM3iA=IEh9L9A3+Nr8&hPd7v^Zr4DG zOAzwkz5&z%3_1Fy1VRqYXF@8kHm9TdH}Z%vTJ@gwScWgfnGAGvg!L0VDKgK~al@-9e;(?XbDF?nL2q=hBV6*d@(laIDLpCiq-L5E_N|L#IadvNpZ60srA~8g%L<Uo0r;pFawe!6|~N0Gaun?KdDyO$`xX@*hG6%BaxL$7{CsO5~o`DGp$QFcn? zFH$Xoos~x!F~MDy*M$BWIvCM+3uvEP7rB*_i7(%?r_$x8b6@?s^TJJcd#_~=TKooo z!E#0V?0V$kfPH6J6rp0={3*lApRxW1z#4>@u)i;`p}a9RT%Zm?0D*WHN1@oEf>?=L z>B)!ctsmrQiFMZnvC?I3?J|~DB-YPz5y*NOWf~S{!*igBIc?)=8HQ|9g_llZT{ror zpr!@R!RKCn4}LY~XLY;Nu#cb+F$M}5a?J$Fgqq@(%P6%(_hZ;43X_Ufo8 z-nd^nBn3gbLqfV!1f@Z`yM(2?Lj(j#X;?z(?yg0IC6-0HVUbwrl4jv9zxTcOocj;w zEHksu%r`zU&vz@O@9%$Uy04J8S8wQ=b&Bly>mF~wGvS*M`n=6g^_734%Qv+u#d9FK zm2OM8S-@Lyl3Q?0j(U3GrX@*$54;Ru7>v63JiG1-)R0Pij|dhX;!D?T(~iGM;)XL5`wAQN{?eq zt(qf&eXrMZ)DI<*#nuz4GR%J&PXq}E6Z?x(G;A*-^_MOnP}k1hc`AM&mH$|HN5c%M zid8O%2O>C>NX{*bBSz?xk9xmG*xIIW%%ZBOs)oUUU3fR1N8W(L0wzM`3vRj-c}q4v zs&>5kk2ZoOx^V@W?E^46C4F*05!vkPUuUCW@y&4@{aG4_b=7000WF(k+aJl-? z6a$&=a`cZ)gCg1Z<5m<8)Dp)=ylsC-st?6axn^&C-&cNJQ{?2mV`PUjr|hPMy(P`A zeEEutYnj%c&hf8jV#}qNx-HU`p|5p%m%$NNT`vD20!%%DZ3k5-E>p6nMd(s}a7~C$6?y9JAtT zj*h!G(2lWigOGLEiuU&Fyz)rxo~aC_?c;0^wbDQ#xCmc~WA>uE``13!x#+;`d?8mkV7USM}K1fNK~%i5u(U`A4*p*t?d&aI29}Pg@?ODLXjzj zB2SI&7>f{{b10rtN5*dS1?_%iQwViC%`j>xkts$njiUlmai`?zvnXLoUtY2#iL)Mt-a+GX=097=9tBNJ0XebFKQ%wxL9t3RQrkF z@=Q)?d3m)+kP679lFlT1ak#;k@9RNM`M`%t(gdtf0w8KNN-dTvy8b)LH0`_*V@Zm3 zv};QDefwM&-$~X?(=)waRu#Pf6h1O>@;*#pRP}0Q+MdfZ=T-~apm|Wu$mkFMnT=N^ zx{4=WTx^yr$Kjcu4kAdif+jo5ZL}+UthKOzGYX|t1lHB09CenV6`;ICZ$sZN!dIz) z>g((KexQiHLd~VNIs0>ZeUH2%WKDvBa0Pn>M~c7{{Y6==j>-jz(SA?Q+ay%wn?HsX zN`s!H>#BiA%saah8M6|P2}+i zjypPD+<(e!2_#?1Hx>~AQiB;cljvNaZf|dQVamDF*XQ!v8%xpkiR@*iISqIW0d z@40(-J3hR!r+}fQHU1j&3w@jLvSgKlnDD%avERs&LBzLQLKtw&(Y}G!a)x!Ke<^|# zwp7at(0I{;6sS^=>eReHNEkqs*g&@ti#*|QBW7nFCBkEU7J0EtV2B-?0~C6e5#}2k zVU7KG`qod*GxXG=h)}fxt1kEoq~8V_{l(Axd>&UDixesHv_6COx?yC0 zzfo3-?jc4X#vOuv+d=*KG?-%K7|^_l|6cQC?4A2!hY~r*2&J^s;rzF*bxmHp+N2pC z(77f=;!kqgk}m(2p*apWiUxM?7a=BOPfM$=#q-N-2*T)aIlqSDzwe{aQK?|N)esP5 z%`geYA2QvvG{G;!K9381>7!OTAwgTQ5S#If_J}S zd}sH|ieomVH^y6vwZIzPA{dtHpr;*;h zlIK=Nkc3TKWbt%GH|I0-l!`BH4C5g~KVsEp71PqwY3p5AI}O5>K`em75o98Iey4(D zK+B*ekmF=@QJRxpA}xgvjtak@ily3hYM}+65fV(*&klc=%YWc}7E&vqQ}M+G7lPf3 zc~5ce)x7a)R=B!_-v&|#^x6ikhwId|&@0krYUe?)Im0c`+tB(@{%z@29NACBo89vT zuLo z*%O}6<``<+Jg>doUnCU#*)P&xvwpQ2ITu$D=Ux479qj%%K3ox#!&wNvPV9?QA$BUQ#~){ zuZOqgMcUGHzM$#h&MZZAiziITb3@|0iN1lsI+hxSD+*78{(LABs9qJ1-OLTYH0kth z(@yamnyB(8zZNLxmJrzcn5NBHgO+=!2j&ssqcy}beW6P}o+QCt@?!>0h0>DX@qJ8U z!K#)II*4F2a=W`Ba}b!@YYtAYNC8=dPoxwlvI*$b85kP}di(fX?1Rkn;j~sYJ#R>} zRZu)b}|+SdohPHmjS`rhDZXtzTur5C)d$B!!<{y+lVD zn?U;1C}fTdvLK*Odp~Lw>IgH7$$oyI<3&Fgtrb(+*~1O11L=dlgU&u8C6bq!&#WH$ zT(yxPo}=ekOeo?uPuOKi$c*|!MS>lwD7q|aBDUEslGY3?V{T>}!fdigAzZibW;V)u znKMj0iUp74XjDJt^lut^KSUz|T{=S0(tA9hL|Z6(QU7LJ@+MJ$4=lMdXk~Xgs})n+ z*;5r!fQpU6i;~-N>U)Q-44Y-k?2Gi4bNl#;TJ+m>Wj5Fo^b#bfzs6IysaeAQfAd#Y+EK=5uASYQO`3Pv8FPVfR8id2j}Vjis7 zp0Aq#k~Ga8DNZ7>=6jrLR_jJWj=gMw|6H;WIsh)3Z@t zp{%if1mp19fzXb5GY^sSSJ1V|zk!;)#|4S?cFzTVKRHQ^esJjZ%wPP)GZ2&SlUD@1m-KD>Y-D&oPBCwnn z>NkiBX|7A*0jVk~D*29{UGe#K_P!1}q&c@8Q(m$LbSR-1YN`l?_=!5KdB%<_87}9O zA?V;>$7|B7dU5|v^atU)3skWA{KSO07pZ$3e=WCoUAb=6fi820FQD=OtQGTJSMxi- z-oE^4k3l%4!kC}9oh(Z+gsG|LNDU#Ay|Z4&99|S2WYSSL3mO2u8-4)>i13Sqqh!li z!~%bt69PX0lSS_ve=(f;&D%gTl~PL+r&h1p}E3qQbN=G+n?HGI`E3=a=46CI8&2CuCtFQ+gHT7_f_w!Qi0QdX>NOOC3Ozz;VD z@HWpqj2U-@E;T!H)wJM+%ZFbL@R{1yAbiZYRR^uUF%V*yoJg;ooPv)&fN+)0 z?mc1h#Z=d{g~XIZl})Rj`Uyzj%FGh7d0Drf;}9_dV`GDpnINUA#8cx3#7YK}2Jv#S zdsreB~d*o!aN7kI1U*vmwK2R8ZMN2909AS;d4vh)yr_*;{2s#TAG{xxihpO zqwET_2;42{dGKkQORPb3bsg5VT%rOFlfqYWa&o96Hc>>J7u=;!Bmsv_>aCCD#MtJs z;LWDoj)}Ul(NP}!ffHqz1WSLWvYO3ueYQMFgM7FwN(}1b@Ro=1_X4g}&BI0<)!dFy zLhY7{v^~swhF3%WJUBlQMj!5dXHLsqnfij+*R$W!$fB+ddb}TB+ET4q)8N4LUUzE> zs?LIEUeCJq9ByY=fEwm6z9Qw*b~IWaR;c{4CYoHOsD|TCXP0)LrpwN)PDNd_74lX?OR!RQUr5Ni)1TnqOX(%p%}Um^_k|d_ojLYG6n`Nm_c6Y?V5!; zkn}xaw8k(x+j*MmST)S#bd%Pk0)q$1_3RRml^7I9pWP3yGVaK}LH#{#fwpv%zP)d~ z?eIYs7$v>~GGQK)GWNQU^Pp|Qe(QFV$KV*M64~E-{3AE# zy({YB7yXI)k~K$fY?n4LY^khkP=~!cjn}d48TWtKp+2IGhFfT_H*flGDbQQ07E)A9 zEmAGUlxep)X6f$7sLki1Ip+pK9Fkd4$eDB~sYPChf4)sU3BRPLKUePSQ|DbrZO0dr zxbUA~)ayAGT42MvCtkdgP8qFvWB{z05q&<4Z!oKF*-U2n;ufDxoCJR916!R>I4@04 zv$M0q{%j>?JyWjbLI;;4j#o$A49!&JO)Y$P1y200Yk49imsK%MbuCvPBu7o4WbxY! zWz5dbI)VcRwoZNK&F0+(9z8rcG@AE(6N#820>&9wr6W#2wiAG+m?iBiFP zk1al!n%-+f-o;Vcg#HBrgpe6-6NlF#PYeLQL;?!e>(@QM#ryR^fbnJ#E6$bxiU{R= zNISN>qKCQxDeKSctH>r5SM<$lEsd-oM33%63$miTZ^d6$+FG!VSk@U2yG zc^ng2DV3H{MkF$_tDGlS<^>G*ivD}e5_?4^!1_uJF&p{#d@%QxpTn)9Uj*b`qhYs73Z^!6gYg!D@42*X{h#Vx0daOYJNP@{-UKh%= z*bG>+L&w4wJFKefmB1-~_Q|pciK#)qDFme@C4)wz38;f@Ah^&D--L62snE6--)B?t zJF(;v6Jeyt8_$^7UUF&G@G`5KFu>}4le5_UrF&w+b@LFZnank>O>YEz=!qD>H#Xs# z5q%8GlPXlAl1>w$tlCM_znO>6FG=b{QuhS{=mZwYEkC3h#-(7`Ft4A6U*!6z|{83KbVBb$j28n7B1Om?@h9i?#BVD*j9G&y!!a2nprNt3}$19I=}8 z!zrIUml_Um-mo&fVy3{G@XZ{NWOdZCuvEW~lHZI&aw@Q|?JVoi&Un2TieJq67k`U| zu(%NpRbp7kBClcKako_IfZQ`(A*(X z|8#KPCiHrbD#=EGaWpwuj>KrdI!lX!SQEHbqkl<-JwA`!q` z^G!toD!%X#@Oct=f9NKjQZUri%nac=od9rh+CxHmt1Gh5lCakZ2HcB0)?lIYsF{WU zQAc1|z~PcK6hK-BvYA_o0(s0WZ9It#DY_&ihRiKJqVv?xWtad2Y2ht8H-x;eUypx9 z>X31lzX9gCnruL?-PXflI3CMoYRcxgPIFBPFtm1NpQC_FlX*Ym0VgY-WnV)L5sV6q z3C^BfLyYROO~|t?iwI-BdRKW*-3u4pmND6e>#Ong8l?pLcd{wy!G~4jOB?@2mJfVb zwHUwu0ssDLk1uWS)O#EPz5KAzXsb6_BIoOAVgrfQiYbzqodh|6@bcW(&yy>R?{o@? z3*yzp9~|)7suVQP0A0O=iW&-%`=3dRJJE_&;O7}43YA(YbS|DZ4xn7e)(OSZjn^MN zZ`g;GC;U=Wc#@x`MMjt;SHy!3%TgNBKKGYM1B4vRuwqcj=p)E|7m6i2%q8Fe>8R1`{U}WyVDu9YKTRNi9 z7$W+$Csl$3<1)>H{7Gb!&pknYk%wzd&!BM-3@Gk(KhxS}40!2KubRii#Z@(nJY;5B zakWp=CY|2HGuGAA+{aM*1&9a64=aJ^=oCf;hv{|x*ke5fK-pO>`C1UPI3 ztwKBGBjS+cn5Ky&!N1{mE*`+LIn!WbF-iP^>2M2icqc;4&G9zKNqtNXbUPz-T&iEX z*y{>hw(lIEw(-T1i3e}OGt$$g;lMkNlk0D+s`Ya+cJbM?NnlCm|8bGX&M~HiBU_KE z5$TZa!5v<;<47~q6+jW~hw3o2d8%05qKF1|MS2qB;-!Y~?8z7-Yf9fLS%XSKd0lO2 z4yAd7y!jh31`$ess$Wm{Qcq2!C-}f8(pgUCXC{I`B}y$1Rkpnr*`r$l*W8gVvd$;R zE-4Dv*h*8~o&7%9y@W1)I|tlhH)U6n*L)Bp>`)C7th%De4j}$YA2F;aDz($T^Hnv%yiTc!w6!XP`l@|E>l8b|-GW%MXi^F1S za!V88+d0Dn4XG_#qTMZ(Pg^?ZyDSIl01OX8bb4&W*0H?c7kF~--&6Ao^bdS_Z4i`uQscZ3FDc35B zrm{Ih-2?^=8!s~t-P~U6?+*p|`d;#!`mZ!S^$XmTZS!7q*!xlu#kyg^XjmIxwqZ`g zx$)3>D}d+YE}@R{bxp+0+|rfc7dsu7H>JeKSZasG;NKJJA7u;(zxNgeNVFswm~5x- zhR!~VI1tJdMObsE!WpOG_$<%67+MetwvL}JWkTOukI8nCK=QwPfgJ@kX0`6S&rTZ{ z8^S1T?8Vy!4D(i)vkVqe)Sv5VCX3pran}WB91qHXIu^y6NWf_fLGaBVgz6Q&Z&I^Y z-}P5BQn+4L*&N>m#F{jDa$Y7#u%tIUZw~gHBIjk?moGVI`o>Kgp}VKsxI0Th>%!KU zzc~O}5plM-qwllHG3_P$)(zNWEdC+2`Y%B>;;N!f%;Fv5AB4&_p&@t+!|QG8a;W+y zX>W;=VA-pi;m}Yt(-_@>nS2_ezkjiFg#mNKfJ13$$2xl0f^*aOW!qfu)MOI6Wlac2 z%Y#klz6ce3y40sjC8pDZE(yFWjm#Djz$VU-|1T*i$utJ6*B!n^;*ed5j)X&=kG?uG zXJfGb$YmkqnW{A{DT(JZ&DZkbn$<1y>IE_gK^t4SU>mjfo83sm^$|9VijFm-XF*0r z7GfD+fw*!8xR{ZEjqk`Ceb;-D3#gZM&$$W`JJz3J=FP8^vbr(Gt}zu)2L&M^?5{=v z7ghk2$l0FWX+Ao*rQa_5=p{%%JE1nmxz8oXMes=<%qen)_YvF^Q%<)$yg?Y(Wv@8o zUU$S6NL*t^3s!KN=Zv_ds{p!JM<+DzDIsqiAbseYmpEKsM-83l6=`$!RG`-#+h0R| zih{NzvnXwYmNE3+iOcCtn(p{IJ`dLp$S4m~+1;kAaS z%gu$a@3)Oeza>v7Q}>DP3Li@$?fRn;THRW1#(T&B3oef6ryZWzZ`F-ZSL8IUl`GAV zjuFb~KvVwXGHZM12-+Z^+cerzs6croM`gr9?Hu;sQ1pvdujJI>K9P=f1MNFLs_dOk zW&s~Q6;y$e3!LKqUwKL|m(d-AVm3t@=IFYS02LH59&QS7nHC=FOyl3-ft$8b!YfoD z8$(%McOkN?Bz&B|eI-h2i z@)eO^YW@e<<%L|$q6T^T8@OpMxTD3l-0Mgmwx!D3xf3%#MKNXLx{OW?I^P8@g|YbnSZ*89!zKp}oXv zx3C}5XKRJjLgXr4UozvKYYoqwk-+S1rN=Lk^--X6=S_Dek)%L{8=|rag=armksx6{ z8K1>JLj0}pQO&sy8XL>I^r)-yM+r<~O}dsWdozKe(tD5WmBSR+WLFe$ zm2Y}cnvMpZB|j!NbYAFzzo_SUwBrqUB@6%R#qjg^U=-{CXwyl#C32Tc=<=GoB~gCS zGKed5WV!TPe>hNQEIBpHd*7=xsJg^CkTll&YCo9+c+8w<N4w*Izoq9ayLysSA;*lg+Vjk0j8DVO4`3SuTh6QA z;eTyLAUBhRV*NIqt=@hQ<4# zF|zR$zb5;M{Ja+D#m2WR5n8yw#o__)_u7EBNQYQ92UhcwO+ZRVU!-7!*u1W((RQx0 zKk`FIQ!U3R$#MYv{3_&62$+zW*CN`PF48(N6lIeoH2YlY@gWelWP zCbN^g6X_FlooeOt=VQVFDSOc9oaH(amYX#pIdP13k_sx?xb7q#1(L>fbr&zni{mDw zQ*~Lr>{7CGS7l=yFBb^8Cl}k?*6()0FThyrQv1#Mw0B&2HEC<_mubR3C3xgLkqt*y z1!Wysapw#vsIS~&S=A*+G-Y>Y`5mp2n{5qkr1#kBEYc^@C0S7WsD-4oT&i1!x9EdA zoYW}=Wm+j^Q$ZdCW-wy8l-3S1l)^d29Z zA>F_4jNFBNg;Nh}(fb6d#rkt(GK0KuR9R4zTJ6*QDA)S?JkH))qgTpyFIg;T;;p_2K!jNAfsp72eQp_a> z8IkEF%vvXb z<8>5uR-VvnfoHKpNR2iDBp=8;xU)Zw{g^EYM{0scQ~}{IdP{(9NEbLc^|znIF8>{H zYHEsJ0&b5EkeawtR#qMn)B?|>PgT!nX;ie#`3`MnW@J2o#M>stu0mwZO--veOsIplRNNEyKhk>s*Wg>=B+MScat+HSWW& zN4u{$`~qaQYc@+?iQPCy_l1Qoh5{MtBrsP|qB6%U;|{7MT2N~5UAuP3TW-% z{K>>^PSViO!3HtE+J4i5YT$zdpGyUsf%LmX+M_!o(unQ;?w{|F#w~4+CI@mb?#WBN z6*Q~!DZEdh?>bB?W?J!DscohYT{cmSd{)s2VDm<656%x00vv)T-s?dG*?!5xqk6Loat-YPm2Zj;YNtO`a)GDWZ%cmEr8QPVAk9PJJnUd!wy|_Hs zL+FGMw6}g1$u##kU!m*7KK{}Rq7h-}ekgtM$e@oI0TfZ%7-vDED4B*;Ul+J$vG1QR zkT1yYy-C}Xf?fxZ9it$-7&9Vw1(=S*>nx#igxb7x0eN7vuX+7H+%{hw`VbD|4*OCEO-cU5F= z%twub@V^PwVQI9^$xwPIsZ`W9$xbZ>)13JKYIrs4Xq`$D!&Ze5H57BPn`tO_wf=9D z`xRy?k(fIXb$8IWMM>FGg71O#|IK#nzlzWOVgr0B&}$z$d9D?METT}M>>tOCKd^LveQwca{@{r@Ppytg5A|w;#_j0`VqulsXs#4BpWogSjtF zhyl{l!v3M#h4fXrV3DGyw-xeQ(n=aPguUP%u_MA;yYb1A#=!ET+64%G{eyd?IF;B^ ze=W#B>|qBsNi1lPnfgJcq-aE~L?SbWC5I5Rm#F)>i&&-T|88jBg+B*%%o)3c7V571 zaMu$%hSszEF-&t>we3ovA0iy^D32V#KOj8nFKoR2RW7fi;!|U2{^MuA5O!TqqU`2M z(a1ypG-P)BTblOkY1`5z4Ct>j5eTjaRGEoIYZl(4FvF`W0I2c@ix=Q@5{76tdbOZ#b~@gF`4bSB?mW#3;!0$q%3V ze5{Na$!@7}_(XcT;xW{~dm_#^K_MzCZvAV$S?mY)tNO*z7Fj3-p%0WM@rA1`rTS6Dh zrbnBM7kpVx91So^0+Z1sxdD-FW`Da~@;sJq0v@+=a^Og7C)%~z;OnjmCPX$pehx%8C3ZW* zB9@=}q#JW&q0Rgt@-ZbFWre646NuAIi_EEH{oExsw>$2MBFq_Z7^f7et>UBDht1aH z!D_E#oLzx}bbM_RV#6R`&<;VZG1d+O>YDPv28ub9YCx5?iec-S;{p z`5GP-p)9kcC}GT_FgFp5;*Z%*-2Qs%i*8xNTp)-Ka0nlF(LoAqho_mkWojFZSn%eR zui0mn3c8&amZG*xZmQ|oISPMYvn{(cI$1A&rZf3OeZ*HJ13T}Ys{WsQE zn&I9OA9*B2_ygwP-42-y{mj`d*(JB1!&)eknYc2^Ysl~C#ggr_N9 zGT(jmt~eya3Nzf*r8MCo$-A^dlm)ikZ%d&dU^uu!4=jnn(OMFOvvR1gLYdLo)p%ZRJmYMy)in!H?<@`z z(7Kv@^)E&oPUz)Mk#rYkpK}xWd3O2{Rb}&KO8&d->?uKYrKG}UTNKfPE9-`?seUZ9 zrU=1^u1ym=qkoo}=7ElV>bW8a>f9pkSh9VJJdLsfiO2i%vcTgy6n!kYlfi632N|sy zXq=L!FhP5GX_KHIn$WSU%&s@6s01BXfGjNvkd?cZRp-cOcS%GW`soValaHc`L6)Ix zq++q~jSh*9eaJ|_Wh~4LZn$~E_33wAh5CCy`wcrFZIEqMS$P%{+m7T&2ij$4b@4C9 z`bzOkRXs;o;@NddqRRLr^EMm?2$i{M{rC z+e9G2$|1}R4};yzo_G8`hwW^O8HZ9=bIVpmb`nw&&}E})zbFLmTP zb0Jg94@r!yfZm|4P1FCKApOToiAK1mT^8f6{t%NO@+pYlJ=Em|CcuoiNAZ{O%aeSs zP!}`9rGtMA8{NC(kVv5GhWJG|6lOLL`ynepOpN^h{8Z^aM zD30@&?%hSHX}jN4QyKUItc6wEmlP}xy}8u{v+IEqXv}$8SoeY%>GNHUv}_LPY3W@x zEV^GA*+B0}jaa_h7wwyQU!h93AC-r8NcKkrKoj-cDU_#&SK;(%SL8JYQ=Coq<4dfm zBc=(M1=L|4X&8h<4?|2$v{uX?Fr^anY+4_Gc5+I8{x*eb8*DUccMDSvGz~)`BKxi> zGji``0lh+rsT7r8}|dVYNYZJ@j-*Q{T| ze!yjL<0Jh<-7gz)WkTahi`zG7x3bgu&62idStObAKGci%gQ4_c9mpaVz&y1))A2V7 z)a4iplKqe=14{%w2?X=A)B=XIm&2(t)HG0pL1Ul5WMpJvo5;sSLqCS_5~cZ$vcJvM*Q*pP8Z^H+c!` zhkFrP9Gzx!imkX)abW6Z;tkQCx$2-oJKY5Yz@FaIsn;v+P z)<|ekx|I>j=9FE9T>pcQ=mg|3J7kX_R^jlgL6ARmqu`nRl^eNQSQlOp2h-H%D?uG! zwQ)>=vQkx&79XxGApn^>ySsy7PIphov*OiXI-s(MQxG={7slrNqsAd_{;MNE*M@GYanxEjF6Kv`ESiPOgG%?~75b4L z3VZ=Yi(*5B{bVAl9)pWTRC?`i>?GC)+RXa4m36NT$K4UMXH5FZWwHhR^+MnqD z&|DQ>bynlXFCosmDjnVR^}v!O)gc7huSFLoRy7yQ{p?kf;|qVG@SDlo`LS^I!6P`K zi&JNDvB-ifi`Z{*nF9}OiTnPwCW99#u;PF2t{Qc&p35C&pBaNYz6NnKO%-uuar8_S zrsV4ZWRB7NOt%mogixg!d#CK+4U(8H>f@skNP(|kL)T*bJ5UYCmOJ^z4Tc4K>r6K^ z_X>M7+)v_rn3)~QhX^~`bX0`boZg3mbX`>hwtte{E0be?wDr-7nZIom)0 zPjc*)j3-pw(n%t(R;_FrPoj~YN%F_9w8hQX^0*jb16Xhrn7}<>Mr^dlMnlN$whjp( z@js@ekHGXmS}7lxs00mcKI)p_&6*{fLe=S!9?o0EW>kisE}#x#dKYz!e)MsIamY1< zS2_KG9tGK8#Ocur2$810lFP>D_X7dbwcmHqgzer0*uKc%Z2G^m0Pw*itHnEZw4w+P zkbNOAcdDWjcx2h1XbNb6!2_L-y4B0Cfl5TMK0H^3c5wIAqY}nLM5p`@_8f$#g@kUS z$c-+}9lDRd`Oh1NqG7XR(|^tsC)^|G!t`}tl(47xyi#y?pU2vsiP3;j3sCx`s`F1{ zt^KOfX-+7sm43?^wv4ET#~3dhJz8N#v7t=(*<&vk@?KiGzo@6K=c*U1m*k^az{S&N zllXhuY8^3t6)qaFeR^mDT1JX5K(lq|m@02i^LnXzZhqX|(oE*Nh*5X0H3>4#vax&HzFBvB&GazXLlib_W9f%wg9Bo!y6VZp8K2z7N!Kd3Vu+ zvP7uwwI8E2q}=Sva2r57xBf<$)kD4bCIr>-VWHHyRmRiyU%Wr3PIs{d{~@ODl>de+ zT6ekQNEJ1$S6ZrC{(6ypV*tI|>rNbu`kg3LkSgowH<{R^VP5*Y9g z5eOy3i)1i__4G04X}G=qJ4>>gI8>5~Z)q53>A$ry47wxpId_mrsSEg!d++qZokNVK z+7DWHQcv|`8;Y4Eaj!aF@;vI?;r{uxP4C6)QigFvKY6EOsa1GhB+-{lE%7nBnSvlt zBWIJ`fH3Hpb54rSX(PXbktX8Cjk%upg!8gwJmXrV>V@P>d%KCG*y~elG(^4H!^7z@ zdc&K&50-A+!xB=inHMrA666aI9$u8k*s!_o5T*n@vv!A{n2M5c*}V;7n9b({3>Zya z6y>8(j&`{YYbit~a@b%)EZq3LT-q=3V;F%HZ?S2qrq_D7UFAeqU)3!q6Vo&MIOjUH zo{o;$2-T1=@dEp)YJ&(#kE4FRjpOao-8w%lqTD|X)etHeDM$LsAY{_ zj0TV564MpC7kz6ydXFIp1#BJhbJ9?*h~(hsRfqr0%Zryib(3)%3&!6)POQ~YmkB|i zQ15I|=MfD~{SK%c+{q^t_1>dt9E7>Yuc%j6&{npACdo=Hu6Z&&<;O%RgegF&JB*~q zh?o?p0A>s-54A!(u!}}aaQ#v%ts`33ljqn@-$Szw_wR9h-nop*0I%!quYChcRPcNQ zZ(+uuY#(8F1g79}3<^7H*Ot`I`RN(Gb52@`AzQan zUAi~$C{OmK|8sxH=8^X`{O31Iey<6@z6XbcX^QpDp4LcskKpsVddnfzo1DPlsK_hn z`@w#^2ru55lG|?LFx*l%D+Ps4N&>-`95cVfBS}V1D6k7o$i<{yC`o`-W&ZRsJV%r+ z#zmRIEs;|0Wj$yq9dsPwhPFP47HdRz?XuEav}3S@%Vp@zeZs;0)dA1rgcp7}NEi&M z)sDtwdyig(O+**GHQ)Defe>|F`D+n|xFB=uLtIMp_Fn(75J8qSuLK(d*Azb+lroJQ zm*^~oeuI`7eT9!ml9V4Gi~~pXWZwuvN819 zvco(?Rz_D$($h2E$|J2asEjm!fwBuh=J;^UJ`uM&<;;H$3WIa5GKhC=894%X$$V!8 zp6wy-p>9%lusy{we>gO5NBu4!rHcb8=@k0aQZ93Hcr@o&6MvrL914s|wI=A2GI)^s5E)Z0;nqvaP&5C7|O@-r7?A)9+;#tw0OGaAvbz#oS1j*-#QgLe0mtxHO6f~S4X=+?#p zpEjc@80Rk7sfgbB=B3Es7p1Fz+2TR01CY!fB0|sW$nJzaB{Uy8^Iu*2MK{wsFS>H2 zrzj1I4SNFp&@vreU+D4$T#6I+qCeQd$cT6){aM{7$9xp(_;`DG)?1mFrp{kwaZC*& z-B!U4lles2ob=M5ks603;R*T~{T*dBY&>@1WN3~81^5h@NWd6I-;UW%S=GJPZtUvT zASpt>`+_^NjnELs6muo|J-0G-npzGbCHb!ae1*@=LIdAvW-FsU@b*`?WVy=KpjJPY zzL#d_;1B(&V)=08g-j9pf!^i-taf(uBl(E2%LUwPG5sh+>OvZerA545nN9$(6dp;w zOS9|!+tltvcec7groTY?$T21i8kDb$akRMfUEcgds~wkmev1j3U-i|&E?OUZzI1;Q zS{q(6ir+h=nx-B+D*f`sn+OR>-X-1=N>VAos0-LQJ#b36KgGl!;=Zh#X$y?`?3W+$ z>f=XtcE-jnz2p+X(RbTkLK&yxWRjWpq}N;-a?}2Ft!u701FE65V;P9OrW|CE^r;PYLRLgn&qqZR@0pmA>^c=qsmW1Ac9Jxz}B8sO)U4M zqU8)U#4W|@H;?