From 4aac71f705f5fff15c6cb0da44d9f8014f48901f Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Fri, 12 Mar 2021 08:46:55 +1000
Subject: [PATCH] doc: add life-cycle source files

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
---
 doc/life-cycles/Makefile       |  26 ++++++++++++
 doc/life-cycles/README.md      |  18 +++++++++
 doc/life-cycles/cipher.dot     |  72 +++++++++++++++++++++++++++++++++
 doc/life-cycles/digest.dot     |  31 ++++++++++++++
 doc/life-cycles/kdf.dot        |  14 +++++++
 doc/life-cycles/lifecycles.ods | Bin 0 -> 16408 bytes
 doc/life-cycles/mac.dot        |  24 +++++++++++
 doc/life-cycles/pkey.dot       |  48 ++++++++++++++++++++++
 doc/life-cycles/rand.dot       |  15 +++++++
 9 files changed, 248 insertions(+)
 create mode 100644 doc/life-cycles/Makefile
 create mode 100644 doc/life-cycles/README.md
 create mode 100644 doc/life-cycles/cipher.dot
 create mode 100644 doc/life-cycles/digest.dot
 create mode 100644 doc/life-cycles/kdf.dot
 create mode 100644 doc/life-cycles/lifecycles.ods
 create mode 100644 doc/life-cycles/mac.dot
 create mode 100644 doc/life-cycles/pkey.dot
 create mode 100644 doc/life-cycles/rand.dot

diff --git a/doc/life-cycles/Makefile b/doc/life-cycles/Makefile
new file mode 100644
index 00000000000..4c12558e63d
--- /dev/null
+++ b/doc/life-cycles/Makefile
@@ -0,0 +1,26 @@
+GRAPHS=cipher.dot digest.dot kdf.dot mac.dot pkey.dot rand.dot
+IMAGES=
+
+all: png txt
+png: $(subst .dot,.png,$(GRAPHS))
+txt: $(subst .dot,.txt,$(GRAPHS))
+	@echo
+	@echo Remember to check and manually fix the mistakes before merging
+	@echo into the man pages.
+	@echo
+
+# for the dot program:
+#	sudo apt install graphviz
+%.png: %.dot
+	dot -Tpng -O $<
+	@mv $<.png $@
+
+# for the graph-easy program:
+#	sudo apt install cpanminus
+#	sudo cpanm Graph::Easy
+%.txt: %.dot
+	graph-easy --from=dot --as_ascii < $< > $@
+
+clean:
+	rm -f $(wildcard *.png) $(wildcard *.txt)
+
diff --git a/doc/life-cycles/README.md b/doc/life-cycles/README.md
new file mode 100644
index 00000000000..d5043965455
--- /dev/null
+++ b/doc/life-cycles/README.md
@@ -0,0 +1,18 @@
+This directory contains the algorithm life-cycle diagram sources.
+
+The canonical life-cycles are in the spreadsheet.
+
+The various .dot files are graph descriptions for the
+[GraphViz](https://www.graphviz.org/) tool.  These omit edges and should
+be used for guidance only.
+
+To generate the rendered images, you need to install:
+``` sh
+sudo apt install graphviz cpanminus
+sudo cpanm Graph::Easy
+```
+
+Running `make` will produce a number of `.txt` and `.png` files.
+These are the rendered `.dot` files.  The `.txt` files require
+additional editing before they can be added to the manual pages in
+`internal/man7/life_cycle-*.pod`.
diff --git a/doc/life-cycles/cipher.dot b/doc/life-cycles/cipher.dot
new file mode 100644
index 00000000000..6f1acb40266
--- /dev/null
+++ b/doc/life-cycles/cipher.dot
@@ -0,0 +1,72 @@
+digraph cipher {
+    begin [label=start, color="#deeaee", style="filled"];
+    newed [fontcolor="#c94c4c", style="solid"];
+
+    initialised [fontcolor="#c94c4c"];
+    updated [fontcolor="#c94c4c"];
+    finaled [fontcolor="#c94c4c"];
+    end [label="freed", color="#deeaee", style="filled"];
+
+    d_initialised [label="initialised\n(decryption)", fontcolor="#c94c4c"];
+    d_updated [label="updated\n(decryption)", fontcolor="#c94c4c"];
+    e_initialised [label="initialised\n(encryption)", fontcolor="#c94c4c"];
+    e_updated [label="updated\n(encryption)", fontcolor="#c94c4c"];
+
+    begin -> newed [label="EVP_CIPHER_CTX_new"];
+    newed -> initialised [label="EVP_CipherInit"];
+    initialised -> initialised [label="EVP_CipherInit\n(not required but allowed)",
+                                style=dashed];
+    initialised -> updated [label="EVP_CipherUpdate", weight=2];
+    updated -> updated [label="EVP_CipherUpdate"];
+    updated -> finaled [label="EVP_CipherFinal"];
+    finaled -> finaled [label="EVP_CIPHER_CTX_get_params\n(AEAD encryption)",
+                        style=dashed];
+    finaled -> end [label="EVP_CIPHER_CTX_free"];
+    finaled -> newed [label="EVP_CIPHER_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+    updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+    newed -> d_initialised [label="EVP_DecryptInit"];
+    d_initialised -> d_initialised [label="EVP_DecryptInit\n(not required but allowed)",
+                                style=dashed];
+    d_initialised -> d_updated [label="EVP_DecryptUpdate", weight=2];
+    d_updated -> d_updated [label="EVP_DecryptUpdate"];
+    d_updated -> finaled [label="EVP_DecryptFinal"];
+    d_updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+    newed -> e_initialised [label="EVP_EncryptInit"];
+    e_initialised -> e_initialised [label="EVP_EncryptInit\n(not required but allowed)",
+                                style=dashed];
+    e_initialised -> e_updated [label="EVP_EncryptUpdate", weight=2];
+    e_updated -> e_updated [label="EVP_EncryptUpdate"];
+    e_updated -> finaled [label="EVP_EncryptFinal"];
+    e_updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+}
+
+/* This is a version with a single flavour which is easier to comprehend
+digraph cipher {
+    begin [label=start, color="#deeaee", style="filled"];
+    newed [fontcolor="#c94c4c", style="solid"];
+    initialised [fontcolor="#c94c4c"];
+    updated [fontcolor="#c94c4c"];
+    finaled [fontcolor="#c94c4c"];
+    end [label="freed", color="#deeaee", style="filled"];
+
+    begin -> newed [label="EVP_CIPHER_CTX_new"];
+    newed -> initialised [label="EVP_CipherInit"];
+    initialised -> initialised [label="EVP_CipherInit\n(not required but allowed)",
+                                style=dashed];
+    initialised -> updated [label="EVP_CipherUpdate", weight=2];
+    updated -> updated [label="EVP_CipherUpdate"];
+    updated -> finaled [label="EVP_CipherFinal"];
+    finaled -> finaled [label="EVP_CIPHER_CTX_get_params\n(AEAD encryption)",
+                        style=dashed];
+    finaled -> end [label="EVP_CIPHER_CTX_free"];
+    finaled -> newed [label="EVP_CIPHER_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+    updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+}
+*/
+
diff --git a/doc/life-cycles/digest.dot b/doc/life-cycles/digest.dot
new file mode 100644
index 00000000000..989342fd109
--- /dev/null
+++ b/doc/life-cycles/digest.dot
@@ -0,0 +1,31 @@
+digraph digest {
+    begin [label=start, color="#deeaee", style="filled"];
+    newed [label=newed, fontcolor="#c94c4c", style="solid"];
+    initialised [label=initialised, fontcolor="#c94c4c"];
+    updated [label=updated, fontcolor="#c94c4c"];
+    finaled [label="finaled", fontcolor="#c94c4c"];
+    end [label="freed", color="#deeaee", style="filled"];
+
+    begin -> newed [label="EVP_MD_CTX_new"];
+    newed -> initialised [label="EVP_DigestInit"];
+    initialised -> updated [label="EVP_DigestUpdate", weight=3];
+    updated -> updated [label="EVP_DigestUpdate"];
+    updated -> finaled [label="EVP_DigestFinal"];
+    updated -> finaled [label="EVP_DigestFinalXOF",
+                        fontcolor="#808080", color="#808080"];
+    /* Once this works it should go back in:
+    finaled -> finaled [taillabel="EVP_DigestFinalXOF",
+                        labeldistance=9, labelangle=345,
+                        labelfontcolor="#808080", color="#808080"];
+    */
+    finaled -> end [label="EVP_MD_CTX_free"];
+    finaled -> newed [label="EVP_MD_CTX_reset", style=dashed, weight=2,
+                      color="#034f84", fontcolor="#034f84"];
+    updated -> newed [label="EVP_MD_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+    updated -> initialised [label="EVP_DigestInit", weight=0, style=dashed,
+                            color="#034f84", fontcolor="#034f84"];
+    finaled -> initialised [label="EVP_DigestInit", style=dashed,
+                            color="#034f84", fontcolor="#034f84"];
+}
+ 
diff --git a/doc/life-cycles/kdf.dot b/doc/life-cycles/kdf.dot
new file mode 100644
index 00000000000..4729dcdeba7
--- /dev/null
+++ b/doc/life-cycles/kdf.dot
@@ -0,0 +1,14 @@
+strict digraph kdf {
+    begin [label=start, color="#deeaee", style="filled"];
+    newed [label="newed", fontcolor="#c94c4c", style="solid"];
+    deriving [label="deriving", fontcolor="#c94c4c"];
+    end [label="freed", color="#deeaee", style="filled"];
+
+    begin -> newed [label="EVP_KDF_CTX_new"];
+    newed -> deriving [label="EVP_KDF_derive"];
+    deriving -> deriving [label="EVP_KDF_derive", style=dashed];
+    deriving -> end [label="EVP_KDF_CTX_free"];
+    deriving -> newed [label="EVP_KDF_CTX_reset", style=dashed,
+                      color="#034f84", fontcolor="#034f84"];
+}
+ 
diff --git a/doc/life-cycles/lifecycles.ods b/doc/life-cycles/lifecycles.ods
new file mode 100644
index 0000000000000000000000000000000000000000..4f77f281e0cce8ec1cc35c7bde8adf31e93f9201
GIT binary patch
literal 16408
zc-pPI19+s(x;30+!invPZA@(2w%xHOwr$(ColI=o*2K;?bN+vyv)}!lz0W?^^;KW>
zR6pIlR{5@{>#ijy`2`dO2nZ4g2n)wmA<&9Fj1~w8=uiCp5fH!}VC?8-Ypic;Yh`Yz
z?`UpgP3LTFL~En(VD3O`V{2?}WMk+AFt&E2b+ENJ);Dr6Gd6aV`wJ(~-vx}{QP9TP
z#N5=${y*3p80j2sY^)6Q?dkq^C=)9ieMjT}E$Vkko&I%RSpN;m*2dP!_7C)5;BfvM
zoW7x<v6b=fTbuuFj(^(3R^Qs#>VKJ|t-Xz@y|IJC|Gth6j{1&H{{s&1zrmRU^i7Q&
z=mg9i0s6KM|34TK67v57!~7Xe`qt(q#tx3O_C_WX@e|hm^auf0T!F@u%Y1ZTVD{vr
ztrpom--Fb^=x)-GHoKzYRpblGPP6CtszjK!q8idK^l^s6>q>f+m<=gNM#an;PpCNB
zX<G}|I98XNsPNKoe_8k!W>dDgSW~j=CI!;4!dOk!=aIXn-Ezrx5cV#x*@?jnHAF!|
zeTx(@zu))3VxQcFGEtRxJj;o3d&K7s-{2_Csr#zmq|h1Mgdgk67YQXb8sO-U(<UQ1
z$dq&|&)%DRvHMf6bIw1HOYfR0YHE2i1g7XfXS=iJQp<nKBhk$L($L*$Zt&L@QG#9u
z<E89rJEz;{(Fg6+C+2Q-gR_to-(<e&OUzNj4W6=SwVWgbWW%G`EEq5lkpCATpnu+c
z|1lel9rbBl0alTU($VSkC>@Wg_%7Ak@Hil7H44i24az^n3O5N2x(lswIT=mFKRu!F
zR;1GfZ90C9r?XBKd2r!L-+^?^O{#>Df(q*uDy}x6zBIj}939tsskR-N((sd$y%H@W
z;1Mv-kT+(Ubt)7I@CvX&MFi`M1u@%o4MxPEG^>5j4b^3axthsq389+*L8Uc!BC~u5
znF*=Tg1o#S&|yEwyr`8O+0=d6I+I6!?bxP}*l{D%$%-r~4g*g6&MAc)rds82DbXdx
zaHMT$%eAEXp!9ANVC<q8a_~CQhgr6Cp;Nbbkf7#n);ApT^MZc@GM_=*Fz!l>U|GaA
z%ZegbGp?{>zy+l+ZdYXVDXNIj*q}eov0b0S*iC0Qk)_>lR=?v(?cVED*}D+WrQxYV
z?ajfXJg&RYx9Tvx`xu%hUbBY2EVDZMuD3s#f_)Mx%LwX+>ueM6Rrk>f&)y7n-^c!j
zYz(l&&2{dQ$e<O2+Xd@mch@v+1d}uWm|35o13iM|(wbZ@%tQ{Tp-RLps#9?ILKt$u
z8Pe7|Lf0efyf@IFUOmd4Jj(gqtCIh+SHJ#_4vubC#twh_bwfklW{nNOYfG1)q{jeV
zO+DB_9h=i^?m|bp=GfPh+AK6KR3VQ~p($Rsn^<^+19z}A-XJqCG<XZfv@3Oo;Pu8L
zUC$7fLXbE!{c?Z-HU*qm$efFn*W2AxJ4H1dk5(Kd7wClm>ISrE-QW#Q&;;@z;Tbbf
z3KCeA#Xju?lz!k1g*fJ!>slOqPGRBd^vPmX;2S;5frG=K+u_=SNqwqS5wd{c>l}n;
zlsb-et9Guc&rPi&rL8AzQ`FDXuO+B4#K<4C3>DZ=6w48fgtdOlZ5$KMGZK-0W~jAC
zY{e{rn7JK7W7|JvNNXd_j7LR&QuR7rfZEfms2iNMX-3Red$K#3)~8mAP#uSnxnfX?