}sgExE~xs{Z~{kzWxwD4z6GfuW6zdN!ramooGXWPY1&cJF7G; zmXaDF!z`ig>@*t0EJ$tTIy~RKRlG<~$owdjjM}!eX)rj@jl88J58ltS(+?{?ns0JW z8DU-vnZ!l)=Vk=t3PHqnSma}J3yjbj&Bgo7cM*+&Ee+45-kXW1w;F&%>bFjqmlvSl<5R21kS-8) zWj%8E%JI6S{xqL%iXgI)KPyAme9@#c^(oaMNzL}2fXA}^>Hz=WnAzdRh<%ga6SFHF z{<=Tc_wyugZC1D7_P_CQ#<>xINpOF-v_9=*4LHCI<}km+${!L~tHTNm;;&qD`2&=z zD0D3tX1%;j?4b?SMV4#)J>2Y=M2F|L^Q%8c>Q;bjPU{bVXWoK|vz!Q#O;dlIK|z zIA|pSWDUQ!)~sj2-=`~KTg_oieC+2OZe@wY6p+3kn=r7EFR4T4=@&>Vwh^;LBOjJR zqYjm!bupF5rpc0k4!9pv(uutfyyvrYa9AAU(UC@gx|hRlr$S?8TD-cis%Txs zV?X*3cc%M1=UNE(>tvVy&yYF74gE0^Q|J-P6mKO-fG-Fw#?CR6@|sCR@svJ%-BNz4 zM8w3dVxw)tnU?h#2_0)=ht07 z_9*-I!==NXjS;I^FRF<8fMiO1ZY|~SCI+5;1x5>e_4LoolDb1Z>H0(+jk(qI*3!rD z8|C1Nx67KDnzF&ia+A7w`rJPo*oLS1MhhQ2$#|DN(k#zqCVmOH@ecHIPc^KoW2V|a z{t^!>j+E{m*U6Rco8JidKaIV2JlpN}KOQ3}wQANZrKr94s8&l+S}UpuimJV55G^%o z-?c}FQL|QK6E$L|b`+7;h`ovJ7kc0C&-c&Y^~itcb)D;6XFSjIypqQwl3w>1#<2S> ziClEp>z{cfxwSrXd+z#EW1USta3ql>)mwHrd2OY<8}mc^KrK_!W#^g(H!C6|HL(VG zz+$>~2dRQMTGH36klGruNq=zY_vK?;yU0q&_37(DL`KWPDMKJPTR9mgkEia9BkoDb zB1%Jw4+A!R+y^P!k7)f=e{?c5-_QM(U;inzr-x}UI%^8kWVResqi_pkky&ImKwE0O z7+LcJ8)|9ORxXdypD)u`PxLCdfyo5H8cBmA8OoEN%(3%XN^vtB&3x|OT(PQ!0|Q_F zSh@g-&E*G~;Rh7IN(3biE$kULk%jA%P^o`k)r_{=5U?^)dGlFrF51v~KSTA;O>!5x zLt420O5te{Wl7-&Y1vKtoxI6M_CGovpTZVK^JIOWA~o=wFAE>MW=-pzHPJU0LUrx% z&G+W0X2Rg2_|JS_8bc&gVmEaFE#XG|see{tCkLT*+xb={ z7YofiN{az%>5z*2{w9^|PjVc-UlT&y>FAty@=gzAJp3ux;eTx-qxs~Iuy~TJZ0x6<>-vgy8b?7Gai`x*b`<(-4tt7 z9YR%-cAo3kqnfRuXXyPqM++;a}8XFSie4`*~A*Pi+wvL>C#_YkK33Z8GSAZ2F{J|#g~+C=s^2}unexX4-@Q5-O5Wr@_! z?@tFcFrlkn&-y0$H9(e`YC%E4=gC+__@Cn9>MUGpS8I#1U0ayBqSGuLU(QO_iP`BY zOq_!8AL+(>QxKxQ;ZudJ!hG?j^_DNiW^L!4hN%(-@uZ-4Lly=^0{!q-Z;HnP-04t8#D zoVMG7WTL(y;=)OxlkhK5TGb)(yY_@;Tcz+L28?l-*~YeD@>4@|Gs)dayPP+OuvXWO zlQX(4kYKJoqWF?tLIsO7Zy5P)lKe&q2rWz2)`MT-xzGpHtg0hLoo_Sn&g?bGs3IXH zU!sH7!#-5tXVH|Q6P}`B#jjI7k_Wtbk$9eX11PC6e?!P@VFc9)dKci=`_I#R%qq(m z%Fj!z_h^*r$Lb&4y{^|$FW4mn607^dDVfXr;e#IGeFcfM^y*DTsExw*A65*Zlgh|8 z-2A;Z-%WT0ecKiuzU#ng@ys`YZL?{<8&yGyTKI-1>lXQj0d1z?%2YR&h!f1V*GTIY z`m?yV@+63Z+k9ac{vB=!{WhfY@E-#h0u)3*rrQLlO>OLzEA4)SsNsLFD%>X#=B@qUoQ8`?ma`GknX#1QUzxdA3D5;+7UTo+6fhD0ZQQ z8w;A^<1_cF*$viakMc#O_@z!E(W4KlTdh4eb67796dblVF zr`(3zuY}J;p$u=Sb`l1K05)Dbzk8N!7fZ#S3#(^5OK@ugo`v0R^(dQih!2L-Ty)W0 zMCKgwfgWOXKK}NfKG}B)*tESEEO}HOPWtHUT}9Z^^IOt-7CXjiurCfq_&@|xShXm3ZGVIW|e!g zs}exEiPkk7Y#MA+O!O_ujzMc}_$=9c*E`*vLtTu`L8n-qES1mfz^<6_CG@QMKh-M< zcE`cKL4h>-Z9U67hV<8QBBmQ(DmX>>N$)D{Ax?r5kuQ2qz0ec<;zvK;fe#V^S$`ls|R z?gqVXVk<4P1&=r!fpFI-8A}<>J7HTWjpNX`^)bVh+8|u zwl4C9e&V*?3qB)m%Z>U>QTfNM*0na-aMBkav<(bgFP9EO3g8VM(+-S?`PNB^o^!kC z`38y1w4b+=S$rbDKxgIQLTt00Shk}=IIehlLRBlCNLIX>aqUn62}B=xkgl?wL-fQ3 z+dGHmE?)H8$g)iiw=oaqqGujCl}5W>P#pTxt!`@E@5i$eh3w00nn(>b3r$t9!D<&5 z7hui?CTCAlQe91-O?Hfe2F(=<3Kna+*1x>;Kz=OWxDkdSZlZSI`2FC{?#xgOV{?+T zC$7%DCwO5YHwxoOMb)(k2%K#HVDm8kJl4^cq3g1Sumjy>j#Cu{2F<^&P0k-q^G zY3AZDQM*1|Tuk(XzkwMW*E#qpJ`g+D>Fe-k!U(Pb`nXtC9t2M0z(ZpzR21wv>D`dp z6)y^rP0w0vQU#*eQRGU@{uc<@lLK?V-syVI4mXzU`_JH#a=rxU5Ng2=67)rnd~JVw z_(4gC+uDzC1VBl`>PM6c8DnQ-pl^Q|kdlxuJPY}J%16s+OreQ04Z9r38POPTUb9rD z&e@uorPmhmB4n15!zdO<2YtU=>P@iPWG^h^yYT$cPbWLDq2ku#Uf8MNLhb%OK9M6f zK6vCRRZpu1trrbxZ^kU)9%~@RGx2}5a-q((~#k%=%@3S(gl_c?W=eEi#Gb5uYoHWN^$?o}%%Dn`#FH5^}I6>^0 zXdI|+YmEfr@EP!PnC=Pl&4OptM7A6)4f%SxC&$h+4exO0zHnxYfeoXOA2a5YR`P+? zgP||*JDkLYt^&f4I*(gYa3w8ou91gG{<^`5F}y?+v;=ONnuYa#Q&kLF$Ui^54Tb$CuvmnI^E)3=2 z1mnA*5emAt9Gh0A=HsnzMWQ()UiJrPhw8qVDBRqaG7&NuO(ntSUlmeK@9LLZtu#(r zuAN#A+NBbig>K6JGB@aqAOYX2IVMz-S=ZruZqV^nXoC)vAjsOCO{!C1CFaSAc?zaW z@jn);AWd;N8>&OrZ$>4$XG)YF4no{dsL`(50Tmw?M*aM6p(jkYJ%rr!27@y*C6f=& zTdl`7+8%07LxCD44xqKK!pM?(6(QimAu+r^u2KeG?rvFS2PWv<4V8CB72+quclvgC znD(NPvA080RDGrh6GV)TzEnL$*XLDvaBWTI8yVeyI58TO;Jkpz5#J8?T9b__DUO5J zZ;EiJp8u$fVU$)Z6%`Ule}fCeOfw57`6zq1s-i9>*=o$J- zW=`Z#HNCY5ihT8az{)Q2K5Hs;SHo~rab}+1!g-nm9thye`3|{V^xl(3n{*;` z3F2zuCQnMy(xwnPY`0vkq5pC9B9UU4u=-5dFEWr-{YIOwG6xhCQAstoPadD9>9n=f zygHQ!^B!cdMc6X70H?{bqKwj7$tlngs2Y0bN=m_;L;JOW6*~AtB>?RWf_`*bbpC`a z(GPE;3a=^aHdQ65V?5#h-ZR(o;e?)+cA4hNy|LKI6(5)rs-mTh{hoddjyPQ>q1kbH z8$sQ_x4e5Fd!~gVwLQVGBWo8wx_ZWM4mOJ{=H!)C>yjwLAeJnu!2^Lm zIZ+vkqdRY4=x<$N{N@YIhdyHXGv-%fD6wl2k48s>9PvG`eemQP=FB|MY4S%>Z|@28 zatLyh?7(I&4sun%lp*|wLF2u!dE#3s#zyNL0hW|aH^;}agMNkqzdHw?Zg{H<{E7s! z7^pc@I8Rvv4<-ZMDAsoVbpq-cinMO)SI;&1MDEW%PXALz zcB@X2kt~FcA_L388h*}x`9AFJC3zX~0L%HbjZb%K)H0@g7?ayn-N-s|kw`w8LUbT= z|MwpOjKTp3sHKwoA6%Aas~1{UvB`N>BL*g1RQiJSAB1OsU4~;TK9e9HFJ=r1Q)Jx< z(8HY$kNO5r(rb%LHAVMDWJKLk-7!T)M-*GB`R~|Mde^G@Pg6C`j)-;Hlrhv7UXa9g_$ z<78l>Y`SjZL(QfO->*oJQ%OlBcrnE0{y=;O;j0;~P#|sFqMp;B3YF)2;_jsjM(|L6+20tiAeq6Z2T}2eYo+;^xv-Zs^b4gQ>hMF6e zDt#_kth&!6{Cuv8>DJ)B0N6y9peOk3gmcEPGbxG=Y5L6csB31fYm!M7ElRjlZQB=B zzm88B%1`U}$9}zbT??z5TxsBL{yFF6ZdJ-_WVDJGvIE49D-kPK7>p`J(ywJnZNG`| zALNSHNfY~=ZZ#&zwl-X+tee|vc2&}p28DN?J>B!ACVjA#E?zsm^M@2tRNCZ@PvU>n zagzgsg{F_JH**KY0CG&MDQvKxGL8Z=PW1xu0Hjr0#cE}L{ej()ca1!p7PL4wZCryi zUR9|aI=lT!!2owhNZh6o$I7T5^yauD)*GbZULoqf36FRrtMqWdj)mlgC15Zz#0TY= zv&oj6%_>n_XYdJ0Ar#}A`Vc1_I6cxZ@hJgzO^E0afRTj9$UD2{1^0%jU%@8VUc5%0 zZ@`T{iwwfkrf!HsvccjYWvZbunkeYCmhHmiHEemgu;3KE6IyB96!y5}<+CEs_uxYP=eS)-O=KZ|XB$g=?CV?(%C``pYHMC6K`+PQV~JcG*s1s4*d5t zDZ;@3o3JyG`AFlQn*jP-M;Jrw%*O92?Yn}l&GmY@j>oRka!Ots+)n&HZ^*mxWSQKd z5iwrYN_ZXO`z5NVb2-BDRW8Kxk!q`$>gCsXM5PVGsFT=i$E?Cx=C`H4v%;X9R3OpQ)#uCJ$?S4-a zXR$(YoBo?jzo#GDGu;Hl`(w{@TxS8)*=|2D5AI4+riFPn{ytN{M8QwAsV(ca21$^P zKi-~^g=tsB)X;BTN9V?S&LWEQ!*C%i_+uu>gL=p-S&g~&c!b<;bMKP?z7d){3*lHY z#M`ABjkEtV%~w&}Vg_Y$-_XP3_i4`pu?K$KNrESfL=W!Y6Qh%}yP9YiwBuES!64%U z$*jys90T0u!4U3RSYPE27R)rS&Fj~}*Tb`s&qsW=JEGpnV^d^K2<3c-@g37YTqRgm zKG$vl9>KmD4lJx96!P3e!2O)k{J2!2f&M;S61(TIK*y8s9w*3=3JITbT9i_RUhkO+Qs!bQZ9-?@v^62;rTwZ+K#LB7gTABBJk&?Oho;l?w3W5$Gpu+lGpy zpz~ygvJW0aNI}2YGK<$Q%F6L&tI)6KEUQv=>k&rZ3AEn{-<>Hg9 zYc7|y8e5T-U9oS$O4DVU)VPOw+}e^{Yqm!y2XUUP`GBSuZ>%8Q%OLE}rw+t~B%Ppg4$cde9*LZeXbPMqlLW0e!zvMjPnPrn=Co3y;ib5D{bKo_ya^;kA5X zN}w(#zI{&AFOw$hd#fYe5JG=YTh~ycI0~fir@u5@;HSQm+|2%xbqOCcd6POsoPf5+ z^_I;0J%Io;6AiBh0xEe($g){_H+<9*cOrFcy3L5 zWjgnvrIX*xCiFq#3HSa(aQiJ2tM>H=d2VMFD;*q}zOHJQ-wjl;8Z$IVPri#yb%uYh zX(6wVyjot+V+M2N4lH(V7V6=mFhS0uErD zu#0bAGCQTxd*JPh_qL7pK=?iQO_WkBYf-MEr1eSYqO$pz!_{4A1$5-MNZ0z@@KiRC*27#|_JO;e1cn(5O(9%m!M zAmE{_k4Q6x+$Z*v)i;nfDb~!!!?FV({RdY|!IGRctd<2teVP%`zLy74c~1!`1)dY> z@Vodv2q-(N*qyQi3;Vp_h_8|k40{tAQ>pIo9TgcSp1mcvkX@no_ioEPZ=g~#sf!QS zK8MU&`+Oz!L@7a}K{BWjc&a{wf8qw1*iFXgMF2(vOyZ^{uE;wzNh-(WM|Glj#&-_E zTKhcyYfVFLFx)rP7IbUF0@J59%Y9H(h+;@1X?kxSG)ryxxnDGKV?`fh0_w7qsW_4Z zvn2>w)CS}e%j7Qbf-u82mgQ%Ra-Sp5Zv4$24sPf`kvtPBg7RJ~que#1jAtxy3v{3- zwJl=x;s&dQ2)FWm189wJiGcHPgRV{jwt4G8Y;V zBbFhMB`73lWcX&LK?^qW3?Wu}+swgQ`4M4XLCC;8T)j?l3IK&d66Y${23SK~ZFZ%L zBlWEwS6=UPwQB48fLc9PG5&DsBsFSzsaBs68tK*a8~#%0z9*Z{y$cC9*)37bJt??3(43GE{azpVvp5$(*LaD;>u%ADh9|y(Y zzRv;(yrU16a$|NAGj?+!ItclL_A`yP{eG3o0Q`)giM>k{_aiI_VLka+OX!V*!{Cn8 z7D-C@NcIQtP1AQ^Cd`*gq5fcy&o~4GKd>BSqNYtmcUpBiP<=U9a_9f4YH>lrI2uI7 zT6M0pb+>{o^PS%#T5#t-2VI1zq~P{#YJd;IqA(Uthq{0w{!FE!DlJH_vIBg1xXIl@ z6*_wWZ6w1ew(9{ul;~FveLZxw=GxmDFa;4F~XP3rn4(*nSEUgHcf!ZxAa1 zPU-vLPtu-Z4dW>6P8zw44u~mn-F;D@n_z-=PXx|b&n0Z-3&u#%FHS$m-R!j$^fD?qaj2kFp zWJ6h~qF%;gytD5)SkMP*$yz&eW0sUrO}A4O*Dg|iV$-fhx-d=ERTX|bue2E86nRR4 z>cmmVtGc!?UONN2@yZ}GBh;fcKl!u``hI!Ee0`dof-FV$b?Z%v*DW!WJ!odpO&e@! zEb2(${e=Bk=W10Iw!QQml`5UT-4K1)670@NVvX(ny$z|Cv9eTYM!zy;oZZkgxC)_W zqClDe_spc&ntF)I+UH;%AMtF~x215A7E-Y1#JzUFqTSjL4k36wu<;|3M7_G!vC`>l z?c4$-i^U;!*R(YH9pcR^uWtudSik;P$jx5N_O&g-HMpf4LYtW5 zNMw6Z{0k_wiBA#%B1GJ`%%{sEHK|9L{Afz{l&kQM{wuclbGp?&|T?ILu8r=R+SFRB zFOxiU6{-tI#7r~&t9^OlAz?gVlW;D2ih*|7j?GQJf>N&Xe}~f&IEgg1S`oy2qsOZp zhMdxO19FA&%;4YUAz%8Vo-{a?QkWqTy&5Ex;QzW(@xN;)Ax$c;57et&85?awLPKCF z_S6gH&oMg|DA8)V78m*Nsu@>-@4_?Th-kd2%Pf;>i?z`+{~492 zPD!#sf+oFtd5`56_Mg-W{@u3c#tZ)r;!3y>zSQb@N<;B7xDmzv-^OLKS)e+G{Fdo_ zOQa^^NIc`V!N1n{sO17>h-wLmF3)plrO?0iKMB|-^aI=g&Y`gp6Il~W6db3^xjpuO z{?9X5Cs!g6BBi>zh#1u&r9Np;(f@gH`No18Wd-ms2;bPb%aQ@*1TX?VhFZb@ykss& z@FHTMK2_v0KtNu&Dn3Ak{}-Ud&+Mj=U9GDF~Xbg&HAaD%zr?=>AZi+f%pNw7?ajqHIJ3KEqW+rfih7h$D z&Q)zuA)>pQA{c@KsQpMXL$-Cmn{_kEx_d=G7dGYN1MRKbgTpT{FKY^dPPpxK5n!w_(IcaXc#8_@Olt5dYm-y5| zfp1nqa|uZS`P(+9Om2?`J+-Xw#Uo{YAr`ie=~!nje1$5c*!=ihc02DJixKn*IrVwU zu~6ur(NjdMQ#NUBl69RjRS?v%FLBNm&J`|0mJc1CyQ&2L8+s-WP`D@cDNAF8>o*v& zO+KTp4`Dl%EzI8n3yhjwmT16|GHj}uz*M9VM*cbHdxy0oKZx`Jj(>E` z@8lcSG#5_zc>P)zAc)Ilmx?i~hvn_rOx)}Hvjo8mo4%6a+m}0+2cQzgkHgCAG;&5@j9%c~5V2Wu26_6Fzp{NBZU3 zuA?65{RyS0bZXe0Q~}_fun!?-S8ZNDygHnQJ+bpPH+QEugBzPn$YSfOH2Kj)4#1PX z>Wz%UgFU5HJwz4ixuC4(JOxT*Vhlb7=fT|8Exn*h`M&>{6-PZ@JKLoiQVn-T!q2IZ z&Yx!5QLBjpZWpl-qRekwk|3X7^g<}9YW5SInrb~|Emfg}{o5EvxE}vnbJ3iAphEC} zC|C&z#a7BsP&v%0Wc1~|7GbUyOyT_=zAo9;1=i4d7Q3<8Z&k%Qm)pv^iRFy_^$!Aa zOyhRl87V}>%uriobAm->UYfa% zRj~KzWW;)AaYa^R)_6axw$pjg$?IYPE}H3II<1BPC=`Th$uN(Qf}()YD*ucuvaJwF zty6aW^Yr5Qy;Fg?P2Zez96va-fd0mN0uXa;YhiXg#X-Y7>zzz8*hYsR)mJUCfLwySOat2u7ry9DK(A^{h* zaObHEQxdn=P3yPiarlcw7d%v&oZlc z{9AZvd&G;=`&7#Lk?MZ|B;PR?`m#d4!_@k!RJkop!s&^8yzN;irSE|6r|EHP0bvKW z_W}q)rJGLt=QvhnJN(gsozAb9&)Z+B#u-_j2R99nmvVcWeZRw8ZII(UVYP`Q&@BxV zLixkN3*LLZkYCe_*Q zLp~)HI04T&E>6d?rb>Pt)vbT0?JIZ;X84LEwDZQC$49wxb}gPcmIcmD6-1YKMR=@j z`jW^v`O~JP@2@@yp4Qc!Hi@=XAb|(KkYY+wF14;uXT=|ym?xMiRHdf~e1EXHkhnA6#T{qBGuC`-}H_j}S#D zuY0Be`5HDDw6!?I_zRC$1?&m-5J$~8Fz?$J6F%&GKf2r z$fJUwOg58tyl@ftMSB(TCh4(sHAFkzmH|{@{UT@Iw`0oE9NhW|l5X1`nhG_k@TVpv zd{c=Txx-?&!Y~ZezhA-CZdU1UH+3I@JUAKNPM(c(`!6tF#l&tmW!5BSUd=p&Yy1I@L$m+~Ae?Z)aB zq&Ni|M?h<#6LZ0}@8UTB2fLTZD`5{NNG|CPsT8gH^4O}~(XsN=^m>t|@c(!PhS-U! ziL~MqjJvsw3uK2mL5Z1}OmFO+4mYA5rA;LCFol-K2~zx^3LE79 zara{*TCI&;<7xSD75zWuLh1_*jQ4)snSQRRo+RTepzDFQzwqn(F3d9^@2@w!X@AFg zQP~xZ^L--Wxp=x*|FV(aw_;gWWM@3rn@qGlwDZ-6`Doj2=xe%M1k{J8UcKPMAU@JFTY4U!m>X4EB9xn zo~9@zRLO9qcOZ&|e^(>#M^FY|iIQM`V{mUZPB))HQ=U)-jQYn+r}?ezqprj&@w58$ z`>>*3YIplr3tw)?QG%YxJU@Jv^-SbyZ=UWU&lb5GpV%F&(61^s@>9;qhBVcV*rLCx zN2xbSEw}|!3Kp|8ZqK&B39G!tLv&%{AO01)P7%Z>>EdSiutF^9K141A+-}s9aSMNK z9=5wlc}fMM2vWdH-2d*DdS(bPNo3GtT42>^pLTgU(rtio$H?89 z&(QqWW5W(=qHe*;?NA5O6|!I*-@D@Go2aNdVe{o%NO^Rex1z&pa)O&M~WT4h>f$b=%5} zGXY%a8e5-TE4<;V^*S^e%GX_xj095kNdMKDRD(8#i$cBOQLFI~>ZRL)k_H&bqX#22 zEJXbTIeaH(bsUF{FX;ZJgBEKdV3u1@WRpiw-16ix)EI2&vTXR+0ICfYsq!}bMhxrw zPwgo6ESI3@+*C^d)O9{hyVI9!i?wQYy&9exI#hq>uePLP2PUwzKDb?C_q)0$VtTlU z`61B-nGp9$HkveuKmYobCKSrAo+UZkl0Oja+n|nDoV8PAMx+0BsPq0ijx})%1xe$laGv} zjTVv&&%}XpOnwoiA9JYLNDb%HuH4PYKhLg~B=uRBLQf z!kHRa1745oY8J6*fSvgFc(uqrxSu_g;?fNm)&~(KbW|wtmKGKBdzEI0{a!HT+Pi*m ze!JWF{GxGjDv= z`;UO5?8&co#2_5o^SD0%Lk*7)&FpzN^!T!XT!bWfweCAhO}b1J5(Fme-v4&T?9Fxn z_`s15)`a?gUq>#121jzhRmBQ@9!l2ymgYW7iS~{Qqq=2eCBRTalaQXf=56Uc@`dr4zFn6jP<|(?zB`?c0ugW@IK&y9bcyMsta@hiM+GOUc=)K`wJGiuA(G%<2FG#Fz zi=I5@ykftV51m+?QQaHHV!Vz$wAcbd?w307%WBH2C>NQx%*(8 z_A6J{IP(wWU7MXRMaf;#Oh+QQJX7xr<4XHaXBx9wZ*Q4a?LRIgiV4jnY6V#Ed&pd- z*xj3bI$FaC{^iY(DV4kDQQheTuWfGKDC$-;=^+k?G9;;sp*eT{)o~1b(_~HQ2Heu9 za=<`d=FbbT%KMT}y38X8H~|XK*>cs3mV1i{mri*BvU{BL*u{M{dYOSM=TRhI7a2kE z&Y)BWxta#qZ!7W_Rqc81wa#7idqpoDpKp*f`IDbNu3G*B#NhE+#!^tsBq8=!6Kx&c z68mWNmBuX7OO1<19|RG&($z*Wnn7+>t-AaVX|4?XG+OFltLw}1x^#Dh*06fPSx)AC zEHdXT7F12ts9dL+KC@6u0$&@bz-2EYuEZw-gZX=Lsao&sdzfJwR7PERYMLwECs8$x z$myS{#sib?nM3QDa^8X%3C!9WLgu(-hDeE8h(}OtlX(2YE!brRFAUZC%F7A0FOUbz_a;*apK!aUAk4*z$qKa?(w>;9<#y^uKg0=#%IKr zppxhD=bet$v!R+AABd2^+t!Caf*I4#o@s#D#L*3TWvd9i4p8&?VI}-F{7F+_;5Zv(^DdA7K%x5TaZ>c>{IcC?=0CbLuZe~n7S2*jFR(m0=CF_DB%lNv$BhpfHNB-I9t_BKksD(9#r8Y;0#-Yl~ZtU|G}JS zRql5&Gfi}&ak@E5{<>(ZD^Bo2F8X0ojp_4WjZ~i>Xe@5J)ThU@dE8Ren~W&v+Ln@z z!!8%*2pu?+EF5II1}IPUufqfm7E07_*p=$OE*CinzdB3qvg|2Q)q=*O2&rbM+VeF> z)uyd`i&?>UN!fzPs8zqe4P;X3pLebm#;aOiiVq1}ggsGlgWt=qzn3QwyS$cP#*Ro? zB)RGUr-qA{SbUnNylkSSPLvpJZ5fC!^&2+xc_V`#VdZh_s|D^CHZjqVOe?OpG}m72 zKX_k@B>%*>sdTyjAK6FvBqo`^1a0e=REfpUUW6P~*#bu6IW436sAZwdcg9+#r4=`C zT|R9{bqSC}Rpkwv6g>H?levuK`3-ww49RI8E@*)(AF*AQ83}(-66jQ7x7^?N=cruH zk?$bT53-x97j#%L!5O$-;@@*)P{CU!a6{^B-^M(f9pL5D)IWi|V4^~K`r0+w-v}I- zPL$MBNNg23?jymmb=PY%i7xKZ>49sP4br9emDxh}o+|BOh&qFB%G{wz8=pqEjOb76 zT-w;1Zd<@pG@qiO!c%o{^#^~j}@m1c_?3QNFv^yE)AaNB=L}SLCZgH zCkwY)<@I=(v#M1J=B5t$1@}{FeeT zQjTU=%#+OJskOyjh6SB^+d*Uv^t{Md9;3zQmg(EM)1kVNZ2guFe;xj ziwaw+U_6;l&p7~8O7m}A<$Z_edvr2Yn)#8-?42NnD1*l#x32)&m3In$FG*^LhwCOg zS2!rqKJM4A2Fkeoy;2(^Us*t-Zf-+QuCs$h@8LB{A_d=pm9f#$QGK)8-w@V2I(fFs z!%&rQ0t$W0oy<#W_ALFcZyq~QBseD43yh6PzrU%NBJDW7HR{<{^fd@uTL;ZDlYLF^ zX#8#QgS4Xzzm!S&5{uVCaOB(hqfd2L?COJLVY+tGaaq`wHTovHhnDk*KfFbSoJuA~?CZ>6`y^LKfpmeg5+koONWta%61s-fmK7XD|zEB-h@<;RW8-zpCW%4d_{G zS-RZDHR~6dzHz!oE5M8114W&=X?c6kO=aKe;>Jt{bMwFVi4YAg9P$`Z)NnCq3&oH3hX; zES~>raEW%4>i8^TN^t%1N@?4a$@ zj_v!Kk}0N*8@&$p+3mrk95s_zn2>pItw>Ac$>s^?aX?^t_j+T&ZNRsl9= z5zgh8o^iH1y>(ZMC4v1;+=VX7eTojLO(C-|zz3+G7Fz!QfdHPj`nRH()ZM&7ihuz& zWH>xLUf7_Y{y$HYI;fvf5-i?Z8c^(uWZ-&m9NClZ|0waQ3t8bA3`+%#x=@}`byOuQ z|9rMRPxJ%p>xFu*Y>jf8LRYqmT-uts(473JHowCr6ip)}6(gjpzB5yxwXcd)jJygY z-GpK?59MP|M}!s6Zz}6jFZKa$vQIR(CuDWmd>@l>EwWz?UcFJb@ygx|OBGoKM{cL7 zfmlC@ZYs6E(21Im(q+Q|V{|Tq^(*1_D;_P4%DwzS^CB?EPiAf-f9y@WXQ66`J2hR$ zg1b~#FPeYS!(l*zz~U& zN_TJcr@xP1_Dsqm`(Gw&>0LkMX;c{0zebCb-0D#@*$%geG$Q8USqRLI-EZ~aDY)D~ z8HWdE0VcigwejU~J=-1gQtH#Bnmy>$2-nJ+OI**`$;xO#G9rHH73yUjdZ81Z}2I9aa)iOq%30 zf_`75bnk;rS=#S&ZSi*?$hCsJ5D^hfBo}K}VI#Uq=adXHGd^BJ8HS{v^ww!4mEsRr zhIw@E#3o;JcZ%#WPOQ1}79d7`>tVpH13;phthm2)0t~^^ME~s9wVH7Fu6XQ#!&fI$ pargdem+9O84xax%J`Skkkmd&8I<7sRhXDN2(s=TqTpb+t{{hw3$m;+A literal 56894 zc-qW*WmJ@3^zOir(jgs!gh)$Ci-2@V3PUSM4s{*(YZi-_^PaQM-p}68v)}VZ>uRfz++(;0002nTRFz%=0N68_FN6RO zbLEBndsoaaJR1!aCBV(?&zFwk6ae4>Kut-(z$bfa-aFgi&)LBKXp6VkKdrI{kMB)U z648(|3Y$!0KZc*i@;@%36N?sptnnntykg%zI+}qB@{8j|EgxShU3{N_iI5Ss5(SZR zOhlbDI(L!P9?qP)J+w8SbJl5D?HljEKGHHeRJA2ypLfVaPVs;HBxwrk;Xhz!PbQMP z-0Kx!B=RRdxl*!Z9Q$o0L)-zVsi>bCI}KpLsU4LvhV1W;`13SRw#@EZo(1%j}t!