zN}34`z0?~ohYj<6h%qn1ga%}(9&neekK2bO#_Q_|!W4e3-w4%AG?(hHVWo`SEv2~w
zf>^}rohTor5_m`$4At(~TG(dB(e<CJnXv_eXfMmNTi8P!nX5UT>if2C5<|!iTBC4_
zjkYRX%L=+wOHwpS;@1+9<M$v<6`=uDFE>g+lBzpreW-LAJyo7oSv1va?@>-}tIatP
zPg0P7OJKis!h(2cV)Ma@0tIeytw*O-RD!tv@shUkRmnonp3m1z#S#r`3~IaFm!-SL
zW+3O~>hQg4#hfuoJ`_Oh0W7?7Y+TRB8kS1@rSohRM8CJu%5`oUafwB7N-KfWRA`_I
z(-%mC0ES*u3yr;cK;)N>I}2;IxC~;!5Df}0VN(`T621p3t2Zd7e)l4MU=K4EDam4(
zJ|!ce1rY&3f%%s>f^Q)>LT1o{bDLMwN5)w<9Y2#TatvKy$rXg}d`=$4n8V8m_lU$+
z^g3wPLsC}286Jq2hQHeF(P;Uj3<#JmH>24`IJiXg?^A4UAjzPh4&Cc|W8+mrbXtDt
zPIY;Z16aD*iBac6>Vw)>L`M}GUzBKAR{$AUC0)bFAt=UFR!CLc#n=;1rVqyOK~oXe
z3k<M{9Z1l*UoeX~CyeyVs>-u-$T=haVi4QI88AR8l0XPSjZ)m%I-4?C3m{QJig_sF
z2bMG>x%5(wGAlpmxd$vYah2({T+s9u-G6Nr0K6_tXE#%7a+|AZp`|Bo)?>BKC?BTK
z#N=*~kSo91Qr`)n5KRhU%?oj}jCDAYxoSQc!l?#uSG+-h-W1h|u9TFOwl%3uga%89
z9N;0>#&+A!OC|=4A__kC`MAXWN~>VgDK@wTb|u^7L#ZA(tS4rxFx~-HaMaS}Ittee
z!Vlx_-=4I<hk49dmfVDk+URr@I@j<LyW9LY?nDpU<TSX;4q%m~Jm!8UM5A(z0URg|
zsus=|0HFM;84`aAloQh<RpT!kBMuOQEo&HrD~?Ei<uufSQ8k>U%+2MJ<&1Zju>&W<
z2plSh7X5&!erhC^StySeItmf@5QUWOhF$5mGygg?5I7Kv1Gbg({VD)&Fz`LZcO=XI
zS{|x=1?8aFBY;Fic^t^dU%(9+n4RoP2thGi;WZHim+8;b>n$iK_`1psj)I^5eD_Z&
zDvlZT^;!3KDV46!4l*tzH(CY9fi^G{^(*!9H{e`962&+~kdQz-+b<cQp3$f8rsIv$
z6Rs$0w#Z5Do>f6nk5aTmPw$B(zPU7c;ery*Cbu%;a941%27%aa2lB@|i_w^oW|g9S
zTl>bj3SNbk*3@r}C7W}Bc(jII2xv=gI&qjoD^q1fcsBRX26{nN5PYvRMJnGjA-VLI
za*4vS3{=opx~(wO^-{VGvKmYru!WgoD3T$7KRS%0GFrATv^`*dygxD;P2AXHa66O&
z67^MvO9&X4Mw*MyU}ftbL0UQocFJ}bk%bsAF&QcDazIuLr*jD;CNk$unyC|8*BGcK
z9l2qjl1L71@f-PRB>`hbEkYkr&_PjvwUIyzb#x=&rpR4hAIv>l#nqjhVZ=?#vQf*)
zjuFdw<(<&}(zu?UG48x{v)YyHTl0kF%Vf76u26ndvpt+0mWc&I;#Vq@=}7qg0e!-G
zaJEy{1hGWP9RsA2TB1TvlaTbleOCF%KZT^)(%qt@Yczak)8tpfM^{x<MSIaCCs~IE
zRXIM!%+g%hiU~Z9h1Vu#UAFQWTYJnpd$GIo&_{DrKEgqpP=r-*<<xt5{e;knclRjt
zK!4_xLbEB4L8OrIU^qex`mkHPOBcmfB^dt5>jG&$zKl?+V&R4eqBB(1MJ~@vu^#52
z4pz4abad0(vDcc!)YyUSu*25$a>TX@4W;#FkN`&ppPrO6+rW9h!L-GlDK#Z4qkVP$
zrX{me?yWrSX}lb9bzo6Ho}#TPmyJPVQr{*(z^Op9_Ff*m@%g=e(EHB{8KF{aa0(6t
zR7Co(R!HdI(a^@)@y}n3-%I3$_L=ow3+l&KF+vC5%!i!SirsEYDvJL&b=yYjiJo)O
z^2b+<(4@dvVc)ntSKXpxss_I7@@ToZHZ@hvB=Xd{RyC`|U12;oo-7Af_WAd0UDc)=
zkXloMqY1utELfD|<KY^d+llS9CA@`|?J4-~cG2*_!v0p@yZf&kU1dZ+$-Ge&R(~DR
z27P-5^H3SV;&cGz8cXNY1M6(9o{ELeEIH@WHJRMR=33&m+3m)p_T0*Z4^E#rv|wr#
zSjO>sXDl!;gV%l6PgolW(nmk|7A+E=%g*crKaUP=?G+-?LHn+(4|Q>QX+5m4SCOTx
z(8%(3zZa}~N1_G1V9$le#u0&C1G-$j3Qg@$_q-Xd-bg(nv0q~^j?S}2uO8~#TVz4Q
zOo!-P$L8z;l0yQrBMQidV{k-#$X{3brmQP+TcmMj15j)2WOk^#`}&e&p`XU8{;<%L
zadp6)Q!2j*R`wF7I;DbMB1CQ`--y+Ke=t-_e~(erKE(3H{8-RTP-6hwLREtc2SMNm
zu?shh*OeI~L)n~>0kLL1pX)sqT9huzB9N|j2#p5DGAI&74xu4Gco;l`{Zac@g}raf
zFHz#l5l#~zmAFK5$Y2X|2DeJEE50?&vJEpahoPFr{A(qPlm%5CR`F&h4a4Torv|1r
zk_nH!4);5~jAW9WXA4XNiC|L9#?}F`Ce{x~7XCD|Uqa7cHqVuWN{24U&NpI=!z7kV
z!1?=hq~~K42zqpr%zRg_iNuXQpPvZCU(2}Dj9ZEg$0{o*{nsfN^OZ~4^9*6S<UA3m
z*k0VL3wm5Jh_9$K?UrX@6Kd#?FZ*1t5uU+;^=vSB)e!LbwSjQUz~=#1J3Kk6Z)#9p
zb26?>u0obp{1qO4M)XKyXvUiA4-XUDk3GVh*+_1F5MM}?NhZqErV0AUn6(JL7?33n
zHhN@+{Lt?dFr;6HKVG|C{j~(9wi}?;Ne84EQ4LY{p%-g60$KhBf>Yhlnd*VMdJdqT
zvIK>tq0x1N(DnHurBH;UNot5{t2q^1PI}BkfLB{3_wDng{$|XOqRmRg`Z&mV9WL9y
zF*-!1)-iDbIX>&1bpZ|6{MVSkxzq~cRj*EU2EP*Hvz$|Ct?zPkPBHcL8>Zm3wr7wL
zdHmOt@_elRbL_F4(~E~wcgON-j1SNZ&*dR)eQe#x;`+TBX^!*ek$pC+rH%WwiAHA_
z7Of%H2o_AeeQ_k^7$H2`Tw~f$Fl_CKs*(1`J?$TI!c{hvK9!`<bUqiohPKJJwP=@T
zCoL?tc-7H;+I@5GEvC(xJG48t(phG>I}iK}-TA>(yBh)(Z9M@Na=W-%K8+WqScztG
z+w#~+N2_|+yHJ+-UUaG7%jZX2nQCfJdGT^d^-@oRn{W$TfaU_x9t`R9G|1_K&|kt^
z)+lRe;#(}J#^~d~lO_jl3scmo>=Z&^)ay*&MdH3s+`CM%<PK-W0t%$aCn}J1(b?o<
zg$(2<C1`0Sk7ijsXy|ZF^$wzA_)|lX#lXdjpF)xnF~z>o<P%{YZ%Ip$Y0n1`F!sLz
z*Lj1JS-YhEIv|q|%4n3hhZNyxCW{X(v4_!y+-;m0o>e|a@q<ahXc?2TxzZ6&KdxC}
zaq9qCZopXxf-W=tBAV0U0v|Q=rN8EcEnTNYsqA5HB2@Ik?QXa7d~gV>k3Z$f;D@7-
zTacP$fO=HS`bOXxRIG7+<O^|zE8-zBmYC&S>y;W<W((P%!;I{OlsVw#A-Ju8ahL`7
zmkDyrsI=LZ<pGD}=;Wkm>WIC?H=UH0bhEjALz8rYsM!#Vy^$vqk937dvx~K)FHB|8
zBr`{4-NfsR$-o*GG@0C~Z<XmI4iN#vOxSFPSSkC6j^MyIjeCZ(kv82VUxn2`_P(8H
z+Cagy38wdp4S^59n3bWvc7{rg=mEm9zK*HqHzr>WBvZC3Xe%c%UDkx;fN@$GzeT#!