(RMjlcb0mWe#lh24y8B zhJAR<{rNT|YrL2Woh{sKOB*ox(uG(UHk-Lm!d3GTFw1jxygW7qp_mzH#mQn}k@49( zCvGREhz`D6RVtP5)%dj6wr6PL35SeFVF=wvz`dE}a~enDz6xP6ybB#7?+B-hIeDA# z=?NMHZPJkLSANVE8{YP}F6ELyth9WZBL9(^5Cwe_rY8W{)>>K(v4)Mc`S!sUVhiHb zlrmMKo1&stI>=J1=Xr!qD4kCOWdva};u$Tj!nS3#O)#4s2`*vJ;_EBg7tF~~qMCQZ zDkV+Qo4vfX#&^KfDYe2h zFqNbQ?qgwJ!5=48WF%aK$5@3QBv)}G4iSe>l_*jsncljLqnhvX^e`x*wvQR6H@UnD zbL%m9ccp9Xxg|R68r#6ie3M6uag3d5L%^{@t}xonIWOTQ*LXk?o{38jc)3O)FfUPx zfnxf{LLNIiJ9GcVPlV=y%%NLNpoicfUJWkZ?5N+u9NMT#AOSN>@6JA}{TMO(aQH&j z78j*MTc>j!($EK~n$f(plC>3bz5rFS#Qt4>^|w!04#xzhNoDo85r)xCGR zhOvC*{ zEvLfUb|NHd<>Bz#*eKNzU&xs~{s*{BSkUMB(NH91*S$Tnx2-(^%+wg4FhkBC=2e>^cHrt%KvL88ciTZ3EG9|} zMM`FvEyuXEi-cr0wJw|=Z=M|vL*9DZ{&|xRe<&lu8y2hD@#$`zn#psT3+5TH_=Pd8 z`S)?M1-IK#Utp%%O_LkmU8;<~Zk#cg6p=G&@zVKXRx}WJ)6pML{2JSzWHE_XFxF$& z9Adi~b02hmNCdsfg#c>MQPx|cR*aL7T8`PRt<8Vv%T3y%)HGL6}c!MKZ>YCC2{91 zb#v#gpb}H}%VPy_kY5i+SDWPL`pQ1@`o7k_zixS|(fWS-$G5Hw3(UfAG<(qWSa-5E$e^0yvA6C z8oN4K%cNfox1K_t8pP&xE;~u`Ydt&C^8-^)?p2T%s0*j{Tx2dZM!b7KGoi@J^DMHg0WQLA7Ki{ zK>Z>`M`l|}x{Fs6)=?`&oHMs5s%R{a6C=?PYwju1$~v8IM2wZ{b9X{U$b2tb&WKqh zlhZ7-*R@qgw2SR3)@5&)SOut#(j3Daf&NeGAoQP zd2x&N55nysBt&fW-{>VQ{7GhywpI2EQKtv7f;E%xklm4hv2tTKfW^&jIiFeUr;so_ zETPSXj4fG5%iPQh9Kp^#Y({Zsq6lsU;}#LGC*|7gPHzS;}1XdlBuBsLj#4)3N(1-^KV- z{?&P4_>vKknBKs+E1kZrP}i&j61J)r$)2q9U!foj4Ta*1ef%cw%N&JE;Nt1oQynEm zlN3;JS8GQ06l9I8PU-31%ve>{u5Ukqu9uYnDF!9Vtf??XtMT>f#*eW~Tau;+8zx_^ zFy!~xn_+Cduf&#OP$l!OuC3npv8U_dOb@6)h>PXc?&1ac7)>Nat?=FG!-;2zEQESp>R;VIKKF93SpYk5h{|}@TnWowXI2nKzn$^IT!sepq?dLvpuFKpNpzB4N5f?=dU|1Mfj8TK>nJHJF& zV<6D_3&%DD0uWD=N;Yw-4UW7rTem_f+=>MXPfhl(RSz-tMJ||iu2I`=4b$8MHut#BTH*WQa)R(IAZj zM6}?R(p>fr3{kQu%lk86R$EQLsouauIAAYcSP&@BI@vWk7looo!n*az+VHGjssY;GE5i)$DiJMklg_@v@Oqmn~eYDb;Wl0I<5(0 zEC-!p=-4?tJ$~{4F?Q%mztDx&Na|x}=f5M6LKe4b&~yRSHICCTp%phEr!s#Anz6HW zc`a)41y3VCgoNhsLAZznxlF@AFqWm=Y9@QK*qw69+*^ud^&*t=W~B;WvWBPkhFpb= zV8l~=cRG!iV68xY6I_?T$_gmNYI{v`87YX6lXsq~iO&e)XCL>vgOf`JP}cjtw>>6f=cvI%FRE!IO{F8$e;-O=M`5yCiVAvBVjLze#R|% z${#IE1wE_ggs*73x!tKp=S;#mW>0c+Ab-}9;c2Jkfgfta*LldOPw>_bGY2lP#2D)-&XmczJJ}SA4-Fj_HTJ_0WB2Ht zPG?CT8lZL$XGI$a>mt_ay;JJHxbK0T_yL3gq;ZaR?JPCk2QxIM`c&(q8o6k$F~RLq zT`Oh*tOe#Y19Tr}1)4MOP;M{Y4*q%PnHA3-=}zF^JSK=Bk_+?_BDQBfhaZ0(tOmCa zksNdnn7g=eJ;=TahUi^%BUhvlvW%(#1W>w(-Sy5XUktvI)CBWWZGU#dm$7C7Lb1>%g%E)EWJF#k%T`#E4o(2U%; zjPK3MhwF66Crz4tjOq<-%h$;tUlLqK&X7G)3{C{suk$w&f$!Ha88a9p`0L2waUmqp zN^_P^#Fy+g6LnZ1c{A@mt6M$IN~;OTlo7l-6|0Og#Nee+(c$qgmN*TQ&8$Bi1ZfqM z{LDN!31#b-=ak!dNXlyNEY<@=Ed!F|3xjcH@(vh@1)8hWYS53q{5c#~D(Lzl5I9zv zF{*~p{W?F^NTX-A{O&n#75`paJ2Y4}23`%AIu;)l5(Sg4r#DON~bwbh2 zc*e`vJAsgUCWC8@JM!IuV29xgOub|u&!5n0U^I<0w){HJXl!c^T0iyK&?!t^vXi&~ znuBApj8W>k>ZWw)(3LB6^8P$%eV-c~E7Q#NYeDvGu5mcd!TI1)d03{aDwSgf(6&tT zxvHS4p-`+!%|aqDE{`*jq?>d0X9_}NTJG%Be6V_eqwCsYMp9mrMMIG7oL9YW_P!@G z1|tsASzwX=(pf8H3*Lx1(Hv>E<+=}_q;_B{@CL>?*9@#)+UT-xezMRO+z+KkPLCmgf7G=@{svt=f z#YyZ%IOn&(klx^dX7)}1l+w8Bo%_L*=ocGaxTe}LQowobtW@f7yF_ce{*4@+d3oPJQgy@g+v16)^e!oAP}kV%!H)g zn8~s?wQ(b(M!*+hQ()hcmm&atec=z|hjy6~_kP~r>Y2RxtnlQn>r}naRk+H6f?_o) zJ}mp$G&eeeEH|{FFOxNg>?{GAFwT)Kx9-EBr1mZfwzROZaZOjOf*=ZE)<>v^z|1^GP z=N4z|zHE(j@1#K*&E$wR{{CK0BgB#&H{+AUnF#meX^Lj+VPog33a2vT;{=C+RwQK$ z?e7G7M{mslqA9NJ+I;A%^G4`ACz1OxDiVO^$gBVIx%QeIF=$HxmU2z)0?^@HlDYoQ zY-Kf(nPYz$TW+?izrMdPxZe3WAZWgIe*`+cY%qtfJ1bl$oC79O=C6|dq6W|OBP-%a z{B|BwyyyrX^lH^lsg@1IS~-JepcRIrRBkE2eh6owz;`y7b>aKd#r{Uua-H+0f2C#~ z(oUjcMsH?pX={CNHkvnET(i%ct(u|AaT@ORJ;h_~N{wubFn(Q7sKyg{U@qK6$8ynf zQ@`?j-0ckpS!Oxw5Yy2^)NquCYtA|-%4{k)|H@Px=xz1GjlNw&=izY*+f)MQ;paG*QUB-`xGu8V8;txDD%qHY z?V^M2{vR;k?We&^9%~ZIvT$CU%kAI5B$j;4qZfB~k=o-wz;UK(CZ}W2i@RHad7S9k zvtBhXfDF~E_w3_E2DdsZS<)Lxx$$9YMe=UUIQCTt4$0_S?%<##W$wExAy={IDcd-E zs^RX@s*L*oZmqYQCrtNC$Xc=e@1}dQ!CKCe1sxQBS*$_-t+mkcOsrAOiv;XlND+N& z=t{7f^MbxKjyik1>fJu^-}h`|XQ(&G>#$HI$$ahqh`BAJIeO+G$zb|>k?KRrJNHni z=t>s^`t;RCsp8oD_w)dkD*0kqMnb=XOHx~GPwN3-0q0)Izy$zPv5;5p(dW9LgHHW}PF~lO z3ufdSBqvfH#yf~&AIG{2t$Va9PgOfg2y`}Z&q}T_dWRP_PLtpS{`Qc+5h&2jin~R$ zm8kI@fu!6S2z~{tGm85!$cD2(TI^AjT{Hrl46u&1_$5&51-+FHG5{3XK}vgA4;yu7 zrM`8b5<6S`=)ZKvAF?>%NDbdFkGnAf6}nxFCHkay!jd%%0Nfspfuem0_NZ2bS=7I{{+4T zqbeRfl4EXbN9qf9bGne_5x&5Hr@|S)_~l)&>kMBYr95z8F0kOYz0niTkX~~=g9Gl{ zz&o^>ZV`i`ziU8Qrk3NdXpnYjo#>}`(Es;L3J4h(wy{*+UK4s*PE{2ojdT5cV59DC zQi>@&pL>Y1-KZ$re*_8L$HWlqX5qwJBz>pB!**Mux!h)P=VKnsg_?6(KJ222j=8l{ z8KBCtlQQ8#?&qu}19IRQTFw11h%GY+F_) z;QV%|x?0k@XNtV)2|Ny)=EI&(>P#38ED*+l4BY}f=jgg?v87^?VA`;U8BC(Yy|cl2 zSU^f#Tw4E5NM4saYQ&_Cz}7X;W)4aRJ5*M-H*p#zk=gZGOlLE>D5^clU5|-X(bKIF z+|zlWNB+S+F-O*4&zf%%--p3um9d@*HZ@&OYrXAj;_tqwWaC(1i#^KhzxCE>2nA1n z6;V57Rgq&|F}xOc*b7Dbn$T3UB}?3O=qj}u2SEy4_{_5QBW#oDn*f5)a&(^T#pf#) ze`jW0!lRvujtdw!JU*5l+9P52<93;CW5dQD==MXvX!8ke0jm#E#7UDWic@CyQE=d6 zUIc^F4e60a_>!xo(S;cjcB=KLfCioKa3O zD;&fBd6@FA4vtxb*{B&llH0zBak)3=SsHAnp#8xqivn2V?a(%?#<#!!B1>p)HMp$o zY?%Icm?MB_*8ZSTv>SMi^>cPFlU-6n1Vek{dI8wf%aq-5BL{wyUQN$>=;S?z=uoem zYOU#JPy1l=Eq!Ga78H7p-J_QQV4 zVj{D)6q$zg(*pD7eJ35@f@*wMezY*vaM%7I5cYY! zFIY!Jrb^Y~?!m-+YC)9g7<2NV!lLY2x;70d-UEWpH{I>f-A-H@IF^qB_!QdWAu%l! z2h0iPCFPY#Fbg?O(sLCi?DmZxU;Er}x9~tU5yq$bA0h zbN?RL1epi2!eySUb>myAGmGHjLK@*RJ}^Zx7jgZ$iFA!NFIh5MJAlf}10NAlF4s6; zY!j=vj19M$_a0n}M4-F_dvL7wZSm$v1QAr=`l&Fhl5WJB5%^k6gxsl@*-gRrgs1L?b?O1n_-(r!njcE5^Ne&vR$mk z$pT;pYZ*#nc>;L3jfNvzZ9x;M3hO1M&q!)4|F>m_Bsg&3IF{5RHUlAaL)gtA2*T^A4s{2{4sFsWeks zxLYN!yYwUN5tzx@+Uq&ZlQ(+!cRSS$=3PpU{MLf)s_65(RyjP6jnQMj_49EO?MZs?<+wA;WudJZZmjZ z-bn=IOk7yM_TR=&_X|cfx%8(1nI7o)B>NU z(=qP#GnccU|DgTZEmh=CseEYB`5RnwFP`0r$6x`d%XdhyMs^;4XJJ$7IX}`BNr^OZ z^wuBpei$r|Qs+)Z(st!aqP|D z8-N71{Sr;f>QBDo$teoNJ+PPnMF%4~q)@0Qy(tFre!6x+Zoo2xwT%_6uq=XX7KQv~ zr5I%Y;}{*KRLxz(?YeKh(ZpLd>BGDywfAynn;+y5)u2raLVv0c2?KX@l?Pvh45TwH z_Q6NON?Ls!!iB|)xWPDJnIP*V`Rh=Y(+IJOi>7ZskdO*`{;CRtjz&H^Q%*Bv5h628fQeQ!^^%J!!X zsCr*>BecA9fgVj8uQxb50?o_tcCRG5A(08$1z{<&qqkik_ut4t=1ZP?9UW;{hWRL z#jPl40Fi-~Jpqk_$D|l&QV6l8(S5U1KqylciEW#O`{Y4|5+}iTpi0a={Yci82aU`%0 z$a%`4Oh1cR+(*d}8?8J{)*IuYlK+L3@-zO$4hV6oMH7R8jh=tTDKs-Xv)qP{VDFgV z95pl>*Q5=0Z-iKJtNlap|fjr2w?YB#Wa{J_1(@3 zSEy%muA!wlIF{HuFiwPHDT3m@Wo^eUXA#9gATgFzjn_|(iR2o%MQ`Q$L_^@m3@U28 zt^ecOXB|d8wz4Z-&n6@mRvK6Bl7g)J&RcpKA$;;~Ly)bOMu5crv-z({_vn>} zn50TB_v-r`%tR2^??Qk=wJHr2h?fRM|GnVQNIm`bdlcYdcA!zckU}hG;_oEnG}Gcj z`-(;@f%g2*bsJqhv-p)*7QpF-X-FW8(j3fwc6$u85;_suZ{Tvw233+a#6A$MxVT-tqLvgfNs=z)rU zTR=6)iV1b$L-p-X-a-N`asI<# zjuJlJ1c6rP8n_@21ZxU^w4VH0f*@3}G^RRH>Pb?-%bVLX^_jGsVEqs?aE{z0;09Z} zyK$-w&|K;3h9r1ED)S-PS#3Ym7RFGsSz9>#H#1#$LF^Z9DnFcIQJ&Q{09o(_CSSC` z;XfYN>B5?&dVPC>*B~+P9$2RT=7Fty+uy*5Ssp<#{VTq`S4zU__{kt9AI?+}8F>)- zhqXm3KkQtwwc(m~8xjQx!e*D_F^t$$7CNg9{bn*oPp+QEwfw1PG8bvv>VLFMHRy@i zKZoNiHmZalc!uZtYnc-CyrNhD2|zU zt-)$?LYh6{3B$nL*x>Hb*}O@o%X72LlFXCc5=F|v+w+yeN|J8Q$w*GOhan6gbfW!l z*E}Wayp{COXdyt7shLxfW3uSv1$owh1T1Dia2&!?98vNub-x z*kt5q6Nn=eH%zr@@UD{d0sHp!ich{Ja~tblnxV%RMiaLTyi#yv%Q6_eV6L?K%_Iw?kshLp*}JfUHZDn}Q)KA*IlRk3HYNQeizk*l?|l{ym_~ z{2@wJ>T^PrsyPrm{|pXP!IDP$nH0}#$;QwA2+%jcigC94!H;`=@cA=LP9dGHYMxBF zup{cWzf`J{Zj3(m0kLj6f^4q1LGi}{s*74Wg&j3;OAB`*p%I@2A3L5wO#hzr_Y~F% z6Lg` zfS(8nwT>y74rG}GC0UxXoPWDt{DN6ygtw(mrQ-d$VO*?Je!VJD$qO?M3D55BPM`M& z;*`z7`-@QJxI`?Xf_vJpoz6J#FZNDJS2W6#*z2^(ZTP&i*pD+06bztAXQWQZ9vY$w z!$jyG0fqop5^_o^>*er_{jXSr@JpT((Qz6>gGSxxwt&&Eehb7%We4c#`c3~O-(57h zW*8EX=HBqReacqKC`19J_hB_Atz&>Pp31pCq)(bNVA@rY*->VG(YdejGxloyfT6mu zoo~YgbHfvtM^%&OY;)SNSbNxDdhi3+{DLUe$x|xcqSJ4y`SR}P8G5%8t*-F|=1Jho zK;SN0Ssu*ucG6Udot!r#D8tg!0;N;&l=yK+tA~%@_Um`O0>T zbN=pX6CutKARiKTwMopx&Hmq3X;qk`F&a!C4^WJa23R7KHzk6fR;_#55~aCe3hji8 z8S>aKL8n4w;ngsmlWdj1rM6WwP5X%dCOvQ8=k9>0%@6O`#u`Tso4Q?Y7ACtUMsfYP zZ!YdN#RcjS!5#mK6D!*DS5#>IkC9O`i8nWLrVhbKbS6$|Dy51WIjyFioZr$ zpmZnNNyUd%AS95rS@F%M)+OGNnz57K zN*?(R$qcG%B0dFz`Dz*&75J=vDoL*rSmiZT>%ckDfs9Wff*{IV*H;IrJCt*qJ~hfo ztr?S;5zw^eXdoEE+7kx&2NA$TWlOm9*5zAholV65Ct-eKOF?S>f)O zvPlL$Mr5Q@Xd!gJ20k|9dM6Ajh2xUMd4gmIHZ&T#lwDrVQO0x5AZh$f=h(*tU_3Ag znDynjR?n3(lE_Lpi?NvxgSWYs^5hvMZK!t z5Mg5ZRhF(;5b4QwF0j!1iZgM&WLb+)e1;+z@a9tfmQ`%HpY6eB zuxK~2WJmm;)2&_SI%4C3c~%KUv(VWG+?vmf>LF~3zHCEl-jD6eY&Rl4!kd; z?;qaQK)uL^{InR&K%=~>m?@{vfp#$FPnz6}+njRe-lKQLJA8(e0;%<|K$R}OiN`rm zxx!^U8Hr^OuokC~*^t9cro>-+M%(it5G3W?YzP8;yjb7-c!U3&-IacQ2Jfb%y{zln z)4=?>;)$S|X)44pXQPj>VH0r2za9&n|CbOXIY5ql(WJSMWvhH3cO`glGX;$s-;Spy zaW*5+xjx#IYC`^UsG#fg@y5r(2n=6D!Yy_$*5vqY?(2Q!AAebzv1tab|At`v%v32Ny_nK7@XzN{Z3NIJ6Fxe9#Up4&i7&@J z_PIW%yu1dBo7%tc5rei@;|W&}e4PhgScIvoY&`C?xhPTmSh=2-3K{T>%dlANal~Ze zNk1oowcdC5c#pu=QByzK3)jpQ2M8vp8nS*Ak4R}Y{F>vqi>7f+dN?tuZ<*q?@D`Lj zKW5W10-fH7heqUuxr^*aat-_={`4(pk;;e4_=037>=W+!1buU-QX8KyU&qZ^V)DRC zdBNk34GDdSn8kirmi|bT*yPWcD_jp0caM-H)K{1gU zLe;&03?yE&xQ19Mdi4!6Kq6+_?VO1FIblvAIqqVU^X`N z++eY1lnm^N(#>l4@BGUi#D6Xc#R+&M&~l@9(4wEbo;a|bDv4t(P%q?rNe)V0Bs8wF zac8`u1DShmG-|4`l<$g7c#|Z}2?;Dr^YTOb1^M$vKbhUj3<||ags%qga@4;p6gS;1oDf#vZ!o9APq4`E(unj~Wb*QTD7rYGe`O%$0rR7T0b?MdUqp%;=ZR71y`~D(6 z!?y0RO>nc)~?R1G+n@mg7+&v5%DKX!kjEF8)L6zfo>wE`3TK|gRVCT8+ zJ3wJ%0gN~28ucHK6uE?Dm1=*61Skz`(6J}e-izUVfoTyf&!~R7#Yxd%JVfbqPMze% zZRi~+1*WcYnZ3dgEVph)qw2*=rd?XU6AR?DmCM)C94SuLPX@$%HC`rKhSP_)@1<#( z67w(*UPA@gSb;Y%7n*nXgb1DjeV90>*|!tiY`g*1y6LB+n0}-LmGt)v4p&U{PiNX) zIGSc>PNQ^j*lofc!MDiws!w8cm%hgmrU8{uqREL89YhZ+V_6W2pvnsplxHGghd+V^ zYPEu7Zk5S_R+;Du%NGU{;9O{Vn|Qp8j*^lT0mP=Cx~rkR=*vo7ASPot%tQ(M%8Ts?y9Q3Plm5?P6@Z<-&yk<7r2(`+jju#nN>BKWUhebTLdO{v5~OZL zFlYk5nfV-ht_LpRPQ-knLjNi1_4IAy@okm$g6b!4cNuPRlxlL5Ra)gLmI}5#HYar0 z_8KdjWGGQcfWm=D-<4-CtvcO7D34p5QyaH{CYzmIO}*h;BOX@q5{)n^&;mOM`;z(e zNe@)1kmM|{>XI40l>uYy?cEyB5AwB_m|(~p zX%y#?-)RPB!?Kfe643T>>|k}<3yhIUKLz=_c*Nb$<4RB;=k#?0rmv|-r^Gg%VstOh zAIaCUH3Dag{>ltVQ4J!dmya^mwfG=|f|cp?7zdeYY+n^tEntc(0xW{Kz@`O+xgSqe zzo5;GYLLGjY%gRSDx2{2-$P7TUOPSdmHKI7>sSRQ2CIiX!ss?5WclCcR1`@8l+|WWf_Q>udq?HAV*po zXovbCotd23aZLwh@xe!Eafta>o&>P7Qa9bb?`nDk4!^b#gtw)*&X z8z^CR^(1R|2CBu_|A?JARg4L8rmd&KcE)XF>RxFnbp^!GF$N;4PH$hd*^0paz*Yxu z@DMS(&<2lj`)W4;&5~WUH+~h4QL|wU`?#<#r-;B2RX49@!e&@YLut6ZE1rm`QT^UW z%*qb&0dIdA0FHV*fB(gOkJnl#yO1@5X6tLL)tCl2<4kfTRs$XDnA|+>V|!zB*PP)O z0gRol%;tzse5}~O(qP8DSF;~@*qL8dyoM`GhU=I(6@92LwqW*@Nsd%6+U?nLASxhL zEEJP^_jR6#4vQGKsn>;24rfZ-cM(5L$=*-@b2XR{%>ar_&>7!J!(zqW#h#vvflBKV zGU4?xJS}EOk0@^mVlo!MRKS3g>c6YT+!p-@rb7OX(WYn7Q4N}kYNq~AaHbfisM1Ul z0WYxsm48eF<}FjszkwY>lcPL6U7f%pIsue}HwjCQ8Tx)4iO1cXC#7b)E42op zU1UN+z8Z=Dm_g%L0(+Jq@5Ds2eU?H-oJ*qSZC}O3E(W9k@~E;sHEKn;OUnIWY8BQR zAEt1z^CK4Q8t}34f%wQ|L`TT=;J`w$xVx5)Rob$h+ici#D}P6M;y9cS+`HbIx%HSX zSrA|W$kk?XO2~1q{~hMeDI7l?o;7dzd+V>VQu5{aff_9EnS)Sy#pBz?PU>q3)pj?m zIYcqJ+1y4Hlm*im*NacY1N?R3_j12<&+-Cv`&D}`KQC&cIm&5;j6U4RX z`nf-TmE@|UGM|}L;Q9?E2UVzAtFH-5zQ2K2{D0+_y$qMs!Z+n{1_ovZ2;qfy} z2@@B_=+YpE{#T#+@G3dT8$Rn_o1;OWB7sXLTh_6yU=c zxK%ePM|?8NP0>nXUbnv_+nP^oA$BVXVQGJ=q55y)a<_+)~Xv%y#uFcI4_hY7zNInXve#x zMt4wBIOtZqhqKjgcrUy@h`ZLxVdWw zn84^~X1#^r`(UTNP3(7}7ucRqixRSY;s;5u#SJx@~8DwYHwE4bhxM%m5~Vj{`a)v)|9p}o~?q81|_ z%S@;eS&8R>m$;|&Rc;<|8UG2r*;8EHn?~^ObV(0^(W66Csq6X_Ztr~w=XBz17wa9& z|rrTPk7GrQE95D509>D@r{f+^SYN5kpW+%T{TYjp{|_l$<?WX?%k+SkS4crDYUtIUj#R-m96B<(r@9OSi-kooBf||B zs{IIbD*KV^W_alWZ;IHH7nd(zqTuU>hk7_P1$Fu)&>9Xfj;je=hv=9QDBi`ak1 zGBh-H-afRDJ^1blP4%i|fxI{TV-827M+`7=@Ege{grcRhC}H%_jO`dcOAV!&S{PbD zRQ!@fM8|ouYrA`^u0Hg+8(@#8h9}+7uCsGHWiL#q2{^T0LfRG?5v>=pzHMXv6A^CT za~0YVHk}pUT(x#nv(^Sfg*3L|U2t5&>{YB}Yh)h99g~W`-$)dGLnkswHcW)uf4?B} z{^mk7O2+o2`znj}P&iHe9A{AzS7^_Ooa>zXadCgxt2f*@HL`n>H3G2NhXhpfVH~ccN0|ig)mI`CsM7gWp*Q$w-9=U9Fh}ZJnJ2)ZpX#RQth6 zVIuQ2C)Eo15)abF{t)#jmEoeox+|VgQ76Rta?O#MP*b1N`lVil3?#3c2;Jz5v~4K| zE3G!Pm`LLi5YLg*K}`I$>m(00T#H6_-zO!M?tC#t(0dYe)};J5kYkD#2wYB zX{vrad&+MY=Manb<=i7ea>GVkz_Jt$i931cYQtNW9phiuhuYtNYvfy8_K{(E>AC;X zw!@Ovr%74_^+yK$Pa4mI6NyNly68h?37Tdx>i7ihrP}vcKJlM z2625MU%sU{*OftNXMWCQxPL6ebR(lD>Eeo+$j9lFr$&){<}nxCUxHUWc==ziGo2iP zvpRL(37MVF6~2g|xtd`>;4rYuPb}T=#MWu+jOILan*pcx5VYCvcl}lBu4si%pVQhGx6&UXy{Aw8H-lv8Ec{ecPVt@Go%3ma#Mt?SbV9+38et^!LnK(8&eB6v+bb2~|T+m7KN> ztc;OBry)+;va%hGcxktu@LD#|n>c!0KH??!lu8MI4{z+>A-_W$Ts+h$2H#-ltCUb* zMEXkSvb#0Y|Iz~2*iT%BGkkMHj+=OBqC zyT@iY1_;!$4K%#ps;S$O>MFdPrHhd<18e_15qz7xn^7Jj2g?|0_b~_B-Ut}Iyv|ax z?(Q&{glM-uP@Pl3A_Umw(&40_ickO4D!}qPqpyS?JP%~5b z2~D`YX|ICN3c$I;5z_7v8`sqiM_!rWLiFnsrrTgac` zC;#MBb66(Qnk5EuZ*0s1)4ohAbvO#flS#G=qE31v}|p$N7GT z{V5&D6?`n!YwGWc^c}c>6L-%@#5ba4j6pK@kS(@}%r5c1b95r*LNttVjUsW4E`J8Z zadu#wGcKQIV^v2UN0Y&4_>)c6;8c@SjPa|W<^5p@LNkGu0VU>?qxv^uaGdzUT0@cO zaq)s1QVS`Xz`MwHRco?;)GKUf*u!Pv_77@#c-r;adC_6=EXD2!S3M+N!E-c{LGIU7 z-+04>+}SpZtlq>r`CJ+PN$MWV~36j=$<_Z znDOLHZqUCYk(#BJ{NqHjo<4FSH=7o2!!^{!+AfTwyS48@z%HAR(#y)Efm0Pt+c(o~ho{i8gMC!qdaksChS?1E zo5f}t1&42;UkGB@$HY^xc|x%*abhi}KPi7v19POLn&RRp$3FUT?GkLqll3E!o!}F* zQfeKM$rs$2=gmX1=*#P;DRvI2gHkCczFiiFnO^VGL{d^R>_-AeJV?{!Z>+eNRpcsi zuD-Rl+H+lA?fwj5uv+L zdx8fVdL~d`oAF}4zgjQP)X~L9oV-sV0P9;C85S3g z_JWOqqn4=Kd6@R)I!9zt4=H*$Nv$YRWbjD7?XdmRhM)`XOnf(@JTUNpLh(aI^Gfwo zG}|+}4^Ek~?f0Jb2>n_JYGHxgoE@TPF>cIMNtD_Mj!5B}5BC_rimqZ>|FW_1CyI}Y zfW^moyf7nCGqYhH%X{AQ_}Y8%>KeJ!+XZlT$nkerDpYgDd`G0vO^|nW=pMC{6Wo)2 zV-JUuzSU_^uD;-_PaTM7W;}lk`MDJtrfER4oQh5_f09=Xq|v!76G#(?MrLRRWI31| z%dsPXHlAL_L?br70_0b0NYms*~>}VL1caR`Ic9hC_ zi`6`(VIfHQm!YZdMvE{24bPXNrROD#wdH`MHp@eL^MS7F$Bj+z8u0CRFD~Pey__1$ zYiDBsZ4MfQ`~8lllb@b#DqLDKBT=A8k6D5tFLnyu@l~%LgAg-ZfhX+i{Mjh-O(uA=mzuiN{lY(Tfxm90?xhbz>?FkmlBa%9myKJA7uEYUkeDS5wPX zqThLy^~+8i(v45B_3gIk`}ez~pDsT!(+@JKZmjkz`v!eS!;WBpe(#|dD0&VWEf;)6 z6?Yurw)%Ob3Ae^*K{Q0s${#$whBIK1{HTs`c-_BaojplMD zjI2KdtVDwwokuSZj^#E199Ctqt45J+-|0qDUi*28%9Vjf-*>tRR6y5B$UnH|5wL9R zxPRKvaEX5_p=~!^A1tTL9kvVf4!0-@1;<~1dGyiaq5Cq*F_(GD>!&_xOFw)>m2s7EHC}_>TuE1z;~9+ zi<6%gr(7#hnK1~34VSGEJc7zu0kdBPi&F|Gf-q@VX%Y0`Em-ku>jC8G6qcY5$VT0~ zo9PTX|GBJ^uJVENpQ2yD^@(P-F-_#(#?@yVFQw=S>NM|FV4a$YM*5K3DXASvkTUopb@e^Kt< z;c&fC*YK#L*C5eb^xo?rh!7=OBvGTcQG;OgAbO8Z5-o@pz0T;}5WSBQqPJi$!^iJ= zpX>Vmd$0HJb7tT7IeYK5*E;ta5eU*FC%f70ccBUgo(pZ8rqV{W;g^T?`V*>ey>`r$=fvu<1NkM*RFiF`C2L3-*4b6 zJKBn#6348;DS9FI)oK>u5>AgElWcPqo4)y4-qdxK+R4wg=d|(l^;FXQTvJ_}Qyd)C zlK7Q5vb>Om^<0}6_2MAxCF(a@y-!PBKRA#-W`SWe?1)O9IsE(igj|5e+V)klc8~i9 z$}rq2qS@y+p}g_0=T0pqk5NsPatz&R^qJTCZytdn20}8aGM!|W8Y|Z!3JXWfqCdja zZ`SE|Br#R6z=qWe1a;{E!jPl!{*Z>Z^}BSRna3EAFC2CfC-MWRgEYPM;_A(Pj)Qa# z8qMtkxIvgs&^5$)zwv?3E3b1$U_PGE;|pUc-_x;~X8(~g!;LIgnkqB2Il%p}RVVN) zoABVPQY70cl|@Q_@*rH=sj+84iyUK{B=GRKJM!>m7Fy}NJXZhmixiNGkW>acay-+8@fHD(}zG3a!V zj!}n0@C%nlj}Q(_`f@g$lGDr^X6p0DfTt`w9(b$1M}APCXB_!{!X^HrPv^nbr)BzI z>7VyCl*L#{U}S0U#ubfAF<8GKI7!T^z5ZOD|M*=eW3ByGTmXKDM&v0qOp@4Vs&quC;qZkmVvMIuGri?>bVK>iwk+cY?qP^3}}`kft96CYwurd zG1D!6Nx{@FWrp;{dIpE(W=MHH@-amXw&bT5KF^ZM;d<5_c1QEHZ)tVCZMfi_C@VzI z;u%>ap{BauJKMMa#0d3tBZ)zfi&ySWP>e*pFtAAA1nYh4Z)p7Hb~j;(fBU@at(b}w z3k7E+#^+b$?7Zncs!@yfpCxd5)))ueS9RRTA|?U_-qzRFALcdu*2FgR47AZIBGB_E zoI#OGQ4h4^1<~9Cdoy-Y-w+2dbGn=fJ(qD4?27eypyEFDAh=8GfwGiQR)F)^MhXYI z;ye)G{%Dy*jv{6W^QRcAxnukCJqb|&qAm!{0!YTvq*i{DFt!c6y|D*K29h?LND(!i5x$2cNmxo`GbS%HUBu(KX=6G1?*2M;9gtD7jb8PDl@{Z!T~Q`YCYRMSy77Hj9lyQ7)@wX@wyL3qB|bx`Vu^L&Fic)`BJNEDSm)V z79>-CPD6dB*)+fsghe*j|LJ1mtCVTS;kE#TVvS>a)&-gLw$)xc2CeqV6@wC>GAHTH zN2HeJA@e>$Y)R+BQ<|emkgw9j2>rB@8!FPePwa$9WNVomj1EzjN)Lj_p3(bNU8W4 z5WM7`PKa-FOjHhJUJoo$YFKzRud+o=mkFV!c~z#I8)rSU;RFhz3VNbNY$A(Aij{z+ zhV@C`mY!k}dC9u3eq-K3TcK(lQlEKrPd67DwG1`RQ@JZq7_3H%nsuHV$+H^VMb}2g zDJ5>SGaNEb(cND48exDi6eb}R;)1atrQN-&Jx8gWldzwaq>T5W9b*euW13;-m>nV}(3c&8P;kV)N#fOB@rv zDbAzG%c5XGdC2rT6I`H#Vg=D1MQ5QmCWmC zN&gk+qEtPN(h&Yeb+Ygml$o$^ zNi<8&>L}9`@FAT`H^vJMCMhYGYRhDczjBM6Tu!P)3H$A5$~*xeFcXS%vpo z;I3DqM18)Hh1n@m1vDiWI?md{Y+xFYX!zauIWJZCdk@DLh@{f}n}As+8**k^`>A&< zelsxk(<>WYOLtr)&e!&!1&wEinPa{_uP{BqxY$F^-s)Kp9ow~J^Cas;!WkVykBL(> z73`zSJCq&DxK_3F9ATMKo(3J+Uk#v?jTCb^%K9=snp8O}KcbcZCWQM@@a0>HW7n^^ zNNNkeHToe@ zrqYrXkIXH7x-iw(^Rn*9{%#PI{04;kY0b~jlqzq<1Y#{MM5lm%BxT`=s6y%=iE$Jdjw_Eu&&N+oItN>l#M^Bd?70pc2l%rH(2gqa(tCO9l`oVS~G{H|` zN`GJYs1bGKtZO1v5e^WBeFem%G6}{ZKw{*2>b|Dqc6kJ9jN?}DlPH53eiD)l_|&HI zID7EK8~D(Dwg5o<;p5H zUoZ4|6{ZmYxK(2s&XV@KXf@4IEkl#ZI@uvT1G1BTx=dYky}VW%nPt6@xn34^xMFJic^V;wO8{A=F}ex}5{0Zazdo$yM^Sn%Hi04Q+t9e0t8P4doOnDuot zq*1vPB0Tty_P(-(R}Ws5)kAP<1#MhwL$rdif~(dhwJHG->zo(z3Fc(mPawO4Qax6YLr8>8CzOra^NgzD;NacPp_q!q7ywj5A&n zOpqGdDzvJl%aib>HG}-h<&$0oRo9Ob9u(Ih*8CmkaY1`r$c_}mZ}4~@p1zKC*tfU{ z^LMV=xvk%&28NclDH% z;~?sY_nghJo^GZXky6N#M0Y|O)k|+F*t;l$nd7^RA70&QuRubBm6C>nj$!8$F2ZcQ zj!(;sNDVsw-;V|kVH^dxIOZU7&>I!hk-rhf5hl|H?>9c+7aP~%6G}Xzaj_&f@oJ8n zqfTU!?J*^V^>2|?c=C%n_t z-v8QN6n1HVy>UM*vrp90&AsMZJ@^k2`|K2f3&n+wJOUl$Nn~mk8y14QCD5f#0Vpm9 zg7@nWV#6I1E0Ln?8Rmw%qEk~qa#{;azZ^Zd_ts8Sg z8m~LNc&f@u-WltASMU?`Ex=3@kGAfgN6&FX?D%=zOMTU1mJ^^G=kH(Wg!zTjv0W_% z;0SQ&`e(p@z^9@6*ig;GC~ILvjNK8&pfb$ds-!}_<@PD}*ihpE<%&{w^|3g;3O{Zg za-@93Tnec(>oDzUnv7+XlU=hJXk72tYif*~5)$Zke z0!L+})l38qR!*vq=+r1A0U>DLT~bRoszR-oN!+_I2TzcMd3@~(;Z z-DRAadd)^1*@XrI6e;B$e-ZibPhyqN?hB6~qWkx?W1}9<*I+C#=X()(%1s@_GZ`e7 z$1%lhUf#}TaJJ16aDn2mEMacp)Q>K5gZ{KM%H|t)X;#*e1ow32n{~q6jpiRN*P)O` z)l$swAq_k)aOmx0JlCn$KLQKUHiqG`QoekVSn*wg&nL%?`3>lTuVZel((OoansK&W z2xE8!r(d3ySulut8mYvSzvuW|DONruW9eQQY(-mN!}C|$!HLIl|Es;v_R!fX{NJf_M!z#k&9>au8V&r7_MAm^l&(E zC&vif%RtE zoIpLLRLH9vsuoLe8-6sbA6>bG>4AkQUIUo=c)u$=AUjo#BKGz=L{hnQh9F3V&SD`4 zy9-W!n_SA@$|68pTjiO9;S%oI))hLHMIX;<9oe0x=ct&Ovw$h}WC`v8f$BRJtkbiQ zwEr$37=t~YFl+mW9pc-y&;!T#k>_ZIlrJi6w$=LR7Oys;Xv{4xG+pv#VLj8_V%)`b ztCd@Wiq+WI+qPrz>r~&Nk)pt~`u{2Cnvf)!-?AT6jL$!FS6&BN4i(*OwK6kvVgP z<$g5Z2QYZQn1Oka5X^tNj3*vEUGjQfN`v4h5ki1tY)a7OVFkz8K5F{}K;75&-Hz+2 z-*_Z6)~V`qcLg6RFF2=f?w8s)p1-eGqWjL2*Ut#?c5oEc*Yo9>++z1T`N6c7UlsqX zEU%P5h?9(C1F4bm_TN3lPy<_#XoV~B`DAoD1?C?W-#7nmW++izwVdDLrF7H3dgy#F?lsVBZl-|s3B(x?WO3e}>tVU4X3PT#uE8Sx_}_3Kihx4v&5 z*osp)jXhK5!j$xw#{kuoDbhiZ(bxULjI*ZH?7h>lOH{hrjefx4?tM#uA9roWhN+r_ zQ(o$C8MS2{U2uuN!jAtY{EO#*`k1gT?0e50rV?M~>c#0d1?(@F`Fnph%HrljQw6Td z{rY<{3+PYcVD0W&SFWea^hLN7z-$1meR-()`xgeU7T7j<$0uyPEM&3j6iFYt{%>B2BW8nrOY82(nS82Vg)?hS zar}=i%B@xmt(?#0GP9jpQ(vHyYMfV+ZV;dXltfBAa>JPr6?YzX!L6uOdzX)k`j%o< z(N|J0hdlx?8(KpF8nOE8{6;XGPPj#?0GF7v)wh4@Abe^;9B!1=L`;8OXLq-2gJZJL zK~Fm9tqOR)w$W|3(;_)uP4%L)8XMI#?)YC)Uj79>v%z`{$S1`Ki* z8SvZ=-?BH&Slm%bdwwE=hQ0v106$0u=S*Esz)p%ZO|MektN-~nrXF(%W8Q*k23%P! zI|eBX{5kt(@w_f3IqgPjZldR;>iSqr5Wx0UVZiAFZS~V*5Xd6URuXF;TaJJTs{=0< zBM-=Gf%$57_hV2W@Zu87sBC!y8#(ZzU zyZdZ7n_f9IaJ`wWat1g5Y>i8ZjqA>Z$!jRf@d-qC*oRrf4qucjuH$>>fG4W=Y=UM@cwn4UOgU8nIAs4Yx~J!jL4A9zGL+|{#LmUEqUFY9I`_Kdz*xYDV0J1f_v zy@0T?4&&HnGec_ZH4OEkW!eGGPQwi`PQy1<<_sYJA7VH1s`XSfZ`l?J+K8AjfQu&+ zdD2W(72D&x^Z~sysiSdDL)WM6I;F(3oJ?`pic61hyKeTI{{B_8mIHa?5sS2UGsLE1 z;I&zA*ncq4Pujik_loc079|lAfPlz~$vvCz*~FaGf`rf^y_O()TIEZt zK6;`hj2PDvYsurW4{PiH@Phq>>}#(b#?+8?Uz8T{CTp0w?f zZQfhgL3Nb!Ymy0c0vGl`ty=2WDs(EOZg#t-8r!tB7iq?1nFM^b0t?wKQ$e+C3zwmq zwe>cVn^QA#L+5ATg7wtCCWJW$>x7hqDF2ljcY&)Tb@#Re|C&G+x}#ue;Qd-UH#?Gk z7u3v5wxMn%Hc2`!(avk$65RB?$l zvK{jxUZFJ4?M~pAPY?^<3pY;~6oLRE)+-{P{DBl`t_$>ceU7(YdhD4kTR}g(eQhhB zBxO)FA$ywQ0;!DWM`sK_EL35Be-q>WR7!OEFl;Yp&W=OhLGx?Ni%vFyfg4l z_Q}~T2uYE_?UMTm9W`dQ22STB*!+j!)a6_9GPflc%uJUxU`5bjqKL4`zGeLWZq2NJ z)!4Zxcj7!Uq*#BE;8$(`t=5~ITVI3JrrfNCMu)M5za$h$9@A<43Vy9zd)lswkg6y6 zcNUyQCDNRd8%QQ&BX8qFI7Nnt6@0v}L}tyJF7hUuxdm5Bh%A0&Dpg@67ykHAyPfnP z2;}tu!Fp=f6IjTc<;sOG61RBA>4BAfK*tJmI4kq)+wr(`Z$DWDG<^PM<5=m!5H@S? zD{e&rvOw{Jv^L&B5J!L*9dT)#JNksd+dEZMdTifIn?~z|cJV-iK<|qa2Qi#~1;4fr zw7-flNnz#NddM6rLt3;k6?i}rt;-llSPS)?Y<39Kgv%ib>htw>h&vK?lcl||IDdBO zs5guq$l2s6eOjiJ3o2iqYLIFSguY9R&S@&|b>}EG7!EYd;-SFz*fnw|v%5*#TMncW zyWsUPkx(4H;BCCmFLzo>uq^wR)q5yz=xcVe3hmbvInWdVXQr-*fSu4$I6^3S-z+>GbnA?Z{-9Oks>MMzulsvTHsK6hO~M|N?z;cI=;EQ+cgLy4lM|o z4Jn9S%O}g9{KHHqRD({T9K&iL2pthtqQ9emvy-z}*P1U3U^rMzgGa^*kLM*Y)gSC< zZ!<%_&VTeLMLNnZn#GU`8Jmk-(^h}Y4R{7=86-n-9l&e1uWUFEcFXz(pR{61{uVKB zoft&oX9jfz2_vzN+1+SBRVXZo_N5r4Y)B8`47qD&zMPRy?xpqO*-PUhgf1^P`IOJWi!Gk(6sEW z0n|JMufJz|Y;0qnFBJCSMz>Um^D z9YeWVWpZ@EyBC@c!1k^e|0DTs@i{a)EG2{#Y&xHh+{57ooA%x}r_(TTzA96&iLI4r zTuY330jPdz;nHrp1}p5JP$>CSH!OoPN+CWkUm`-@e&&`~aSz ztp7gp#=EocvAsg5`P0+C+6_+fPdtoKDgzCCSe5-HLSi(w36o#m!@x+3BR_;W5_L2~ z$>U$<{%OMcD7~&`lm`-?u$3mg0=yW$y&*&h3NUR>|~^GnKySZBh@gFwTScM)|HRrK$HuEE`!937)#KmC}J_CkW91{$4BRjV$_ zze_pJS4F6R|CP^Omj5=;hk9tCd4%Ooa4cR@_6SzoC=z{dMBD!I@$Mb%tvOcA(1cs- z`L#9`ukZG~^fM&~p0WU*%!v8V!Fx!xzTXqp)==v|J4zw}-rL4JMSd2F?eK*j#zxGl zFxhZxKVYz%#&x-(a`A04XN%{^^SyQ>pRTA_fZMHSJ3JG1a0DsaDej91+COx+wB}aa zq&0JZ{N&6R&OKbj2~R6nRc}*`?9^?NS=9Z;`#mH0a?omc>x4e1X(qwfTJ3Dd@;(2HOg4#C(Ew#CMOej17(( z)uilE%ZTU^1fTr;rII+$>#cl6TR(b}SwhAu)V8YnD7cy3>=& zRhMSV^B4ceNs<42)+fg9sYY2}Z_SNT8>`GfEZ#O|ikAAcn6bV$IGuFnxx;)Oq_4?N zW>wONZsW5Al6(`s#yRTM8&_u@zV7ukulP~K!Cy3F?@;Qg|6LG+^O*=};1)CRQ41~8 z=e#7euNBG66iNJvP~fvoo#Sbv;*IjWI=iQVbwP_H4fEvr4Zlr{(>x@)6NDtUf)3_7 zg(KITz6kaw{9Ga8e=fb4JbdQLq7mE7gcKrMe0}|bu%Q^$=WWL~YtTlb=W696p=iJC z9q`5uJmwN6eeVLl`!31pm2HQZ{I*8n>cpaW(|eg$>*6P0AG4;6G0N9_*X zO>AIopPDV3p#P=UKGplbTQTIXVh3$jP5yYPEV54qdBpc`w4AP9o|WdqN+>nEOOihr z8eYt_;GzB?qkPklA0i+(!XQ_aO%}(Ec<~FdyJe=tumnU&G&Kg!P6 zF+)ub-7b?fjiTq;F3bOab_ocSw%s8#!tmC^={2kG4n|E3=Yo1q)sr`> zKB}EA#Wm8CHqJ2#AE*d@bonn4++nm0!#TvXEKSHY8BHp!a?^1{&lY@~abqLyUs#CV zYh9`yEY;GqaHTMj_IZsI8@X@O6wN!lCjRP?n3sC1fA!Q2Sq8qizPY?zPJw5PM30Cw z92y(B2Ug~jUeQflh#KpV4K5~^&H`57qkEki`nNZz*YpW#agY>d(=W8^uohXLm^IBz;bq6cz^Fb#v`mqrJzBc)c)=npg%|D1)%Ylv)@sja* zT@K({0^|xIPVCZ=$qCoVe-n|fGMAC^I)pS<&Du2-o*z*x;(N39l2D>!YkPy&ZwhO* zPwZGb%%JvEVswnY< z2Pm*(qdeuK<)is{l^0e53??0;gCiKx7Q9OAn28L!8r4h_N6pJ{g^fvyvHMByg?uTwh`?&O`~B#{J4mn>3FwCtoT^Si!wjn} zigZ_^(`YASb@XDD1Ql5fyAX%)^iiO=+%U~I+%dH%FEz4qkC?MKd{&+5Qrs3F<>1ODA7^4x`s?v=Z3)U_&|54pcC^?8pk^VEu6o?)&T`N2Ye6UpX&3mDT-mHiW zerUW-Q!jRv9KB9+Kh1K$o6U-Fi(>0|!ioPWWu0mQ`;aeaF(3L1+kNlau-bdN0Pt){ z8=B0J+XM}+I?FP}AAwe~>Uk{uY90;_a%v=mn%SkaN zYZMVX$4rG5p)P zbW3u%T{LgPb7Ts__PN)eiu4F0jq_xSgEF;l>+4L6vxl#4!Xa%Ku_9v~4jR7$eb0A2 zjbzt6-1aCyY6w!+Yf@1v~~;0oWJ9-_TNA+EvEW^G(OTSWJOO29mQ+!ZVUTG}>icBr|Pbg$TsyfrE?J z!$!6wI(7CT$z6kg?&O!tJ1b6MsRml&gJoaPjvkIF-?v_JGpVeFGnQZ%<4m}B(Ne1a(~Rx}W% zwb36J>yZKO(QOW}s(n$K{MzLT%N?wxJS1e>={TmnEnX*Oo&lO{Jx0lOJ%$8*T zH;vNJ@wHADk~{uE}YXA+=Wc zhr+6zTyJjTYdaZ|#M9kpd&9@8QuVM*lC+$`z2wqo?>iQMuO8K!>J5OM;EK+kbS;e75v{DF%Q;wGI>4Ww*S(F<<~9`S zh^%T|nji?#@XF+_lv{XI^73q%Wco%^Bp`=dTcNJ9Ekm!&9A|K7QcEP)zul(jdcLm- z+uz@%Yu2>`11ZuWmZK+6GoV5*yJoaxKo@#1b)>oq8BmXqSU>HZzHt^An0ty$;fH&8 znUtRY3)+40p6-+R2V1U=v45xWl162o_pDzX(63hi$Nx_&e;JLYHu!z$u>^t_5ja(m zHj%2Q0e&R0FVkS!NG*k{aCPXN^@Z1{?1r962CCUci+K3PDXfI#i#H8rzWs$eufbg; z^F8F^dIf`HZBngLRSj)OihrnV!CqAQ9nz@kW&TRfaBUqKh;Vlr{WQ|{GH=)?`+f~7 ziO~s{MNybL^66xHLD~xgQoJoJHNKxDYLj)SHd=ej#-1oyw#tf($*aDHlONm#hGse` zj3%mlz3;s9r7lsHH{XPxv3_nGvHvP>(d+dG3iqLVaJKNFsqG^N|2eB1#yJih9#wf> zgf5;?vfp76VU2aA0}Ob4zL|y+x`)J$`RG5KN=*k{bE@48Ocj%ixmWu_bEo`L2jwfOO3I+wO;hNrUa!V^7Nd7P1T;do-ne%*~h2H^$JMa@Y1~!J9@v6HOES z9D6>oo`#qC8@UbMPTgYjRm6AW=+KDLb7am)Uidxd7LkIy!Ms=G`aep?>HUguDf%n5 zH#;9rAmjh}eg(5ileuTwACIfuT$`Zx1!3kPydkZ@Pz)Ljo$Xp(jZ$s)N!g4H8nU+` zp8fMJ9_{~rPAPiY^I&^Fa+mpDLGUiWBp&Y&khon6^6@gy=Ov}yplOiCGmqQkM!bil zQB>$w8nBe{2LUoN9g;jY|01O4yVTokSEWxa7GbHh5OL}bJA>;WB}8rI(#7(7^N?B|W&<^j^h2*rm3= z0pLBd;@t(@U<=j?F%8k350V7UtPJ?5=pVO-76VXL2xUaO?Ijby72xEz?NAyo70TcF z7G(3bWAT>~PbIyT$`FiEuq#_&3pf$|*Ot2QJ490J!E&L6b$~L?YX9?&+KmkKmysm4 z2e{fD@*XTFK|e<{hXr*;eNoiCkP<#7sm6nn!C4VcQDx~&m&ekjwkG=xG)bgl$9p#S zQL`B@?l89BIcTY&$ZDQHq-B zGgcd}+{FHcSasQr)=Co&#-eo4Q>F9b@2^a(`w1YDv`mI68ogI8$q!v@vWl}1N161m zyK0G zZ$CI#^uT{>6=hEhEKTT})SL%LYNkw3ug!DS&ddHFaeNqYZEctqam?9Jc&JZf!^gf` zmzb9bqn@P<4oh6*hn!J+4Y&hJmR3psX}->h`75_fajPDQHf-k@!Kj{Rf(Gso+F{;)lYtd>Ekl(GN zu`KKlr3AfTjDv?9QCvb8Tt-Vaf;VbOD|)s&1#wsUjIw;`?r^rKAie`}GH@wfkDb68 z!ZG(T`J!o@2T(K!pthIoXJl1o!t2GF-WQ(JQOYSpQJU@QClL-*xhXM`Y~Z+pqi>ts5WftKzE&y7VBy z0azVGYt|MNufolroC$xWH6L?xr@PVV1Qv6&qFG>r$l&_MCy1A@#^cWO5ah&88q(sz z9F_}%*4`cN(0x41n$O>Cg1@rh10hyr{ewV(r;fP!baz}G0yk)woxHQvd#*})N`ew8 zk;z~!vR!tPz{k^Cf~n>78l}(NKTJ!!k(3;nt5Umde^nYf3I@CaTK!V>S=m`7rx59mn*@mr;61spbYFG)E&$6FmP=>IDxNfK=-GwoERRI_~ zf%D;d-mXsrH?K=yCma#cf4cK@{YWJgz9}_GVLH?Vt)RU$zF2B5@8FGQ566IQH=S& z$k)oh=fuL(RuZ4wqa@Rb5f$HUvrb_trbb|z8HjyV>y-xh@jcH8Q!hRm^^r{-GRzMk zljT%aOwW1EFNV-((C*gxxAz&L2EH$P183LlC}dQ$Ai%u8wY$d)k zETUn;NSuV%hzvTZO88W|!i?Rvp$3?qqeMbjsR?sU%2>aWDrzeD>&xnL2p7j?IrsYu zZ$i+=R`QHo^d$r}6b!#mq64<1hlmEhJigj7g!v-L@1Wz^HjmJet7sSok{9nR#OmPm zFXO!ccb>xOOw()UAnI}_iS4b+6RJ$rE6eml4V=A0;W_OszJp|`W9@CbOKKORJfMw! z7K^w@{@Zg@5G=3V_qe)H#O9uEdTbho`JFvDJbu`p7Wro<|C>hqb8Mp(s;e!#x##_lGyp-k@!bh+W8d$-*sYGMA_tQa5LF~{V~9>Qjt;|)G)kY; z6a*LTx*+RM9L5jp0#O?(U^C+f_#{?*AQ8IcAOMOwuqGS2-6&002M%eq-m8(Vw(Z^O zaSyA_v{7-od)Ymtj=(J>r_fG6YG0W|%90*$(um4w_v2PLv>FZ~aq}?SFKW>F7kifvu zU8CB|gD05#*!#r$)4L#8x-m+&qw)%~uA%upN}R#!rhS#e8+EdE&78f{dAi8oQ?|t{ zkQM1Gu!)g`=<4XsmyQ4u$`BF62VBKObWcxIYoC%EkDG?`h!SvSs!co?-bw@=AE89{ z25BEzEKVb3mIWLAAo{4?oYkILjXUmR0XO+$Iz+db{kCG=lViD#wsjb)^(f2qgitdV zlODS*ZFYvM$bj)&>#J%0J5`Z(0vhL}J%I9%gqmsTzn!fzU)`g;=e-QMv#L$(yOBqP#1Gk1v3(M$dQu9m3o3?aRY&ZbtVm3 z$WccvlTd$%z}2cf+ULj<>6C@O6Ju_K`hUdB2!V^kRe?d5e7%CcL4t0?S~k3N_-KX9 zOHBj^D*cDgiH%5hHjc^E{@t*>#uH5FfUd9Pn7{b#@N1(RyR!?PX=^<{S<0qi=f|j2 z*{j=U(5Zqoii@FJS$ZbGF(Ai*5+S|+9|M3)s z>FD}CdK_Vn^MPm{>TiKLzJA1bhqLw(5eTVpOOe0hL8*)-A#=_=Ac-A9{!1qGFKh49 zGp<0C-xz3lQ8SN(oCjnbTnd8*4xmu~e6`iK`~v`e9{Q3OIg9%K`o=jTNXrbnq1azZ z0?DgydXO)F+xm)5zzWI3+HWP2|KPy$GR((aP|ETDO00PP@99{*E~j)_bSd<&!g^@_ zQ%uR&T?4GMVnGUPY6}sH4pp9M5z-GzJOr@;+=<9%yF6wrY0=HKC@_MO`TO%@r%+^9ODQOD)|A@$rJ$ zGUM%o?=dI5u8d1B`;Bo>v`p;KU^tG#uX%X-xOc$6$4Jt9zNWYc;Ok20p@nEX+v}iP zQ~M#<156bj|L1cQww8uWn&h#NO1xQ>7eg=K1b?6c9h(I+9o*vI4lBune!$ab&?9S; zp)jb+%Y`}4zU^74I(%>1r#|RnXf=F62;U<(EJ!!^`sZ0i8V_H>Dv)kebfP^o~i5tlN^Mx$U&(~mmSK zO8Se^&22==<9pq+U~IbJtKPW9tpBlw)NmeqC_-$DFOtJY6YMm~iet+p4{1enarDJkpJf;bJCKAUV9npAYYiJ_P@krZiU~p!j zX}r%)YBN$1E8f%D)K|PHozwwMf6p|)W83ztEJ*T(JNQawzmcxl-5q*lDI5D089%|H z{j!^Csj=yL2SB|VryLAM8`gL!IXO{L3{ZMtaZ%5{Q!1}mH0s5{w4Z+GrtGG?r)N-j z*u=|h>|vL;%4GM;gEBc$=Z%3oA{IAFFv(PuqFBu`m;(B6(p6(0a`JFur8EkiUpq2${Lzq4iMuG5UYAhlR4O? z0_mv_HXgJ0{l!EC{Igv!$l~bu%_X#hN$sv-^cQqMGmZQG|v-! zm(}Q8o%!W%8RPu@*k4rv<1vjYl2Gr9l!Jj<_O}#22M=RBC!e+91O^UWU6ls2lpdf^ zziZvs!oQsbQGD7tpl=J`xGgiFS(Us5%mRle15Vo2V4Apiw$yPSCKN7Uh5kU%7)@o& zx&EbHp>#}RPE4P0_rp$R-WuMfr;m%1oG3Hnze(TNf5O~kI`SV~atX73N}=%8jKt;D zTVJU@143F-TiGVS+=A$qT)Ot1#0M9$v8TD73GHGZ{^kMT`F^`BV;P)r!lJblQDAqM zQ1?TWj8%6SNrTY)rm8TkV1{m?HhjeRe61R-)pIrPbCC6gv**aaomIidBAd?JOW`5g z=pIR1*&P32DWAJD0EQuRRZJ3Q9dav z`E5W{B_VtCaz;CyOkfeO(2`4pCswB%Wh3`Psx|E+o1Ws%CUX%edb5k!2uJA%(I@#T z>^LZz2kBb69b8gU-RkZ{k8X<#1%|FsUJF4qBo(T};8OaSQuIcR<14Y)V>g1qA*P{E zRDE!ja@$7#0@}{5tc&l)kc|B~ zhS}fnbm9A$7Kz&&mLL!B|XjkZO=d4!ABBqZRM4VN%sCS%>xb&$s4Rd6ERjkZl2{-N40Q9N5K+r%5v$ir-WFnJ1Qb zevyBBTMxm^tnydMxKKR}aq@hW+?NzpmW5bONKxEJ(KEXFk)XOeUJK>Q&vu7KZ-b7iNWs7sr2pL^xu&ZW%>fuD>Sj z$`Ctl5w?Z++3KSEbLmuHXGnx>E2Xw5HvUUDm{Rz&<|x$u*rhhZg_m_vp<4)#x!KnP zO4e9^6n^(qfeM@w|60^v6#ZL#v*b&7L~|5sDsCs3uKS6qWL?k7xTyJKpux<}1?My+ zMc}VBt2z4yW!l_2d=j4BlDChoW@dOXPK3$gGeGh`{5Hm=J+}ntMXYhgh~G(B58T3T zVG6s%{~Qm@N%Q1ym=n3`wtZ>VmUQe3{Vm6~vX3G?je%ompS4650Jb5HY3zLKJu+i~ zqRblYx_21(*H#BM`@@pjoW8GmI#x_3L`-6LC=cP@x8on#iq1X89Vr>S=Fetozxm#s zx0G;r9H>=go_;f8qXPX(T=FC%m*KkhRbWrfDPaRcXxO9K#>B)ixn&G?uFv+?vzpp z9$eBwaVgM3fuOyIPk$r`CP+{@y9RHkLCr5DqU&r3|Zm$$K~? z_$7g^T>^d!N#*w6kH!6_>kp4VHmjJcP`?fd2d0%f%3Gyk4*h;}src+Z6y?r6U_Bh* zb8M9`;xTz-lkg+bl6m_5#3P+T>qTM*(at?t&f%tVT}kOx5AR_FA5z29db3^q&5bFq z-|19d)2gtA|K;L+s52ds{*2#15ZUiF@8nH|zC^`@RoOCVqS+1L*~>&XQ|HX*GH