zNxTADHEB&ZFi5z(B$j@rxK0~WPW4<585Y6Vxyu<d{4ABE3g?h{DTQ=dj4$6lCn*F`
zy+i_K9!EqMT=NSD5g7!b!$z|UvOTUnUH-%?bY05;cX*6GmHNVkr}sIm&L>l!@qSw2
zd>ZP(eM=21g$E<m%kH<ClIDkuHG9m=%n{Gh`7U6*XV}-3BT;Hw&=>pls1GG7M~9Y9
zdtrxgr$Act7gt-|vR6oLJ$)(^z@3UUe`2HDe}WCf>}Ug5x}4IG+0Ob);IFOOy`|vp
z_^Tp$oP@V60+kh*bXRPQ{0StG{vTM;Sz?8)Tr>KkGpL-XDYEe3DqKbCL4n3=MrhGi
zV`5yP>FxNR$NBVum)RvImvWjc3<0%sI8=-Q`AG5QCwHV=LPsF}B8R0s_7oO0w@;YQ
zJg`W^#Q`t)k2s<b_YEyy2;r^7!GWE&k>HgZ)Lf@kb;BiuLf0Jg;I!JLas{H_@RVSo
z1-V0zjZA?a&sy<IXY|{r*jWZ`u#{X~a!jBU7#Hs%1bg0qoU0hhappo!QU!b8o&?WC
zXOok=-bh|=62iwS+XLXPcV<i%d5@X~;yB141*q!v7se$~8!42Nm9!O{#21_rPG8b^
zJB2n`W3c!vfJ%Yg^MLLBJ=L%>u}Hay4BMgiof$Hj=?L!dF8wjcv6{P^R$>%KaH2UN
z<z45iCIf{{-dS9On$W3y@!=z{`=*J%>!Ehdrt6x$xyn~X8e?<x1T{l{enndG?vL0}
z2@rO~iTVl=w;Je2k~jS;j8=ME8HsXsNyng18d-a3vkd(1m{FHL%U~hZ2SEgY){zKy
z7erv#YcF2I7dQIlr|3Lu)G4&JJ!HMRMa?c`B&&b>SDTDQx4o>F2E-*&Gos2_O|q3{
zg9Zv$5?F_c9HK;2{d|7cnLzL!o&M=VS02*yZ{#xoLNN0Jue4nrE|7E>e#Pf4-p_kH
zW8axD7`a)>m)EVZP%}t^RqmIocY10U-f@r$$mcc&qoyhn5CjP890Cx8F#_aodYV}n
zwu@E#5J8Y~Ap#Ih7;*^#2?@A4*VVvI9mZo30(!8*<Xn@To?mfuYmy#H)!5K6ZZPOI
zgxlH2JN%Xhz(wlx*S0?2Z|C-8vp;V>#^&~xbhAVJc&mtHjO892f2r-Q4+{5XF`M9?
zxgElN3I#bjylm`qb=+hKq;7%R=267$<!mdA+S*Xb^RA^D$@-)E2_b3z@?<#rbwOR<
z&e;Ygl6}E)W9=Ww^%5haP+e_pv!~VDq<+oWXm?0BrmtyzdVEUSU5!R;b7HKenD%08
zb9~3h`b1B9r!0!><oM{soL29B6)bPC{QmVd-XaujWXQocUiMRBmX`o;64l!r5hB@I
zP_v@jG436c($YevWa~^|L&FO7%c`E_cNe*ZYhb;2ZAX#LJ-PimWr(e^0`scrX1d%w
zP1*qoB?`}%leJ)Y)t~b?1;_%my<JpIdxlZC9Z#BN9@b$dO?|Lz(&ZJDW=d+0ES21W
zue7#@ZHq0<Tu{?h;gq=&CGQMB4Gs8;;{(_it3+1M>&9!5s91REYoU9kDr!6u<)(m7
z!P=RwG94UEU8~^4OOVO}D3Ruo*+N-W^V8Kw#WSSoX2hjZpnstm1dv!Q$pt=|w$ONZ
z8@>u^sczqhey2p`*a5%h8JQS}*J|-wtUZncgzu(VET}peZT!j;YInfX*S|EpSK?9$
zPO1e{*-}wCq#2DXc0)ot<QbKAXDWoJ-iy9Nflsbn_~IGQnY*-G#n7BD9-N-Y%e$g!
zQ_fu$Sk%E(<>V%iD_Es`uSuI`nd^HIVOh^(FYW4e&21$zwPE-DZbCbLRTQ}0k>^Rm
z*K4+U@e+88-SrkMjb#$)D=jDTi!5`B>jCb<CE+i}t><D6BqzVZtji*w%!{_K?Kjir
z(W9Y_(=RjeFY>3NrFey2=lNdaLCCQlC!^J-bLsNW%wD=7QbcN8TPYrKWvpe4%Qv-B
z$Ipa;k+K}{*xlw-RvvhsHpU4q!o!TCnj&txMhPy(Gxg28(yTmPoY}+bz)Rs@=DhEq
zj<Bd=$d*(+IiUuKiKc9EW7acE;>OMg1HC`_aL5Mvqi)W&yxxeGy2yDfY&is%b#oDC
z_76n9Q4ZHOYeQDv*DlAYfz9XTzV>+1-L)moEDk-Cv<R?!S>6#_i&9}{8%P9h8j78H
z%)YC()@}JGzI&}|^f4<kN;6h6Ng|(pA7LJ8P)RkBC=xHit?gwiZQgL%cm_8d!7c~T
zf4p6a#yX?7cPFG>Oy8`Zt@UHKE|ERH*z>`JRHEMqfl_B$n}1i>zG(R>guS>nM|m1}
z_|uuq?ykz-cCbNyToyiX0$jK9{%4!^dIstn%8(K{wW)B0N>bC$!RCrA`j=qV>=s~l
zPR4~Om9namwj*4!FD^m5RhZk3j*pO3^5&@;MyeCn2qUy3RTgdG%G4C36pL9P@hI(%
zVajR)-K`<QZ_ze*uT3G<zap1Yvj|1ZNDTw_yLv}_hA{{*iHN--rq_NlK_OA{sEp5{
zBPn?-k_h2vHi9mp<CZ$+_B+cz_VsQCFp#`5wqdo~^wIXQnDfXe5W7kUOWy}U?rgQ~
zX#4ddrUu}=b6sj~c5W%4DXB4z3TA~|hFCB<N-I<fA`|a%5ifA$rNQXLD{-2z-n<Yx
z6Y+k&ec*YnMeXA#Dv{)c+=3sMESebQyKHXYc$ts%Nnz?fM#M-drg?V?T>548(w6kn
zLX6VPkt^wv69ReoE^Al`^W}lc-6R7UmJr2}f(%{r7$D{ZBuj?_2g)WOp+5sHX|8>L
zjMs>X6|+TQf%oAVc;+_|fH3Ge60n66>+S~;#zzy8fo@LhLjR6r6DPiL%*4(~a0pgD
z0_RoNmf53Ygr|u28rmiA>_n!0fkZ;r-WC?QeOoF@3e53~?PFYtpzJgo7VrVvs`o9?