    Lu`V$v(De**aFL!tzWcR^k<( zM|y+7?#4=n4!Vo5(s>>1ReE4gZtTG(N(lAx%amb5wyw6H}k zr9e(WgZOCcrTDoQV69Q!2(?ev^2HYl7(jnM1?k=y?Lxe)+J(?&N#JsRbD^FFiIkPn z&ESwoQE=8nxW0RxgCh7=IAY%#-&ibWOr;2hwHuk+Q#4nG<8-s`?=rRtGI&Pgtd2+9 z6?l%x?9LsPMA%LB=JPsnIz(S|Z^8BQk-hY4EVxok^8`58u+C%wOm2LI8&(PhKN#Fe zG3J?O{%oKE7P~IvPbQgB^d8%6Z2SdmUJEcTZ|F0!kUO||k#`@bj#zflWoq^+tFa0D zEZ57IJuL}0O(xZvyED#qFL9-g#Oh7o4nBGcRM_5mFg68?B&sx*+QX6!9wA$r0quiB zzazWaLxq)Mi(~4rR%T_tm(i0lFN(mgb!r9~JqLAMM=wG!2f*~RRYUl%AB&v1m$OxN zX>otk=I~R;X+icruIKLJ^qe05J9Q29qp^)!-k@JVcDW ztw)RNE{c_j+ES{$7;eKV-qcP~Y-obV-ef-I@j z=wWz#sHHN+s}5fgjYc5&{swL`$3;}-2ITngPC%Q}?)h|m8M|0I7z=z6fqH`ML?A9A zAZT0q`d|F^Y74FRrMONbN~Ub(8Vt~$__o_Xy6@bC(#=gt#S_*aM%54-Y_~=Yx?Fqj zJPPvL-G)=FD|ePNn**-C^Kv-8{Jy!EnKW%KeVP$2yzx;i%XR)sxiJq=eAr^HGbiS{ zqWGaM$Gn}1f1#Ti^ERdX?AIUl>$l4Fpgvce*g1)$PJ1%F?zotV*y(FuI(h$4#=dSe zdxQ*m`iC|;|Eph$_QXUnuQQZ62!c!WYx4eSngk|k+Y}B`p{cbLx zTYfb%`!U_KZvK9mm`=)bTp&blfua|q{(Ax6aY6!=L>)p#a+wue=@Yl_(3bG{2OFS> z{YK4~i7W`onu)y$MV!Da(yHCFo0xHU=WI+L{`O#wG9KP;+!C{RCUGyj&fU-Mqv&G2 zAB$;v1lF3g;G_hLso8BL2fzs0J}6pusj;EPJ|n8IDC$WW#+Pt){4T*XMnayz*@V6OGWB)gfG&3lVDj>@g{$k!9@ouA0JEmcsylqb~Ze>6bgYMNj8 zB=8+6){}>eQv6aYk}gcO)->?wFD1%`L3`1NXO0<*csKAcCMoJ z&gKwq`G|2#hacPn&$iPlr8wWCI8!sw6D_%SOOW=nX~jEPQEgRLZOo?kxYAPNWOt`9 z1>p3yy5rb}e^n)Q88HDko}AFoSHcy;aq5^nkA9*v z?qh$l;Y@3C=Sll)mGWr+jV;|5*W)pno{cnAky%q;3f+%bYzi^;!YM^H9>f=uLzDPO z5LJCR9xT6SrJQ7&wDuo&lD%sz(c6Fuje*(f=TA-vQh|X$X1yHPSUA;-$r5E)8_e5Si1H6@k{q(lgw>#=oMzt zx`)H^dzrq&SoNWIp)?bO3$z3)A+r5M%))WBEITfC;|eIuz==^~Qt=yVet4H~&*P>7 z?}Ot+eN(LNZI<+t4M@#kPNk*I7F&c_NC*B}|M9Yl8Q=UxOifu0=2O-T4cPPN1!oC0FtJf)A)z&t*qu|EgB{sZ0TV_k>uNk}oG z-K2QlSngQXy~nB7hp(ji$tkriilh93H-o?m1vx|Ra z8(w89zGBg+Q+AOn*2V<7O5Oc`vyf z_S%IgX~S}fvaiG`ve?{5vrr^@@%UBgoL!8W8P`ku?by(9k;qc?UHph}H50Xt@u4D^ zRH9#yu(@@5ThYD95<}bdJ=Tg`F_K$l^q({6%+}|VGA(_x@N#NwAr|2n1uzADhCx4BqIMhM#ZqmQf>e*R-|JbDCPi zx5o`bsAB@=v=;9*6|S z#_t~>h^EyAo3h50wZyc(Y*0Fct_8;0h)!aT#(!$=e)Of zJk%+BvL&3!Y8N?8b(hS+epDSNdpbf9K5@E4Hj|qHXqN9`2^)`>eg4eFKC{=kvykJ7 zlPlz?kh(ZIJk{xY5;B!#;^KccL=)PLT|EV%iTxlV=zcF&@q9rY!#aknDeI9aqjVni zA_u(!LT$D9MU<l%=GNXbwsqWhCJz=XP7HuW7d~GdiDqNT{CJl!S6bp_z_wh& zN|mpHUwV3>`+}g4BoME;MEIa9E;vM=-o#9=N0gz_uML(-7TeBoO@{S-&V5hUCT(7O zI?b@(EN;`$JRvMwoS@H&(jp4yo#u+{wvyoxUK@7PD%Q9e-m1*23&fjPzT?fygvR6{ z=cF1w2#R8#2?Mq^Rueb0X7MK^RX0-1_gi@Q4bhy>+B_u2U6d^y_6$iI2q0$6_ zxw{TO`YhOxU`w9L7I+3-FW7OKc4ok~5_7W}TI_xBy;;U1C5o+{*5-P#jIyMR)f7$U zNORy_D)whPXseR8aFzyrOT?iI&OK3$>uK6ES!u?GPR3w6m8wBI)rbw%m+h-oA{hm> z1}=o&Z?(1Krk!5)Hkyl|d`~7PB~H{|o}U&xr=-L-Vi*8bvq6t%L!3rUk-jVb zb{9OoxAL>-u*y?{R9h5{{t-~n7AMbl@`x`kzOMD;!wJ6(=C*-<%| z<6)uS7xGjjcG7*pE^zcto6sg=b1`z2EMO?K?fEhd}n@DeKR)iR#HWf8NBLfum88gz~?Ye6w4 z(c1%1#t3RGklaeplV|_>q@_ZKUJzbT&lUc04W%M{d@v=kh3JLnon6{Rg=%^L(4_5n z6W~=G_nz5*k<>HU^H|RDNQ9!pRY_Z%&MahKrikxFbBeW_(Zz(YQs`YN&`U54pqD1E z*ln7;N$ME)^WK^+ooWbPf>wl$ZS6wCe&A}}y!h#;ZMA5(fC3v+p;K#8X(o)iY0e=Y zwx-4HQ?L2im*L@I!@jbB{e%guD5~-)%YH#pMH31uul6J;q#4~F*iE? z5m)$`#M6*Y{R|0;k$h=_Vbm-J0_vAIFDfTrL&r80Wm;jHH$hksjK>M%2Zw@IwpSE& zERi?aQ>RQ+Kjn~R-h0BpgCsY^&N2z(EvHyLv&}U1lAH?a;GdaUI0tg&JP^W|rjluZrzLuc^Q*}bb5#rTa_YBZGQgJv&I-@< zaUX$2@+#KVSLPyL0DkQWp0w$LcgJ7jZ01l!h3oVED`$*6BuXheHvhI z>FIu-3IhoX|CBMw{G?gp%Gnu2QDVHWEQn93fRizB(3)5U$HzdYsAl8_8l8o5hlMw) z7BG||(-6mXT~_0(M~`lW?JUXLr`J3XHgy4aN z5<#9~z&osC6x2{v9ci5Ghz~0rzH4XW;5f+QvlE8sZ zb_@K*t#Mh-shaV6^Xm>3%R!lIp;7_P+394^l9ra1P+X)Px@x9;_?w4bb8(+qpA=nK zG!|(ZF`V57r+D(wDM@d)RV3ek!vbVn%lb0@?AC2@ijIM@mrA1H{mq>2r2WZ5_Vnm{ zX^b9}9JA}X&s9v%bR#WGzhmCIe&)r_tW^ZDy4wG{Bf1lk{OEjqBYE=O9Xi-U+y*`~<@hPym2BC9{F@j8C4by4Aenh|o(uV78IzGa|;}A z^|Jq}S(x{s)oEc5Y%@#{8;Sr0f-p8f>e?C1?r}$Zc1+TUzH+>twIRjqg-O?RE%4`R zH>Zh4Ve7H99S>ycGd=pd6yvPyF-ycs_85zqzx6Y)fAXZ(#V^AL zpU-GE&QZfxqe0s`Ek_cku++zI(NKKotzU0z(Fn8of-l4PKW0T(No}I%<+Ti16;1^JC zIb9eszFGpgRLEaGAYr0rWn^R|w9ai0IOdjlIVW6%AdkOG1$x=O|HPqovGAt48t8>v z3$k}S614EO8W)=E-~&_4Ez-F!ePuOGTlW!gnTIAXR=k(tf1f zDaga{G0+PV#Y&+9D+>3?4vMhCL_UM-vKzXa32f&;E!fW8b|4dA53BKxU%!6k zegFEOq{C)wffs#!mfJ27CMTy9z(Nh;*br9Tlp83rHDRS=Tt9*Id@%tj2dYHZ~4mht?LS4>5BP zE$ZL|=u`jj3YM?%!fNq|E)%4oL4yj*F9;@3NnD4@a=Vp#9+NvBNu{%B9pg0{#m$`Y z79?Bc#yM4TOm{FWDjeYenA0WSw{yDaW@!E*Uz1!*f(2igi;0PeMReyFKI^Vm#_8~1 zRzjG1hzR$cK}CTH!T2&Kwa0d>Pj7!dMM+zI z_WBb3G4yJ`d7OHvduOHS!37q7s-oub7x)X9KVrlEFSdch6B9icyEy8j6B9>S`S}kg zus`lG@+gfcnk@(yt-F#MY`SoVFu8cb_BYd^tMZ-HcyaZnn{Dk)m{<`BvA(qAF{ph) zN1Rg&u^yh}mvan0&)i}vI1#MAmOZx!dX30Yl46KMSwwTh)?Q(5)qKnhX!lPw!{2f8 zhdvA2bzbOrti^p)>5W=hiI+UYmW?XQ_4gk<kDWFzW>2!7GHXy8z*cF&tbSQ3|6CSe*S}o@FIsC_b zmjG%Vk+uSwPT3WB=Kry)1(6{58aejGPfnu*4;q^s2>|U+Ml(6)FLITiuVtF%daZ#I z$onrRV&leLa3!_1wdOW9TTEcwirzqSKZ16O99v+Er0b7Hj<}}OPf2?y?t?U0|A_2^{|)}8r~vGEMwmrPL)YVqMlSwZ$>vAip3U052zjr;ooPl@e)A}Oiv`i5_9#R zECI9nuCBKB8BIwWsC5zMg}>6!hv)jwwBMitMLSgFQS0=M&W4Wp4#j7|FP~}ARx}v# zB`Rk3+QKr$#KZz`dyCCL4ti9tz8$gCss4j4ER{O+zq0^)UY)Aa1Um!2N77kt3_%Wm zL&G9!L91dr>g<_|OlY4C!na=Ik}K-|@x=RJ&J>Q)9_TDk96PxjEt?B!{j~q5dcj+0(u_#h>jbv^y@O$g4;+Pk^F<9dP3(YOwz}JGR=sySa?)XDn|9y-X>Al;|rv{9S zjDSgE73u50ecMgHb~}ul`TMSP88ZzTit|SPWuT$k?IWa>wef;w4M*0TJUONJ&7rDk zsp&6tz@@A9CdI#FE|5m09)!I8iLvYnjkmoq;@c3u1;!dGnRFLY z?9ZNL#q&PL!FJ$?Ojt86p6ODQ`c7#aeT9y?$uw5%Wj#v^Y>N_z7-0q|n54X312K4V zRuM*y=E&EzTrD-Mu+#h?z4+Vi4kcDPC_;y1W@i4i8_(f8xEsGcgWjOxLkAOUuE`va zhNcg$L4#CB1^IB2AA!zIQ-+S&a3+S1^A}`}&aVL&-1slctDP0TUc5VKhQ%%aZajlc zw-adC_)#eJcU{2C^TWx_YQO<7Fbppy^u!tXBpCPUg@Du^*i)WW7)?**Pz3g z!}uNYVG?1qnuGWxdGL|R%{j{12btR8=Rb_Hd3dgd8oD~l8vpM*8F=P(Mt3i?`BMqfS^Y1v)_5+;T@&&&}hg-!Y~LCh7_{>|5a=s2&M z?C=b`d-W(R7sIx8#d7!T=(YnVAx`UoOB2S-itAgQN2jGixt=dOa7 z#lI@Sap>0$?+P#|C!p1W`V?K(k`Y`~D|HxV_b!*g^+3?g+|nkB_2iG;dwPi`t60#r z@Fsfy7x3TQYm=9M6vkC-x0Yo{>eOR_k60a9gq3g0^;C>=Yah=Z_&;>@d&8T_DW0Qq z{qr$dgJ7OirG^%eG(CfIk!u|`ZuK&`$tTcV;6szmv{V!iu3|{PJy|=U(dWE;j`?CA z6XPih=Y(32ND0*{TV0h$f`(6%-Y8n#D3zV3m*1%9Fzg1ZJU9caZ%ULcro(#L=*xT^ z*W!kcO;d-T1sxFZaOhK?gYo2g8Pe)ktZP9S34AX&x528as!x#ZuTI6&{{as{W%i$E z&M{JgnkiDNXY92C2`PNwt3!QaJdfqpc%%X@cO4UQiKEsL9D&VqDAn&By3*3pu7U=| zeEUGxvSGAn--8D)x>X81)5{wVZWBOrf{aZpus*6^%-~2M_YmtfOfbjSpGuzmC@3f} z4QHC{u-ERy{&P;YdV>S!gW2Dp3gZOe@aU*GR<(j-JP zkgRDs3>Z0wd{M9K!s_5_NA^R{iFhw|Pni=Lv&{t9A7|a{+HKk;MWNe6aZDZg$fVKY zD&a7BcJqg5G51g^Esyoono+)oa-?q+;UDw;I3hKQw1Nk;SP{v;nU$OSS;peK=keU@ z(*+7cDGB_%N#iBP;#lJ!^V{E6dIF~$E%FB<(FyL=bNMUtLBdmF^UTsvSQX^LvR;B9 zRxtwRsGg&yF>VvR4<9}p3CtPG6l#VZ7vx7)XmB>p&7I}4>3)6x0E^xc4BU$N2L%`G zzE7Tg*Q?pTRc8(ag1m!lA?@z*b?qB*4#ldB_})Q-#t#es8m;n=1hmP2<61X4xH=Sx zz9)!UKb}r578K6n+wR{TT0RK=v)0%~C?lv#*^Ni}&VMLsUO%HQ{A*GRzns!mY>3af z9kwrZ(hmMzb(_NYk)`3Ci0wlCMyr;+9yQ9bLgblUVr^Ser`Y1tH`VlSQ@-FM!2Zu# z;}e!Lcm75){zea6e48d0MqVek(pmmolqJptjeo?BpIk(Fd5CoRGq$O&`cjAJ7dm+!p^a=@a{a zK#7m^BY19+q1Kr<+S~Mq^61-lMdji~9aX5$4kSQYz~Rp~lwcS-ZLGw_!TiEEn83r$ z?V?wFCJ93;wA3jW_rB_re7%Dp>&sl$t8(E$^MJid$6C->3bULDGkz>Zd|X`Kp@5$M z==5D3Q~>MWQpxM5tOe)f;GjdvGK`r0S@+{V0E>TQ88g36BKT>Tl`S5K)Cy_xlE)=I*Y# zZ@{@|=DTFvV+7Uo_)!*osPpE9V=83w`=`ZYKy_WzE%u1YF|rdfrN%+LQwqc|Wybkk z8@n12K{ye>+RIaslTt~8Y(N@Da4~N6J@37BYV**1kojY461GDPfJ$Zipb=|VU8EmA z!>a)fmjN_f1ppVI>A}NuE`a;;_N$A5p<(+t>1@f=ZEq--4xe@LCz&o5{8(j}p8^X& zt=S+S4#%TuAXgK7f#<||E=PU0hvzG2@(o_X0~qm_RH|t}*)Rky)O?vTHqn>Kv{iud zYCzFEyL7r*Woz@CG)xD*w^DC@T@Wsf-AmNt!s}xOif+Dd**q1wgua!!o)z#{;vvs$ zqe!8ylNRQ@MZ1)#*`-(fkamV<%$p`@*tm;s%O`2^d0$>$xf{lwL_gdV}M8#wQ`TeO+vE002!mfHQB#VAe zGe5A%*IEH8wv&_?(p^>RZ2?VM)?#LX7n4ir?PglyP_t9kRS`ypsbWlFh^YKt4&?Lu zI?)VF{|t>1PUC%%s~iMLlnnam-u4cp5ejql2}SVtKXHqz4AF`QR73a4-%G!)Tn&7B z=t`l;dP;pfr(a73RHitle!E0iYxwl=eQ1j-mesDQja{nz8tPj=7ob9qB^zRL;^%N8 zGuxi{5!my~_+ge8^Tqw?Y97al@fX8vs|~=YU0fRKzmma=N%OW+r_z#i@K`{9^Z^Tn z*!N`Ri8-uDDv;Tr)({>vsh45K=LZgh9};?Zf2wEE;ptKa5{Buw^z>$jqeU3HF@Mi; zcYbeE4pRoHAp#2v3lrD5>eu*p>ioH|hGZ~@q0sXwe05HuX#dIgV2-Q9b|UW{`Vn~4 z>$2S06;=lO!I3Spg~^D5lY%ahLQNSbpj7LA)YwJ$YP98TJufDUp<{9q^Uxf%tKFI} z090!~A@%%qV~xS89Wcv4WE0$yIhmn3EPnhYzbS3ro32{DD=pUVc7v5kV!;{h+tP6~JAEj4y` zlvifW;*^DjunzZ$A7kIWxC8we=ngmbQASQf<9M+G&;1#Jen5rJe@7~OC{^+(KSeb| zH`Rehf}xsHI_-i=`MOtSJ1y|)2rIQNm4$BSR$B2ELPd4rpDGm}CPAOCi8M%OFZjUF z(Jxi*zO7O$QoSh8_}L8g*{OUJ%4&CwT;j@~3#n^pa5K6Ld6m7kmoRaR0S=s7Opqox zy3hzyq~|M98wW*x+Z#QA>ph_%MEap3o3-PQSl+$44t9if1$_=OOiWA>g`UmfcT$1Z zlG3B~F27;=ZHJJAM8?w5!DIew5=??9+t}Hy=4)03ex2PL3a6+Ai72s={FP1zFj8w& z&3XrYg%y^R)p&rk?&^vnJ>KgBv%k{1A3g-Fw%E_&k7aRi!7S$c9DyxS)&551TFYmc7A9 zaD{OVYR#VuL%Caj!MP+2F&`yuV^j?)dlk}ZcDJ?@Ch40CotsC}cb)4c z{?rRBsma_6a7R|1P2R{F~8$4%q@Nfv>;ISe*6`;11~w{_#4*R zzr?im%#rF2!NSX8;#i!N^q^yL0CJq~P1md{Mm^@{<~Eyxy;n1{cL@umj!sk2ly%ch zzH4taQ~;JFp@ywaMiJ7@K1YjK_v0|}vVvmfF}eID=Ir9Nk*dBL_b<*HDScqD*H(i2 z_3PIS-G$hSTwOd7_@%&;A(0RIaCP9T$dxKp&NfuXs&-I{cXX}%`iu-c)Pa{Fh3D`j zJXh4y{GFL7i|s+iI4R@kCA9{}&3rCdxZ;5e@XE}$f^ls%btKg|m6ks4eIHtoP1mO- zM~=i#0m>redMB_(q(+aEP-(B^+i#aCOjYL{|KqAbUdrwQ3)}S)EZ2&Gfir;dzzCqC zg`)`-U+l2|{^KI8J&u8kL;0e_s~q6O?B5APaCG*ETsx_iX~tiKOJDtJ@tjP6v4cO48MVH0tDPcbdTv#x^+pypQ($x!u+5TBh2B zl?-L_UFmBi8HJzAeN(okEbocNM7qDspd7}jD|V*lwNAM=vE)+p|JjjKL~BE-q9<6w zmK9$NCQOt;zirLDp5BXLCgv6%{0GygBNQuT&JAbgb=axRKD9^CJ zqP~f)kgAZ7y&#@?C&7M}tGJ~>?w?#>$_l~dR=%Y&FU~rY@kNkhC`}t(oDL0-jCXIu zw5VrzoRgBhIQjH(EhcC=n8zKTmk{FqBd-8nGQ=o-|AC!iVjFPR?hWWC0LIn{#==@4 z`5g!mxNdHdXQNd`8}6~Y$=m`WQy`#Z>AybEex#j|6zLOnSUcWSgXl+Ul%X-EX8myu z15lp6ZtYT1#_H`hsVC%mhgfn{oB8kTLbo5h?BbRlaZXRP5I3VPSO!cP&Oe3z#;Cuc zd>J@13{VP?zSwU)*E1eS1^1=+Y*fA;1y@Z?joWiFabj|EMU@4S-F;&xvnY!1=5sFb zIHf1vCsb7>d+xk)V2W^%V}bw5kG;v$j8%>^P;qg<@EDI&@~n=;FK2VqZL+nX5+qS6 zTayfIc}>m93E57V7Jh7Z*6!r(5MEDcWN#v}f&PwZ)yeLTmAO>EXM~QAkS4(gi1wfK zlPS#)Ivb;IE3Y|KX>b+f$?5 zQ8Oa1#!Zb$iP246FQyhaXe>cuXb+rdp1VeR6K0NJV(1u3SnsV?wbs%Ua+}GK>(ZCJ z1jCSoPgKs8nY?u$nd=#To&`j$p0LdK2=ER(zEkp{Vo&K@^b8ASxN0RCa7dkTIs31e zZ(#c5aaPP1a}BY`^SIA_>8n=|em^ti_UBXS&({8MB!kY$WnRkfKXEwsU*gFzbw_ey z;RjE@kXseKk$*9=H9cErZsOI{M^p%VK`cTF!5)wKOJBKc0lW(9567GAXinf0-APh9 ze}q4k)bec2Oazm`$|M$}pCf!IqIT5X-K2uGkcenetsBWj0P`VCV(Df^^?Xb^>eR?C z=LB`dGgGXqXAou?V%rK|6J`na1|tG&(kQGzfY?G<<*bVC)FHGYu@`#kZHO-n+s4g! zX*Nnd9X6S`Zwp#|U=Nn%H7gcpS6eETH;K)By*B_8U>47CHM(3S%R`fRbNUm@881J$ z)^8L})2YWTO$yV?QqT9sqa81Yts>rQ)yJp7MU?qL>WEso$ACRm2x<_WOzJW9Hx6IOD(jv4&Ey{p~{ zFXWXxkiRL|$ErMuC!Zs@7q}+TtjS4a$4JE9{c|nK^mXkhheoP!MNL z?js+>pmpF59x2hn%=ZJ%RswgVqU5(2ZX#}|zq$0|GYog<>sRjpe~XfCy_B^HmE;%} z)eOFZUDmr4$&yGApgqIjxL-$3*H2pEeefr6GKeej^OQEay88Na^-WFZLKbg#3d}Rr z%J7_-80G@T`>l#JhF%8+J}b9m*2Rx3l0#%MMIItu@8j`T?~$un2=1z5LqZ%#6?B$< zIjtjtX&JrOge(XHCVbf5U|?j^Ez_DR+%3i-q;LYL4tdlhcdjmZUazRN9e#%{s?Be$ z^PM0G3{g{aYPlXquS;8S^CyW=ZX>P1%lt6k5XNJBx?w0G%)yjIJS3}88fE@vEJ1VI z!>648hxI^!5mZ=Q+{xg@32qP%7ZHJlQmI-_fiW&Ewwps_sADD3=R2i-rvd%x{nwsR zB^VSrBh*|YyC7bpsD;&}28^kZfQ=t;Dlo0(byZ$Tdt0xT%*IU#Y$rO1w52o)eZ5)l z{M1jbG@^L7#SxyF2uwq}>kz2>?TbGAmg`r;uq83sPbE2<(>KZgri>T9&!^5o4B(*Q zL9i~vICkbvY)Y)Hm~R^{(Z$#K@$(<8Z-&8G4POK@q7DMghRXlvw)vnO&sk}KG^(QY zBHg6~Vped2cDm9vejLxX~8lx`#$Vh$lmXq4X z`RhJoieEx4#CczwYin%iU4JIeM!AmMuP<>q(ORaAG8!OCrRrbJBakobw;#eCA|B#% zJ(XATG!Ugg+=r;d)*}gSmsX$WAdNMOH!5JAwb1DU{52V;HT0y{+w-8;+kJIE|7wFo z%TUJiTbcqRq;>i!fqK2V$&h9;;FbuYGGaEu31T1W^8&Ln2T;{~jdinnKz0pIQ5`Wz z!IbZjjXtdpq4)L|Pe|jAsqgZYC@uo_w>*Xv#YcEr)PIz>a)QS=Vbb8F7{68Ie`3Z{ zbXyGO$i(nd@EGABV91}i*MT~s#W;MDerJ6TXOH6FIH()l-&@k3a7zhM;3b5K@utAo zvSg=k6ycYE6>bO>#r?@EEJRH>E( zt>^ux&JH?Q((q;?NiU+~2fgTKH92B+EcETk3P`4S_=WEmiE;4$GNg|3!k=4P67v$= zN=nZfk8^|HS%~V~ZJSh-&S-r4o1e(wx`9K$+&=t6Om-2xI_oAR5HB6KB&ehbh)j`)ZQs3-CBiPDYg6xTSS3$%bBO4E+}52d5J zgGy|^1}aeVcLDv@yX7$9_K)?Zvb^rwywU2``r^!X#3A>=Q?p%&_j+DIpNN%9R2eH3 z+^ekxQZbR$0ieeMkDi|1zl&HlPkGuLuURi zpxh#!nrv=w)q}Z)6$d91P$>};+m}PcqxFa;P!Yr+ygssQ< z$ysSH;L!5^SnS88jOeOUFR0Xnhv%N%aA&O#rHyoF0&^7OBys7tkEY1x;FiZ)U`5Nu z1UODKF)kJ!Yy+MO_YIe!CtxLd9ck9?Wb6rxKWml|HgTfJF%5l;3f=4wcj6fX^7@qFT!q)4qpzZhMRQP zHZ=2seiiOb6vNC(3UV!q_^Rv_!)c9wY%|<(kK7=sA8(wmTQ_y>nN=)n5rxptdkNqC z8*haKWjh2I0c4GPHO8;4S9WXwi0wQE9PK>dO&8LAJi=6{htOGmmYONL;TBNtTU}eb zt0eK8Jly4VrGOGwNu4-TQ(t&fP^vhdd9LZNp>Ha0<}1(ZJ9vtEM4VIc+k4n|Z@17_ zEgU`3p244{MMU@iULLA#EDXl4En}UK{Q~nRMHz(~yPG&KY3zIH*gx7uh@6hcVX=?z zRnh#FI~nx1L_)D_(Yb>}PM>sOwloiN`lb_<#a*7sa&N!=rOTW00brdKhNXuYYzS2m zkvW9^j@7LsR9XPQkRWb`GJy6D!hriD1F;)(Tv_pEOpt?Qp6m_tQ3h>K;O@T(ffW~S zuP)SHUsWr43GH`zj`D5Y{1QRgd)E(%qD5GIZ>pI+=w=F(?8TPDqr<}i*f$$~6ZVmo zm4W_A(8P-*oPrzFQ5BxpB}SNDV1AVi_H4_kmuYl>ioig|PAODB%AB`@gz1SxQ(8UA ziYjs*L#sc|>I69XqI@H)Z&Y$Z_VN-T6S)A5-Lcdt&e6eHs3U5;2!?P$ z3GX{%g@{;EvpWaLxZ(BTF(_^8XgXOqJbgm7DMZ=gni{|T)+emw+C`^KRP0VhzE(o| zI|g7%-zlHJU*-@gS{IJrYei7i%|TU1o|}7y)B|dj$uBvDqHZv|NyOX!cy?!-^_(L< zd;g^xzJadGDmmueY^?owKpOmDvj(sbnwLC3x<5E{*fbtFevc#@4otj<2*6kJe&#nPLac&Xepn_ z8su#F?vsWYJSQ)9JJlycG?C071c5C0F2%pU1X5UGgWYJ0Lpx}q&Skd=t!?LWeq~bh zc*3A)9M%xN&iI6@$4Q{w^3nG`C>C=m(68!^$*;xRCKY4VmTpUM$At6|+gGIdcQZ^K z_tzx%{v4gMMeK9jmKGVtP>42LFQD)oK3tG82|T>I&MfYW!1#>gUU!%x<{4)!KKYYQ zf%6?DGyanaUl|sE>a~=^`I?C$KaUWr;I^gPl8S3E>an*~w*lqx7VQx+Z{T4U(6Ry6 z?s@))lI{&}{Dh6`;#ZcC@nE|Gl$c*GQ~|O_UzF?P!$s^x@fVXj!;xtIVd8liz}+BJ z$}W#GPeDR38?bmwD^cf2xiNhQbMzC_L=?q24md(51}9OsUfO(j*1h$vo`+Ts826Bz z_W<^6zxgw?ZH>c66J&MY;k`j%M@V8VF-R#60PZT`J<@$6sSD%(KuK!-NjBsSKO2`W z7e5gfmx9Tnm+hyw>CN*e$=>p_g7)c`1x1X(eMLKx_SY+RCnsW(TDJw>bI;uJXdu2U zYwe-TimcdG)Ls?no)k@=m#kheM0m`GA+|&MF0k+EAWKt+uIxb;s=ysgkNX$C z?|u5pJ|2pNmQ1DKT6V!LrP}l~Q_2p1jCnya##~g-Yv+v^b9UjbW*E)vf>Sk)_6H+^ zi7ITSWYqVK8-?5m*%-A@0uWgc<`I$+MSwfqdKGvl@-I7wxg0PpRPN`}B5Sjh?M#+urouBuSC3Y90e5 z;!mEN=xIQ#!v}@cA}NyYC2MZ)m`37~rX~-Y@`*8cc^exdFuah^gFN|{$t@3ara=OG z$*GQ5>Yl*R7*f<7tDw7)eFwO6EYEs{e@7$x`%>Xj_V>=RXtTm=TcAOcicET@>akbL zaZ%Hct8G!zBbi_w9iEe+u)cKVwih*r_?tQ9Z+Kyg$QVsuJ*%zIj0~r+Vzk~H;MAb4 z2YiIEgSYr119T+%ZMT}7aOqN_fjG6*xwBp`8SYR`bUNH7r+$+o(8N*&j!4>{Em0K{ z9fKC3>RA9Z^~iWlc#Q*GS3$u%lp5gllK6Kl9B1WQW@~>xOJR#YvLv%deb_6R_;2jLT z>8pR+&w4#q@x?QaC(@;YdX;8Z`qMii4t-pTC#lI_{}>Ri=-$_cI1K+HjWyEmxEsy1 z5+IdBGnc%(UNYbzpoXGi$$!7Utfn8M&8|T*Je!o54Y)e)NgxfqwD$JaGv&VNlgi== zuMJDUl_p}*e00wdbx*7oA-a2{oqM5f9h!3*aK&Y`xAIVg9sd%~ z0;yVeWTJ(ewpU|+Huw|Un}D*;08+jrWZ`0d7lNFBWoa-XKaG8Fa?rhzW%bONrJad0{@>4AMOYJvyB74C)XBZM=`jf?M@ zJ?hlLuvufh0EQ+eh?07y!J3%s^dBkTbmOjVAUZfuBeWk?q_el0cAVpXltkS{hY-p8 zu?>pSMY@@~{E9QV2|WE_^DDqSEErG|daP94tCYg{|9Y>|Xg1eqE#?|(o~gM?32GLz zDyf#@pk_6v1f?;hhP0@fMbXnL&XHEtQ1e*jpeQxeJXX|95mRDHa=)Cr?z(H;`}eM! zmHha=cklh~JbUl=d0wdX^D5C&=5HLUU@xvmG&rWqXJ%+AIOi2Hgt!$9ZrK7lOby|a zfTA&Jo~l3zV5?vZGjoTOyLKrgRSJq$=djOSyPa_@T-;^c-mHR;&0!IRmV$0MMp2Pz z3+SWrnsY1H#75=vxCWe`1NQx14A!yh&!HlkbxZiG(Kf*{76MsP&{@n5NS>O+a-8b2N zhz>V1^RMQ>QpKp~i5ASe3)W#e;AHWSm5}A;ocET(tE@E(M0^FCB0LT_u_mUZuKno}8c0QQL6@voXJ`Xro48{g20x%rzNB ziG*E2cj}Rnd=s7@c+94_V%DwwlB`^ta9Sr|3n7#6QB|~lRv?qJ!wG>e4&Hy?-pQ7_ z7$r(QoZWeBgyq9nJ%OU7N(0Vle5t}S*OW}%d4nZ46aTR?sJv6JHo>gP-o)4>8u4c0 zn8c!)%Kb$eT7eZ=Lf7pdi7A-GFa}?P)iue$3Jwo3rTk=CS2`c+piJ#I+)kqIUQ5+n zReV)4Rg#-NLy;ZD3B8gX1JWN1(Jea98l-Y8!`<23gRDmun5RWHoTdw9j(-;zzb3R* z{TSxK$jVX;n3XBw#puG#9<<18(tiad6gr{L9NDf3bD=b#OEH2tVH}(FNS+j242Xu% zp^4)tzk;}8Jw3_(iXqb|>Qm>wQzogPolRabz{&BX?U8|-0n@Gubj;AFTDzQ5orfOO zu$xZkan$3NLcsu_81UC31ptejI713_av&fs05dh9O8|gqS!RKk)|dF}qybY-B|l0C zY4;IIscv`t|2md#Pm2IGVR*%MLHj}8-voI7cA8eK;h>raXQVQxKe>|c+xW|Q05uio z6z4K~Z*L)O$ciDLyYKStt(EtLpfnKmRg>+0X|j+{DV=3tC>b?Vps)t z?`)!$yAbx0yJ?Y76&Frec4K#7b}`tFx+If&`$H!Qjv~ZG8o0TuU>{>$uyFT6yU8~+ zcsXYXwMO~+NeNSL8!byfU9@IZDtBDCbi$S%rX$LCN$XSAt;o5pt`4D&cC)>%qRvwS zZ45N3U6H{;I(mekHr^220;YOix0{^p zi2(pgz!+z##_mJ>G&Gr}TYu~o%IO3dF!%03nO>v~f^`I2UvUfX`Fppqz6aSrQOKLj zy~4(?nK)1kuV?h1sXm;`KV%+$Vy7=N;!7ML0e0y34*83nk@`QrH>^Fy zKPbOk2Ulj*tj5i6J8G^y!n)7$)q$?^6dbEo zBVJC3-b)09nia3Z5mJMeP%Yu6)Fakz^@P{FAO`M&@Ee;>X#}VwK}KC`?+g#L4kB`! zdDa+;s&BShU_nTk9%h`LT5DJ%1`!TDxkz^RF&cs~MtE!%u_u zw6vleMg@zHrW_o<3X9*~)P)Yen!J4pBygn?b-Xrh`fR25k>!`>N< z{UpMqw#d5TpiA_PJ_p)Y{nFiMVdfgkYJ7E#VuRIJ7QN21R7F*Nvu~L(fOMf6G+?kZ z`9ytEw*q%~WE4H6K0{WL6%I5T`B{&fe^*hy+0nVL;u!hF27YOl3X&Zt=hCxPD!ntI z>SrwYBfY~gt-%(pjs89FH>aMk95aOF^&agQyBmJy)>8!D;6ZIXIrXum zt8sYxTeC4O#~N4~1!7F{LR~JW%scnWN{4QUBc2lfm|1+l;@Lh4r)H8T_TOVtWfvH?aDQ3RMIvZ}DyDDD4 z&}n}AZ*>GJ;Cl?Pmrczk&OPWgCN|%l+?X`Aa1}4)UH=1Q*WH}G+O@P-J8z2@Mt<&j zTMzF|egy06MUK8qUpw+aBn6eLg#wMKohH2Ch3x7ywt+c8I_WjC?cxJ|cXnz$SDl@F zcJ!CO_XG01(MB#&aXRAhP9DI}UaGV^6{zNf*q{l&*mUmPm|L%H7SJX434?)iS-jMM}f7%FuPb!%RrGX02sp&;?%C@pXjw6FEyg zds(ox7%P&TwYzRwo!{LtHhC?(##v;6+PS|m({KroYpQuZd+P8lej>RNHBhQVZQD^rZ?|fjYep>b~KltjV=z#jPo33Wr1QPfPPy zE6xPJh-C(;JxonD0b*-P4-xP>AVE-C;9FIH(+5LFZSMWzq%fI$}u9IJ6 zZ_r$QS$mC=eJ$kA`nih=D)sBWlnktWr=Hc_ziZs*N;mH~nfxzx|Kgp@FN=1L8~}72 zx+T%mL8K;++ICgJl#;RF$2e(BQS@Dk%2Ts;*rf)f83DLT;=i{X|NICxZO@z_(D28e zJg{+%+CTLiBKBywwqrX}GFbld;K}lCc8=a@pkbIyWItG~bV93}{54N!hMwg1{63i9 z?$yXXtwI|nU1gqIZORxxcl0poLdDWz>9b;f*RoBaWZpmpLR-R|aVgDAU4gG_K)H87 zd{ST61BZ>=hbXRv6cKEQX^i3H4?$IW>_VPC$_qc_g z{kiRc(2YNP^;Mp><=tW=SHw$x(QgUANjvncQDuILx6xiBxtNe7s8{F35z%a&1$$2Y0FoyBzcXkx$nE;T{|o4=O9_5YMARR+oqzp1hg zo>8~+Dr6SVrwO3@>$1o54Q@_J_7BXPq_^!{U5E##qjR@X`KxQ@>wz**c1*)gM5Yjm zo~DFk*+__QUt4N1LFp*78$E#x{F=yFxL!FMmZFgRvQ-|sbq8p|Ka5l!=IvxMpB8co zSQZsb%bq(=aV^UkoqYO8SZobB!7W|ycgd7O&;xxdhuUQ3J*xcs7X$>R+Q5L2te}G| zO;OF*6)dPRuk{LaYl9NeOU0irBMr64DZttCGm1`t-D9QT?8&NDaU$N~{_az$(qhN5 zrH@jj(H^NhpC-X1Wt?A9zyzJKI))q+&)(VevH#-e&qF>D+kb5-L%p3c5&*&DJLqv(jXIt3zU#%mt0}A zPoJ(?oEmURkwQpWh-6_{asBg+41g7?3Yr)Y#~#N%{HEFc8_#N`30j*Iz`cHKzBv?W zYd20*ORUm;OsbR+k}yi=Z`Z30`xf3$iNg)R@vtN(N4HWu-o=Q|Z^2#)^h>(-A)koN zu8~x!WNUZR}g2k0s;XJtA$LWt3O=l+sWrR;6d&2 z?!=?VF9`tW8LP*KGiTW$Bw;63tZ+EAZ^?9|B*^W{aogVE@9Qf34aYcZ=RnqW(vIlK zK_nmdaXv^+QkXdV`JH5Plm~R{CeR_{yvq3|mvZe2iEBcS%eL%(k2TE3p=eTKh8T|> zzy)?kT;|p?4}e~_du{6kk&4%>d9{9V?wN5TBsew(IhH2xQ1dG5*|`evcvYXopXYKT zizZCy>-?jIA%WkWiZfb6O!hYssy z^N~)4JE91dZ_eaPqJPn*YvVQF>yU4_>5;cD_C5t&+uEiUGS&q`v4+n0XXZ^uCHkIo9Fm(;u~dt# zN4;JSJ&5)Tt<$qJ#4f`LUIXm@-H_q%^wX0Zz3B6h`F$DOi%TUhx85C1$1HXJ^G>^2 z3gMN0!_4}+w-$Z8*`w!mQ-3YSfv8gFA3SGkXuB9qk#}s0E50n)Hn~rJtrtx^cYA`$ z1AbgG`7J$PT*4NM`zAi+X5>6WHA}a~Ng?i02IL+4Oe(ukbxB5DL|au@@$T0YUJ$N3 zRPlyaS;gcmdAcjsWt{{KCvwD*Xc)L_#}WNWZ-VMlfQ$dHaSp(pe_2BPS5jDL6k(I5 zgGiWPs3b15yu&Ys`VNB)5rYG(H3>pH9>9$epwZGCqdoLrN8$+kjtKWbDs^F#`=91k?&djt+coNm`mD^6Zl1;{IQVrxO`W`H2 zfbKzJe=_uj?frav_$88~%&u+NJMYd)m*{McZuoTin8gLZY0S~|@vdmigx!-Z72ktB z`}c=wq3zvHp=-FF?N9sb=MSk)j=mLQXA9kIyY2aS(*sCBK+;Ohy= zz@LO2kHno=opTnME65|kxrUiQTH-mucXr$tw4v`VR`^N@MON8o5EVW=cM4nsVwvoG zZk&eYxisM*TI*S2=~gVp$aG+#;nKFmUMAH(*( zD4^&GefX|Y6FJ@^{|;JPh;lCeQ%+}267;-ayl1uRsNKSDRM0mgNl$34p078v*3v}W zM9+%#{1&{Jn~_uQ;nA%n1Sy7#p#K1qhKTeaKbt zO>{ryq7ScfV?@NCRD?|ZxHP`n=VrGnAyt}BIWBHVG90&O^@SQlH~Vj98uj(Ew?im= zy{&&A-2$fMWyL5yAmMA!$CYnXlgPf+S5vacKTX~W$&-Mt`T#=|HvPbi%$JnURqIE1 z|CB1S=ETAq4B4+@7v9OM`=$b16Ci2xHH!-I!47ftdH3g!yp(%dgsY?87(QFeZRLk< zF$%u`ctf=|?1wEXIB@Gj_xK+SMvP~xDZvo{Gi-)I; zF9v5WA9u8hrS*G(^933h5800{9r0IKxCR%gQby2tLia)^OhamQPNQ@4Rj(u%}IxGf?1 zMb|mr#d#M{bj1`5E`8uVn)Md4z!+YXZf26YpV6FrvcN&ZV4)ZeXhR2J z*kF=L%87q6=cO_`T&RnuzJSFyeVj+A$l2v6zj^H5@i-Cg26a~@v$y6ne&iRoXRDS=#08{BxY+%(*SNPB>kzq({!iBOJ_t_D zk>mx72&we+W=3;%28&5%maG&naP+mYRU_k`@Gf(QTqqC7?LInkL??FvE+XA!^#ftw zvqbnkb&@(BfNtIVAl75nSMl`Kvj%z`|E1=ZPW@I8?ftB;nriVlGnP9;wu$W-8&g5B zYPSq2_!gz#4BPlU8?PMZr7|@)nKL%Ot(Cvbih2;QB;OMd42~bHk+-AYfHLxQ^z(b_ ziZ@E!{Fx9C!?L87ba?4=!9axUTIiVR | initialised | <+ EVP_DigestInit | - | +-------------------+ | | - | | | EVP_DigestUpdate | - | | EVP_DigestUpdate | +------------------+ | - | v | v | | - | +------------------------------------------------+ | - EVP_DigestInit | | updated | --+ - | +------------------------------------------------+ | - | | | | - | | EVP_DigestFinal | EVP_DigestFinalXOF | - | v v | - | +------------------------------------------------+ | - +--- | finaled | --+ - +------------------------------------------------+ - | - | EVP_MD_CTX_free - v - +-------------------+ - | freed | - +-------------------+ + +--------------------+ + | start | + +--------------------+ + | EVP_MD_CTX_reset + | EVP_MD_CTX_new +-------------------------------------------------+ + v v | + EVP_MD_CTX_reset + - - - - - - - - - - - - - - - - - - - - - - + EVP_MD_CTX_reset | + +-------------------> ' newed ' <--------------------+ | + | + - - - - - - - - - - - - - - - - - - - - - - + | | + | | | | + | | EVP_DigestInit | | + | v | | + | EVP_DigestInit + - - - - - - - - - - - - - - - - - - - - - - + | | + +----+-------------------> ' initialised ' <+ EVP_DigestInit | | + | | + - - - - - - - - - - - - - - - - - - - - - - + | | | + | | | ^ | | | + | | | EVP_DigestUpdate | EVP_DigestInit | | | + | | v | | | | + | | +---------------------------------------------+ | | | + | +-------------------- | | | | | + | | | | | | + | EVP_DigestUpdate | | | | | + | +-------------------- | | | | | + | | | updated | | | | + | +-------------------> | | | | | + | | | | | | + | | | | | | + +----+------------------------- | | -+-------------------+----+ | + | | +---------------------------------------------+ | | | | + | | | | | | | + | | | EVP_DigestSqueeze +-------------------+ | | | + | | v | | | | + | | EVP_DigestSqueeze +---------------------------------------------+ | | | + | | +-------------------- | | | | | + | | | | squeezed | | | | + | | +-------------------> | | ---------------------+ | | + | | +---------------------------------------------+ | | + | | | | | + | | +---------------------------------------+ | | + | | | | | + | | +---------------------------------------------+ EVP_DigestFinalXOF | | | + | +------------------------- | finaled | <--------------------+----+ | + | +---------------------------------------------+ | | + | EVP_DigestFinal ^ | | | | + +---------------------------------+ | | EVP_MD_CTX_free | | + | v | | + | +------------------+ EVP_MD_CTX_free | | + | | freed | <--------------------+ | + | +------------------+ | + | | + +------------------------------------------------------+ =end man @@ -91,19 +117,21 @@ This is the canonical list. =begin man - Function Call --------------------- Current State ---------------------- - start newed initialised updated finaled freed + Function Call --------------------- Current State ----------------------------------- + start newed initialised updated finaled squeezed freed EVP_MD_CTX_new newed - EVP_DigestInit initialised initialised initialised initialised + EVP_DigestInit initialised initialised initialised initialised initialised EVP_DigestUpdate updated updated EVP_DigestFinal finaled EVP_DigestFinalXOF finaled + EVP_DigestSqueeze squeezed squeezed EVP_MD_CTX_free freed freed freed freed freed EVP_MD_CTX_reset newed newed newed newed EVP_MD_CTX_get_params newed initialised updated EVP_MD_CTX_set_params newed initialised updated EVP_MD_CTX_gettable_params newed initialised updated EVP_MD_CTX_settable_params newed initialised updated + EVP_MD_CTX_copy_ex newed initialised updated squeezed =end man @@ -118,6 +146,7 @@ This is the canonical list. initialised updated finaled + squeezed freed EVP_MD_CTX_new newed @@ -125,6 +154,7 @@ This is the canonical list. + EVP_DigestInit @@ -132,6 +162,7 @@ This is the canonical list. initialised initialised initialised + initialised EVP_DigestUpdate @@ -139,6 +170,7 @@ This is the canonical list. updated updated + EVP_DigestFinal @@ -146,6 +178,15 @@ This is the canonical list. finaled + + +EVP_DigestSqueeze + + + + squeezed + + squeezed EVP_DigestFinalXOF @@ -153,6 +194,7 @@ This is the canonical list. finaled + EVP_MD_CTX_free freed @@ -160,6 +202,7 @@ This is the canonical list. freed freed freed + EVP_MD_CTX_reset @@ -167,6 +210,7 @@ This is the canonical list. newed newed newed + EVP_MD_CTX_get_params @@ -174,6 +218,7 @@ This is the canonical list. initialised updated + EVP_MD_CTX_set_params @@ -181,6 +226,7 @@ This is the canonical list. initialised updated + EVP_MD_CTX_gettable_params @@ -188,6 +234,7 @@ This is the canonical list. initialised updated + EVP_MD_CTX_settable_params @@ -195,6 +242,15 @@ This is the canonical list. initialised updated + + +EVP_MD_CTX_copy_ex + + newed + initialised + updated + + squeezed @@ -211,7 +267,7 @@ L, L =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index 2c99b8b3fb2..d23da59e1a0 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -198,8 +198,7 @@ This digest method can only handle one block of input. =item B -This digest method is an extensible-output function (XOF) and supports -setting the B parameter. +This digest method is an extensible-output function (XOF). =item B diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 34cea2f9f4a..96133bf7f59 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -282,6 +282,7 @@ struct evp_md_st { OSSL_FUNC_digest_init_fn *dinit; OSSL_FUNC_digest_update_fn *dupdate; OSSL_FUNC_digest_final_fn *dfinal; + OSSL_FUNC_digest_squeeze_fn *dsqueeze; OSSL_FUNC_digest_digest_fn *digest; OSSL_FUNC_digest_freectx_fn *freectx; OSSL_FUNC_digest_dupctx_fn *dupctx; diff --git a/include/internal/sha3.h b/include/internal/sha3.h index 80ad86e58e3..332916aa547 100644 --- a/include/internal/sha3.h +++ b/include/internal/sha3.h @@ -22,23 +22,31 @@ typedef struct keccak_st KECCAK1600_CTX; -typedef size_t (sha3_absorb_fn)(void *vctx, const void *inp, size_t len); -typedef int (sha3_final_fn)(unsigned char *md, void *vctx); +typedef size_t (sha3_absorb_fn)(void *vctx, const void *in, size_t inlen); +typedef int (sha3_final_fn)(void *vctx, unsigned char *out, size_t outlen); +typedef int (sha3_squeeze_fn)(void *vctx, unsigned char *out, size_t outlen); typedef struct prov_sha3_meth_st { sha3_absorb_fn *absorb; sha3_final_fn *final; + sha3_squeeze_fn *squeeze; } PROV_SHA3_METHOD; +#define XOF_STATE_INIT 0 +#define XOF_STATE_ABSORB 1 +#define XOF_STATE_FINAL 2 +#define XOF_STATE_SQUEEZE 3 + struct keccak_st { uint64_t A[5][5]; + unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; size_t block_size; /* cached ctx->digest->block_size */ size_t md_size; /* output length, variable in XOF */ size_t bufsz; /* used bytes in below buffer */ - unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; unsigned char pad; PROV_SHA3_METHOD meth; + int xof_state; }; void ossl_sha3_reset(KECCAK1600_CTX *ctx); @@ -46,7 +54,8 @@ int ossl_sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen); int ossl_keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen); int ossl_sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len); -int ossl_sha3_final(unsigned char *md, KECCAK1600_CTX *ctx); +int ossl_sha3_final(KECCAK1600_CTX *ctx, unsigned char *out, size_t outlen); +int ossl_sha3_squeeze(KECCAK1600_CTX *ctx, unsigned char *out, size_t outlen); size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, size_t r); diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index 9b03f20c3b7..a5bc2cf75d3 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -300,6 +300,7 @@ OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx)) # define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11 # define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12 # define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13 +# define OSSL_FUNC_DIGEST_SQUEEZE 14 