z1<K4JtyyR{{)w0;RQ7kW+8BV!1J8xKz&<L7-u~k#<ofuTRMhu%sILF=m>nq=eb4Xy
zKn4W7;gH|<9{uo<hS*$SEXdMQlO25Aw0-~D?wZ!d$3}f7xSw`?@MLGb{@#-UN?srV
zfkfzcvJWpWBa{9@tu3`t_S5Fk&ptSflT%dT#z5C~w4^@OLcW=`TcoU4y_9ECZ_Ug)
zx!J3cxJrgF?wR7_T1gwCem-B6IQT$ZM-;qJQa)W>8)Hd^_0aA6Srg-NKdzj%%|l4`
zTZowK*@H1=$H&Sp4+mnd)$;q#nk+J%)$?6o(gN2afpAfYLUeFeL}>gx&Lu9s2+JCO
z#}h0DsfzE&J1v7Y_vNDJdu$FR)x$Cejo<TRd9|CJ)3n}%aqJG5PLknF3G7JE_fnst
z@}7z1pp-xo`AB{z)H&!(rVDA|#7EbT43(U_T<+0gKk0UJL>u;nyRU3D$JQ>bi8}7f
z$%uvi))=u613Xnp;MPD}ix#+9NoTDX;T*=ZZ<^q>uC3#Aq*`Pc@tfoHZ1@0eM47Uw
zPO^HF_zWq4OX8*H#lklsR~oM7XfV}e>Dx#H8P>`N{0E(o;T@d-Z|30Pi!5bdxE7XT
zgz6tEgPh+8XSvHee<8bXlR7pFWLI6(jLk@r^~THiIU*Ir<7a}N5Q~xVb3o0CliMS;
zc<(7;H>39UoP2$+Cy{G=$+L0RmK{@HoMml)xNd8-arOj`vYXsGFXJ1#?9LvnN-Muz
zWIU9j%yx;xo8llq(C5iAW-pM%*(!Ub5#DrNj4}&h!<4JcW88kt6or$SN^Z{HTzG|)
zmS<(&0y<!JEQ$m<d?D{2=-Hj|ROW6uL^>)*goEySQd#@>%99~xAIs70-}=5c*wu6&
zi%y~W;}mXR8g4Uc;9w>{F)-?E*D31o=5W90qTbRIg^>F;@3nfpsiCdm^^J>r1}4(B
z?V>~MN_<vwRu}7}A33VRWW;0SZOovHER`;mj`SA(ihk3vyI+kB-?F>bEI77nL~f@%
zJoiX__?Ov84E#4YNEjQa-0mMw5fK-c$^Wr$!qdC+w13tA3H)c<CwQz8tqTzd=tUbC
z=wEva9gH0v&8<!U!!>fDrK!5hf#Sv6-8Xoq4hKeOsz*^jx*?A!0lY&4_+lg#FB7M5
zy_DVHV>+Nx+d#`*&I1XEx4Ak$Kestjp!K2#cr^G#5J}KF1lmYkLL$X$gpAWVeCc$1
z<9^J)Spv(HiG><N`>u_RWH+9RPzT8yw*W<#o*)%lvCXJZ<U^!G+7r}4J<jNazoJ6*
zsosVIskx<YAoPva!GR#dp6AMKll5vJ+qm8%SBdh#zj!S#VYb+h=Ru=B$5vim=JxEY
zc(!+;D-584N#6AQ5o{jTI=TqAcBo3r0#NtHAp!<$v52Oxb=8bzD7AL*P5-FVpsm=v
z<q#Z*_01i{pDvAG<3XVk<q;CvryLdjAQ^7=vDsEC@aGapN(tsiPn=yD>AePonB2-O
zNDju=d+tO7wsD9IdPy3bh56|^;{7;g^_MO10&`uAFU&^3;=jd|KYhr#CKvG>M`dxu
zfV)Y~94T82rwTR&e_7NTqBv8C3b^}xr8m5){IneY{nV8*4H%s!A_3X%@{esPL|bqC
z%wXJtH+;c20!cN`y)x@=l=Ca{F7p2RR7Nok0)C8zUk`aZ00X4yi43QysYXLtG|(`J
z#=3IdDO{;QP?DL`hAaWl&I@o+mjZZB6ZBlto@&UGRKfPZy!75H-`%Eczq8+Kz+4Og
z{1sq;N0dPw^v8SorOc(wPHZVIjdU0W=i7am^s4fVq=63+`vk1JCZ**A<V2Z<g&6~C
zSns>i5hj^<hM(~F{3GBQdBjrTtIj5-csN5=;xREjz!=%++f0mNV);eD#bbLbHD1q+
zVkTfde*U>KG7b-K$H(wLwlT<rz|Q9T$Itztcp~<=o<iUAR}g{3BsiCaw9nBPK@b?v
z>4d-=SdSY%#?SX3IKfZ<W@L4}u#A6dXNzUNWrvfY7{&&9FhvO$Wlx%qf$bxl#Yu&d
zc$LbDcRJbSL+QVrJC@_^Lle|~L1Y4g343=m5{--3EhwxpeFEc(*C@hZyi?`rr9hoE
zs0HD<SV@6V2-`Bh-WV#<$pVUIbOL!YMS#LMS>WR}c%|iw==+`skQ;xsP2NC8L~`}e
zJcL`G!ZWh6Lg2L$X`2J~KM#9^vUMy2rroYmBq7j)rCw{`sZUP>g|$D?nmLn_SeI*q
z#`BW6=X>h1R5SB+?Mo-6>*-I7KI5=-bqaO$CP79NfpU*{n61t{u#yQ5M&FhTm`oC!
z`mDBTfqB}z%R&dnY63RCZpMX4W}M=WG8@ex3#3PfRA2`o_GDn4g~7u=jM`rC5j<1I
zgaXeE$R7wskS&`b92__hL<&c#A9Qp`s>;xM-uN2W-fpG`1UDsH9s<-fsvNWQ!Kquq
z(vbQ>^5Gt+Z*zTo*D&-{nMb7DsqFpfvLUzNw)NSt-`%Axpiy2L@p@V(QbtA3p-B3u
zTF5VGxo{rW@vSY%15SjbnX`gcDz9>gsAB$nvd>E2iicA2vwcQmvT`wpxi)>B8m=l*
z-r+lify=DLN7E%|*v{TO>QzzI&05+~<ynGC{Ni-IM*ZwX^=9MB<@LxrD0W@O{DHoK
z<#OGx>d>x4!~{A&c?cJ$d-v%I7Wcupc^g-(hTNmOAtGq_uqTf^&V{J0VfDr;sz4o^
z66wannqt<Vy&r|s3s_&Y0cK$JjRQ6EYEl~hx13y#{J*U9QDy0Pjaf*MVS$t0^#=L;
z=dMd#$0w5R6c-wb8_M=TnSY-0`M~3c5IZa|&y5^EzNRH$4%gwAP5^%?x^CUOkBn~C
zwEr?Z4o0V1#yX}IGqAp!Q$@!MqKrGB)deAS=+?e60RH{c`JFO@z@CUHei;(hpi|>>
zI^cccGOuUWXqC@6ETu0+Rh!=uD4iCZkg*6SWuqu@;h`7g)M1GQlJAL%CLR!%71a@<
zVO7Nn?{^6TQAe8ZY-W(?bCC@a$Gc}3^ZJYB*Mceg^*8V+5^g5<BZk98jn%QxE*rR|
z>iw-)tRgPhJ{eE9^DtdO5x-XFC6Xdr{^196B)`SZbIuAl09mG*<KS7kuKcm&k+gBA
z!k}7PA}^@7LOys1l;J?(FiFN+IG)q6==-|xf$pC*=2`F@loA{Wh+gn-u7$rHXCY8<
zi9$jJ0{RpG91v16a{?Gx>zi9S&^i9?Ev>D!X{elxDC}3PKmK`GaWSDkYtzv0_zC&t
z_cfDV{r49jFLF{!!l0mFFtA9l$k-?_P^hrT=!no*h%kr<D9A`yxM;|DSSYwSxDZ(M
z$k?RF_;h&q1h|Bh=%lQasE{N$sB|Pa%tWZ<BqStMETjy))b!t}7`fP}iFg=kzB4lL
zveNT#Fr!oPVNmmbV-_c36eMPqB4L-IVHTue7pCEqpx~1K&MQvOE62_+!6Kr@CT+ka
zZz4d0De|3Eh>KZ~heAq#O<9=LP=?)HiC08KR9He@R!&ArPEA=sMpsTqLqSSaSw%$I
zL`>UGNy}8m&_&bGQpMEOR8`baL&Z#A)74bP%+%Bv;9_Ct=3r&)WNY=q*7%35nVYMt
z8o*D-A=KExPtP&b&^6N9(bw87(Ap!?(ktH0)8E=Z*~>S`B`DcFGS4%<*w;!m&`vwV
zK_|%B*vHu>*xfSJ*&xErDB_1@pr=c$r&*}4dvc&dLXdk(uw!<ZQ%1y(+(_5LSdRdI
zKfj>JppdXofB&cuzwq#g;K;<V*wn=EfRxy<<m42;_&lHZl7Q68(D>Z2l>G4Y%COAZ
zl#Kky+{X00($wO{(&V6mjHH_M;GFE7>YV73yo|=2h?dgSlHZ}SzM{6Np`xg{w!H3l
zXl$!*t!-@SXm6-%Z*A)6=t!yP&8!<LZ5k-)oNa6$sOy@k?3r!v8*cx(&^EQ(F|*%O
zp43;BHc*>6)KoIi-Z;})+SA=L(%ZJ!Te&>kx;xp{*Vo@SG&(r`b6{kAWUy~!X!v(B
zIyyQqK0iJ^F*>_CKR&oRJ2JnpFuSlizp^mDyuP+Dv#~n2y1F_rzc;e5JHE0vv3@$b
zb+fR(zp*_(xp%*?eK5a!zP@v?ws$(Wf3tjey>WWGe*U~OH@LGfy1z1hx<0YDK7Y8q
zxWBW0u{(dZzkYGNesjF?akI6zx3_zEdUSGlaB_BfxOaZCcXoDmcyV)f`*?e?e{*^I
zdb#~@y?6KP{O$hW`R?rf>HPNg_U7UF?)mQi`StnX=I!O~<KyGcMELxyRtq%&0z#Y<
z7vfiPUA@Ts;fTGE`4e|mV6CTa2NA9B^4s$4#TNlLmY5B2fy_r=!|i~6@jV1J_tgMn
zbb6HTgm@YZk|7lj(YE|X!oA@{sSxARunuPc!ODsn94H+&1zQwD-Sy}&R-_cENy5zA
z#|kHteF!qds$Wf<1M1J&b+;$4%T9-*$IPqDa*!5$9WWGs1GxwXgOHV}&R1jrW;rv!
zvq4*PA?XU^=f~xZTXcDLw)=i%I;q6m++w$_{|%?puf<fC&k2J2i<4_5fy3--=<G8a
z?j?^G1?~J7m3Gc{tu@GH?@5oa7!5)SFxs#mtdjwDOZf=e6X|Glo{y!X51Y*H4p-di
z=&U2@mu@u}_~27pd|tiP&|kAP+ofDzCj0g^1IM7LY{)Rvv|3#&^)G2c6Ccr*(AIxe
zYA6)p$bNgd+#-gW7$qrh7Ez`3lETt)w=r}aG_bE(wE4t;rhaBJDmO)=bMU&t`eX`U
zVx#M#eLL^86k7qL&RxH~Iq(g;&~zTDqMux8xNl`y+H`%iePGg8J#}iJ9Uh!z5jQg2
zWcFkfk=Xz`nOon0eQ+N?*I=D^fid0}XUM$QKl`GevMblvdD$KtrH!=D-e?E3?QB~r
z4&u6~wtjpBFH&v!%c75`vo>$5_;B9_wl7vvqFDd9Fb!<H&3>)Li}iauxm@g)uqLqN
z&9v-)cd<d%vF>(%#D(>4srZOmN=VCecrQHaNztlF`n8_2^0qA;gx8z2n`*IFypKTL
zd_BX7r()r+r!~;+bvBu<CrL1Jy3P&;Mm(0EjN^HV=vs%+wBCJ-_8i8V-JOl%I+(fi
zRPE((<V4~C=ka(Q|EZ>d6%+xyprw2bZXO=4H`m75)Vne0LQS>cS@-;K296T3WaF2)
zrHVDrtG#LaSpG`ueKI=4iS?lMpwJ566N!eFQP0A0t$aMRh#lNz+=ANlW=|TCnT$&F
z89Y2lx8XHbB>J$<%y@NiMeIVm>N0X=O|%l6WP{G-q0p}eQR!W&+v0hYM;&B}snha$
zy6gQsQcbI0wch5^rB6|fbFB-VFgMI3+HAW4%{#5V*>R9G8vIznuNoVF+$8$t*3l(S
zDuR}OEIgU6ytCov$Dj);_@Qzoex&2nI=cf}W;u&jmyx(_Z&0`P`z<PbPnP9YW@+(h
z)y(boqNs)1t7t@y<Z+>OeSjqkcSXfx35`xk(z>&cOeSs{_Q9!9kBG#uK+^h)kaYXp
z<-DYIrn{F6VZDY2B+VyD!~7FJ%R)q`nrIj{$ajyLp^CczU|b^DGw{>#jWr0T5o>$=
zo0kC2XD40OD7v@7#`bOj2(~u8`^G4)mbXy;ODbH|^8<W%dNX<f26FJh91N7bzFx8C
zsXlu8<zmj5SrS;7a*3kReIv|mdnBvcil)|h;cR@|Q`UQUn<;3Rsl|GF>RGZ^ZoFX=
z+nam~jDT?&(5x3h#xE4gIiQ<?d;?PvT}1Sx-@`Je3GjsI`}1o@(i|t5-sMih1g8?X
zn(EzT?JS(+XCB%b;koV5f}mFTSRml~H$_lX<J876a@!<7y`@(G85T0?!eq>56d}~g
zHOuGcM&qq?uc#x<5;lt)=IbqPo@ZOt6xtnx8}2MYig6u!{KU=TG@+<*=fuc@j35LB
z#5fLoatic$ET&>>0dM6=1-0<u;+XqyjT)<(H}vT7;fty$s27L3Oa>Sc%W(2}5HKQ*
z^TvW~8VA;(@!mKKmd)ZIB6#v7JoLCvkQ8H3j<Y?o_$;)VUv}0FD-s@9DyX&7HybLQ
zX12rPDmlMt-w(JgD^ffP@*(UH4-<+RiN_Ss4TRKDYw}i_5<wlBzn&9P>~s(nCi8~z
z|E=BM2I&bFqu~nfGDb?kHWoUxNHp&x%oM7@8Zh?~wAewXle00<#LsVFVusg7M3q;J
zYFh8<L!uCr8S+YbRk4i_9(?t%e8dp3M@3;Gu=HnHp5V6K1=*<5)p~FoBv=rYg-^u@
z{r39((>zA!R`J!7bBrZeg!?Nh>QxXC(=o?LDR|MKcs$5#7|PVG{C7kYHbs=p#@ghR
zj*NP?p$S!_NAxl!r+)?Q*YIz_XATShD6;|GlZ}zSYx`Rj{#fp6^nSg8u2Zi;0Ha0o
zJk@i>8j8?UCKF3E{i&wxH}F%kJ?<=`I>L031z`TNHIy21>p8mx09I2pcCe)!H?bTy
zk*1sixxpL4#89^zQF@)VBD8;;`ic=~|Jw0Df>j)V4-^vSS&gkKSsM+Unz*qq0{d2i
zC3Cz@dZo`;F>Gx<SO`>rjp`#t3w#5jHo?8{{`zO65QlM&2-nELTx)Ngvz$_k?~GCW
zE(`la*;>N)hYZNj??N=v_-KPQi2R_bg(&|0N7}Neo)m5bjxC&Dn{**D?ruc?vx@t8
zK_elk%}|33`5Rr|ukBIw765e?QRBo0Bz(me3nTm4R&k)&ra&o78%6La%_GIuN}8Ac
zK>CjLBH~TtAHeC}jSL4YjVZD&>7cj8#p|SlMhf<q>};n#K5H4#7%~djK9N94R^*c+
zf<osDXEKcVKa2H2`^eHVKEw=p43wynhNdyC=V&JYqhCwgRNv|(e@ZN~4hSL4j#Nxa
z{V2;Ylxq$(kc0W#z}jL9T04Vn?e|M`S*tf(AzlI7WC5z(^Km}YZE7np=La-%zkbWA
z5iF1n@Yy)a)`mf+ds^ojDNM&xs8={T+k_K5CfD<l8%r0z3dWb0>$GW(H|xwCP+K8T
zrqFEm9w4Yua8bLPtlL~Z@DcxUhim()U1s96pjo+%bU`M=-TaYzGvA$vz!rjYu2|NW
zroCq_7ZQbwX=GKuUZO?T%2N|J-U1J)k^fS%MM*>z2T)`xjlh|ukAjtY0ReCmbFY>7
zY$OtcEKlHZj!!(a62yWyQAlvU9%B>O$EMlFI<uI+;`kH0kdfi)oG`7GuCi@1pJJGU
z!)$zMD1KRGKyq&OT(#o#+c;>NYRTVjbiZ)>vBBmL1%o+R`EKO?oc|xg_D^e>pyu}*
zNB$5*-ZTo<Okcf-2EyG|J{rWDBh<<bNA9Gh!o!d>>w;zLUWo-{85e)HdSaXQ^o$5`
z9~y(Y_EeS?Nc`Lu!Eld-5G)bSw6IJFO$5I<PN`nonW5Jh^FTPki|VIeG3=l^dMsn5
zfhJ5Zz4OkkqQ;@wU?2i_<{RZX1tP1~*F&rIiC&X|omC9#G<Id__ov{*GT(<qWSm+S
zwAO8QTSnt=9a_E(I`VC+3^o4I?D-b19ITTK)sF-(?9*7#Ys8f!p34sbooMxJs;Cli
zTaqUAK~#YHRt!hOZ_4nhaaTdJv`|}|>$G+oNMih{qo&ZMbTb|x-%H5tD#oBnznXwR
zl4}OFC>S^u7~|eF44Lm}6N~4}R(G2)pSVI$<C`dQx12R==x}Md2VdR9lQny_fgxND
z*H!b2>!LL3UewcPOh9iI_gi&^%_rlEQKLrj#!d=8)ZAcfdO^g&tCJvcH7}E|&c}aQ
zjFrBSK?8$`se#$O+JZC`MK6O<v9f?CFc+Rg4B^f1Npu(s7nvs7W_3~(jfUTIHqP<f
zaWwFVPV*{d;&BL*WAKxLqRU^1Ym1^GVsi{)W4xpYosIdSdv?upi(~^rP!tUh>|*&w
zjcCa1&Fj$EWLC(A4nX<|N1OpB;dcdTmK8FP!<0;#9z~ckoR^xL=jzii<zK(1>C%xe
zgF7YTfjzXo`X19DHR|Rs5Wcy`I*Ic4mfxUGs8Y#tk1VNv(8ErGLFmsRm#1yBHj9;C
zR%(FcuZ$dZo4~w1c)_XVUDM~gfmF1I4wL3v&px!i2;wE_50ndhr6S@_r8FichZZ70
zS}Bkg%yZ9B8~GGmb#Sf>P!=h{F{<mO7l=55Y`=OB35>O$EonnwyDu2WO|zOER6NK6
zFY!V*)l^SdQ6^n#sO3`noPj7A`#yfYif?U_5tUF+$y|0dZKT+9-t^^#uKjJzc2J)r
zSNQ6Cam){Hyox*jwWu-8bl5CbCv9*Z)?&8mG>=*<?C4N~h*!`dx7nilUiP2lG}_O6
z^gqQoWs8Vq#Ny`s9HCQPAJqJA2t+0cDRNEb+4+#z>;;Go3?;k~_gvxPQtcR)aI2>0