OSSL_CORE_MAKE_FUNC(void *, digest_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, digest_init, (void *dctx, const OSSL_PARAM params[])) @@ -308,6 +309,9 @@ OSSL_CORE_MAKE_FUNC(int, digest_update, OSSL_CORE_MAKE_FUNC(int, digest_final, (void *dctx, unsigned char *out, size_t *outl, size_t outsz)) +OSSL_CORE_MAKE_FUNC(int, digest_squeeze, + (void *dctx, + unsigned char *out, size_t *outl, size_t outsz)) OSSL_CORE_MAKE_FUNC(int, digest_digest, (void *provctx, const unsigned char *in, size_t inl, unsigned char *out, size_t *outl, size_t outsz)) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index ea7620d6315..f70b9d744d6 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -729,8 +729,10 @@ __owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); __owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, - size_t len); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *out, + size_t outlen); +__owur int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *out, + size_t outlen); __owur EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c index 423bed7983e..19576c71909 100644 --- a/providers/implementations/digests/sha3_prov.c +++ b/providers/implementations/digests/sha3_prov.c @@ -33,10 +33,12 @@ static OSSL_FUNC_digest_update_fn keccak_update; static OSSL_FUNC_digest_final_fn keccak_final; static OSSL_FUNC_digest_freectx_fn keccak_freectx; static OSSL_FUNC_digest_dupctx_fn keccak_dupctx; +static OSSL_FUNC_digest_squeeze_fn shake_squeeze; static OSSL_FUNC_digest_set_ctx_params_fn shake_set_ctx_params; static OSSL_FUNC_digest_settable_ctx_params_fn shake_settable_ctx_params; static sha3_absorb_fn generic_sha3_absorb; static sha3_final_fn generic_sha3_final; +static sha3_squeeze_fn generic_sha3_squeeze; #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) /* @@ -103,20 +105,37 @@ static int keccak_update(void *vctx, const unsigned char *inp, size_t len) } static int keccak_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsz) + size_t outlen) { int ret = 1; KECCAK1600_CTX *ctx = vctx; if (!ossl_prov_is_running()) return 0; - if (outsz > 0) - ret = ctx->meth.final(out, ctx); + if (outlen > 0) + ret = ctx->meth.final(ctx, out, ctx->md_size); *outl = ctx->md_size; return ret; } +static int shake_squeeze(void *vctx, unsigned char *out, size_t *outl, + size_t outlen) +{ + int ret = 1; + KECCAK1600_CTX *ctx = vctx; + + if (!ossl_prov_is_running()) + return 0; + if (ctx->meth.squeeze == NULL) + return 0; + if (outlen > 0) + ret = ctx->meth.squeeze(ctx, out, outlen); + + *outl = outlen; + return ret; +} + /*- * Generic software version of the absorb() and final(). */ @@ -127,15 +146,28 @@ static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) return SHA3_absorb(ctx->A, inp, len, ctx->block_size); } -static int generic_sha3_final(unsigned char *md, void *vctx) +static int generic_sha3_final(void *vctx, unsigned char *out, size_t outlen) { - return ossl_sha3_final(md, (KECCAK1600_CTX *)vctx); + return ossl_sha3_final((KECCAK1600_CTX *)vctx, out, outlen); +} + +static int generic_sha3_squeeze(void *vctx, unsigned char *out, size_t outlen) +{ + return ossl_sha3_squeeze((KECCAK1600_CTX *)vctx, out, outlen); } static PROV_SHA3_METHOD sha3_generic_md = { generic_sha3_absorb, - generic_sha3_final + generic_sha3_final, + NULL +}; + +static PROV_SHA3_METHOD shake_generic_md = +{ + generic_sha3_absorb, + generic_sha3_final, + generic_sha3_squeeze }; #if defined(S390_SHA3) @@ -156,59 +188,60 @@ static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) return rem; } -static int s390x_sha3_final(unsigned char *md, void *vctx) +static int s390x_sha3_final(void *vctx, unsigned char *out, size_t outlen) { KECCAK1600_CTX *ctx = vctx; if (!ossl_prov_is_running()) return 0; s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); - memcpy(md, ctx->A, ctx->md_size); + memcpy(out, ctx->A, outlen); return 1; } -static int s390x_shake_final(unsigned char *md, void *vctx) +static int s390x_shake_final(void *vctx, unsigned char *out, size_t outlen) { KECCAK1600_CTX *ctx = vctx; if (!ossl_prov_is_running()) return 0; - s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); + s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, ctx->pad, ctx->A); return 1; } -static int s390x_keccakc_final(unsigned char *md, void *vctx, int padding) +static int s390x_keccakc_final(void *vctx, unsigned char *out, size_t outlen, + int padding) { KECCAK1600_CTX *ctx = vctx; size_t bsz = ctx->block_size; size_t num = ctx->bufsz; - size_t needed = ctx->md_size; + size_t needed = outlen; if (!ossl_prov_is_running()) return 0; - if (ctx->md_size == 0) + if (outlen == 0) return 1; memset(ctx->buf + num, 0, bsz - num); ctx->buf[num] = padding; ctx->buf[bsz - 1] |= 0x80; s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A); num = needed > bsz ? bsz : needed; - memcpy(md, ctx->A, num); + memcpy(out, ctx->A, num); needed -= num; if (needed > 0) - s390x_klmd(NULL, 0, md + bsz, needed, ctx->pad | S390X_KLMD_PS, ctx->A); + s390x_klmd(NULL, 0, out + bsz, needed, ctx->pad | S390X_KLMD_PS, ctx->A); return 1; } -static int s390x_keccak_final(unsigned char *md, void *vctx) +static int s390x_keccak_final(void *vctx, unsigned char *out, size_t outlen) { - return s390x_keccakc_final(md, vctx, 0x01); + return s390x_keccakc_final(vctx, out, outlen, 0x01); } -static int s390x_kmac_final(unsigned char *md, void *vctx) +static int s390x_kmac_final(void *vctx, unsigned char *out, size_t outlen) { - return s390x_keccakc_final(md, vctx, 0x04); + return s390x_keccakc_final(vctx, out, outlen, 0x04); } static PROV_SHA3_METHOD sha3_s390x_md = @@ -220,7 +253,7 @@ static PROV_SHA3_METHOD sha3_s390x_md = static PROV_SHA3_METHOD keccak_s390x_md = { s390x_sha3_absorb, - s390x_keccak_final + s390x_keccak_final, }; static PROV_SHA3_METHOD shake_s390x_md = @@ -235,6 +268,14 @@ static PROV_SHA3_METHOD kmac_s390x_md = s390x_kmac_final }; +# define SHAKE_SET_MD(uname, typ) \ + if (S390_SHA3_CAPABLE(uname)) { \ + ctx->pad = S390X_##uname; \ + ctx->meth = typ##_s390x_md; \ + } else { \ + ctx->meth = shake_generic_md; \ + } + # define SHA3_SET_MD(uname, typ) \ if (S390_SHA3_CAPABLE(uname)) { \ ctx->pad = S390X_##uname; \ @@ -255,7 +296,7 @@ static PROV_SHA3_METHOD kmac_s390x_md = static sha3_absorb_fn armsha3_sha3_absorb; size_t SHA3_absorb_cext(uint64_t A[5][5], const unsigned char *inp, size_t len, - size_t r); + size_t r); /*- * Hardware-assisted ARMv8.2 SHA3 extension version of the absorb() */ @@ -271,6 +312,19 @@ static PROV_SHA3_METHOD sha3_ARMSHA3_md = armsha3_sha3_absorb, generic_sha3_final }; +static PROV_SHA3_METHOD shake_ARMSHA3_md = +{ + armsha3_sha3_absorb, + generic_sha3_final, + generic_sha3_squeeze +}; +# define SHAKE_SET_MD(uname, typ) \ + if (OPENSSL_armcap_P & ARMV8_HAVE_SHA3_AND_WORTH_USING) { \ + ctx->meth = shake_ARMSHA3_md; \ + } else { \ + ctx->meth = shake_generic_md; \ + } + # define SHA3_SET_MD(uname, typ) \ if (OPENSSL_armcap_P & ARMV8_HAVE_SHA3_AND_WORTH_USING) { \ ctx->meth = sha3_ARMSHA3_md; \ @@ -286,6 +340,7 @@ static PROV_SHA3_METHOD sha3_ARMSHA3_md = #else # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; # define KMAC_SET_MD(bitlen) ctx->meth = sha3_generic_md; +# define SHAKE_SET_MD(uname, typ) ctx->meth = shake_generic_md; #endif /* S390_SHA3 */ #define SHA3_newctx(typ, uname, name, bitlen, pad) \ @@ -302,6 +357,20 @@ static void *name##_newctx(void *provctx) \ return ctx; \ } +#define SHAKE_newctx(typ, uname, name, bitlen, pad) \ +static OSSL_FUNC_digest_newctx_fn name##_newctx; \ +static void *name##_newctx(void *provctx) \ +{ \ + KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx))\ + : NULL; \ + \ + if (ctx == NULL) \ + return NULL; \ + ossl_sha3_init(ctx, pad, bitlen); \ + SHAKE_SET_MD(uname, typ) \ + return ctx; \ +} + #define KMAC_newctx(uname, bitlen, pad) \ static OSSL_FUNC_digest_newctx_fn uname##_newctx; \ static void *uname##_newctx(void *provctx) \ @@ -333,6 +402,7 @@ const OSSL_DISPATCH ossl_##name##_functions[] = { \ #define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags) \ PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ + { OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))shake_squeeze }, \ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init_params }, \ { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \ { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \ @@ -398,7 +468,7 @@ static int shake_set_ctx_params(void *vctx, const OSSL_PARAM params[]) SHA3_FLAGS) #define IMPLEMENT_SHAKE_functions(bitlen) \ - SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ + SHAKE_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \ SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ SHAKE_FLAGS) diff --git a/test/build.info b/test/build.info index 1784a41d8d2..10f29b19cfb 100644 --- a/test/build.info +++ b/test/build.info @@ -62,7 +62,8 @@ IF[{- !$disabled{tests} -}] bio_readbuffer_test user_property_test pkcs7_test upcallstest \ provfetchtest prov_config_test rand_test ca_internals_test \ bio_tfo_test membio_test bio_dgram_test list_test fips_version_test \ - x509_test hpke_test pairwise_fail_test nodefltctxtest + x509_test hpke_test pairwise_fail_test nodefltctxtest \ + evp_xof_test IF[{- !$disabled{'rpk'} -}] PROGRAMS{noinst}=rpktest @@ -558,6 +559,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[evp_kdf_test]=../include ../apps/include DEPEND[evp_kdf_test]=../libcrypto libtestutil.a + SOURCE[evp_xof_test]=evp_xof_test.c + INCLUDE[evp_xof_test]=../include ../apps/include + DEPEND[evp_xof_test]=../libcrypto libtestutil.a + SOURCE[evp_pkey_dparams_test]=evp_pkey_dparams_test.c INCLUDE[evp_pkey_dparams_test]=../include ../apps/include DEPEND[evp_pkey_dparams_test]=../libcrypto libtestutil.a diff --git a/test/evp_xof_test.c b/test/evp_xof_test.c new file mode 100644 index 00000000000..eeff8667c41 --- /dev/null +++ b/test/evp_xof_test.c @@ -0,0 +1,492 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "testutil.h" +#include "internal/nelem.h" + +static const unsigned char shake256_input[] = { + 0x8d, 0x80, 0x01, 0xe2, 0xc0, 0x96, 0xf1, 0xb8, + 0x8e, 0x7c, 0x92, 0x24, 0xa0, 0x86, 0xef, 0xd4, + 0x79, 0x7f, 0xbf, 0x74, 0xa8, 0x03, 0x3a, 0x2d, + 0x42, 0x2a, 0x2b, 0x6b, 0x8f, 0x67, 0x47, 0xe4 +}; + +/* + * This KAT output is 250 bytes, which is more than + * the SHAKE256 block size (136 bytes). + */ +static const unsigned char shake256_output[] = { + 0x2e, 0x97, 0x5f, 0x6a, 0x8a, 0x14, 0xf0, 0x70, + 0x4d, 0x51, 0xb1, 0x36, 0x67, 0xd8, 0x19, 0x5c, + 0x21, 0x9f, 0x71, 0xe6, 0x34, 0x56, 0x96, 0xc4, + 0x9f, 0xa4, 0xb9, 0xd0, 0x8e, 0x92, 0x25, 0xd3, + 0xd3, 0x93, 0x93, 0x42, 0x51, 0x52, 0xc9, 0x7e, + 0x71, 0xdd, 0x24, 0x60, 0x1c, 0x11, 0xab, 0xcf, + 0xa0, 0xf1, 0x2f, 0x53, 0xc6, 0x80, 0xbd, 0x3a, + 0xe7, 0x57, 0xb8, 0x13, 0x4a, 0x9c, 0x10, 0xd4, + 0x29, 0x61, 0x58, 0x69, 0x21, 0x7f, 0xdd, 0x58, + 0x85, 0xc4, 0xdb, 0x17, 0x49, 0x85, 0x70, 0x3a, + 0x6d, 0x6d, 0xe9, 0x4a, 0x66, 0x7e, 0xac, 0x30, + 0x23, 0x44, 0x3a, 0x83, 0x37, 0xae, 0x1b, 0xc6, + 0x01, 0xb7, 0x6d, 0x7d, 0x38, 0xec, 0x3c, 0x34, + 0x46, 0x31, 0x05, 0xf0, 0xd3, 0x94, 0x9d, 0x78, + 0xe5, 0x62, 0xa0, 0x39, 0xe4, 0x46, 0x95, 0x48, + 0xb6, 0x09, 0x39, 0x5d, 0xe5, 0xa4, 0xfd, 0x43, + 0xc4, 0x6c, 0xa9, 0xfd, 0x6e, 0xe2, 0x9a, 0xda, + 0x5e, 0xfc, 0x07, 0xd8, 0x4d, 0x55, 0x32, 0x49, + 0x45, 0x0d, 0xab, 0x4a, 0x49, 0xc4, 0x83, 0xde, + 0xd2, 0x50, 0xc9, 0x33, 0x8f, 0x85, 0xcd, 0x93, + 0x7a, 0xe6, 0x6b, 0xb4, 0x36, 0xf3, 0xb4, 0x02, + 0x6e, 0x85, 0x9f, 0xda, 0x1c, 0xa5, 0x71, 0x43, + 0x2f, 0x3b, 0xfc, 0x09, 0xe7, 0xc0, 0x3c, 0xa4, + 0xd1, 0x83, 0xb7, 0x41, 0x11, 0x1c, 0xa0, 0x48, + 0x3d, 0x0e, 0xda, 0xbc, 0x03, 0xfe, 0xb2, 0x3b, + 0x17, 0xee, 0x48, 0xe8, 0x44, 0xba, 0x24, 0x08, + 0xd9, 0xdc, 0xfd, 0x01, 0x39, 0xd2, 0xe8, 0xc7, + 0x31, 0x01, 0x25, 0xae, 0xe8, 0x01, 0xc6, 0x1a, + 0xb7, 0x90, 0x0d, 0x1e, 0xfc, 0x47, 0xc0, 0x78, + 0x28, 0x17, 0x66, 0xf3, 0x61, 0xc5, 0xe6, 0x11, + 0x13, 0x46, 0x23, 0x5e, 0x1d, 0xc3, 0x83, 0x25, + 0x66, 0x6c +}; + +static const unsigned char shake256_largemsg_input[] = { + 0xb2, 0xd2, 0x38, 0x65, 0xaf, 0x8f, 0x25, 0x6e, + 0x64, 0x40, 0xe2, 0x0d, 0x49, 0x8e, 0x3e, 0x64, + 0x46, 0xd2, 0x03, 0xa4, 0x19, 0xe3, 0x7b, 0x80, + 0xf7, 0x2b, 0x32, 0xe2, 0x76, 0x01, 0xfe, 0xdd, + 0xaa, 0x33, 0x3d, 0xe4, 0x8e, 0xe1, 0x5e, 0x39, + 0xa6, 0x92, 0xa3, 0xa7, 0xe3, 0x81, 0x24, 0x74, + 0xc7, 0x38, 0x18, 0x92, 0xc9, 0x60, 0x50, 0x15, + 0xfb, 0xd8, 0x04, 0xea, 0xea, 0x04, 0xd2, 0xc5, + 0xc6, 0x68, 0x04, 0x5b, 0xc3, 0x75, 0x12, 0xd2, + 0xbe, 0xa2, 0x67, 0x75, 0x24, 0xbf, 0x68, 0xad, + 0x10, 0x86, 0xb3, 0x2c, 0xb3, 0x74, 0xa4, 0x6c, + 0xf9, 0xd7, 0x1e, 0x58, 0x69, 0x27, 0x88, 0x49, + 0x4e, 0x99, 0x15, 0x33, 0x14, 0xf2, 0x49, 0x21, + 0xf4, 0x99, 0xb9, 0xde, 0xd4, 0xf1, 0x12, 0xf5, + 0x68, 0xe5, 0x5c, 0xdc, 0x9e, 0xc5, 0x80, 0x6d, + 0x39, 0x50, 0x08, 0x95, 0xbb, 0x12, 0x27, 0x50, + 0x89, 0xf0, 0xf9, 0xd5, 0x4a, 0x01, 0x0b, 0x0d, + 0x90, 0x9f, 0x1e, 0x4a, 0xba, 0xbe, 0x28, 0x36, + 0x19, 0x7d, 0x9c, 0x0a, 0x51, 0xfb, 0xeb, 0x00, + 0x02, 0x6c, 0x4b, 0x0a, 0xa8, 0x6c, 0xb7, 0xc4, + 0xc0, 0x92, 0x37, 0xa7, 0x2d, 0x49, 0x61, 0x80, + 0xd9, 0xdb, 0x20, 0x21, 