z=9mEXX)xl;@Ef`hQY!;eulH$KrYCI#53x%P=NYN=w~{M#cj)J$bl!iPd*nl^y~lU%
zd${_&V=nHE(00i;bGd4`zE7At(U8Sm6%wgau>19SD0WTsQon>cDWJqy0>7sh^|7kK
z_!qZI$DHo+o$nGn<t5|M{fgqxlLTRL=bOV0tvatId}Vh6K;X%tis2us!Zb6(1p9Ld
zy&;^3UO}`{B|yWxWjhZ7>X6lU*h@~q2kP|1Jug{Clo{$76Is1M?C^<X{IW2<EIjzY
zMsaQ@tnJ%@VmblBWz)4ft$!f!+raqB?S~t?M}2q0V%-Bq5p3<L84zU9qv2|xUj-7M
z01(!lB)rZ7D#_|X4;F%i=H<)6l#S!%OCuGnkvZ=ry*M~Ad19sWdey2}daMJ!uP|E+
zpWx_mSq>;#$3GA&ij%hipB09gm@WdaXnw+AU<er@mvc=h^M=VGswxG($qT01)RA&J
z3?K+N_f*i_ZbPIiM=fsYr_1?=?OwvFK;jG9X)8t+m&R4@OqFMij!Y>8m$yjIfuCev
zuuMF0Sn~Q3x70|d;YM^XYo!4c!*m8I{&Qa5qUX0wSS|(zDAc|<G@Ex8v`Ons0FYuH
zn?LJ2kzQ;2^Eb37ZIR6nyxM&XPGA%+hog&o`y7BQ9P#E1C}i4!WeJ%M{Cj!>(vZeR
zaGl<^c<kn56^!O$UM_l;hq3fk8^mL!Ppk^k5O*tLhy}zpPT1<Iq&Yg#ybCJAv&k>Q
zdTp`ePBF@*Q=Q;zRMX?CA9&YIARCyj<zt_H&Yhk$bSM~bzBexH_Z9VKdQAW<^c&QY
zoYoTf-P@2O=Rhuh*U~KtY38o(Mp@s=8H}ZC{I?<ao);riVfsCE(;X#(3~|wDj-HVr
z3x3&Cln{-SEOK;d!bcNcZlfwOE(+Q4_Z;I6SZh#W30;k4u7c*zG?c51Lb>UJT$U-|
zJhg&YKLDApeYPERZkC3OnScST_ApEUZmN!gM<1!I=N1=PV~?b@@yV<ei5HVWQ*qdl
z6d3j)=^pGDLP!W07Q#?j8>9X0yaXHy2H0Y2v@$Y?M;Xn}4W#ym2HA#ldEz*-<}K{>
zq*f?nWynQTq$2D_gh*3Ef3;qg2GBKYCV+Zj+<X7hUwD@~R6n(y(od7_KfX8-_d3y^
z+Kkp={V)6aHYjIGa<yv$mG9SkXu2tl`U@4Z^w+&$u;`+glO^$TAZ(e{DE^y4jfca1
z@2bfZ)tpOn-_b2)O2Y7s;Vrek8YnO8F1ppWlqE8VK@d5JY0WbzBEQAmz7&WH*SJhT
zZ_M{F7%NmqgLyn^gS}9~2OyYwF~$@5cG7gU0`OWoD`DC?%vc%WVLHtiZ<`fxTpRr{
z`@D}BI#`i7<%oup3AN&9tvZVGj~+l{|Jdl`n9K+%nM0bDJEA3U4Pm;`IKoOn1f^gK
z6i)B!=2aF?<?2#UEK0;FK6eJJ7Gj85K`3=z%mcCB*TF<}QsHZ6__E4#rl4|=cwRB1
zxfb|qHS`=YDBU#-W<fu3f7<!dZ)Ju0DdG&h$$WZ3wh!(1S&uVaj|i$R%n%sX?d7uX
zZ543ICTVUzksdCckB@^(tM^ekXAv4MgD2&bm<(S!jOMI)djeQtF>P>=E@D5bLf{o>
z%klPQr0dxPFN7kV-Q$66(&LsF*0#n1hdOs|%lZ>7O)X=x7zwr;PBbU85T>8WJT0$S
zxnuD=-{k-EIqg49;s1l17JQvgctqe)kjGJ_sXv}LabX#uDgiyef9|V8{T-!+mH27I
zWkl%yQ{v|eu&Rugw(iGA5P4(|9Bg82P**0GL5p?wy91hsfkXO+03&bzYCt8Ur5tNO
z!RZzB$PHe*lKDe56QA^~Rv+&zQ`x6-39UWI6R+!3wrQ=3rBlEXKQ;qgnLYS~1)vs1
z-YLN%uEb3&UU>&B_sa6<L;Sfo#&E)t4pp&&dcl=JW_`X7%E*(iqEuGRZwrTTQB#<4
zH?)klA3;wFP+fTcI>b>T>DI9hCgofO7ZwGJ4BvSv4Fph@P6mQiBw$;M64(t$i{{?G
zEx$z}B+rZj8W=!I>=ZR@#}Rec2q!~T5Ygf2sXw^LsG;`I*pp8u^OIcAgwjp{E&yME
z@SwaRLlZ>S#wkcPl%z6uok%_dk$(nMqx0Z6eEN^J5u0J%_-yzitd+wJ)aWX(>~2MG
zeSrMgyH45Mlw$w}0-^@}vv&;)f&%o<<+*<ie-rEeBkCVTvHum6{-qrE-(?B=m-5_y
zm!;=l%60!a3)Wv)9{vaU?my?j`3ny%@c$&|{dY@b2K=w(z5i~Ba)AFQx$nPQqE+C3
zE&u)JJa~WMK?3<V<iP(Q+272@-)miA{z4`T@>hBAKO+BLPx;rOANA$Gl(GMa`g@JZ
z*T0~Q!2Vu&`H#52KcoQt7hDj`U-T&d2>g4`(_bs-`R%VK8ve1J|Ist`Utx#%pZlr)
jG5^1}9;km|q2Tx@R$5LH4E)az5P!dnf5S34|J?l_o1BM)

literal 0
Hc-jL100001

diff --git a/doc/life-cycles/mac.dot b/doc/life-cycles/mac.dot
new file mode 100644
index 00000000000..c52701742ca
--- /dev/null
+++ b/doc/life-cycles/mac.dot
@@ -0,0 +1,24 @@
+digraph mac {
+    begin [label=start, color="#deeaee", style="filled"];
+    newed [fontcolor="#c94c4c", style="solid"];
+    initialised [fontcolor="#c94c4c"];
+    updated [fontcolor="#c94c4c"];
+    finaled [fontcolor="#c94c4c"];
+    end [label=freed, color="#deeaee", style="filled"];
+
+    begin -> newed [label="EVP_MAC_CTX_new"];
+    newed -> initialised [label="EVP_MAC_init"];
+    initialised -> updated [label="EVP_MAC_update"];
+    updated -> updated [label="EVP_MAC_update"];
+    updated -> finaled [label="EVP_MAC_final"];
+    /* Once this works it should go back in:
+    updated -> finaled [label="EVP_MAC_final_XOF", style=dashed];
+    finaled -> finaled [label="EVP_MAC_final_XOF", style=dashed];
+    */
+    finaled -> end [label="EVP_MAC_CTX_free"];
+    updated -> initialised [label="EVP_MAC_init", style=dashed,
+                            color="#034f84", fontcolor="#034f84"];
+    finaled -> initialised [label="EVP_MAC_init", style=dashed,
+                            color="#034f84", fontcolor="#034f84"];
+}
+ 
diff --git a/doc/life-cycles/pkey.dot b/doc/life-cycles/pkey.dot
new file mode 100644
index 00000000000..1662c4ef3dd
--- /dev/null
+++ b/doc/life-cycles/pkey.dot
@@ -0,0 +1,48 @@
+strict digraph pkey {
+    layout=circo
+
+    begin [label=start, color="#deeaee", style="filled"];
+    newed [fontcolor="#c94c4c", style="solid"];
+    digestsign [label="digest sign", fontcolor="#AB3910", color="#AB3910"]
+    verify [fontcolor="#F8CF2C", color="#F8CF2C"]
+    verifyrecover [label="verify recover", fontcolor="#B19FF9", color="#B19FF9"]
+    encrypt [fontcolor="#63AAC0", color="#63AAC0"]
+    decrypt [fontcolor="#425F06", color="#425F06"]
+    derive [fontcolor="#FEA303", color="#FEA303"]
+    encapsulate [fontcolor="#D95980", color="#D95980"]
+    decapsulate [fontcolor="#A16AE8", color="#A16AE8"]
+    paramgen [label="parameter\ngeneration", fontcolor="#2879C0", color="#2879C0"]
+    keygen [label="key\ngeneration", fontcolor="#2F7604", color="#2F7604"]
+
+    begin -> newed [label="EVP_PKEY_CTX_new"];
+
+    newed -> digestsign [label="EVP_PKEY_sign_init", color="#AB3910", fontcolor="#AB3910"];
+    digestsign -> digestsign [label="EVP_PKEY_sign", color="#AB3910", fontcolor="#AB3910"];
+
+    newed -> verify [label="EVP_PKEY_verify_init", fontcolor="#F8CF2C", color="#F8CF2C"];
+    verify -> verify [label="EVP_PKEY_verify", fontcolor="#F8CF2C", color="#F8CF2C"];
+
+    newed -> verifyrecover [label="EVP_PKEY_verify_recover_init", fontcolor="#B19FF9", color="#B19FF9"];
+    verifyrecover -> verifyrecover [label="EVP_PKEY_verify_recover", fontcolor="#B19FF9", color="#B19FF9"];
+
+    newed -> encrypt [label="EVP_PKEY_encrypt_init", fontcolor="#63AAC0", color="#63AAC0"];
+    encrypt -> encrypt [label="EVP_PKEY_encrypt", fontcolor="#63AAC0", color="#63AAC0"];
+
+    newed -> decrypt [label="EVP_PKEY_decrypt_init", fontcolor="#425F06", color="#425F06"];
+    decrypt -> decrypt [label="EVP_PKEY_decrypt", fontcolor="#425F06", color="#425F06"];
+
+    newed -> derive [label="EVP_PKEY_derive_init", fontcolor="#FEA303", color="#FEA303"];
+    derive -> derive [label="EVP_PKEY_derive\nEVP_PKEY_derive_set_peer", fontcolor="#FEA303", color="#FEA303"];
+
+    newed -> encapsulate [label="EVP_PKEY_encapsulate_init", fontcolor="#D95980", color="#D95980"];
+    encapsulate -> encapsulate [label="EVP_PKEY_encapsulate", fontcolor="#D95980", color="#D95980"];
+
+    newed -> decapsulate [label="EVP_PKEY_decapsulate_init", fontcolor="#A16AE8", color="#A16AE8"];
+    decapsulate -> decapsulate [label="EVP_PKEY_decapsulate", fontcolor="#A16AE8", color="#A16AE8"];
+
+    newed -> paramgen [label="EVP_PKEY_paramgen_init", fontcolor="#2879C0", color="#2879C0"];
+    paramgen -> paramgen [label="EVP_PKEY_paramgen\nEVP_PKEY_gen", fontcolor="#2879C0", color="#2879C0"];
+
+    newed -> keygen [label="EVP_PKEY_keygen_init", fontcolor="#2F7604", color="#2F7604"];
+    keygen -> keygen [label="EVP_PKEY_keygen\nEVP_PKEY_gen", fontcolor="#2F7604", color="#2F7604"];
+}
diff --git a/doc/life-cycles/rand.dot b/doc/life-cycles/rand.dot
new file mode 100644
index 00000000000..5aa225f314b
--- /dev/null
+++ b/doc/life-cycles/rand.dot
@@ -0,0 +1,15 @@
+strict digraph rand {
+    begin [label=start, color="#deeaee", style="filled"];
+    newed [fontcolor="#c94c4c", style="solid"];
+    instantiated [fontcolor="#c94c4c"];
+    uninstantiated [fontcolor="#c94c4c"];
+    end [label="freed", color="#deeaee", style="filled"];
+
+    begin -> newed [label="EVP_RAND_CTX_new"];
+    newed -> instantiated [label="EVP_RAND_instantiate"];
+    instantiated -> instantiated [label="EVP_RAND_generate"];
+    instantiated -> uninstantiated [label="EVP_RAND_uninstantiate"];
+    uninstantiated -> end [label="EVP_RAND_CTX_free"];
+    uninstantiated -> instantiated [label="EVP_RAND_instantiate", style=dashed, color="#034f84", fontcolor="#034f84"];
+}
+ 
-- 
2.47.3