0x9f, 0xcf, 0xb4, 0x57, + 0x69, 0x75, 0xfa, 0x1c, 0x95, 0xbf, 0xee, 0x0d, + 0x9e, 0x52, 0x6e, 0x1e, 0xf8, 0xdd, 0x41, 0x8c, + 0x3b, 0xaa, 0x57, 0x13, 0x84, 0x73, 0x52, 0x62, + 0x18, 0x76, 0x46, 0xcc, 0x4b, 0xcb, 0xbd, 0x40, + 0xa1, 0xf6, 0xff, 0x7b, 0x32, 0xb9, 0x90, 0x7c, + 0x53, 0x2c, 0xf9, 0x38, 0x72, 0x0f, 0xcb, 0x90, + 0x42, 0x5e, 0xe2, 0x80, 0x19, 0x26, 0xe7, 0x99, + 0x96, 0x98, 0x18, 0xb1, 0x86, 0x5b, 0x4c, 0xd9, + 0x08, 0x27, 0x31, 0x8f, 0xf0, 0x90, 0xd9, 0x35, + 0x6a, 0x1f, 0x75, 0xc2, 0xe0, 0xa7, 0x60, 0xb8, + 0x1d, 0xd6, 0x5f, 0x56, 0xb2, 0x0b, 0x27, 0x0e, + 0x98, 0x67, 0x1f, 0x39, 0x18, 0x27, 0x68, 0x0a, + 0xe8, 0x31, 0x1b, 0xc0, 0x97, 0xec, 0xd1, 0x20, + 0x2a, 0x55, 0x69, 0x23, 0x08, 0x50, 0x05, 0xec, + 0x13, 0x3b, 0x56, 0xfc, 0x18, 0xc9, 0x1a, 0xa9, + 0x69, 0x0e, 0xe2, 0xcc, 0xc8, 0xd6, 0x19, 0xbb, + 0x87, 0x3b, 0x42, 0x77, 0xee, 0x77, 0x81, 0x26, + 0xdd, 0xf6, 0x5d, 0xc3, 0xb2, 0xb0, 0xc4, 0x14, + 0x6d, 0xb5, 0x4f, 0xdc, 0x13, 0x09, 0xc8, 0x53, + 0x50, 0xb3, 0xea, 0xd3, 0x5f, 0x11, 0x67, 0xd4, + 0x2f, 0x6e, 0x30, 0x1a, 0xbe, 0xd6, 0xf0, 0x2d, + 0xc9, 0x29, 0xd9, 0x0a, 0xa8, 0x6f, 0xa4, 0x18, + 0x74, 0x6b, 0xd3, 0x5d, 0x6a, 0x73, 0x3a, 0xf2, + 0x94, 0x7f, 0xbd, 0xb4, 0xa6, 0x7f, 0x5b, 0x3d, + 0x26, 0xf2, 0x6c, 0x13, 0xcf, 0xb4, 0x26, 0x1e, + 0x38, 0x17, 0x66, 0x60, 0xb1, 0x36, 0xae, 0xe0, + 0x6d, 0x86, 0x69, 0xe7, 0xe7, 0xae, 0x77, 0x6f, + 0x7e, 0x99, 0xe5, 0xd9, 0x62, 0xc9, 0xfc, 0xde, + 0xb4, 0xee, 0x7e, 0xc8, 0xe9, 0xb7, 0x2c, 0xe2, + 0x70, 0xe8, 0x8b, 0x2d, 0x94, 0xad, 0xe8, 0x54, + 0xa3, 0x2d, 0x9a, 0xe2, 0x50, 0x63, 0x87, 0xb3, + 0x56, 0x29, 0xea, 0xa8, 0x5e, 0x96, 0x53, 0x9f, + 0x23, 0x8a, 0xef, 0xa3, 0xd4, 0x87, 0x09, 0x5f, + 0xba, 0xc3, 0xd1, 0xd9, 0x1a, 0x7b, 0x5c, 0x5d, + 0x5d, 0x89, 0xed, 0xb6, 0x6e, 0x39, 0x73, 0xa5, + 0x64, 0x59, 0x52, 0x8b, 0x61, 0x8f, 0x66, 0x69, + 0xb9, 0xf0, 0x45, 0x0a, 0x57, 0xcd, 0xc5, 0x7f, + 0x5d, 0xd0, 0xbf, 0xcc, 0x0b, 0x48, 0x12, 0xe1, + 0xe2, 0xc2, 0xea, 0xcc, 0x09, 0xd9, 0x42, 0x2c, + 0xef, 0x4f, 0xa7, 0xe9, 0x32, 0x5c, 0x3f, 0x22, + 0xc0, 0x45, 0x0b, 0x67, 0x3c, 0x31, 0x69, 0x29, + 0xa3, 0x39, 0xdd, 0x6e, 0x2f, 0xbe, 0x10, 0xc9, + 0x7b, 0xff, 0x19, 0x8a, 0xe9, 0xea, 0xfc, 0x32, + 0x41, 0x33, 0x70, 0x2a, 0x9a, 0xa4, 0xe6, 0xb4, + 0x7e, 0xb4, 0xc6, 0x21, 0x49, 0x5a, 0xfc, 0x45, + 0xd2, 0x23, 0xb3, 0x28, 0x4d, 0x83, 0x60, 0xfe, + 0x70, 0x68, 0x03, 0x59, 0xd5, 0x15, 0xaa, 0x9e, + 0xa0, 0x2e, 0x36, 0xb5, 0x61, 0x0f, 0x61, 0x05, + 0x3c, 0x62, 0x00, 0xa0, 0x47, 0xf1, 0x86, 0xba, + 0x33, 0xb8, 0xca, 0x60, 0x2f, 0x3f, 0x0a, 0x67, + 0x09, 0x27, 0x2f, 0xa2, 0x96, 0x02, 0x52, 0x58, + 0x55, 0x68, 0x80, 0xf4, 0x4f, 0x47, 0xba, 0xff, + 0x41, 0x7a, 0x40, 0x4c, 0xfd, 0x9d, 0x10, 0x72, + 0x0e, 0x20, 0xa9, 0x7f, 0x9b, 0x9b, 0x14, 0xeb, + 0x8e, 0x61, 0x25, 0xcb, 0xf4, 0x58, 0xff, 0x47, + 0xa7, 0x08, 0xd6, 0x4e, 0x2b, 0xf1, 0xf9, 0x89, + 0xd7, 0x22, 0x0f, 0x8d, 0x35, 0x07, 0xa0, 0x54, + 0xab, 0x83, 0xd8, 0xee, 0x5a, 0x3e, 0x88, 0x74, + 0x46, 0x41, 0x6e, 0x3e, 0xb7, 0xc0, 0xb6, 0x55, + 0xe0, 0x36, 0xc0, 0x2b, 0xbf, 0xb8, 0x24, 0x8a, + 0x44, 0x82, 0xf4, 0xcb, 0xb5, 0xd7, 0x41, 0x48, + 0x51, 0x08, 0xe0, 0x14, 0x34, 0xd2, 0x6d, 0xe9, + 0x7a, 0xec, 0x91, 0x61, 0xa7, 0xe1, 0x81, 0x69, + 0x47, 0x1c, 0xc7, 0xf3 +}; + +static const unsigned char shake256_largemsg_output[] = { + 0x64, 0xea, 0x24, 0x6a, 0xab, 0x80, 0x37, 0x9e, + 0x08, 0xe2, 0x19, 0x9e, 0x09, 0x69, 0xe2, 0xee, + 0x1a, 0x5d, 0xd1, 0x68, 0x68, 0xec, 0x8d, 0x42, + 0xd0, 0xf8, 0xb8, 0x44, 0x74, 0x54, 0x87, 0x3e, +}; + +static EVP_MD_CTX *shake_setup(const char *name) +{ + EVP_MD_CTX *ctx = NULL; + EVP_MD *md = NULL; + + if (!TEST_ptr(md = EVP_MD_fetch(NULL, name, NULL))) + return NULL; + + if (!TEST_ptr(ctx = EVP_MD_CTX_new())) + goto err; + if (!TEST_true(EVP_DigestInit_ex2(ctx, md, NULL))) + goto err; + EVP_MD_free(md); + return ctx; +err: + EVP_MD_free(md); + EVP_MD_CTX_free(ctx); + return NULL; +} + +static int shake_kat_test(void) +{ + int ret = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char out[sizeof(shake256_output)]; + + if (!TEST_ptr(ctx = shake_setup("SHAKE256"))) + return 0; + if (!TEST_true(EVP_DigestUpdate(ctx, shake256_input, + sizeof(shake256_input))) + || !TEST_true(EVP_DigestFinalXOF(ctx, out, sizeof(out))) + || !TEST_mem_eq(out, sizeof(out), + shake256_output,sizeof(shake256_output)) + /* Test that a second call to EVP_DigestFinalXOF fails */ + || !TEST_false(EVP_DigestFinalXOF(ctx, out, sizeof(out))) + /* Test that a call to EVP_DigestSqueeze fails */ + || !TEST_false(EVP_DigestSqueeze(ctx, out, sizeof(out)))) + goto err; + ret = 1; +err: + EVP_MD_CTX_free(ctx); + return ret; +} + +static int shake_kat_digestfinal_test(void) +{ + int ret = 0; + unsigned int digest_length = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char out[sizeof(shake256_output)]; + + if (!TEST_ptr(ctx = shake_setup("SHAKE256"))) + return 0; + if (!TEST_true(EVP_DigestUpdate(ctx, shake256_input, + sizeof(shake256_input))) + || !TEST_true(EVP_DigestFinal(ctx, out, &digest_length)) + || !TEST_uint_eq(digest_length, 32) + || !TEST_mem_eq(out, digest_length, + shake256_output, digest_length) + || !TEST_false(EVP_DigestFinalXOF(ctx, out, sizeof(out)))) + goto err; + ret = 1; +err: + EVP_MD_CTX_free(ctx); + return ret; +} + +/* + * Test that EVP_DigestFinal() returns the output length + * set by the OSSL_DIGEST_PARAM_XOFLEN param. + */ +static int shake_kat_digestfinal_xoflen_test(void) +{ + int ret = 0; + unsigned int digest_length = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char out[sizeof(shake256_output)]; + OSSL_PARAM params[2]; + size_t sz = 12; + + if (!TEST_ptr(ctx = shake_setup("SHAKE256"))) + return 0; + + memset(out, 0, sizeof(out)); + params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz); + params[1] = OSSL_PARAM_construct_end(); + + if (!TEST_int_eq(EVP_MD_CTX_set_params(ctx, params), 1) + || !TEST_true(EVP_DigestUpdate(ctx, shake256_input, + sizeof(shake256_input))) + || !TEST_true(EVP_DigestFinal(ctx, out, &digest_length)) + || !TEST_uint_eq(digest_length, (unsigned int)sz) + || !TEST_mem_eq(out, digest_length, + shake256_output, digest_length) + || !TEST_uchar_eq(out[digest_length], 0)) + goto err; + ret = 1; +err: + EVP_MD_CTX_free(ctx); + return ret; +} + +/* + * Test that multiple absorb calls gives the expected result. + * This is a nested test that uses multiple strides for the input. + */ +static int shake_absorb_test(void) +{ + int ret = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char out[sizeof(shake256_largemsg_output)]; + size_t total = sizeof(shake256_largemsg_input); + size_t i, stride, sz; + + if (!TEST_ptr(ctx = shake_setup("SHAKE256"))) + return 0; + + for (stride = 1; stride < total; ++stride) { + sz = 0; + for (i = 0; i < total; i += sz) { + sz += stride; + if ((i + sz) > total) + sz = total - i; + if (!TEST_true(EVP_DigestUpdate(ctx, shake256_largemsg_input + i, + sz))) + goto err; + } + if (!TEST_true(EVP_DigestFinalXOF(ctx, out, sizeof(out))) + || !TEST_mem_eq(out, sizeof(out), + shake256_largemsg_output, + sizeof(shake256_largemsg_output))) + goto err; + if (!TEST_true(EVP_DigestInit_ex2(ctx, NULL, NULL))) + goto err; + } + ret = 1; +err: + EVP_MD_CTX_free(ctx); + return ret; +} + +/* + * Table containing the size of the output to squeeze for the + * initially call, followed by a size for each subsequent call. + */ +static const struct { + size_t startsz, incsz; +} stride_tests[] = { + { 1, 1 }, + { 1, 136 }, + { 1, 136/2 }, + { 1, 136/2-1 }, + { 1, 136/2+1 }, + { 1, 136*3 }, + { 8, 8 }, + { 9, 9 }, + { 10, 10 }, + { 136/2 - 1, 136 }, + { 136/2 - 1, 136-1 }, + { 136/2 - 1, 136+1 }, + { 136/2, 136 }, + { 136/2, 136-1 }, + { 136/2, 136+1 }, + { 136/2 + 1, 136 }, + { 136/2 + 1, 136-1 }, + { 136/2 + 1, 136+1 }, + { 136, 2 }, + { 136, 136 }, + { 136-1, 136 }, + { 136-1, 136-1 }, + { 136-1, 136+1 }, + { 136+1, 136 }, + { 136+1, 136-1 }, + { 136+1, 136+1 }, + { 136*3, 136 }, + { 136*3, 136 + 1 }, + { 136*3, 136 - 1 }, + { 136*3, 136/2 }, + { 136*3, 136/2 + 1 }, + { 136*3, 136/2 - 1 }, +}; + +/* + * Helper to do multiple squeezes of output data using SHAKE256. + * tst is an index into the stride_tests[] containing an initial starting + * output length, followed by a second output length to use for all remaining + * squeezes. expected_outlen contains the total number of bytes to squeeze. + * in and inlen represent the input to absorb. expected_out and expected_outlen + * represent the expected output. + */ +static int do_shake_squeeze_test(int tst, + const unsigned char *in, size_t inlen, + const unsigned char *expected_out, + size_t expected_outlen) +{ + int ret = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char *out = NULL; + size_t i = 0, sz = stride_tests[tst].startsz; + + if (!TEST_ptr(ctx = shake_setup("SHAKE256"))) + return 0; + if (!TEST_ptr(out = OPENSSL_malloc(expected_outlen))) + goto err; + if (!TEST_true(EVP_DigestUpdate(ctx, in, inlen))) + goto err; + + while (i < expected_outlen) { + if ((i + sz) > expected_outlen) + sz = expected_outlen - i; + if (!TEST_true(EVP_DigestSqueeze(ctx, out + i, sz))) + goto err; + i += sz; + sz = stride_tests[tst].incsz; + } + if (!TEST_mem_eq(out, expected_outlen, expected_out, expected_outlen)) + goto err; + ret = 1; +err: + OPENSSL_free(out); + EVP_MD_CTX_free(ctx); + return ret; +} + +static int shake_squeeze_kat_test(int tst) +{ + return do_shake_squeeze_test(tst, shake256_input, sizeof(shake256_input), + shake256_output, sizeof(shake256_output)); +} + +/* + * Generate some random input to absorb, and then + * squeeze it out in one operation to get a expected + * output. Use this to test that multiple squeeze calls + * on the same input gives the same output. + */ +static int shake_squeeze_large_test(int tst) +{ + int ret = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char msg[16]; + unsigned char out[2000]; + + if (!TEST_int_gt(RAND_bytes(msg, sizeof(msg)), 0) + || !TEST_ptr(ctx = shake_setup("SHAKE256")) + || !TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) + || !TEST_true(EVP_DigestFinalXOF(ctx, out, sizeof(out)))) + goto err; + + ret = do_shake_squeeze_test(tst, msg, sizeof(msg), out, sizeof(out)); +err: + EVP_MD_CTX_free(ctx); + return ret; +} + +static const size_t dupoffset_tests[] = { + 1, 135, 136, 137, 136*3-1, 136*3, 136*3+1 +}; + +/* Helper function to test that EVP_MD_CTX_dup() copies the internal state */ +static int do_shake_squeeze_dup_test(int tst, const char *alg, + const unsigned char *in, size_t inlen, + const unsigned char *expected_out, + size_t expected_outlen) +{ + int ret = 0; + EVP_MD_CTX *cur, *ctx = NULL, *dupctx = NULL; + unsigned char *out = NULL; + size_t i = 0, sz = 10; + size_t dupoffset = dupoffset_tests[tst]; + + if (!TEST_ptr(ctx = shake_setup(alg))) + return 0; + cur = ctx; + if (!TEST_ptr(out = OPENSSL_malloc(expected_outlen))) + goto err; + if (!TEST_true(EVP_DigestUpdate(ctx, in, inlen))) + goto err; + + while (i < expected_outlen) { + if ((i + sz) > expected_outlen) + sz = expected_outlen - i; + if (!TEST_true(EVP_DigestSqueeze(cur, out + i, sz))) + goto err; + i += sz; + /* At a certain offset we swap to a new ctx that copies the state */ + if (dupctx == NULL && i >= dupoffset) { + if (!TEST_ptr(dupctx = EVP_MD_CTX_dup(ctx))) + goto err; + cur = dupctx; + } + } + if (!TEST_mem_eq(out, expected_outlen, expected_out, expected_outlen)) + goto err; + ret = 1; +err: + OPENSSL_free(out); + EVP_MD_CTX_free(ctx); + EVP_MD_CTX_free(dupctx); + return ret; +} + +/* Test that the internal state can be copied */ +static int shake_squeeze_dup_test(int tst) +{ + int ret = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char msg[16]; + unsigned char out[1000]; + const char *alg = "SHAKE128"; + + if (!TEST_int_gt(RAND_bytes(msg, sizeof(msg)), 0) + || !TEST_ptr(ctx = shake_setup(alg)) + || !TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) + || !TEST_true(EVP_DigestFinalXOF(ctx, out, sizeof(out)))) + goto err; + + ret = do_shake_squeeze_dup_test(tst, alg, msg, sizeof(msg), + out, sizeof(out)); +err: + EVP_MD_CTX_free(ctx); + return ret; +} + +int setup_tests(void) +{ + ADD_TEST(shake_kat_test); + ADD_TEST(shake_kat_digestfinal_test); + ADD_TEST(shake_kat_digestfinal_xoflen_test); + ADD_TEST(shake_absorb_test); + ADD_ALL_TESTS(shake_squeeze_kat_test, OSSL_NELEM(stride_tests)); + ADD_ALL_TESTS(shake_squeeze_large_test, OSSL_NELEM(stride_tests)); + ADD_ALL_TESTS(shake_squeeze_dup_test, OSSL_NELEM(dupoffset_tests)); + return 1; +} diff --git a/test/recipes/30-test_evp_xof.t b/test/recipes/30-test_evp_xof.t new file mode 100644 index 00000000000..c3dd6062de1 --- /dev/null +++ b/test/recipes/30-test_evp_xof.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_evp_xof", "evp_xof_test"); diff --git a/util/libcrypto.num b/util/libcrypto.num index a16f93db47e..b64b0ddc5cb 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5536,3 +5536,4 @@ X509_STORE_CTX_set_get_crl ? 3_2_0 EXIST::FUNCTION: X509_STORE_CTX_set_current_reasons ? 3_2_0 EXIST::FUNCTION: OSSL_STORE_delete ? 3_2_0 EXIST::FUNCTION: BIO_ADDR_copy ? 3_2_0 EXIST::FUNCTION:SOCK +EVP_DigestSqueeze ? 3_2_0 EXIST::FUNCTION: -- 2.47.2